Privacy Policy

Land of Airdrop (“LOA”, “we”, “our”) is operated by a Wyoming LLC and maintains a Turkish presence under KVKK (Kişisel Verilerin Korunması Kanunu). A MiCA compliance framework targeted for EU users is planned for Q4 2026. Data controller contact: Diamondstone@landofairdrop.com.

Telegram identity: when you open our miniapp, Telegram supplies an initData payload containing your telegram_id, first name, optional username, language code, and photo URL. We verify this payload with HMAC-SHA256 using our bot secret and store only the fields required to operate your account.

Wallet data: if you connect a TON wallet via TON Connect, we record the public wallet address. We never request, handle, or custody private keys or seed phrases.

Usage data: game actions, earnings, ad views, survey completions, referrals, and session timestamps. We assign a short-lived JWT to each session.

Device and network: IP address (for rate limiting and fraud prevention), user agent, and basic device class. IPs are stored only as long as needed for security review.

Corporate site analytics: PostHog product analytics records anonymized page views and interaction events. No Telegram or wallet identifiers are attached to marketing-site analytics.

To operate the miniapp (account creation, earnings calculation, reward payout).

To prevent fraud and abuse via behavior-aware rate limiting (smartRateLimit) and anti-bot scoring.

To distribute on-chain rewards (TON transfers, NFT mints) when you meet eligibility criteria.

To comply with KVKK, MiCA (when in force for LOA), and Wyoming LLC obligations.

To power AI features (quiz generation, mission personalization) via Google Generative AI (Gemini 2.0-flash) with Claude as a hot-swap fallback. AI prompts are stripped of persistent identifiers before submission.

Infrastructure providers: Google Cloud (Cloud SQL, Cloud Run, Vertex AI from Q3 2026), Railway (staging), Vercel (edge hosting), Upstash (Redis), Prisma Data Platform.

Ad and survey partners: CPX Research, Monetag, Adsgram, Telega, Onclicka. These networks see a hashed subId — never your Telegram handle.

Blockchain: TON mainnet publishes wallet addresses and transaction data on-chain by design. This is not reversible.

Legal: we disclose data if required by valid legal process under US or Turkish law, or to protect the rights and safety of LOA and its users.

We do not sell personal data.

Active account data is retained while your account exists. If you request deletion, we erase identity fields within 30 days and retain only anonymized aggregates required for financial reporting and on-chain consistency.

Security logs (IP, rate-limit counters) are retained for up to 90 days.

You may request access, correction, portability, or deletion of your personal data at any time by emailing Diamondstone@landofairdrop.com. Under KVKK you may also contact the Turkish Data Protection Authority (KVKK Kurumu). For EU-based users, GDPR/MiCA rights will be honored once the MiCA framework enters force for LOA.

On-chain data (TON transactions, NFT ownership) cannot be deleted by us. You may transfer NFTs to a different wallet or burn them yourself.

The corporate site uses minimal cookies: a PostHog anonymous ID and strictly necessary session cookies. No third-party advertising trackers run on landofairdrop.com.

LOA is not directed at children under 13. We do not knowingly collect data from children. If a parent or guardian believes a child has submitted data, contact Diamondstone@landofairdrop.com and we will remove it.

We may update this policy. Material changes will be announced in the miniapp and via our Telegram channel at least 14 days before taking effect.