This Privacy Policy explains how GreenAmbassadorChallenge.com ("Green Ambassador Challenge", "we", "us", or "our") collects, uses, discloses, and protects personal information when you use our website, account features, sustainability challenges, wallet and reward features, contact forms, and related services (the "Service").
Controller and contact details: The controller is GreenAmbassadorChallenge.com. You may contact us through the contact page.
1. Personal Information We Collect
Depending on how you use the Service, we may collect the following categories of personal information:
- Account and profile information: name, first name, last name, email address, profile photo, locale, authentication provider, provider profile ID, signup date, login activity, ambassador status, referral information, and similar account details.
- Authentication information: information received from Google, X/Twitter, Microsoft, or magic-link login flows, plus verification data used to confirm access to your account.
- Wallet and blockchain information: VeChain wallet address, managed-wallet status, encrypted managed-wallet material, wallet-change records, withdrawal destination addresses, staking or reward transaction records, and public blockchain transaction identifiers.
- Challenge and reward activity: quiz attempts, answers, results, challenge participation, reward calculations, reward factors, allocation or voting-related activity, and eligibility or anti-abuse decisions.
- Device, security, and anti-fraud information: IP address, country inferred from IP address, user agent, device identifiers, visitor IDs, request IDs, trust scores, fraud-risk signals, VPN or proxy detection results, ban status, and related security logs.
- Contact and support information: name, email address, wallet address, subject, message content, feedback category, page path, device type, and any information you include when contacting us or submitting feedback.
- Email preference information: whether you opted in to receive new challenge and platform update emails, and related preference timestamps or unsubscribe status.
- Cookies and analytics information: session cookies, cookie-consent preferences, and, if you accept analytics cookies, Google Analytics information about how visitors use the Service.
- Administrative and logging information: request metadata, paths visited, timestamps, diagnostic data, and structured application logs used for security, audit, debugging, and service reliability.
2. Sources of Personal Information
We collect personal information directly from you, from your browser or device, from authentication providers you choose to use, from fraud-prevention and bot-protection providers, from public blockchain networks, and from service providers that help us operate the Service.
3. How We Use Personal Information
We use personal information to:
- create, authenticate, maintain, and secure user accounts;
- provide sustainability challenges, quiz functionality, reward calculations, wallet features, withdrawals, and related account features;
- send magic links, account notices, support responses, and operational emails;
- send optional new-challenge and platform-update emails only where you have opted in, and honor unsubscribe requests;
- detect, prevent, and investigate cheating, multi-accounting, bot activity, VPN or proxy abuse, reward manipulation, and other misuse;
- enforce our Terms of Service and protect users, the Service, rewards, and the integrity of the Green Ambassador Challenge platform;
- process contact requests, feedback, complaints, rights requests, and support matters;
- maintain, debug, secure, measure, and improve the Service;
- comply with legal obligations, court orders, regulatory requests, tax, accounting, fraud-prevention, sanctions, and recordkeeping requirements; and
- send analytics events only where analytics cookies are accepted through our cookie banner.
4. Legal Bases for EU/EEA and UK Users
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Contract: to provide accounts, authentication, challenges, wallets, rewards, withdrawals, and requested support.
- Legitimate interests: to secure the Service, prevent fraud and reward abuse, troubleshoot issues, improve the Service, maintain logs, and protect our rights and users, provided those interests are not overridden by your rights.
- Consent: for optional analytics cookies and other processing where we ask for consent. You may withdraw consent through the cookie preferences tool or by contacting us.
- Legal obligation: where processing is necessary to comply with applicable laws, valid legal requests, accounting obligations, or regulatory requirements.
- Vital interests or public interest: only where required in exceptional circumstances, such as protecting safety or responding to lawful public-authority requests.
5. Cookies, Analytics, and Similar Technologies
We use strictly necessary cookies to operate the Service, maintain sessions, remember cookie preferences, and protect forms from abuse. These cookies are required for core functionality and cannot be disabled through the Service.
We use optional analytics cookies only if you accept the analytics category in our cookie banner. Analytics currently includes Google Analytics. You can accept, reject, or change optional cookie choices through the consent preferences interface. Third-party bot-protection or fraud-prevention tools may also use technical signals needed to protect the Service.
6. Fraud Prevention, Fingerprinting, and Automated Signals
To protect rewards, wallets, and platform integrity, we use security and fraud-prevention tools, including Fingerprint Pro, Guardian Stack, IP geolocation, VPN or proxy detection, Cloudflare Turnstile, and internal rule-based reviews. These tools may process device, browser, network, visitor, request, trust-score, and risk-signal information.
Fraud signals may lead to additional review, blocked actions, logout, reward withholding, wallet restrictions, account suspension, account deletion, or bans. Where legally required, you may request human review of significant automated decisions by contacting us.
7. Wallets, Rewards, and Public Blockchains
The Service supports self-hosted wallets and managed wallets. For managed wallets, private-key material is encrypted and protected using key-management controls. We do not display private keys in ordinary account sessions. You remain responsible for wallet addresses you provide, destination addresses, and transactions you authorize or request.
VeChain blockchain transactions, wallet addresses, token transfers, staking activity, and related identifiers may be public, permanent, and globally visible. We cannot erase, reverse, or control records that have been written to a public blockchain. We may also signal certain ban or fraud outcomes to ecosystem services where needed to protect reward integrity.
8. When We Disclose Personal Information
We may disclose personal information to:
- Service providers and processors that host, secure, analyze, email, log, store, or support the Service;
- authentication providers when you choose to sign in through Google, X/Twitter, Microsoft, or similar services;
- fraud, security, and bot-prevention providers used to protect the Service and rewards;
- blockchain networks and ecosystem tools when wallet, transaction, reward, staking, or ban-related actions require public-chain or ecosystem interaction;
- professional advisers, auditors, insurers, payment, accounting, or compliance providers where reasonably necessary;
- law enforcement, regulators, courts, or public authorities where required or permitted by law; and
- successors or transaction parties in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate safeguards.
9. Current Third-Party Services
Based on current Service functionality, third-party services may include Google services (OAuth, Analytics, Gemini for administrative tooling), X/Twitter OAuth, Microsoft OAuth, SendGrid, Cloudflare Turnstile, Fingerprint Pro, Guardian Stack, AWS services such as KMS and S3, hosting and database providers, IP geolocation or proxy-detection data providers, and the VeChain public blockchain and related ecosystem contracts or services. This list may change as we add, remove, or replace vendors.
10. International Transfers
We may process and transfer personal information in countries other than your country of residence, including the United States, the European Union, the United Kingdom, and other locations where we or our providers operate. Where required, we use appropriate transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Addendum, data-processing agreements, or other lawful safeguards.
11. Retention
We keep personal information only for as long as reasonably necessary for the purposes described in this Policy, including providing the Service, maintaining security, enforcing rules, resolving disputes, complying with legal obligations, and preserving records needed for rewards, fraud prevention, audits, or blockchain-related accounting.
Typical retention periods depend on the data type. Session cookies expire according to their settings, security logs are kept for operational and anti-fraud purposes, account records are generally kept while the account remains active, and reward, wallet, withdrawal, ban, and fraud records may be kept longer where needed to protect the platform or comply with law. Public blockchain records may be permanent and outside our control.
12. Your Privacy Rights
Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, opt-out of certain processing, and information about how your personal information is used or disclosed. You may also have the right to lodge a complaint with a data-protection authority.
If you opt in to optional challenge and platform update emails, you can opt out at any time using the unsubscribe link included in those emails.
Residents of certain US states may have additional rights, including the right to know categories of personal information collected, used, disclosed, sold, or shared; the right to request deletion or correction; the right to obtain a portable copy; the right to opt out of sale, sharing, targeted advertising, or certain profiling; the right to limit use of sensitive personal information where applicable; and the right not to be discriminated against for exercising privacy rights.
We do not sell personal information for money. We do not knowingly sell or share personal information of children. Some analytics or advertising-related technologies may be considered "sharing", "targeted advertising", or similar processing under some US state laws. You can reject optional analytics cookies through the cookie preferences tool.
To exercise rights, contact us through the contact page or at the privacy contact email to be inserted before publication. We may need to verify your identity and account ownership before acting on a request. If we deny a request, you may appeal by replying to our decision or using the appeal contact method we provide.
13. Security
We use technical and organizational measures designed to protect personal information, including encrypted managed-wallet material, access controls, session protections, bot checks, fraud monitoring, logging, and provider security controls. No website, blockchain integration, wallet system, or method of transmission or storage is completely secure.
14. Children and Minors
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. In jurisdictions that require a higher age for consent to online services, you must meet that age or use the Service only with valid parental or guardian consent. If you believe a child provided personal information to us, contact us and we will take appropriate steps.
15. Do Not Track and Global Privacy Signals
Some browsers offer "Do Not Track" or global privacy signals. We currently honor choices made through our cookie consent tool for optional analytics cookies. Where legally required and technically feasible, we will treat recognized opt-out preference signals as requests to opt out of applicable sale, sharing, targeted advertising, or profiling activities.
16. Changes to this Policy
We may update this Privacy Policy from time to time. The updated date at the top of this page indicates when it was last revised. Material changes may also be communicated through the Service or by other reasonable means.
17. Contact Us
Questions, privacy requests, and complaints may be submitted through the contact page.