1. Introduction

Contribution Labs, Inc., doing business as Megaphone (“Megaphone,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and retain personal information when you use any part of the Megaphone platform—Forms, Campaigns, and Token Claims (collectively, the “Services”). It also describes your rights and choices.

U.S.‑Focused, Globally Aware

Our Services are operated from—and your data is stored in—the United States. We primarily follow U.S. privacy requirements, including the growing patchwork of state privacy laws (e.g., California CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut CTDPA, Utah UCPA, and others). We do not currently claim full compliance with every non‑U.S. privacy regime (e.g., GDPR, PIPEDA). By using Megaphone, you consent to the transfer and processing of your information in the United States. Nevertheless, we will try to honor reasonable privacy requests from any jurisdiction and maintain transparent practices.

Use of our Services constitutes acceptance of this Privacy Policy and our Terms of Service. If you disagree, you must not use Megaphone.

2. Information We Collect

We collect information in three broad ways: (a) information you provide, (b) information we collect automatically, and (c) information we receive from third‑party integrations. We do not intentionally collect sensitive personal data such as government IDs, full financial account numbers, health, or biometric data.

2.1 Information You Provide Directly

Form Submission Data: Wallet addresses, social‑media handles, text or files you upload in a form.

Campaign Participation Data: OAuth‑verified Twitter or Discord username/ID, proof you completed a task, points earned.

Token Claim Data: Public wallet address, eligibility details, record that a claim was executed.

Contact & Support Info: Name, email, social handle, and the content of your support request.

No Sensitive Personal Data: Please do not submit government IDs, health records, or similar highly sensitive information.

2.2 Information We Collect Automatically

IP Address & Approx. Location: Localization, sanctions/OFAC screening, fraud prevention.

Device & Browser Info: Compatibility, debugging, analytics.

Usage Data: Page views, clicks, referring URL, timestamps—used to improve UX and performance.

Cookies & Local Storage: Keep you logged in, save in‑progress form responses, remember preferences.

Analytics Data (Google Analytics, PostHog, etc.): Aggregated insights into feature usage; not used for third‑party advertising.

2.3 Information from Third‑Party Integrations

• Social OAuth (Twitter/X, Discord, Telegram): We receive limited identifiers and confirmation of requested actions—never your password.
  
  
  
• Wallet & Blockchain Data (RainbowKit, Viem, Wagmi, Alchemy): We use your public wallet address to verify eligibility and record on‑chain claims.
  
  
  
• Admin‑Supplied Lists: Campaign organizers may upload wallet or username lists; they are responsible for having the right to do so.
  
  
  
• Public Blockchain Notice: On‑chain transactions (e.g., airdrop claims) are public and immutable; Megaphone cannot delete or alter them.
• We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
  
  
  

3. How We Use Information

We process personal information only for legitimate business purposes, including to:

1. Provide & operate the Services (register form responses, award points, facilitate token claims).
   
   
   
2. Verify identity/authenticity via wallet or social login.
   
   
   
3. Improve and develop features, UX, and security.
   
   
   
4. Communicate service‑related notices or support responses (no unrelated marketing without opt‑in).
   
   
   
5. Personalize non‑advertising content (e.g., show language or campaigns that match your region or interests).
   
   
   
6. Detect, prevent, and investigate fraud, abuse, or security incidents.
   
   
   
7. Comply with legal obligations (records, sanctions checks, lawful requests).
   
   
   
8. Run internal business operations (financial record‑keeping, aggregate metrics).
   
   
   
9. Future data‑driven features: We may create aggregated or de‑identified insights about web3 community engagement. We do not sell identifiable personal data, and will seek additional consent if our practices materially change.
   
   
   

4. How We Share Information

Campaign Organizers (Admins): They receive the data you provide in their campaigns/forms. Once exported, they control it. Users must contact the organizer—not Megaphone—to exercise rights over that copy.

Service Providers & Sub‑Processors: Hosting (AWS), blockchain infra (Alchemy), data tooling (Privy), email/SMS delivery, analytics. Vendors are contractually bound to use data only for our business purposes.

Legal & Safety: Disclosures required by law, to enforce rights, or to protect users, Megaphone, or others.

Business Transfers: Information may transfer in an acquisition, merger, or similar event, subject to this Policy or equivalent protection.

Aggregated / De‑Identified Data: Shared publicly or with partners for research or insights; cannot reasonably identify you.

No “Selling” or “Sharing” for Cross‑Context Behavioral Advertising.

 Under CCPA/CPRA and similar state privacy laws, Megaphone acts as a “service provider” / “processor.” We do not sell, rent, or share personal information with third parties for their own advertising purposes, and we do not permit third‑party advertising cookies on end‑user campaign pages.

5. Data Storage & Security

• Storage Location: Secure U.S. servers (AWS).
  
  
• Technical & Organizational Safeguards: TLS encryption in transit, access controls, regular security audits, vendor due‑diligence (e.g., Privy encryption at rest).
  
  
• No Guarantee: While we employ industry‑standard measures, no Internet transmission or storage system is 100 % secure. In the event of a breach, we will notify affected parties as required by applicable law.

6. Data Retention & Deletion

• We keep personal data as long as necessary for the purposes described, then delete or anonymize it.
  
  
• User‑Requested Deletion: Email legal@megaphone.xyz. After verifying control of the wallet/email, we will delete or anonymize your data from active systems unless we must retain minimal data for legal, security, or backup integrity.
  
  
• Copies already held by campaign organizers or recorded on public blockchains cannot be erased by us.

7. Your Rights & Choices

Because privacy laws vary by jurisdiction, we offer a baseline set of rights to all users, and we map those rights to specific state or international requirements when applicable.

RightHow to ExerciseAccess / Know what personal data we hold.Email legal@megaphone.xyz.Delete / Erase your data (with noted limitations).Same as above.Correct / Rectify inaccurate data.Same as above.Portability (receive a copy in a usable format).Same as above.Withdraw consent / Disconnect integrations.Revoke OAuth tokens in Twitter/Discord/etc. or remove wallet connection; then request deletion if desired.Opt‑out of marketing emails.Use unsubscribe link or let us know.

• California, Colorado, Connecticut, Virginia, Utah, and other state residents: We process your data strictly as a service provider, and do not engage in “sales” or “sharing” as those terms are defined.
  
  
  
• EU/UK Individuals: Megaphone is not “established” in the EEA/UK nor does it systematically monitor EU residents; GDPR may not formally apply. Nonetheless, we will honor requests in line with GDPR Article 12‑23 to the extent reasonably feasible.
  
  

We will not discriminate against you for exercising any privacy right.

8. International Users & Transfers

If you access Megaphone from outside the U.S., you acknowledge and accept that your data will be transferred to and processed in the United States under U.S. law. We rely on your explicit consent at sign‑up/interaction as the legal basis for the transfer. If this is unacceptable, please refrain from using the Services.

9. Children’s Privacy

Megaphone is not directed to anyone under 18. We do not knowingly collect information from children under 13. If we learn we have inadvertently done so, we will delete that information promptly. Parents may contact legal@megaphone.xyz for assistance.

10. Changes to This Privacy Policy

We may update this Policy from time to time. The “Effective Date” will change, and significant revisions will be highlighted via an on‑site banner or direct email. Continued use of the Services after an update signifies acceptance of the revised Policy.

11. Contact Us

Questions or requests? Email legal@megaphone.xyz. We aim to respond promptly to all privacy inquiries.