Privacy Policy

Last Updated: February 13, 2026

Overview

This Privacy Policy explains how Burn Arena ("we", "us", "our") collects, uses, stores, and discloses personal data when you use our website and application (the "Service").

The Service is a voluntary behavioral experiment platform in which adult users may purchase non-redeemable digital tokens and intentionally destroy them. This policy applies to users in the United Kingdom and United States.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Burn Arena is the data controller for personal data processed through the Service.

Contact: burnarenasocialexperiment@gmail.com

2. Personal Data We Collect

We collect only data reasonably necessary to operate, secure, and improve the Service.

2.1 Information You Provide

• Name or display name.
• Email address.
• Account login credentials (stored in hashed form).
• Date of birth (for age verification).
• Country of residence.
• Profile image (optional).
• Support messages and correspondence.
• Consent and acceptance timestamps for Terms and purchase confirmations.

2.2 Transaction and Experiment Activity Data

• Token purchase records.
• Token burn actions.
• Transaction timestamps and amounts.
• Confirmation acknowledgments.
• Experiment participation metrics.

Tokens are digital units only and are not financial assets.

2.3 Automatically Collected Data

When you use the Service, we automatically collect:

• IP address.
• Country-level location (derived from IP).
• Device and browser type.
• Operating system.
• Pages visited and feature usage.
• Session and authentication events.
• Security and fraud-prevention signals.

We do not collect precise GPS location.

2.4 Payment Processing Data

Payments are processed by third-party payment providers (such as Stripe). We do not store full card numbers or CVC codes.

We receive limited payment metadata such as:

• Payment status.
• Transaction identifiers.
• Last four digits of card (if provided).
• Billing email.
• Country.

Payment providers process payment data under their own privacy policies.

2.5 Third-Party Login Providers

If you sign in using a third-party provider (such as Google), we receive basic profile information such as:

• Name.
• Email.
• Profile image.

We do not receive your third-party passwords.

3. How We Use Personal Data

Service Operation

• Create and manage accounts.
• Deliver token purchases and burn actions.
• Display account history.
• Provide support.

Safety and Integrity

• Enforce age and country restrictions.
• Prevent fraud and abuse.
• Enforce spending safeguards.
• Investigate suspicious activity.
• Maintain system security.

Communication

• Send transactional emails.
• Send receipts and confirmations.
• Respond to support requests.
• Notify of important account or policy changes.

Improvement and Analytics

• Understand usage patterns.
• Improve performance and features.
• Test usability and reliability.

We do not use your data for behavioral advertising.

4. Legal Bases for Processing (UK GDPR / GDPR)

We process personal data under the following legal bases:

• Contract performance: To provide the Service you request.
• Legitimate interests: Security, fraud prevention, service improvement.
• Legal obligation: Where required by applicable law.
• Consent: Where specifically requested (such as optional analytics or emails).

5. Data Sharing

We share data only where necessary.

Service Providers

We use vetted providers for:

• Payment processing.
• Hosting and infrastructure.
• Analytics.
• Authentication.

Providers process data under contractual confidentiality obligations.

Legal Requirements

We may disclose data if required by:

• Law or regulation.
• Court order.
• Lawful government request.
• Protection of legal rights or safety.

Business Transfers

If the Service is sold or reorganized, data may transfer as part of that transaction.

No Data Selling

We do not sell personal data or share it for third-party marketing.

6. Data Retention

We retain data only as long as reasonably necessary.

• Account data: Retained while the account is active.
• Transaction records: Retained for audit, fraud prevention, and dispute resolution.
• Security logs: Typically retained up to 12 months.
• Support communications: Typically retained up to 12 months.

Data may be retained longer where legally required or necessary to resolve disputes.

The Service is intended to operate only until January 1, 2027 and may end earlier. If the Service ends, we may delete or anonymize data after shutdown except where retention is required by law.

7. Data Security

We use appropriate technical and organizational safeguards, including:

• Encrypted data transmission.
• Access controls.
• Authentication protections.
• Monitoring and abuse detection.

No system is perfectly secure. Users share data at their own risk.

8. Your Privacy Rights

Depending on your location, you may have rights to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data.
• Restrict processing.
• Receive a portable copy.
• Object to certain processing.
• Withdraw consent where applicable.

Requests: burnarenasocialexperiment@gmail.com

We may need to verify identity before fulfilling requests.

9. UK and EU Supervisory Authority Rights

UK and EU residents may lodge complaints with their data protection authority, including the UK Information Commissioner's Office (ICO).

10. US State Privacy Rights

Residents of certain US states (such as California and Virginia) may have additional rights, including:

• Right to know.
• Right to delete.
• Right to correct.
• Right to opt out of certain data uses.

We honor applicable state privacy laws.

11. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Authentication.
• Session management.
• Security.
• Basic analytics.

You can control cookies through your browser settings, though some features may not function properly without them.

12. Children's Privacy

The Service is for adults only (18+). We do not knowingly collect data from minors.

Minor accounts will be removed if discovered.

13. International Data Transfers

Data may be processed in countries outside your residence, including the United States and United Kingdom.

Where required, we use recognized legal safeguards for cross-border data transfers.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified through the Service or email.

15. Contact

burnarenasocialexperiment@gmail.com