1. Information We Collect
Wallet address: when you connect a Base wallet to Lull Protocol, we record the public address so we can display your positions and route your harvests.
Adapter telemetry: we record the adapter you use, the amount routed, and the resulting settlement tx hash for accounting and reporting.
Usage data: standard server logs — IP, user-agent, timestamps, request paths — kept for 30 days for operational purposes.
We do not collect names, emails (unless you subscribe to our newsletter or sign in via Privy), phone numbers, or KYC documents.
2. How We Use Information
To operate the Service: route your capacity, display earnings, generate harvest transactions, and produce public on-chain analytics.
To improve the Service: measure adapter performance, detect abuse, and fix bugs.
To comply with the law: respond to valid legal process such as subpoenas or court orders.
3. Information Sharing
We do not sell personal information. We do not share your wallet address with advertisers.
Public by design: wallet activity on Base is public. Anyone can inspect the chain. We publish aggregate routing statistics on /developers but never tie them to off-chain identity.
Service providers: we use Postgres (hosting + DB), Cloudflare (CDN), Alchemy (RPC), and Privy (embedded wallets + auth). Each provider receives only the data needed to operate its piece.
4. Data Retention
Server logs: 30 days, then purged.
Routing telemetry (wallet → adapter → amount): retained indefinitely, as it is reconstructible from the blockchain anyway.
Newsletter subscriptions: until you unsubscribe, with a one-click link in every email.
5. Your Rights
If you are in the EU, UK, or California, you have the right to access, correct, delete, or port your personal data. Email protocol@earnlull.xyz with your wallet address and request.
We will respond within 30 days. We cannot delete on-chain data (we don't control the blockchain), but we can remove off-chain associations and opt you out of our analytics surface.
6. Cookies and Tracking
We use strictly necessary cookies (session, CSRF token). We do not use advertising cookies, cross-site tracking pixels, or fingerprinting.
We use Plausible Analytics — no cookies, no personal data, aggregate only.
7. Security
We use TLS everywhere, short-lived auth nonces (5 min), and encrypted DB backups.
We do not custody funds. Compromise of our infrastructure cannot drain user wallets, because every settlement tx is signed client-side via Privy MPC.
8. Children's Privacy
The Service is not directed at children under 18. If we learn we have collected data from a child under 18, we will delete it.
9. International Transfers
Our servers are located in the United States and the European Union. By using the Service you consent to transfer of your data to these jurisdictions.
10. Changes
Material changes will be announced on /changelog and /blog. The "Last updated" date above reflects the current version.
11. Contact
Privacy questions? Email protocol@earnlull.xyz.