Privacy Policy.

1. Introduction

Welcome to Seek, a daily word-puzzle mobile game developed by Taral ("we", "us", or "our"). This Privacy Policy explains how we collect, use, and protect information when you use the Seek mobile application and our associated backend services hosted at https://taral.io (collectively, the "Service").

By using the Service you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Blockchain / Wallet Data

Seek is a wallet-connected experience. When you choose to connect a Solana wallet, we process:

1. Your public wallet address (a string of alphanumeric characters identifying your on-chain account).
2. Transaction signatures submitted to our backend for NFT minting and upgrade operations.

We never request, store, or have access to your private keys, seed phrases, or any credentials that could control your wallet.

2.2 Gameplay Data

All gameplay state (current puzzle, guess history, streak, tutorial status, sound preference) is stored exclusively on your device using React Native AsyncStorage. This data does not leave your device and is not transmitted to our servers.

2.3 Server-Side Request Data

When you call our serverless API endpoints (e.g., to mint an NFT), our hosting provider (Vercel) and rate-limiting infrastructure (Upstash Redis) may temporarily store:

1. Your public wallet address, to enforce rate limits and prevent duplicate mints. Rate limit keys are retained for 30 seconds.
2. Payment transaction signatures, retained for up to 24 hours to ensure idempotency and prevent double-processing.
3. Standard server log data (IP address, timestamp, HTTP method, response code) retained by Vercel per their own data-retention policies.

2.4 Data We Do NOT Collect

We do not collect:

1. Names, email addresses, or any personally identifiable information (PII).
2. Location data.
3. Device identifiers or advertising IDs.
4. Biometric data.
5. Any data from third-party trackers or advertising networks.

3. How We Use Information

We use the limited data described above solely to:

1. Provide the Service (mint and manage NFT achievements on your behalf).
2. Enforce rate limits to protect the integrity of the daily mint system.
3. Prevent duplicate or fraudulent transactions.
4. Debug and fix technical issues.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.

4. Blockchain Transparency

Solana is a public blockchain. Any NFTs minted through Seek are recorded permanently and publicly on-chain. This includes your wallet address, transaction details, and NFT metadata. This is an inherent feature of blockchain technology and is not within our ability to reverse or delete. Please be aware that:

1. Your wallet address is visible to anyone who inspects the Solana blockchain.
2. NFT ownership history is permanently public.
3. We cannot delete on-chain records.

5. Data Sharing and Third Parties

We share your data only with service providers strictly necessary to operate the Service:

• Vercel Serverless hosting and edge functions. Privacy Policy →
• Upstash Serverless Redis for rate limiting and idempotency. Rate limit data is ephemeral (TTL 30 seconds); payment idempotency keys expire after 24 hours. Redis eviction is disabled to ensure idempotency keys are never prematurely deleted. Privacy Policy →
• Helius Solana RPC and DAS indexing provider. Only public blockchain queries are made. Privacy Policy →
• Pinata IPFS pinning and dedicated gateway for NFT imagery storage. NFT card images are served via our dedicated Pinata gateway. Privacy Policy →
• Metaplex / Solana Foundation On-chain program execution (public blockchain).

We do not sell, rent, or trade your information to any third party.

6. Data Retention

Rate limit keys in Upstash Redis expire automatically after 30 seconds. Payment signature idempotency keys expire after 24 hours. No other personal data is retained by our servers. Server access logs held by Vercel are subject to Vercel's own retention policies (typically 30 days).

7. Children's Privacy

Seek is not directed at children under the age of 13 (or 18 in India, or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at taral.io@proton.me and we will take steps to remove that information.

8. Security

We implement industry-standard security measures including:

• HTTPS for all API communications
• Environment-variable storage for sensitive credentials (never hardcoded)
• Upstash Redis eviction disabled — idempotency keys cannot be silently purged
• Minimal data collection by design

However, no system is perfectly secure. We cannot guarantee absolute security of information transmitted over the internet.

9. Your Rights

Because we collect minimal off-chain data, most data subject rights are straightforward to exercise:

1. Access / Portability — Your gameplay data is already stored locally on your device. Server-side data (rate limit TTLs) is ephemeral.
2. Deletion — Rate limit and idempotency keys auto-expire. On-chain NFT records cannot be deleted (blockchain immutability).
3. Correction — Contact us if you believe incorrect data is being processed.

Indian users may exercise rights under the Digital Personal Data Protection Act, 2023 (DPDP Act) by contacting us at taral.io@proton.me.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this document and, where appropriate, notify users through the app or website. Continued use of the Service after changes constitutes acceptance of the updated policy.

Please also review our Terms of Service.

11. Contact Us