LEGAL

Privacypolicy.

Last updated: 2026-05-19 · Version 1.0

1. Information We Collect

Wallet address: when you connect a Base wallet to Lull Protocol, we record the public address so we can display your positions and route your harvests.

Adapter telemetry: we record the adapter you use, the amount routed, and the resulting settlement tx hash for accounting and reporting.

Usage data: standard server logs — IP, user-agent, timestamps, request paths — kept for 30 days for operational purposes.

We do not collect names, emails (unless you subscribe to our newsletter or sign in via Privy), phone numbers, or KYC documents.

2. How We Use Information

To operate the Service: route your capacity, display earnings, generate harvest transactions, and produce public on-chain analytics.

To improve the Service: measure adapter performance, detect abuse, and fix bugs.

To comply with the law: respond to valid legal process such as subpoenas or court orders.

3. Information Sharing

We do not sell personal information. We do not share your wallet address with advertisers.

Public by design: wallet activity on Base is public. Anyone can inspect the chain. We publish aggregate routing statistics on /developers but never tie them to off-chain identity.

Service providers: we use Postgres (hosting + DB), Cloudflare (CDN), Alchemy (RPC), and Privy (embedded wallets + auth). Each provider receives only the data needed to operate its piece.

4. Data Retention

Server logs: 30 days, then purged.

Routing telemetry (wallet → adapter → amount): retained indefinitely, as it is reconstructible from the blockchain anyway.

Newsletter subscriptions: until you unsubscribe, with a one-click link in every email.

5. Your Rights

If you are in the EU, UK, or California, you have the right to access, correct, delete, or port your personal data. Email protocol@earnlull.xyz with your wallet address and request.

We will respond within 30 days. We cannot delete on-chain data (we don't control the blockchain), but we can remove off-chain associations and opt you out of our analytics surface.

6. Cookies and Tracking

We use strictly necessary cookies (session, CSRF token). We do not use advertising cookies, cross-site tracking pixels, or fingerprinting.

We use Plausible Analytics — no cookies, no personal data, aggregate only.

7. Security

We use TLS everywhere, short-lived auth nonces (5 min), and encrypted DB backups.

We do not custody funds. Compromise of our infrastructure cannot drain user wallets, because every settlement tx is signed client-side via Privy MPC.

8. Children's Privacy

The Service is not directed at children under 18. If we learn we have collected data from a child under 18, we will delete it.

9. International Transfers

Our servers are located in the United States and the European Union. By using the Service you consent to transfer of your data to these jurisdictions.

10. Changes

Material changes will be announced on /changelog and /blog. The "Last updated" date above reflects the current version.

11. Contact

Privacy questions? Email protocol@earnlull.xyz.