Kaboom
← Back

PRIVACY POLICY

Last updated 2026-05-07

1. What We Collect

PlayKaboom is non-custodial and minimizes data collection. We process the following:

  • Wallet address — your Solana public key. Required to play and receive payouts. Public on chain by design.
  • Email (optional) — only if you log in via Privy social/email login. Stored by Privy under their own privacy policy. We do not market to you.
  • IP address — used transiently for rate-limiting and abuse prevention. Not stored long-term beyond standard server logs.
  • Game history — settled games are public on the Solana mainnet. We mirror this data into our indexer (Supabase Postgres) for fast leaderboard and history queries; nothing is stored that isn't already public on chain.
  • Referral metadata — if you visit via a referral link, a session identifier and the referral code are stored locally to attribute future signups. No personal data attached.

2. What We Do Not Collect

  • We do not collect government IDs, KYC documents, or financial account data.
  • We do not custody crypto assets — wagers settle wallet-to-vault on chain.
  • We do not sell, rent, or trade personal data.
  • We do not use third-party advertising networks or behavioral tracking pixels.

3. Cookies and Local Storage

We use first-party cookies and browser localStorage solely to (a) maintain your authenticated session via Privy, (b) cache your encrypted game token across page reloads, and (c) remember UI preferences. No third-party tracking cookies are served from our origin.

4. Third-Party Processors

We use the following third-party services to operate the Service. Each has its own privacy practices; review their policies if you wish.

  • Privy — embedded wallets and authentication (privy.io/legal/privacy)
  • Turnkey — HSM-backed signing for the house authority key. Turnkey never sees your data; only ours.
  • Supabase — Postgres database hosting our indexer cache.
  • Vercel — application and API hosting.
  • Alchemy — Solana RPC and WebSocket node provider.
  • Pyth — public SOL/USD price feed for the in-app price overlay.

5. On-Chain Data Is Public

All on-chain transactions associated with your wallet — bets, payouts, LP deposits, referral claims — are publicly visible on the Solana blockchain forever. We cannot redact or remove on-chain data. If you want privacy, use a dedicated wallet for PlayKaboom and avoid linking it to your other identities.

6. Your Rights

You may request deletion of off-chain data we hold (indexer mirror rows, referral visit logs, server logs older than 30 days) by contacting us. On-chain data is outside our control.

7. Security

All sensitive secrets (Supabase service role, Turnkey API keys, session encryption keys) are stored in Vercel environment variables marked as Sensitive (encrypted at rest, write-only). The hot signing key for the on-chain house authority lives inside a Turnkey HSM and never leaves the enclave.

8. Changes

We may update this policy. Material changes will be announced via @playkaboom.