Infinity Ads Protocols

Privacy Policy

Last updated: March 2026

Introduction

Infinity Ads Protocols ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect your data when you access or use our platform, including our website, mobile applications, and all associated services. Infinity Ads Protocols acts as the data controller for personal information processed through the platform.

Information We Collect

We collect various categories of information to provide, maintain, and improve our services. The types and extent of data collected depend on how you interact with the platform.

Account Data

  • Username (chosen at registration, permanent)
  • Email address (used for account communications and verification)
  • Password (stored as a bcrypt hash — we never store plaintext passwords)
  • WhatsApp number (collected only if you enable two-factor authentication)

Financial Data

  • BNB Smart Chain (BSC) wallet addresses associated with your account
  • Deposit and withdrawal amounts, timestamps, and transaction statuses
  • Complete transaction history including task rewards, bonuses, and commission records
  • Earnings and bonus records across all reward categories

Device Data

  • Browser type and version
  • Operating system and version
  • Screen resolution and viewport dimensions
  • IP address (collected for security and fraud prevention purposes)

Usage Data

  • Pages visited and features used within the platform
  • Task completion patterns and engagement metrics
  • Session duration and frequency of access
  • Referral activity and network interactions

Cookies

  • Essential cookies required for session management and authentication state
  • Analytics cookies via Vercel Analytics for anonymized performance monitoring

Legal Basis for Processing (GDPR Art. 6)

We process your personal data only when we have a valid legal basis to do so under applicable data protection legislation, including the General Data Protection Regulation (GDPR).

Contract Performance

  • Account creation and maintenance
  • Processing deposits, withdrawals, and reward distributions
  • Facilitating task completion and mission progression

Legitimate Interest

  • Fraud prevention and detection of suspicious activity
  • Platform security monitoring and incident response
  • Usage analytics for service improvement and optimization

Consent

  • Optional marketing communications and promotional notifications
  • Analytics tracking beyond what is strictly essential for platform operation

Legal Obligation

  • Anti-money laundering (AML) and Know Your Customer (KYC) compliance where required by applicable law
  • Tax reporting obligations in relevant jurisdictions
  • Cooperation with law enforcement pursuant to valid legal process

How We Use Your Data

We use the information we collect for the following purposes: operating and maintaining the platform and its core functionality; processing deposits, withdrawals, task rewards, and all forms of commission and bonus distributions; sending transactional notifications via email and WhatsApp OTP for security verification; fraud prevention, security monitoring, and detection of Terms of Service violations; compliance with applicable legal and regulatory obligations; service improvement through aggregated usage analytics; and providing customer support and resolving account-related inquiries.

Blockchain Data

Transactions conducted on the BNB Smart Chain are publicly visible and permanently recorded on the blockchain. Wallet addresses and transaction amounts are inherently transparent and accessible to anyone. We cannot modify, delete, or redact any data that has been recorded on the blockchain. While blockchain data is pseudonymous by nature, it may potentially be linked to your identity through correlation with other data sources, including data held by the platform.

Data Sharing & Third Parties

We do not sell your personal data to any third party. All third-party service providers are bound by confidentiality agreements and data processing agreements that restrict their use of your data to the specific services they provide to us.

Infrastructure Providers

  • Fly.io — API hosting infrastructure (primary servers in Singapore)
  • Vercel — Frontend hosting and content delivery network
  • Supabase — Database hosting and management

Communication Services

  • Resend — Transactional email delivery (account verification, notifications)
  • WhatsApp Business API — OTP delivery and security notifications for 2FA-enabled accounts

Analytics

  • Vercel Web Analytics and Speed Insights — Anonymized performance metrics only, no personally identifiable information is collected or transmitted

Legal Requirements

  • Law enforcement agencies, but only in response to valid legal process such as court orders, subpoenas, or regulatory requests
  • Regulatory bodies as required by applicable law in relevant jurisdictions

Business Transfers

  • In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy

International Data Transfers

Our primary servers are located in Singapore (Fly.io). Frontend assets are served globally through Vercel's content delivery network. Your data may transit to or be processed by third-party service providers located in various jurisdictions worldwide. Where personal data is transferred outside the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or reliance on adequacy decisions issued by the European Commission.

Data Retention

For active accounts, we retain your personal data for as long as your account remains open and active. Transaction records are retained for a minimum of seven (7) years to satisfy legal, tax, and regulatory requirements. Upon account closure, personal data is deleted within ninety (90) days, with the exception of blockchain data which persists permanently on-chain. Audit logs are retained for two (2) years for security and compliance purposes. Anonymized and aggregated analytics data may be retained indefinitely as it cannot be used to identify individual users.

Data Security

We implement robust technical and organizational measures to protect your data, including: encryption in transit via TLS 1.3 and encryption at rest for stored data; JWT-based authentication with token versioning for session management; bcrypt password hashing with appropriate cost factors; row-level database security policies; and regular security audits of platform infrastructure and code. We maintain incident response procedures and will notify affected users of any data breach without undue delay as required by applicable law. However, no system is entirely immune to security threats, and we cannot guarantee absolute security of your information.

Cookies & Tracking

We use a minimal set of cookies and tracking technologies to operate and improve the platform. We do not engage in behavioral advertising or cross-site tracking.

Essential Cookies

  • Session management and authentication state persistence
  • Required for core platform operation and cannot be disabled

Analytics

  • Vercel Web Analytics and Speed Insights for anonymized performance metrics
  • No personally identifiable information is collected through analytics

No Advertising Cookies

  • We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies
  • You may manage cookie preferences through your browser settings at any time

Your Rights — GDPR (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or United Kingdom, you are entitled to the following rights under the General Data Protection Regulation. We respond to all valid GDPR requests within thirty (30) days of receipt.

Right of Access

  • Request a complete copy of all personal data we hold about you

Right to Rectification

  • Request correction of any inaccurate or incomplete personal data

Right to Erasure

  • Request deletion of your personal data, subject to exceptions for blockchain data (which is immutable) and data we are legally required to retain

Right to Data Portability

  • Receive your personal data in a structured, commonly used, machine-readable format

Right to Restrict Processing

  • Request that we limit the processing of your personal data under certain circumstances

Right to Object

  • Object to processing of your personal data that is based on our legitimate interests

Right to Withdraw Consent

  • Withdraw your consent at any time where our processing is based on your consent, without affecting the lawfulness of prior processing

Right to Lodge Complaint

  • File a complaint with your local data protection supervisory authority if you believe your rights have been violated

Your Rights — CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information. We respond to all verified CCPA requests within forty-five (45) days of receipt.

Right to Know

  • Request disclosure of the categories and specific pieces of personal information we have collected, used, and disclosed about you

Right to Delete

  • Request deletion of your personal information, subject to certain legal exceptions including blockchain data and regulatory retention requirements

Right to Opt-Out of Sale

  • We do not sell personal information to third parties — this right is automatically and fully satisfied

Right to Non-Discrimination

  • We will not discriminate against you in pricing, service quality, or access for exercising any of your CCPA rights

Authorized Agents

  • You may designate an authorized agent to submit requests on your behalf, subject to identity verification requirements

Children's Privacy

Infinity Ads Protocols is not directed at individuals under the age of 18, and we do not knowingly collect, solicit, or process personal data from minors. If we become aware that personal data has been collected from a person under 18, we will take immediate steps to delete such data from our systems and terminate the associated account. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@infinityads.io so we can take appropriate action.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. For material changes, we will provide at least thirty (30) days' advance notice via email or prominent platform notification prior to the effective date. Your continued use of the platform after the effective date of any updated Policy constitutes your acceptance of the revised terms. Previous versions of this Privacy Policy are available upon request.

Contact & Data Protection

For privacy-related inquiries, data subject access requests, or any concerns about how your personal data is handled, please contact us at support@infinityads.io. We endeavor to respond to all privacy and data protection inquiries within thirty (30) days.

Also see: Terms of Service