OPENTRIBE

Privacy Policy

Opentribe Privacy Policy - How we collect, use, and protect your personal information.

Last Updated: November 9, 2025

Introduction

At Opentribe, we take your privacy seriously. This Privacy Policy explains how Eva Interactive Co. ("Opentribe," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our talent marketplace platform that aggregates opportunities from the Polkadot ecosystem.

This policy applies to all users of Opentribe, whether you are a builder seeking opportunities or an organization posting opportunities.

Contact Information

Data Controller: Eva Interactive Co. 5/12, West Patel Nagar New Delhi, India - 110008

Contact:

  • Email: privacy@opentribe.io
  • Website: https://opentribe.io

Grievance Officer: Email: privacy@opentribe.io (As per Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011)

Information We Collect

Personal Information You Provide

When you use Opentribe, you may voluntarily provide us with:

Account Information:

  • Name (first and last name)
  • Email address
  • Username
  • Password (encrypted)
  • Profile picture/avatar
  • Bio and description

Profile Information:

  • Skills and expertise
  • Experience and work history
  • Social media profiles (GitHub, Twitter, LinkedIn)
  • Wallet addresses (public blockchain addresses)
  • Preferences and interests

Communications:

  • Contact form submissions
  • Support requests
  • Comments and forum posts
  • Application and submission content

OAuth Information: When you sign in with Google or GitHub, we receive:

  • Email address
  • Name
  • Profile picture
  • OAuth provider ID

Information We Collect Automatically

Usage Information:

  • Pages viewed and time spent
  • Click patterns and navigation paths
  • Features used and interactions
  • Opportunity views and applications

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Screen resolution
  • Language preferences
  • Time zone
  • Referral source

Analytics Data: We use third-party analytics services (detailed below) to collect:

  • Session duration
  • Bounce rate
  • Geographic location (country/city level)
  • User behavior patterns

Blockchain Information

Public Data:

  • Wallet addresses you connect are public on the Polkadot blockchain
  • On-chain transactions are permanent and publicly visible
  • We do not control blockchain data

Important: Blockchain data cannot be deleted or modified. By connecting a wallet, you acknowledge that this information is permanent and public.

How We Use Your Information

We use your information for the following purposes:

Service Delivery

  • Create and manage your account
  • Display opportunities from the Polkadot ecosystem
  • Provide tools to submit applications and submissions
  • Facilitate communication between users and opportunity creators
  • Provide customer support

Opentribe's Role as an Aggregator

Important: Opentribe aggregates and displays opportunities (grants, bounties, RFPs) from the Polkadot ecosystem. We do not create, manage, or administer these opportunities.

  • Grant Administration: Grants are administered by their respective programs (e.g., Polkadot Treasury, Web3 Foundation). We have no control over selection decisions, funding amounts, or payment timing.
  • Application Processing: We provide technical tools to submit applications, but all evaluation and selection decisions are made by opportunity creators.
  • Payments: All payments are made directly by opportunity creators. Opentribe does not hold funds, process payments, or guarantee payment.
  • Program Policies: Each opportunity follows the policies of its creator. Contact the opportunity creator directly for program-specific questions.

Platform Improvement

  • Analyze usage patterns to improve features
  • Develop new functionality
  • Fix bugs and technical issues
  • Optimize performance and user experience

Communications

  • Send transactional emails (verification, notifications, updates)
  • Notify you of application status changes
  • Share platform updates and announcements (if opted in)
  • Send weekly digests (if opted in)

Security & Fraud Prevention

  • Detect and prevent fraud, spam, and abuse
  • Monitor for security threats
  • Enforce our Terms of Service
  • Protect user safety and platform integrity

Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent harm
  • Protect our rights and property

Lawful Basis (for GDPR/DPDP compliance)

  • Contract Performance: To provide services you requested
  • Legitimate Interests: To improve our platform and ensure security
  • Consent: For marketing communications and analytics cookies
  • Legal Obligation: To comply with laws and regulations

Third-Party Services We Use

We use the following third-party services to operate our platform. Each service processes certain data as described below:

Analytics & Performance

PostHog (Product Analytics)

  • Purpose: Understand user behavior, analyze feature usage, improve product
  • Data Shared: Usage patterns, page views, clicks, session data, device info
  • Data Location: United States
  • Privacy Policy: https://posthog.com/privacy
  • Opt-Out: Cookie Settings (link in footer)

Google Analytics (Web Analytics)

  • Purpose: Website traffic analysis, user demographics, performance metrics
  • Data Shared: Page views, session duration, location (city/country), device type, browser
  • Data Location: United States
  • Privacy Policy: https://policies.google.com/privacy
  • Opt-Out: https://tools.google.com/dlpage/gaoptout or Cookie Settings

Vercel Analytics (Performance Monitoring)

  • Purpose: Monitor site performance, load times, Core Web Vitals
  • Data Shared: Performance metrics, geographic data (aggregated)
  • Data Location: United States
  • Privacy Policy: https://vercel.com/legal/privacy-policy

Error Tracking & Monitoring

Sentry (Error Monitoring)

  • Purpose: Detect bugs, monitor errors, improve stability
  • Data Shared: Error logs, stack traces, session replays (anonymized), user context
  • Data Location: United States
  • Data Retention: 90 days
  • Privacy Policy: https://sentry.io/privacy/

Authentication Services

Better Auth (Authentication Service)

  • Purpose: User login, session management, OAuth coordination
  • Data Shared: Email, hashed passwords, session tokens
  • Data Location: Self-hosted (Neon PostgreSQL, United States)
  • Note: Self-hosted solution, no external third-party

Google OAuth (Social Login)

  • Purpose: Sign in with Google account
  • Data Shared: Email address, name, profile picture, Google user ID
  • Data Location: United States
  • Privacy Policy: https://policies.google.com/privacy

GitHub OAuth (Social Login)

  • Purpose: Sign in with GitHub account
  • Data Shared: Username, email address, avatar, GitHub user ID
  • Data Location: United States
  • Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Email Services

Resend (Transactional Email)

  • Purpose: Send verification emails, notifications, application updates, newsletters
  • Data Shared: Email addresses, names, email content
  • Data Location: United States
  • Privacy Policy: https://resend.com/legal/privacy-policy

Infrastructure & Hosting

Vercel (Platform Hosting)

  • Purpose: Website hosting, content delivery, serverless functions
  • Data Shared: All platform data (as necessary for hosting)
  • Data Location: United States (with global CDN)
  • Privacy Policy: https://vercel.com/legal/privacy-policy

Neon PostgreSQL (Database)

  • Purpose: Store user data, platform content, application data
  • Data Shared: All data you provide to Opentribe
  • Data Location: United States
  • Privacy Policy: https://neon.tech/privacy-policy

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services. For detailed information, see our Cookie Policy.

Cookie Categories

Strictly Necessary (No Consent Required):

  • better-auth.session-token - User authentication (session)
  • csrf-token - Security protection (session)
  • cookie-consent - Your cookie preferences (1 year)

Functional (Consent Required):

  • theme - Dark/light mode preference (1 year)
  • locale - Language preference (1 year)

Analytics (Consent Required):

  • _ga, _gid, _gat - Google Analytics (2 years, 24 hours, 1 minute)
  • ph_* - PostHog analytics (1 year)

Managing Cookies:

  • Cookie Settings (link in footer)
  • Browser settings (block or delete cookies)
  • Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout

International Data Transfers

Your personal data may be transferred to and processed in countries outside India, including the United States.

Services Based Outside India:

  • Vercel (United States)
  • Neon PostgreSQL (United States)
  • Resend (United States)
  • Google Analytics, Google OAuth (United States)
  • GitHub OAuth (United States)
  • Sentry (United States)
  • PostHog (United States)

Safeguards: We ensure adequate protection through:

  • Standard Contractual Clauses (EU Commission approved)
  • Service provider agreements with data protection obligations
  • Compliance with Information Technology Act, 2000 and IT Rules, 2011
  • Data processing agreements with all third-party providers

For questions about data transfers: privacy@opentribe.io

Data Retention

We retain your personal data for the following periods:

| Data Type | Retention Period | |-----------|------------------| | Account Data | Duration of account + 30 days after deletion request | | Profile Information | Duration of account + 30 days after deletion | | Applications & Submissions | Duration of account + 30 days (may be anonymized) | | Analytics Data | 26 months (Google Analytics standard) | | Error Logs | 90 days (Sentry retention) | | Email Communications | 3 years | | Backup Data | 90 days | | Blockchain Data | Permanent (cannot be deleted) | | Legal Hold Data | As required by law |

Anonymization: Some data may be retained in anonymized form for analytics and research purposes indefinitely.

Deletion Requests: To request data deletion, email privacy@opentribe.io. We will process your request within 30 days.

Your Rights Under Indian Law

Under the Information Technology Act, 2000, IT Rules 2011, and the Digital Personal Data Protection Act, 2023, you have the following rights:

Rights

Right to Access: Request information about your personal data we hold

Right to Correction: Correct inaccurate or incomplete data

Right to Erasure: Request deletion of your data (except legally required data and blockchain data)

Right to Withdrawal: Withdraw consent for data processing

Right to Grievance Redressal: File complaints about data handling

Exercising Your Rights

To Exercise Rights:

  • Email: privacy@opentribe.io
  • Subject: "Data Rights Request"
  • Include: Your account details, specific request, reason

Response Time:

  • Acknowledgment: Within 24 hours
  • Resolution: Within 30 days
  • Complex Requests: Up to 60 days (with notification)

Grievance Officer: Email: privacy@opentribe.io Response: Within 24 hours (acknowledgment), within 15 days (resolution) per IT Rules 2021

For International Users

GDPR Rights (EU/EEA/UK Users): In addition to the above, you have:

  • Right to data portability (receive data in portable format)
  • Right to restriction of processing
  • Right to object to certain processing
  • Rights related to automated decision-making
  • Right to lodge complaint with supervisory authority

CCPA Rights (California Residents):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale/sharing of personal information
  • Right to non-discrimination for exercising rights
  • See "Do Not Sell or Share My Personal Information" below

Do Not Sell or Share My Personal Information (CCPA)

Data Sharing: We share data with analytics partners (Google Analytics, PostHog) which may constitute "sharing" under California law.

Opt-Out:

  • Cookie Settings (link in footer)
  • Enable Global Privacy Control (GPC) in your browser
  • Email: privacy@opentribe.io

We Do NOT Sell Personal Information.

Data Security

We implement appropriate technical and organizational security measures:

Technical Measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication (bcrypt password hashing)
  • Session management with secure cookies
  • Regular security audits and updates

Organizational Measures:

  • Access controls and least privilege principle
  • Regular employee training on data protection
  • Incident response procedures
  • Third-party security assessments

Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Security Incidents: If a data breach occurs, we will notify affected users and authorities as required by law within 72 hours of discovery.

Children's Privacy

Opentribe is not intended for users under the age of 13 (or 16 in the European Economic Area).

We do not knowingly collect personal information from children under 13/16. If you believe we have collected information from a child, please contact us at privacy@opentribe.io and we will delete it promptly.

Age Verification: By using Opentribe, you represent that you are at least 13 years old (or 16 in the EEA).

Web3 and Blockchain Data

Public Nature of Blockchain

Permanent and Public:

  • Wallet addresses are public on the Polkadot blockchain
  • On-chain transactions are permanent and immutable
  • Blockchain data cannot be deleted or modified
  • We do not control blockchain networks

Off-Chain Data:

  • Profile information (name, email, bio) is stored off-chain
  • Applications and submissions are stored off-chain
  • Off-chain data can be deleted upon request

Privacy Considerations

Pseudonymity: Wallet addresses are pseudonymous but may be linked to your identity through:

  • On-chain activity patterns
  • Public associations
  • Exchange KYC data

Recommendations:

  • Use separate wallets for privacy-sensitive activities
  • Be aware that blockchain data is permanent
  • Consider privacy implications before connecting wallets

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification:

  • Material changes: 30 days advance notice via email or platform notification
  • Minor changes: Posted on this page with updated "Last Updated" date
  • Continued use after changes constitutes acceptance

Review Regularly: We encourage you to review this Privacy Policy periodically.

Contact Us

For privacy-related questions, concerns, or requests:

General Inquiries:

  • Email: privacy@opentribe.io
  • Response Time: 5 business days

Data Rights Requests:

  • Email: privacy@opentribe.io with "Data Rights Request" in subject
  • Response Time: 30 days (GDPR) / 15 days (CCPA)

Security Issues:

  • Email: security@opentribe.io
  • Response Time: 24 hours for urgent matters

Grievance Redressal (India):

  • Email: privacy@opentribe.io
  • Acknowledgment: Within 24 hours
  • Resolution: Within 15 days (as per IT Rules 2021)

Postal Address: Eva Interactive Co. 5/12, West Patel Nagar New Delhi, India - 110008

Compliance and Jurisdiction

This Privacy Policy is governed by:

  • Information Technology Act, 2000 (India)
  • Information Technology (Reasonable Security Practices) Rules, 2011
  • Information Technology (Intermediary Guidelines) Rules, 2021
  • Digital Personal Data Protection Act, 2023 (India)
  • General Data Protection Regulation (GDPR) - for EU/EEA users
  • California Consumer Privacy Act (CCPA) - for California residents

Jurisdiction: Courts of New Delhi, India

Last Updated: November 9, 2025 Version: 1.0

If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us at privacy@opentribe.io.