Legal

Privacy Policy

Effective date: 1 January 2026 · Version 1.0

1. Who we are

GetSmart Token is operated by Digital Financial Aid Corporation, a Florida 501(c)(3) non-profit organisation ("we", "us", or "our"). Our registered address is in the State of Florida, United States. You can contact us at privacy@getstoken.org.

2. What data we collect

We collect only the minimum data required to provide our services:

  • Account data — when you sign in with Coinbase OAuth we receive your Coinbase user ID, public wallet address, and optionally your email address.
  • Course enrolment data — name and email address submitted via Google Forms when you enrol in our "Agents & Assets" email course.
  • Blockchain data — token balances, credential award transactions, and on-chain activity are inherently public on the Base network.
  • Communication data — emails you send us directly.

We do not use cookies of any kind — analytics, advertising, or functional. We do not use tracking pixels, fingerprinting, or any third-party tracking technology on this website.

3. How we use your data

  • To create and manage your GetSmart Token account.
  • To issue blockchain-verified credentials and $GETS token rewards.
  • To deliver course mission emails and educational content.
  • To process donations and sponsorships (via Stripe — see Section 6).
  • To respond to your enquiries and provide support.
  • To comply with legal obligations.

We will never sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract — processing necessary to provide the services you have signed up for.
  • Legitimate interests — fraud prevention, security, and improving our services.
  • Legal obligation — complying with applicable laws and regulations.
  • Consent — where we explicitly ask for your consent (e.g. marketing emails), which you may withdraw at any time.

5. Your rights (GDPR & CCPA)

Depending on your location, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your personal data ("right to be forgotten"), subject to our legal obligations.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — ask us to restrict processing in certain circumstances.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

Please note: on-chain credential data on the Base network is immutable by design and cannot be erased. We can, however, delete all off-chain data associated with your account.

To exercise any of these rights, email privacy@getstoken.org. We will respond within 30 days.

6. Third-party services

  • Coinbase OAuth — used for authentication. Coinbase's own privacy policy applies to data held on their platform.
  • Google Forms — used to collect course enrolment information. Google's privacy policy applies.
  • Stripe — used to process Pioneer Sponsor payments. Stripe's privacy policy applies to payment data. We do not store your card details.
  • Base Network (Coinbase) — a public Layer-2 blockchain. Transactions are permanently public.
  • Cloudflare Pages — used to host this website. Cloudflare may process technical request data (IP address, user-agent) per their privacy policy.

7. Cookies & tracking

We do not use cookies. This website does not set any cookies — not analytics cookies, advertising cookies, or session cookies. There is no cookie banner because there is nothing to consent to.

8. Data retention

We retain personal data for as long as your account is active or as needed to provide services. If you close your account, we delete off-chain personal data within 90 days, except where retention is required by law (e.g. financial records are retained for 7 years).

9. International transfers

Our servers are primarily located in the United States. If you are in the EEA or UK, your data may be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers.

10. Children's privacy

Our course is open to users aged 11 and over. For users under 13 (or under 16 in the EEA), we require verifiable parental or guardian consent before processing any personal data. Parents may contact us to review or delete their child's data.

11. Changes to this policy

We may update this policy from time to time. We will notify registered users by email of any material changes and update the effective date at the top of this page.

12. Contact & supervisory authority

For privacy questions, contact us at privacy@getstoken.org.

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority (DPA).

Digital Financial Aid Corporation · Florida 501(c)(3) · Version 1.0 · January 2026