Privacy Policy

Overview

This Privacy Policy explains how Burn Arena ("we", "us", "our") collects, uses, stores, and discloses personal data when you use our website and application (the "Service").

The Service is a voluntary social and behavioural experiment platform in which adult users may choose to spend money to obtain non-redeemable digital Tokens and intentionally destroy (burn) them. This policy applies to users in the United Kingdom and United States.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Burn Arena is the data controller for personal data processed through the Service.

Contact: support@burnarena.app

2. Personal Data We Collect

We collect only data reasonably necessary to operate, secure, and improve the Service.

2.1 Information You Provide

• Name or display name.
• Email address.
• Account login credentials (stored in hashed form).
• Date of birth (for age verification).
• Country of residence.
• Support messages and correspondence.
• Consent and acceptance timestamps for Terms and spending consent.

2.2 Transaction and Experiment Activity Data

• Purchase records.
• Burn Actions.
• Transaction timestamps and amounts.
• Experiment participation metrics.
• Burn Streak counts and history.
• Achievement and badge unlocks.
• Leaderboard position data.
• Rank progression data.

Tokens are digital units only and are not financial assets.

2.3 Automatically Collected Data

When you use the Service, we automatically collect:

• IP address.
• Country-level location (derived from IP).
• Device and browser type.
• Operating system.
• Pages visited and feature usage.
• Session and authentication events.
• Security and fraud-prevention signals.

We do not collect precise GPS location.

2.4 Payment Processing Data

Payments are processed by third-party payment providers (such as Stripe). We do not store full card numbers or CVC codes.

We receive limited payment metadata such as:

• Payment status.
• Transaction identifiers.
• Purchase amount and currency.

Payment providers process payment data under their own privacy policies.

2.5 Third-Party Login Providers

If you sign in using a third-party provider (such as Google), we receive basic profile information such as:

• Name.
• Email.
• Profile image.

We do not receive your third-party passwords.

3. How We Use Personal Data

Service Operation

• Create and manage accounts.
• Deliver Purchases and Burn Actions.
• Display account history.
• Provide support.
• Display leaderboards and rankings.
• Track and display Burn Streaks.
• Award and display achievements and badges.
• Enable social sharing features.

Safety and Integrity

• Enforce age and country restrictions.
• Prevent fraud and abuse.
• Enforce spending safeguards.
• Investigate suspicious activity.
• Maintain system security.

Communication

• Provide in-app confirmations and notices related to Purchases and Burn Actions.
• Respond to support requests.
• Notify of important account or policy changes.

Improvement and Analytics

• Understand usage patterns.
• Improve performance and features.
• Test usability and reliability.

We do not use your data for behavioural advertising.

4. Legal Bases for Processing (UK GDPR / GDPR)

We process personal data under the following legal bases:

• Contract performance: To provide the Service you request.
• Legitimate interests: Security, fraud prevention, service improvement.
• Legal obligation: Where required by applicable law.
• Consent: Where specifically requested (for example, optional communications).

5. Data Sharing

We share data only where necessary.

Public Features

Certain data is publicly visible by design:

• Your display name appears on leaderboards.
• Your rank position, rank title, and daily/all-time burn totals are visible on leaderboards.
• Recent burn activity (display name, amount, and timestamp) may appear in a public activity feed.
• Content you choose to share via social sharing features may be publicly accessible.
• Achievement badges may be visible to other users.

You control your display name and what you choose to share. Leaderboard participation is automatic upon Burn Actions.

Service Providers

We use vetted providers for:

• Payment processing.
• Hosting and infrastructure.
• Monitoring and diagnostics.
• Authentication.

Providers process data under contractual confidentiality obligations.

Legal Requirements

We may disclose data if required by:

• Law or regulation.
• Court order.
• Lawful government request.
• Protection of legal rights or safety.

Business Transfers

If the Service is sold or reorganized, data may transfer as part of that transaction.

No Data Selling

We do not sell personal data or share it for third-party marketing.

6. Data Retention

We retain data only as long as reasonably necessary.

• Account data: Retained while the account is active.
• Transaction records: Retained for audit, fraud prevention, and dispute resolution.
• Security logs: Typically retained up to 12 months.
• Support communications: Typically retained up to 12 months.

Data may be retained longer where legally required or necessary to resolve disputes.

The Service is intended to operate only until 31 December 2026 at 11:59pm BST and may end earlier. If the Service ends, we may delete or anonymize data after shutdown except where retention is required by law.

7. Data Security

We use appropriate technical and organizational safeguards, including:

• Encrypted data transmission.
• Access controls.
• Authentication protections.
• Monitoring and abuse detection.

No system is perfectly secure. Users share data at their own risk.

8. Your Privacy Rights

Depending on your location, you may have rights to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data.
• Restrict processing.
• Receive a portable copy.
• Object to certain processing.
• Withdraw consent where applicable.

Requests: support@burnarena.app

We may need to verify identity before fulfilling requests.

9. UK Supervisory Authority Rights

UK residents may lodge complaints with the Information Commissioner's Office (ICO).

10. US State Privacy Rights

Residents of certain US states (such as California and Virginia) may have additional rights, including:

• Right to know.
• Right to delete.
• Right to correct.
• Right to opt out of certain data uses.

We honor applicable state privacy laws.

11. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Authentication.
• Session management.
• Security.

You can control cookies through your browser settings, though some features may not function properly without them.

12. Children's Privacy

The Service is for adults only (18+). We do not knowingly collect data from minors.

Minor accounts will be removed if discovered.

13. International Data Transfers

Data may be processed in countries outside your residence, including the United States and United Kingdom.

Where required, we use recognized legal safeguards for cross-border data transfers.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified through the Service.

15. Contact

support@burnarena.app