Privacy Policy

MOLOCH ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our cryptographic competition platform at m0l0ch.com (the "Service").

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

The data controller responsible for your personal data is:

For any questions regarding this Privacy Policy or your personal data, please contact us at admin@m0l0ch.com.

Account Information:

• Email address (required for account creation)
• First and last name (optional)
• Phone number (optional)
• Password (encrypted and hashed)

Automatically Generated Data:

• Public alias (randomly generated identifier)
• Account seed and initiation sigil (unique cryptographic identifiers)
• Account creation timestamp

Competition Data:

• Puzzle attempts and submissions
• Solve times and progress
• Elimination and rebuy status
• Leaderboard rankings

Payment Data:

• Transaction records for rebuy purchases
• Payment processing is handled by Stripe; we do not store credit card details

Technical Data:

• IP address (for security and fraud prevention)
• Browser type and version
• Device information
• Access timestamps

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the competition service you registered for.
• Legitimate Interests: Processing necessary for platform security, fraud prevention, and service improvement.
• Legal Obligation: Processing required to comply with applicable laws, such as tax regulations for prize payments.
• Consent: Where required, we will obtain your explicit consent before processing (e.g., marketing communications).

• To create and manage your account
• To provide personalized puzzle content
• To track your competition progress and maintain the leaderboard
• To process rebuy payments through Stripe
• To distribute prizes to winners
• To communicate important updates about the competition
• To prevent fraud, cheating, and unauthorized access
• To comply with legal obligations
• To improve our Service and user experience

We share your data with the following categories of recipients:

• Supabase: Our database and authentication provider (data stored in EU region).
• Stripe: Payment processor for rebuy transactions (PCI-DSS compliant).
• Vercel: Hosting provider for our platform.

We do not sell your personal data to third parties. Public aliases may appear on the public leaderboard, but no personally identifiable information is displayed.

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework certification
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable

We retain your personal data for the following periods:

• Account data: For the duration of your account, plus 2 years after deletion for legal compliance.
• Competition data: Retained permanently for historical records and leaderboard integrity.
• Payment records: 7 years as required by tax regulations.
• Security logs: 12 months for fraud prevention purposes.

Under the GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data we hold.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure:Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at admin@m0l0ch.com. We will respond within 30 days of receiving your request.

You also have the right to lodge a complaint with your local data protection supervisory authority.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Secure password hashing using industry-standard algorithms
• Row Level Security (RLS) for database access control
• Regular security audits and monitoring
• Rate limiting to prevent abuse
• Access logging for security investigations

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at admin@m0l0ch.com.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email notification.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: