Privacy Policy

1. Introduction (Global Scope)

This Privacy Policy governs the manner in which the Envorum protocol (hereinafter referred to as the "Protocol" or "Company") collects, uses, and protects user information.

• Global Status: Envorum is a protocol available to users worldwide without geographical restrictions. We operate anywhere on the planet where Internet access and satellite navigation (GPS) are available.

• Legal Entity: Currently, Envorum is in the process of incorporation in the jurisdiction of Singapore. Until official registration, liability is regulated by international law norms. This Policy is designed in compliance with GDPR (Europe), PDPA (Singapore), and CCPA (California, USA) requirements to ensure a universal standard of rights protection.

2. User Responsibility (Compliance)

"Your Jurisdiction - Your Rules" Principle. Since the Protocol is globally available, we cannot automatically monitor the legislative nuances of all 195 countries.

• Local Laws: The User bears sole responsibility for complying with the laws of their country of residence when using the Service (including tax laws regarding received rewards).

• Legality of Actions: The Protocol provides coordination tools. Responsibility for the legality of a specific event (obtaining assembly permits, cleanup approvals) lies entirely with the Organizer and Participants.

3. Data Processing Principles

Envorum adheres to the Data Minimization principle. We collect only the data technically necessary to prove beneficial action (Proof-of-Action) and conduct financial operations.

We implement a strict separation of data into Private (personal data and gateways) and Public (platform transparency).

A. Private Data

This data is stored in secure Firebase databases, never published, and never transferred to third parties (except licensed providers and government bodies upon demand).

• Identity (KYC): Passport data and facial biometrics are processed by our partner Sumsub. Envorum does not store scans of your documents; we receive only cryptographic confirmation of status (Verified).

• Contacts: Email and phone number are used only for login, access recovery, and emergency notifications.

• Payment Details (Financial Gateway): Information about balance top-ups and withdrawals is strictly private. We do not store or publish your full bank card numbers or personal external wallet addresses. This data is processed by the processing gateway (Stripe/Crypto Processing) and hidden from public view.

B. Public Data

This data becomes publicly available only after your explicit action.

• Public Profile: Nickname, Avatar, Bio. You determine the degree of your publicity.

• Ecological Reports: "Before / In Progress / After" photos and GPS coordinates. By publishing a report, you agree to enter this data into the open registry to ensure transparency and verification.

• Internal Economy and Rewards: Due to the use of a virtual token for reporting, the reward history is public. Any user can see amounts paid for specific ecological actions (events) and fundraising statistics. This guarantees funds reached the executor while maintaining the anonymity of the deposit/withdrawal source.

4. Geolocation and Media Collection

To facilitate real-world (IRL) mechanics, the app requests access to device sensors.

• GPS Coordinates: Recorded only at the moment of active action (Event Check-in, Report Creation). We DO NOT conduct background tracking of your movements.

• Camera: Used to capture evidence. Image metadata is analyzed by AI to protect against forgery.

5. User Rights

You possess full sovereignty over your data:

• Right to Rectification: You can modify profile data at any time.

• Right to Erasure: You can delete your account and private data from company servers. Note: Data confirming the fact of work performance (report hashes) cannot technically be removed from distributed statistics, but it will be fully anonymized.

• Export: The ability to download your activity history.

6. Security

We employ advanced protection methods:

• Encryption: All traffic is secured via SSL/TLS.

• Access: Administrative data access is secured by hardware keys.

• Audit: Financial algorithms undergo regular security audits.

7. Contacts

For privacy inquiries: Email: [email protected]