Privacy Policy

1. Scope and operator

This Privacy Policy explains how HereNow Labs, Inc., a Delaware corporation (the “Operator,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you access or use the HOTSHOT mobile application, the website at hotshot.cool, or any related services (collectively, the “Service”). For purposes of European, UK, and Swiss data protection law, the Operator is the controller of personal data described here.

This Policy does not apply to third-party services we do not operate, including the Solana blockchain, the Solana Mobile Seeker dApp Store, decentralized storage networks, and wallet software, each of which is governed by that third party’s own practices. By using the Service, you acknowledge that you have read this Policy. If you do not agree, do not use the Service.

2. Information we collect

We collect only what we need to operate the Service:

• Wallet and on-chain information. Public Solana wallet addresses and any associated public on-chain activity (submissions, votes, claims, transaction hashes, signatures). Blockchain data is public by design and is not within our control.
• User Submissions. Photographs, ticker labels, and any other content you submit, together with metadata such as submission timestamps, automated scoring outputs, and round identifiers.
• Device and technical information. Device type and model, operating system and version, application version, language and locale, screen characteristics, IP address (used transiently for security, rate-limiting, and abuse prevention), approximate location derived from IP, browser characteristics for the website, and basic interaction events used for analytics.
• Communications. Information you send us when you contact support, submit a copyright complaint, request to exercise privacy rights, or otherwise communicate with us.
• Automated logs. Server logs generated by our infrastructure, including error reports, request URLs, and timestamps.

We do not knowingly collect government-issued identifiers, precise GPS-level geolocation, biometric identifiers, payment card data, contents of your device beyond what you explicitly submit, or special categories of personal data under GDPR (such as health, race, religion, or sexual orientation).

3. How we use information

We use the information we collect to:

• operate, maintain, and improve the Service;
• process and display submissions, scores, votes, and results;
• detect, prevent, investigate, and respond to abuse, fraud, vote manipulation, sanctions evasion, and security incidents;
• enforce our Terms of Service and any other applicable policies, and protect our rights and the rights of others;
• comply with legal obligations and respond to lawful requests from competent authorities;
• communicate with you about the Service, including announcements, updates, and support;
• analyze usage in aggregate to understand performance and inform product decisions.

For users in the EEA, UK, and Switzerland, our legal bases for processing are: performance of a contract with you (operating the Service you have requested); our legitimate interests in operating, securing, and improving the Service, preventing abuse, and protecting our rights; compliance with legal obligations; and your consent where required.

4. Disclosure of information

We do not sell or rent personal information, and we do not share personal information for cross-context behavioral advertising. We disclose information only:

• Publicly on the blockchain and decentralized storage. Submissions, votes, claims, and other on-chain actions are published to public networks. Once published, this information is outside our control and may persist indefinitely.
• To service providers. We share information with vendors who help us operate the Service, including hosting, analytics, infrastructure, error monitoring, and customer support providers, under contracts that limit their use of information to providing services to us.
• For legal reasons. We may disclose information if we believe in good faith that disclosure is required by law, by legal process, or is necessary to protect the rights, property, or safety of the Operator, users of the Service, or the public, including to enforce our Terms or to investigate suspected fraud, abuse, or sanctions violations.
• In a corporate transaction. If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or insolvency, we may disclose or transfer information as part of that transaction or due-diligence process.
• With your consent. We may disclose information for any other purpose with your consent.

5. Cookies and similar technologies

The website uses a small number of cookies and similar technologies, primarily for security, basic functionality, and aggregated analytics. We do not use third-party advertising cookies, cross-site tracking cookies, or pixels for behavioral advertising. We do not respond to browser-based “Do Not Track” signals because no common industry standard has emerged. You can configure your browser to refuse cookies or to alert you when a cookie is being sent; some parts of the Service may not function properly if cookies are disabled.

6. Data retention

We retain information for as long as needed to operate the Service, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Server logs are typically retained for a short period and then aggregated or deleted. Information published to public blockchains or to decentralized storage networks is outside our control and may persist indefinitely; we cannot delete or modify on-chain data.

7. Your privacy rights

Depending on where you live, you may have rights with respect to your personal information, including the right to request access to, correction of, or deletion of personal information we hold about you, and the right to object to or restrict certain processing. We will respond consistent with applicable law. We may need to verify your identity and your authority to make a request, and we may decline requests that are unlawful, unduly burdensome, repetitive, or that would compromise the privacy or rights of another person.

California, Virginia, Colorado, Connecticut, Utah, Texas, and similar states. Residents of these states have specified rights under their respective privacy laws, including: the right to know or access categories and specific pieces of personal information collected; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; the right to limit the use of sensitive personal information; the right not to be discriminated against for exercising privacy rights; and, where applicable, the right to appeal a denied request. We do not sell or share personal information for cross-context behavioral advertising and do not use sensitive personal information to infer characteristics about you.

EEA, UK, and Switzerland. You may have rights under the GDPR, UK GDPR, or equivalent law, including rights to access, rectify, erase, restrict, object to, or port your personal information; the right to withdraw consent where processing is based on consent; and the right to lodge a complaint with a supervisory authority.

We cannot honor requests with respect to information that has been published to public blockchains or to decentralized storage networks, because that information is not within our control.

8. Automated decision-making

The Service uses automated and machine-learning systems to score and rank submissions and to detect abuse. These systems do not produce legal or similarly significant decisions about you within the meaning of GDPR Article 22. Outputs of these systems are subjective and may contain errors; you can contact us at the address in Section 13 if you believe the Service has made an automated decision that materially affects you.

9. Children

The Service is not directed to and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18, including any “personal information from a child” under the U.S. Children’s Online Privacy Protection Act (“COPPA”) or equivalent laws. If we learn that we have collected personal information from a person under 18, we will delete it. A parent or guardian who believes that their child has provided personal information to us can contact us at the address in Section 13.

10. International transfers

We are based in the United States and may process information in the United States and in other countries that may have data protection laws different from the laws of your country. Where we transfer personal information from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses or equivalent mechanisms. By using the Service, you understand that your information may be processed in countries other than your country of residence, including the United States.

11. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No method of transmission over the internet or method of electronic storage is fully secure, and we cannot guarantee absolute security. You are solely responsible for maintaining the security of your wallet, your private keys, and your device.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be communicated through the Service or by other reasonable means. Your continued use of the Service after a revision becomes effective constitutes your acceptance of the revised Policy.

13. Contact

Questions about this Privacy Policy or about our handling of personal information, and requests to exercise privacy rights, can be sent to team@herenowlabs.xyz.