Privacy Policy

Last updated: February 2026

1. Introduction

Project POH ("we," "us," or "our") operates the website projectpoh.com and associated services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

  • Wallet Address — Your public blockchain wallet address when you connect to the mining app or claim rewards.
  • Fitness Data — If you connect Strava, we receive activity data (type, duration, distance, effort scores) via the Strava API. We do not receive your Strava password.
  • Contact Information — If you email us at contact@projectpoh.com, we retain the correspondence.

2.2 Information Collected Automatically

  • Device Information — A hashed device ID generated from your browser and hardware characteristics for Sybil resistance. We do not collect device serial numbers.
  • Geolocation (H3 Cell) — A coarse geographic cell (H3 resolution 4, ~1,770 km²) used for geographic diversity scoring. This is not precise enough to identify your street address.
  • Compute Metrics — Mining performance data (hash rates, task completion times, benchmark scores) for reward calculations.
  • Usage Data — Pages visited, browser type, and referral URLs via Vercel Analytics. This data is aggregated and not linked to individual identities.

3. How We Use Your Information

  • Calculate and distribute mining rewards fairly
  • Prevent Sybil attacks and fraudulent mining activity
  • Compute fitness mining bonuses from connected Strava accounts
  • Display leaderboard rankings (wallet address only, opt-in)
  • Improve the Service and fix bugs
  • Comply with legal obligations

4. Third-Party Services

We share data with the following third-party services:

  • Supabase — Database hosting for mining data, reward calculations, and node registration. Supabase stores data in secure, SOC 2 Type II compliant data centers.
  • Strava — If you connect your Strava account, we access your activity data via OAuth. You can disconnect Strava at any time through the mining dashboard.
  • Vercel — Website hosting and analytics. Vercel may collect anonymized usage data.
  • Base Blockchain — Wallet addresses and transaction data are publicly visible on the Base blockchain by design. Blockchain data is immutable and cannot be deleted.
  • Sentry — Error tracking to identify and fix bugs. Sentry may receive anonymized error reports.

5. Cookies and Local Storage

We use browser localStorage to store your mining session data (wallet address, device ID, mining preferences). We do not use tracking cookies. Vercel Analytics may set a first-party cookie for aggregated page view counts.

6. Data Retention

  • Mining data is retained for the duration of the mining epoch (7 days) plus a 30-day archival period for dispute resolution.
  • Wallet addresses are retained indefinitely as they are necessary for reward distribution and on-chain verification.
  • Fitness data is retained for 90 days after the last sync, then automatically deleted.
  • Blockchain data is permanent and immutable by nature.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate data.
  • Deletion — Request deletion of your data, except where retention is required by law or blockchain immutability.
  • Portability — Request your data in a machine-readable format.
  • Opt-Out — California residents may opt out of the sale of personal information. We do not sell personal information.
  • Withdraw Consent — You may disconnect third-party integrations (e.g., Strava) at any time.

To exercise any of these rights, contact us at contact@projectpoh.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed device identifiers, rate-limited API endpoints, and access controls on our database. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

10. International Transfers

Your data may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: contact@projectpoh.com

You can also reach us via GitHub at github.com/chatde/poh-coin.