# Privacy Policy *Last updated: 23 April 2026.* *Operated by Lid Labs Technologies - FZCO (Trade Licence 65802, DIEZA, Dubai, UAE).* {% hint style="info" %} **In plain language.** We collect what we need to run Lid and nothing we do not. Your wallet address is public on Solana; we do not change that. Your email and account data are private. Blockchain transactions are permanent — we cannot delete what is recorded on Solana. We do not sell your personal data. We honour the rights the law gives you under UAE PDPL, EU GDPR, and California CCPA. {% endhint %} ## 1. Who is responsible for your data The controller of your personal data is: **Lid Labs Technologies - FZCO** Trade licence No. 65802 IFZA Business Park, DDP PO Box 342001, Dubai, United Arab Emirates Email: For the purposes of UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Lid acts as the **data controller** for data processed on `lid.pro` and `app.lid.pro`. Our Data Protection contact is `privacy@lid.pro`. For EU and UK users, contact us at the same address. If we appoint an EU or UK representative, their details will be listed here. ## 2. What this Policy covers This Policy applies to personal data we collect when you: * Visit `lid.pro`, `app.lid.pro`, or any Lid-operated domain. * Create an account, connect a wallet, or complete a transaction. * List a product as a Creator, share a link as an Affiliate, or pay as a Buyer. * Contact us by email or in any Lid-operated channel. * Interact with Lid through social networks, embedded widgets, or integrations. This Policy does not cover third-party services we integrate with. Each one has its own privacy policy. See Section 7. ## 3. What data we collect We collect the data we need to run Lid, keep it secure, meet legal obligations, and improve the service. ### Account and identity data * Email address. * Display name or handle. * Profile image or avatar, if you add one. * Country of residence, for sanctions and tax classification. ### Wallet and blockchain data * Public wallet address. * On-chain transactions you make through Lid (product purchases, splits, payouts, affiliate attribution). * Product metadata you publish to IPFS through Lid. Your wallet address and on-chain transactions are public by design. They can be seen by anyone through a Solana block explorer. We do not control that visibility. ### Product and commercial data (Creators) * Product title, description, price, preview files. * Sales volume and payout history routed through Lid. * Affiliate commission settings you choose. ### Device and technical data * IP address. * Browser and device type, operating system, language. * Access timestamps and pages visited. * Error logs and crash reports. ### Communications * Messages you send us through email, support, or in-product forms. * Feedback, bug reports, and survey responses. ### Marketing data (only if you opt in) * Newsletter subscription status. * Campaign engagement (opens, clicks), through our email provider. ### Sensitive categories We do not ask for sensitive data. We do not knowingly process health data, data revealing racial or ethnic origin, religious beliefs, political opinions, union membership, genetic or biometric data, or data about sexual orientation. Please do not send this data to us. ## 4. How we use your data | Purpose | Legal basis (GDPR / UK GDPR) | UAE PDPL equivalent | | ------------------------------------------------ | -------------------------------------- | ---------------------------------------------- | | Provide the service and execute transactions | Performance of a contract | Fulfilment of a contract with the data subject | | Verify eligibility and run sanctions checks | Legal obligation / legitimate interest | Legal obligation | | Detect and prevent fraud, abuse, and attacks | Legitimate interest | Legitimate interest of the controller | | Respond to support requests | Performance of a contract | Fulfilment of a contract | | Send service and product updates | Legitimate interest | Legitimate interest | | Send marketing emails | Consent | Consent | | Analytics and product improvement | Legitimate interest | Legitimate interest | | Meet tax, accounting, and regulatory obligations | Legal obligation | Legal obligation | | Defend legal claims | Legitimate interest | Legitimate interest | You can withdraw consent for marketing at any time. The unsubscribe link is in every marketing email. ## 5. Automated decision-making Lid does not use automated decision-making that produces legal or similarly significant effects on you within the meaning of Article 22 GDPR or Article 13 UAE PDPL. Our smart contract is deterministic: it executes the split rules agreed at checkout. It does not make judgments about you. ## 6. Who sees your data We share data with the categories of recipient needed to run Lid. * **Service providers** who process data on our behalf. They act under contract and process only for Lid's purposes. See the list in Section 7. * **Solana validators and the public blockchain** — transactions you submit through Lid are broadcast to the Solana network and become permanent public records. * **Tax and regulatory authorities**, where disclosure is required by law. * **Law enforcement**, where we have a good-faith belief that disclosure is needed to comply with law, a court order, or a valid legal process. * **Professional advisers** — lawyers, auditors, accountants — bound by confidentiality. * **A successor entity**, in the event of a merger, acquisition, reorganisation, or sale of assets. We will give notice before any transfer of personal data in that case. We do not sell personal data. We do not share it with third parties for their own independent marketing. ## 7. Service providers we work with | Provider | Role | Location | Learn more | | ------------------- | ------------------------------------------------ | ---------------------- | ------------------------------------- | | Privy (Stripe Inc.) | Wallet creation, embedded wallet, authentication | United States | privy.io/privacy | | Alchemy | Solana RPC provider | United States | alchemy.com/policies/privacy-policy | | Pinata | IPFS storage for product metadata | United States | pinata.cloud/privacy | | Helius | Webhooks, transaction monitoring | United States | helius.dev/privacy | | Cloudflare | CDN, DDoS protection | United States / Global | cloudflare.com/privacypolicy | | Vercel | Hosting (marketing and app front-end) | United States / Global | vercel.com/legal/privacy-policy | | AWS | Cloud infrastructure | United States / Global | aws.amazon.com/privacy | | PostHog | Product analytics | United States | posthog.com/privacy | | Sentry | Error monitoring | United States | sentry.io/privacy | | Resend | Transactional email delivery | United States | resend.com/legal/privacy-policy | | HubSpot | CRM and marketing email | United States | legal.hubspot.com/privacy-policy | | Linear / Notion | Internal work management | United States | linear.app/privacy, notion.so/privacy | We review this list regularly and keep it current on this page. ## 8. International transfers Lid is based in the UAE. Some of our service providers are in the United States and other jurisdictions. When we transfer personal data outside your country, we rely on at least one of the following safeguards: * An adequacy decision from the relevant regulator. * Standard Contractual Clauses, published by the European Commission or an equivalent body. * The UK International Data Transfer Agreement. * A data-transfer mechanism approved by the UAE Data Office. * Your explicit consent, where other safeguards are not available. You can ask us for a copy of the safeguards that apply to your data by emailing . ## 9. How long we keep data | Data category | Retention | | ---------------------------------- | ----------------------------------------------------------------- | | Account data (email, display name) | While your account is active, plus up to 12 months after closure | | Transaction and commercial records | 7 years, to meet UAE tax and accounting obligations | | Support communications | 3 years after the last interaction | | Device and technical logs | Up to 13 months | | Marketing data | Until you unsubscribe, plus 6 months for suppression records | | On-chain transaction data | Permanent — recorded on the Solana blockchain outside our control | We may keep data longer to defend legal claims, comply with a regulator, or resolve disputes. ## 10. Your rights Depending on where you live, you may have rights over your personal data. We grant the rights below to every user, regardless of jurisdiction, unless a law requires otherwise. ### Rights you can exercise * **Access** — ask for a copy of the personal data we hold about you. * **Rectification** — ask us to correct data that is wrong or incomplete. * **Deletion** — ask us to delete data we hold, subject to legal retention requirements. On-chain data cannot be deleted. * **Restriction** — ask us to pause processing in certain cases. * **Portability** — receive a copy of your account data in a common, machine-readable format. * **Objection** — object to processing based on legitimate interest or direct marketing. * **Withdraw consent** — for any processing based on consent. * **Lodge a complaint** — with a competent data protection authority. ### For users in the EU and UK (GDPR) The competent authority is the data protection authority of the EU member state where you live or where you believe your rights were infringed. ### For users in California (CCPA/CPRA) You have the right to: * Know what personal information we collect, use, disclose, and sell or share. * Delete personal information, subject to exceptions. * Correct inaccurate personal information. * Opt out of the sale or sharing of personal information. **Lid does not sell personal information and does not share it for cross-context behavioural advertising.** * Limit the use of sensitive personal information. We do not use sensitive personal information to infer characteristics. * Non-discrimination for exercising your rights. We do not knowingly collect personal information from minors under 16. To exercise a CCPA right, email . We may need to verify your identity before we respond. An authorised agent may make a request for you with written permission. ### For users in the UAE (PDPL) You have the right to request correction, deletion, restriction, portability, the stopping of processing, and to object to automated decision-making, under the UAE PDPL. You may lodge a complaint with the UAE Data Office. ### How to exercise your rights Email with "Data Rights Request" in the subject line. We will respond within 30 days of verifying your identity, or sooner where the law requires. We may extend this by up to 60 additional days for complex requests and will tell you if we do. ## 11. How we protect your data We apply technical and organisational measures that fit the sensitivity of the data. These include: * Encryption in transit (TLS 1.2 or higher) for all network traffic. * Encryption at rest for production databases. * Role-based access control, multi-factor authentication, and audit logging for staff access. * Regular security review, dependency scanning, and code review. * Principle of least privilege for service providers. * Incident response and breach notification procedures. No method of transmission or storage on the Internet is 100% secure. You are responsible for keeping your wallet keys, recovery phrase, and login credentials safe. ### Breach notification If a breach is likely to result in a high risk to your rights, we will notify you within the timeframe the law requires — 72 hours for GDPR, without undue delay for UAE PDPL. We will also notify competent authorities as required. ## 12. Cookies and similar technologies We use cookies and similar technologies to operate the service, remember preferences, and measure use. See the [Cookie Policy](/legal/cookies.md) for details and for how to manage your choices. ## 13. Children Lid is not for people under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has given us personal data, email and we will delete it. ## 14. Changes to this Policy We may change this Policy to reflect new features, legal changes, or how we operate Lid. When we do, we update the "Last updated" date and post the new version on this page. For material changes, we will notify you by email or in-product notice at least 30 days before the change takes effect. ## 15. Contact **Lid Labs Technologies - FZCO** Attn: Data Protection IFZA Business Park, DDP PO Box 342001, Dubai, United Arab Emirates Email: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.lid.pro/legal/privacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.