← Back to Home

Privacy Policy

Last updated: February 28, 2026

1. Introduction

The Dot ("we", "us", "our") operates the th3dot.app website and The Dot Telegram Mini App (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR), the ePrivacy Directive, and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is The Dot project team. For any data protection inquiries, contact us at: [email protected]

3. Data We Collect

We collect the following categories of personal data:

3.1 Telegram Profile Data

When you launch the Mini App, Telegram provides us with your user ID, first name, username, and profile photo URL. This data is necessary to create and manage your account.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

3.2 Gameplay Data

We store your tap counts, point balances, combo streaks, energy levels, connection map, task completions, login streaks, leaderboard rankings, and wheel spin history.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

3.3 Wallet Address

If you choose to connect a TON wallet, we store your wallet address for future airdrop eligibility. This is entirely optional.

Legal basis: Consent (Art. 6(1)(a) GDPR)

3.4 Social Media Handles

When you complete social verification tasks (e.g., "Follow us on X"), you provide your social media username. We cache the verification result but do not store your social media credentials or access your accounts.

Legal basis: Consent (Art. 6(1)(a) GDPR)

3.5 KYC Data (Future)

For airdrop claims, identity verification (KYC) will be required. This will be handled by a third-party KYC provider. We will not store your identity documents directly. Details will be announced before implementation.

Legal basis: Legal obligation & consent (Art. 6(1)(a)(c) GDPR)

3.6 Technical Data

Server logs may contain IP addresses, timestamps, and request metadata. These logs are retained for a maximum of 30 days and are used exclusively for security monitoring and debugging.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

4. Cookies & Local Storage

Our website uses the following:

NameTypePurposeDuration
cookie_consentStrictly necessaryStores your cookie preferences365 days
auth_tokenStrictly necessaryJWT authentication (Mini App only)15 minutes

We do not use any analytics, advertising, or third-party tracking cookies. You can manage your cookie preferences at any time using the cookie settings button in the footer of our website.

5. How We Use Your Data

  • Provide, maintain, and improve the Service
  • Calculate and display your points, leaderboard rankings, and connection bonuses
  • Verify task completion (social follows, channel membership)
  • Send in-app notifications via the Telegram bot (e.g., energy full, streak at risk)
  • Distribute future $DOT token airdrops to eligible users
  • Prevent fraud, abuse, and bot activity
  • Comply with legal obligations

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Telegram — The Mini App runs within Telegram's platform
  • RapidAPI — Social verification checks (only your public username is sent)
  • KYC Provider — Future identity verification for airdrop claims (TBA)
  • Infrastructure Providers — Hosting and database services (data processing agreements in place)

We do not transfer data outside the EU/EEA without appropriate safeguards (Standard Contractual Clauses).

7. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of a deletion request
  • Gameplay data: Retained while your account is active
  • Social verification cache: Automatically refreshed every 6 hours, purged on account deletion
  • Server logs: Automatically deleted after 30 days

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — Request a copy of all personal data we hold about you
  • Rectification — Correct any inaccurate personal data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restriction — Request that we limit how we process your data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (TLS), server-side validation, rate limiting, SQL injection prevention, and access controls. However, no system is 100% secure, and we cannot guarantee absolute security.

10. Children

The Service is not intended for users under 13 years of age (or 16 in certain EU jurisdictions). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the Telegram bot or a prominent notice on the website. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For any questions or concerns about this Privacy Policy or your personal data, contact:
[email protected]