Privacy Policy
SANKI® & SANKI VRAJA®
Last Updated: December 2025
Effective Date: December 2025
1. INTRODUCTION
Welcome to SANKI VRAJA® ("Platform", "we", "us", or "our"). This Privacy Policy explains how SANKI VRAJA SRL collects, uses, discloses, and safeguards your personal data when you use our Platform, including the website at sankivraja.com, associated mobile applications, and all related services.
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Romanian Law 190/2018, and other applicable data protection legislation.
IMPORTANT NOTICE REGARDING BLOCKCHAIN DATA: The SANKI ecosystem operates on the BNB Chain (Binance Smart Chain) blockchain. Blockchain transactions are PUBLIC, PERMANENT, and IRREVERSIBLE. This Privacy Policy addresses both on-chain data (which we cannot control or delete) and off-chain data (which is stored on our servers and subject to your GDPR rights).
Please read this Privacy Policy carefully. By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Platform.
2. DATA CONTROLLER
The data controller responsible for your personal data is:
For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at the email address above.
3. SCOPE OF THIS POLICY
This Privacy Policy applies to:
sankivraja.com — Our main platform hub, including bounty programs, leaderboards, and ecosystem features
Mobile Application — Our mobile app (currently in development)
Sankiverse — Our metaverse environment (future feature)
Gaming Platform — Our gaming services (future feature)
IMPORTANT: This Privacy Policy does NOT cover:
sanki.ro — Our merchandise store operates separately and has its own Privacy Policy.
Third-party websites — We are not responsible for the privacy practices of any third-party websites or services linked from our Platform.
Blockchain networks — Data recorded on the BNB Chain blockchain is governed by the decentralized nature of blockchain technology, not by this Privacy Policy.
4. CATEGORIES OF PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
4.1 Identification Data
Data Type
Description
On-Chain/Off-Chain
Wallet Address
Your public cryptocurrency wallet address (e.g., MetaMask)
On-Chain (Public)
Username/Display Name
Your chosen display name on the Platform
Off-Chain
Email Address
Optional, for notifications and communications
Off-Chain
4.2 Authentication Data
Data Type
Description
On-Chain/Off-Chain
Web3 Wallet Signature
Cryptographic signature used to verify wallet ownership
Off-Chain
Session Tokens
Authentication tokens for maintaining your logged-in state
Off-Chain
4.3 Activity and Transaction Data
Data Type
Description
On-Chain/Off-Chain
Token Burn History
Record of SANKI tokens you have burned
On-Chain (Public)
Blockchain Transactions
All transactions involving SANKI tokens or NFTs
On-Chain (Public)
NFT Ownership
NFTs you own in the SANKI collection
On-Chain (Public)
Leaderboard Position
Your ranking based on burn activity
Off-Chain
Bounty Tasks Completed
Tasks you have completed in the bounty program
Off-Chain
vSanki Balance
Your internal Virtual Sanki balance
Off-Chain
4.4 Technical Data
Data Type
Description
On-Chain/Off-Chain
IP Address
Your Internet Protocol address
Off-Chain
Browser Information
Browser type, version, and settings
Off-Chain
Device Information
Device type, operating system, and identifiers
Off-Chain
Cookies and Local Storage
Data stored in your browser (see Section 13)
Off-Chain
Error Logs
Technical logs for debugging and security
Off-Chain
4.5 Future Data Categories (Sankiverse and Gaming)
As we develop new features, we may collect additional data, including:
Metaverse Activity: Your actions, interactions, and presence within Sankiverse
Virtual Land Ownership: SvD (Sankiverse Domain) parcels you own (on-chain)
Gaming Data: Game scores, match history, in-game behavior, and achievements
User-Generated Content: Content you create within Sankiverse or gaming environments
We will update this Privacy Policy before collecting any new categories of personal data.
5. HOW WE COLLECT YOUR DATA
We collect personal data through the following methods:
5.1 Data You Provide Directly
When you connect your Web3 wallet to the Platform
When you create an account or profile
When you provide your email address for notifications
When you contact us via email or support channels
When you participate in bounty programs or community activities
5.2 Data Collected Automatically
Technical data collected when you browse the Platform
Cookies and similar technologies (see Section 13)
Analytics data through Google Analytics
Error and performance logs
5.3 Data from Blockchain
Your wallet address and associated transaction history
Token balances and transfer history
NFT ownership records
Smart contract interactions
Note: Blockchain data is publicly available and not collected by us in the traditional sense. We read and display this public information to provide our services.
5.4 Data from Third Parties
Authentication providers (Web3 wallet providers like MetaMask)
Analytics services (Google Analytics)
Hosting and infrastructure providers
6. PURPOSES OF PROCESSING
We process your personal data for the following purposes:
6.1 Service Provision and Contract Performance
To authenticate your identity and wallet ownership
To provide access to Platform features and services
To process and display your token burns, NFT ownership, and leaderboard position
To manage your vSanki balance and bounty rewards
To facilitate your participation in the SANKI ecosystem
6.2 Legitimate Interests
To improve and optimize the Platform
To analyze usage patterns and user behavior
To ensure Platform security and prevent fraud
To debug technical issues and maintain service quality
To communicate important service updates
6.3 Legal Compliance
To comply with applicable laws, regulations, and legal processes
To respond to lawful requests from authorities
To establish, exercise, or defend legal claims
To comply with anti-money laundering (AML) and know-your-customer (KYC) requirements if applicable
6.4 Consent-Based Processing
To send marketing communications (only with your explicit consent)
To use non-essential cookies for analytics and personalization
For any other processing that requires your consent
7. LEGAL BASIS FOR PROCESSING
Under the GDPR, we process your personal data based on the following legal grounds:
Purpose
Legal Basis
GDPR Article
Providing Platform services
Performance of contract
Art. 6(1)(b)
Account authentication
Performance of contract
Art. 6(1)(b)
Security and fraud prevention
Legitimate interests
Art. 6(1)(f)
Platform improvement and analytics
Legitimate interests
Art. 6(1)(f)
Legal compliance
Legal obligation
Art. 6(1)(c)
Marketing communications
Consent
Art. 6(1)(a)
Non-essential cookies
Consent
Art. 6(1)(a)
Legitimate Interests Assessment: Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may contact us to request information about these assessments.
8. DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
8.1 Retention Periods
Data Category
Retention Period
Reason
Account Data
Duration of account + 3 years
Contract performance and legal claims
Authentication Logs
12 months
Security and fraud prevention
Transaction Records
7 years
Legal and tax compliance
Bounty/Activity Data
Duration of account + 1 year
Service provision
vSanki Balance
Duration of account
Service provision
Technical Logs
90 days
Debugging and security
Analytics Data
26 months
Platform improvement
Marketing Consent Records
Duration of consent + 3 years
Compliance documentation
8.2 Blockchain Data
IMPORTANT: Data recorded on the blockchain (wallet addresses, transactions, token burns, NFT ownership) is PERMANENT and CANNOT be deleted. This is an inherent characteristic of blockchain technology, not a choice made by SANKI VRAJA SRL. This data will exist on the blockchain indefinitely, regardless of your relationship with our Platform.
8.3 Account Deletion
When you request account deletion:
Off-chain data will be deleted or anonymized within 30 days
Blockchain data will remain publicly visible and cannot be removed
Aggregated, anonymized data may be retained for statistical purposes
9. DATA SHARING AND RECIPIENTS
We may share your personal data with the following categories of recipients:
9.1 Service Providers
Provider Category
Purpose
Data Shared
Hosting Providers (Railway/Vercel)
Infrastructure and hosting
Technical data, logs
Database Services
Data storage
All off-chain data
Caching Services (Upstash Redis)
Performance optimization
Session data
File Storage (Uploadthing)
File uploads
Uploaded files
Analytics (Google Analytics)
Usage analytics
Anonymized usage data
All service providers are bound by data processing agreements and are required to process data only on our instructions and in compliance with GDPR.
9.2 Blockchain Network
When you interact with the SANKI smart contracts:
Your wallet address is publicly visible
All transactions are publicly recorded
This data is not shared by us but is inherent to blockchain technology
9.3 Legal and Regulatory
We may disclose your data:
To comply with legal obligations
In response to lawful requests by public authorities
To protect our rights, privacy, safety, or property
In connection with legal proceedings
9.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.
9.5 We Do NOT Sell Your Data
SANKI VRAJA SRL does not sell, rent, or trade your personal data to third parties for their marketing purposes.
10. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States.
10.1 Transfer Mechanisms
We ensure that international transfers are protected by appropriate safeguards:
Recipient Location
Safeguard
United States
EU-U.S. Data Privacy Framework (where applicable)
Other Countries
Standard Contractual Clauses (SCCs) approved by the European Commission
10.2 Specific Transfers
Service
Location
Safeguard
Railway/Vercel (Hosting)
USA/Global
Standard Contractual Clauses
Google Analytics
USA
EU-U.S. Data Privacy Framework
Upstash Redis
Various
Standard Contractual Clauses
10.3 Your Rights
You may request a copy of the safeguards we use for international transfers by contacting us at [email protected].
11. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data:
11.1 Technical Measures
Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Secure authentication mechanisms
Regular security assessments and updates
Access controls and authentication
Firewall and intrusion detection systems
11.2 Organizational Measures
Limited access to personal data on a need-to-know basis
Employee training on data protection
Data processing agreements with all service providers
Incident response procedures
11.3 Your Responsibilities
You are responsible for:
Maintaining the security of your wallet private keys and seed phrases
Using strong, unique passwords for your account
Keeping your authentication credentials confidential
Notifying us immediately of any unauthorized access
WARNING: If you lose access to your wallet private keys, we cannot recover them. Loss of private keys may result in permanent loss of access to your tokens and NFTs.
12. YOUR RIGHTS UNDER GDPR
As a data subject, you have the following rights regarding your personal data:
12.1 Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.
12.2 Right to Rectification (Article 16)
You have the right to request correction of inaccurate personal data and completion of incomplete data.
12.3 Right to Erasure — "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data in certain circumstances.
IMPORTANT LIMITATION: This right CANNOT be exercised for data recorded on the blockchain, including:
Your wallet address
Transaction history
Token burns
NFT ownership records
12.4 Right to Restriction of Processing (Article 18)
You have the right to request that we limit the processing of your personal data in certain circumstances.
12.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
12.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests. You also have the right to object to processing for direct marketing purposes at any time.
12.7 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.
Current Status: We do not currently engage in fully automated decision-making that produces legal effects. If this changes, we will update this Privacy Policy and provide appropriate safeguards.
12.8 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
12.9 How to Exercise Your Rights
To exercise any of these rights, please contact us:
Email: [email protected]
We will respond to your request within one (1) month. This period may be extended by two (2) additional months for complex requests, in which case we will inform you of the extension.
We may request verification of your identity before processing your request.
12.10 Right to Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the supervisory authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, 010336, România
Website: www.dataprotection.ro
Email: [email protected]
13. COOKIES AND SIMILAR TECHNOLOGIES
13.1 What Are Cookies?
Cookies are small text files placed on your device when you visit our Platform. They help us provide functionality, remember your preferences, and understand how you use our services.
13.2 Types of Cookies We Use
Strictly Necessary Cookies
These cookies are essential for the Platform to function and cannot be disabled.
Cookie Name
Purpose
Duration
session_token
Authentication and session management
Session
csrf_token
Security (Cross-Site Request Forgery protection)
Session
Legal Basis: These cookies do not require consent as they are strictly necessary for the service you requested.
Analytics Cookies
These cookies help us understand how visitors interact with our Platform.
Cookie Name
Purpose
Duration
_ga
Distinguishes users (Google Analytics)
2 years
_ga_*
Maintains session state (Google Analytics)
2 years
_gid
Distinguishes users (Google Analytics)
24 hours
Legal Basis: Consent. These cookies are only set after you provide consent.
Functional Cookies
These cookies enable enhanced functionality and personalization.
Cookie Name
Purpose
Duration
theme_preference
Remembers your display preferences
1 year
language
Remembers your language preference
1 year
13.3 Local Storage
We also use browser local storage for:
Wallet connection state
User preferences
Cached data for performance
13.4 Managing Cookies
You can manage your cookie preferences:
Through our Platform: Use our cookie consent banner to accept or reject non-essential cookies
Through your browser: Most browsers allow you to block or delete cookies in settings
Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
Note: Blocking strictly necessary cookies may prevent the Platform from functioning correctly.
13.5 Do Not Track
Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals, but we honor your cookie preferences as set through our consent mechanism.
14. CHILDREN'S PRIVACY
The Platform is not intended for individuals under the age of eighteen (18) years.
We do not knowingly collect personal data from children under 18. If you are under 18, please do not use the Platform or provide any personal data.
If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we may have collected data from a child under 18, please contact us at [email protected].
Rationale: Due to the nature of cryptocurrency and blockchain services, which involve financial transactions and associated risks, we require all users to be of legal adult age.
15. BLOCKCHAIN DATA — SPECIAL CONSIDERATIONS
15.1 Public and Permanent Nature
The SANKI ecosystem operates on the BNB Chain (BSC) blockchain. By using our Platform and interacting with SANKI smart contracts, you acknowledge that:
All blockchain transactions are PUBLIC: Anyone can view transactions associated with your wallet address
Blockchain data is PERMANENT: Transactions cannot be deleted, modified, or hidden
Blockchain data is IRREVERSIBLE: Once recorded, data cannot be changed
15.2 Pseudonymity vs. Anonymity
Your wallet address is pseudonymous, not anonymous:
While your wallet address does not directly reveal your identity, it CAN be correlated with your real identity through various means
If you have ever linked your wallet to an identity verification service, exchange, or other platform, your wallet may be traceable to you
Blockchain analysis techniques can potentially link wallet addresses to real-world identities
15.3 Our Limitations
SANKI VRAJA SRL:
Has NO control over data recorded on the blockchain
CANNOT delete, modify, or hide blockchain data
CANNOT prevent third parties from viewing public blockchain data
Is NOT responsible for blockchain data analysis by third parties
15.4 Your Choices
Before using our Platform, please understand:
Any interaction with SANKI smart contracts will be permanently recorded
Your burn history, NFT purchases, and token transactions are public
Consider using a dedicated wallet for privacy if this is a concern
16. THIRD-PARTY LINKS AND SERVICES
The Platform may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties.
We encourage you to read the privacy policies of any third-party services you access through our Platform.
17. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
17.1 Notification of Changes
Material Changes: We will notify you via email (if provided) and/or prominent notice on the Platform at least 30 days before significant changes take effect
Minor Changes: Non-material changes may be made without prior notice but will be reflected in the "Last Updated" date
17.2 Your Continued Use
Your continued use of the Platform after changes become effective constitutes your acceptance of the updated Privacy Policy.
17.3 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
18. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Contact
SANKI VRAJA SRL
Email: [email protected]
General Inquiries
Website: sankivraja.com
Email: [email protected]
We aim to respond to all inquiries within 48 hours during business days.
19. SUPERVISORY AUTHORITY
If you are located in the European Union and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.
For users in Romania, the supervisory authority is:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, 010336, România
Phone: +40.318.059.211 / +40.318.059.212
Website: www.dataprotection.ro
Email: [email protected]
20. ADDITIONAL INFORMATION FOR SPECIFIC JURISDICTIONS
20.1 European Economic Area (EEA)
If you are located in the EEA, you benefit from the full protections of the GDPR as outlined in this Privacy Policy.
20.2 United Kingdom
Post-Brexit, the UK has adopted the UK GDPR. If you are located in the UK, your rights are substantially similar to those under the EU GDPR.
UK Supervisory Authority: Information Commissioner's Office (ICO) — https://ico.org.uk
20.3 Other Jurisdictions
If you access our Platform from outside the EU/EEA, please be aware that your data may be transferred to and processed in Romania and other countries. By using the Platform, you consent to such transfers.
ACKNOWLEDGMENT
By using the SANKI VRAJA® Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
You specifically acknowledge that:
Blockchain data is public and permanent
The "right to be forgotten" does not apply to on-chain data
Your wallet address is pseudonymous, not anonymous
You are responsible for your wallet security
© 2025 SANKI VRAJA SRL. All rights reserved.
Sanki® & Sanki Vraja® are registered trademarks.