Attestia
AttestiaProtocol
← Back to Home

Privacy Policy

Last updated: May 2026

1. Who we are

Attestia Protocol ("Attestia", "we", "us") operates the website accessible at this domain. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

For any privacy-related questions you can reach us at: info@attestia.xyz

2. What data we collect and why

2.1 Data you provide voluntarily

  • Wallet address — if you connect a crypto wallet to use the Attestia app, your public wallet address is stored to manage your participant role. Wallet addresses are public by design on the blockchain and do not constitute personally identifiable information per se.
  • Email address — if you sign up as a participant, your email is collected to send a verification code and protocol notifications. It is stored in our database and never sold or shared with third parties.
  • Media files — if you submit media for attestation, the file is pinned to IPFS and its cryptographic hash is registered on-chain. No personal data is extracted from submitted files.

2.2 Data collected automatically

  • Server logs — our hosting infrastructure may log IP addresses, request timestamps, and HTTP status codes for security and operational purposes. These logs are retained for a maximum of 30 days.
  • Language preference— we store your language selection (English / Italian) in your browser's localStorage. This data never leaves your device.

2.3 What we do not use

We do not use advertising networks or social media tracking pixels. We load Google Analytics only after you accept the consent banner, so we can measure traffic and site usage. We do not sell any data.

3. Cookies

This website uses strictly necessary cookies for core functionality, a consent cookie to remember your choice, and Google Analytics cookies only after you accept the banner. You can reopen and change your choice from the Cookie settings page.

Open Cookie settings
CookiePurposeDuration
attestia_ga_consentRemembers whether you accepted or rejected the analytics banner.1 year
_ga, _ga_*Measures traffic and usage through Google Analytics.Up to 2 years
wagmi.*Stores your wallet connection state so the page does not flash on reload. Set by the Wagmi library (open source). No personal data.Session / 1 day
sb-*Supabase authentication session for the blog admin panel (/admin/blog). Only set when you explicitly sign in as admin.1 week

You can delete these cookies at any time via your browser settings. Deleting them will log you out of the admin panel, reset your wallet connection state, and clear analytics cookies.

4. Legal basis for processing (GDPR Art. 6)

  • Contract performance (Art. 6.1.b) — processing your wallet address and email to provide the attestation service you requested.
  • Legitimate interests (Art. 6.1.f) — server logs for security and fraud prevention; functional cookies for a stable user experience.

5. Data retention

  • Participant data (wallet, email, role): retained as long as your account is active. You may request deletion at any time.
  • Server logs: maximum 30 days.
  • On-chain attestations: permanently recorded on the blockchain. We cannot delete blockchain data as it is outside our control.

6. Data transfers

Our database is hosted on Supabase (EU region). Our media storage uses Pinata / IPFS (distributed network). Smart contracts are deployed on Ethereum / Base (public blockchain).

Where data is processed outside the EU, we rely on the providers' Standard Contractual Clauses (SCCs) or equivalent safeguards.

7. Your rights under GDPR

If you are in the EEA or UK, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your personal data (except data on public blockchains).
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Lodge a complaint — with your local supervisory authority (e.g. Garante Privacy in Italy).

To exercise any of these rights, contact us at info@attestia.xyz. We will respond within 30 days.

8. Changes to this policy

We may update this policy as the protocol evolves. Material changes will be announced on our blog. The "Last updated" date at the top of this page always reflects the most recent version.