Data Protection

by Lori Henry 0

Data Protection

Scope and Controller

This Data Protection Notice describes how OffTheHype (othtnr.com), a United States–based blockchain and crypto hub, processes personal data in accordance with applicable U.S. privacy laws and, where relevant, the EU/UK General Data Protection Regulation (GDPR). It applies to visitors, account holders, newsletter subscribers, business partners, and other individuals who interact with our services, content, and communications.

Controller: OffTheHype, owned and operated by Lori Henry, 601 SW 41st St, Renton, WA 98057, United States. Contact: [email protected].

Categories of Personal Data We Collect

  • Identifiers and contact information: name, display name, email address, username, wallet address (if you choose to provide it), and similar identifiers.
  • Internet/network activity and device data: IP address, device and browser type, operating system, cookie IDs, pages and content viewed, links clicked, referring/exit pages, time stamps, session duration, and interaction data.
  • Geolocation data: coarse location derived from IP address.
  • Commercial and transactional data: subscription status, content preferences, interactions with newsletters and campaigns; if payments occur, limited billing details handled via payment processors (we do not store full payment card numbers).
  • User-generated content: comments, messages, reviews, survey responses, and support communications.
  • Professional information: information you provide in partnership inquiries or submissions.
  • Inferences: interests and preferences inferred from your interactions to personalize content, subject to your choices.
  • Sensitive personal information: we do not intentionally collect sensitive data; if you submit it voluntarily, we process it only as necessary and in accordance with this Notice.

Purposes of Processing

  • Provide and operate services: deliver website content, research, guides, airdrop calendars, account features, and customer support.
  • Communications: send transactional messages, service updates, security alerts, and newsletters where permitted.
  • Personalization: tailor content, recommendations, and features to your interests.
  • Analytics and improvement: measure usage, diagnose issues, and enhance performance and user experience.
  • Security and fraud prevention: protect accounts and services, detect and prevent malicious or unauthorized activity.
  • Compliance: meet legal, regulatory, and tax obligations, and enforce terms and policies.
  • Marketing: deliver information about updates, events, research, and opportunities consistent with your choices and applicable law.
  • Research and insights: aggregate and de-identify data to analyze trends across the crypto ecosystem.

Legal Bases for Processing (GDPR)

  • Consent: for activities such as certain cookies/analytics, newsletters, and marketing where required.
  • Contract: to create and maintain accounts, fulfill requested services, and provide customer support.
  • Legitimate interests: to secure our services, prevent fraud, measure audience reach, and improve features, balanced against your rights and expectations.
  • Legal obligations: to comply with applicable laws, court orders, or regulatory requirements.
  • Vital interests: only where necessary to protect life or safety.

Legitimate Interests Assessment Summary

We rely on legitimate interests for core site security, basic analytics, service improvement, and administrative operations. We apply data minimization, access controls, and opt-out/objection mechanisms to balance our interests with your rights.

Disclosures and Recipients

  • Service providers (processors): hosting, content delivery, analytics, email and newsletter platforms, security, customer support, and payment processing (if used). These providers act under written contracts and are bound by confidentiality and data protection obligations.
  • Affiliates and business transfers: in connection with mergers, acquisitions, financing, or sale of assets, subject to continued protections consistent with this Notice.
  • Public blockchain networks: if you choose to broadcast blockchain transactions or share wallet addresses, related data may become public and immutable on-chain.
  • Legal and compliance: to competent authorities or parties when required by law or necessary to protect rights, safety, and property.
  • Advertising and marketing partners: where applicable, to measure campaigns or deliver contextual or interest-based content, subject to your choices and opt-out rights.

International Transfers

We operate in the United States. Where EU/UK/Swiss personal data is transferred to the U.S. or other non-EU jurisdictions, we implement appropriate safeguards (such as Standard Contractual Clauses and supplementary measures) and assess local laws to protect your data.

Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Notice, including to meet legal, accounting, or reporting obligations and to resolve disputes. Retention periods vary by category and context—for example, account data persists while your account remains active; marketing preferences are kept until you opt out; security logs typically rotate on scheduled intervals; and cookies persist according to their set lifetimes. When data is no longer needed, we delete or de-identify it in a secure manner.

Security

We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege role management, multifactor authentication for administrative access, network monitoring, and staff training. No security program is infallible; we cannot guarantee absolute security.

Your Rights under GDPR

  • Right of access to your personal data and to receive a copy.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure, subject to legal and technical limitations.
  • Right to restrict processing in certain circumstances.
  • Right to data portability for data you provided to us.
  • Right to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint with a supervisory authority in your jurisdiction.

Note: Public blockchain data is typically immutable and cannot be altered or deleted once written on-chain. Where erasure is requested, we will take reasonable off-chain steps (for example, cease processing, de-index, or dissociate identifiers) consistent with legal obligations and technical feasibility.

Your Rights under United States Privacy Laws

Depending on your state of residence (including California, Colorado, Connecticut, Utah, Virginia, and substantially similar state laws), you may have the following rights:

  • Right to know/access the categories and specific pieces of personal data we collected about you.
  • Right to delete personal data, subject to exceptions.
  • Right to correct inaccurate personal data.
  • Right to data portability.
  • Right to opt out of the sale or sharing of personal data and targeted advertising.
  • Right to limit the use and disclosure of sensitive personal information (we do not use sensitive data for purposes that trigger a right to limit).
  • Right to non-discrimination for exercising your privacy rights.
  • Right to appeal our decision regarding your privacy request (where applicable).

How to Exercise Your Rights

  • Submission: Contact us at [email protected] with your request and sufficient details to identify you and the data at issue.
  • Verification: We may verify your request by confirming access to the email address associated with your interactions and, if necessary, by requesting additional reasonable information.
  • Authorized agents (California): Agents must provide proof of authorization and, where required, consumer verification.
  • Timelines: We aim to respond within 45 days (with an extension where permitted). If we deny your request, you may appeal by emailing [email protected] with the subject line “Appeal,” and we will respond within the period required by law.

Do Not Sell or Share and Targeted Advertising

We do not sell your personal data for monetary consideration. We may “share” limited identifiers with partners to facilitate cross-context behavioral advertising or targeted advertising, as those terms are defined under certain state laws. You may opt out of such sharing or targeted advertising by emailing [email protected] and by enabling an applicable browser-based opt-out signal as described below.

Global Privacy Control and Opt-Out Preference Signals

We honor recognized browser-based opt-out signals, such as Global Privacy Control (GPC). When detected, we treat the signal as a valid request to opt out of selling or sharing personal data and targeted advertising for the browser and device used, subject to applicable law.

Cookies and Similar Technologies

We use cookies, web beacons, SDKs, and similar technologies to operate the site, remember preferences, analyze usage, personalize content, and, where applicable, support advertising. Categories include: strictly necessary (site operation and security), performance/analytics (measure and improve), functional (preferences), and advertising (interest-based content). You can control cookies through your browser settings and, where available, our on-site controls. Disabling certain cookies may affect functionality.

Children’s Data

Our services are not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child under 13 has provided personal data, contact us at [email protected] so we can take appropriate action. For individuals in the EU/UK, we do not knowingly process personal data of children under the age of digital consent applicable in their country without appropriate authorization.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. We may use limited profiling for service personalization and analytics, subject to your rights and choices.

California Notice at Collection

Categories collected: identifiers; internet/network activity; geolocation (coarse); commercial data; user-generated content; professional information; inferences. Sources: directly from you, your devices and interactions with our services, publicly available sources, and service providers. Purposes: as described above (service delivery, communications, personalization, analytics, security, compliance, marketing, research). Retention: for the duration necessary for the stated purposes and obligations. Selling/sharing: no monetary sale; we may share limited identifiers for cross-context behavioral advertising unless you opt out. Sensitive personal information: not used or disclosed for purposes that infer characteristics or require a right to limit under California law.

Contact Information

OffTheHype, c/o Lori Henry, 601 SW 41st St, Renton, WA 98057, United States. Email: [email protected]. Please contact us for questions, to exercise your rights, or to submit privacy-related requests.

Updates

We may update this Data Protection Notice to reflect changes in our practices or applicable laws. Material changes will be indicated on our services, and where required, we will provide additional notice.

author
Lori Henry

I’m a blockchain researcher and crypto product strategist. I analyze protocols, tokenomics, and market structure, and I publish practical guides on coins, exchanges, and airdrops. I also advise startups on security and compliance while translating complex crypto knowledge into accessible insights.

Write a comment

Search
Categories
Recent Post
popular Tags