LibPA

GDPR Notice

Oct, 7 2025

Scope and Applicability

This GDPR Notice describes how LibPA (libpa.org) collects, uses, discloses, and safeguards personal data in the course of providing the Library of Blockchain Protocols & Assets, including curated token profiles, protocol overviews, market insights, exchange comparisons, and verified airdrop opportunities. While LibPA is established in the United States, we endeavor to process personal data in alignment with the General Data Protection Regulation (GDPR) where it applies, and in compliance with applicable U.S. federal and state privacy laws. This Notice applies to visitors, users, contributors, and contacts who interact with our website and related services.

Identity of the Controller and Contact Information

Controller: LibPA

Owner: Kaitlyn Ehrmantrout

Postal Address: 1750 East Ave, Rochester, NY 14610, USA

Email: [email protected]

Categories of Personal Data We Process

  • Identification and Contact Data: name, email address, postal address, and similar identifiers when you contact us or subscribe.
  • Account and Communications Data: account preferences, saved items, support inquiries, feedback, and correspondence.
  • Technical and Usage Data: IP address, device and browser information, operating system, referral URLs, timestamps, pages viewed, clicks, and session metadata.
  • Cookie and Similar Technologies Data: preferences, analytics identifiers, and consent choices.
  • Wallet and On-Chain Identifiers: wallet addresses, transaction hashes, protocol interactions, and other public blockchain metadata you provide or that are publicly observable.
  • Airdrop and Submission Data: eligibility information you voluntarily submit (e.g., wallet address, social handles, region, or interest signals) for participation tracking and verification.
  • Professional and Community Data: project submissions, protocol or token listing details, and affiliations provided for curation or verification.

Sources of Personal Data

  • Directly from you when you contact us, subscribe, submit listings, or participate in airdrop-related activities.
  • Automatically through your use of our site via cookies, analytics, and server logs.
  • Publicly available sources, including public blockchain networks, block explorers, and public websites or repositories.
  • Service providers and partners who support analytics, security, and hosting.

Purposes of Processing and Lawful Bases (GDPR)

  • Provide and operate services, including content delivery, curation, and market insights (Lawful basis: performance of a contract; legitimate interests).
  • Personalize content, improve the website, and perform analytics and research (Lawful basis: legitimate interests; consent where required).
  • Administer communications, respond to inquiries, and provide support (Lawful basis: performance of a contract; legitimate interests).
  • Verify eligibility and manage airdrop-related processes (Lawful basis: performance of a contract; legitimate interests; consent where required).
  • Detect and prevent fraud, abuse, and security incidents (Lawful basis: legitimate interests; legal obligation).
  • Comply with legal obligations, enforce terms, and protect rights (Lawful basis: legal obligation; legitimate interests).
  • Operate community submissions and listings, including due diligence and verification (Lawful basis: legitimate interests; consent where required).

Cookies and Similar Technologies

We utilize cookies, local storage, and similar technologies to operate core site functions, remember preferences, and analyze site performance. Where required by law, we request your consent for non-essential cookies.

  • Essential Cookies: required for site functionality and security.
  • Analytics Cookies: help us understand usage and improve services.
  • Preference Cookies: remember settings such as language and display options.
  • Advertising/Marketing Cookies: used only if implemented and consented; currently, LibPA does not sell or share personal data for cross-context behavioral advertising.

On-Chain and Public Blockchain Data

Public blockchain transactions are generally immutable and visible to anyone. Wallet addresses, transaction hashes, and related metadata may be considered personal data under GDPR when associated with an identifiable individual. LibPA cannot alter or erase data recorded on public blockchains. Where feasible, we may limit or cease off-chain indexing, association, or display of on-chain data in response to valid rights requests, consistent with legal obligations and technical constraints.

Automated Decision-Making and Profiling

LibPA does not engage in automated decision-making that produces legal or similarly significant effects. We may use limited profiling, such as interest-based content recommendations or deduplication, to enhance user experience. You may object to such processing as described below.

Disclosures to Third Parties

  • Service Providers: hosting, security, analytics, customer support, and related services under contractual confidentiality and data protection obligations.
  • Security and Fraud Prevention: to investigate and mitigate security incidents, abuse, or harmful activity.
  • Legal and Compliance: to comply with applicable laws, lawful requests, and to protect rights, safety, and property.
  • Business Transfers: in connection with a merger, acquisition, or asset transfer, subject to continuity of protections.
  • Public and Community Content: information you choose to make public (e.g., project submissions) may be visible to others.
  • Public Blockchains: interactions recorded on-chain are visible publicly by design and are not controlled by LibPA.

International Data Transfers

LibPA operates from the United States. If personal data is transferred from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as standard contractual clauses and implement supplementary measures as necessary. Users acknowledge that data may be processed in countries with different data protection standards.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. Typical retention periods include: communications and support records for up to 3 years; analytics and log data for 12–24 months; airdrop eligibility and verification records for up to 24 months after campaign completion; and listing or curation materials for as long as the related content remains published and for a reasonable archival period thereafter. On-chain records are not subject to deletion by LibPA.

Data Security

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege principles, and monitoring. No method of transmission or storage is completely secure; residual risk may remain, particularly with respect to public blockchain data.

Your Rights Under GDPR

  • Right of Access: obtain confirmation and a copy of your personal data.
  • Right to Rectification: request correction of inaccurate or incomplete data.
  • Right to Erasure: request deletion where grounds apply; this does not extend to immutable public blockchains beyond our control.
  • Right to Restrict Processing: request limitation of processing under certain conditions.
  • Right to Data Portability: receive data you provided in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object: object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: with a competent supervisory authority.

U.S. State Privacy Rights

California (CCPA/CPRA)

  • Rights: to know, access, correct, delete, and receive information about our data practices; to opt out of sale or sharing; to restrict use of sensitive personal information; and to be free from discrimination for exercising rights.
  • Sale/Sharing: LibPA does not sell personal information for monetary consideration and does not share personal information for cross-context behavioral advertising.
  • Sensitive Personal Information: LibPA does not use or disclose sensitive personal information for purposes other than those permitted by law.

Virginia, Colorado, Connecticut, and Utah

  • Rights: to access, correct, delete, and obtain a copy of personal data; to opt out of targeted advertising, sale, and certain profiling where applicable.
  • Appeals: where required, you may appeal our decision regarding a rights request by replying to our response with “Appeal.”

Exercising Your Rights

To submit a request, contact us at [email protected] with sufficient details to identify you and your request. We may require reasonable verification of your identity and authority (and authorization for agents) before acting on a request. We aim to respond within one month under GDPR and within the timelines required by applicable U.S. law, subject to permitted extensions. Our response will explain any denial and the reasons, including legal or technical constraints (e.g., on-chain immutability).

Children's Data

LibPA is intended for users aged 16 and older. We do not knowingly collect personal information from children under 13 in the United States. If you believe a child has provided personal data, please contact us to request deletion and account closure where applicable.

Do Not Track and Global Privacy Controls

Some browsers enable Do Not Track (DNT) or Global Privacy Control (GPC) signals. While no uniform DNT standard is adopted, we endeavor to honor GPC signals as an opt-out of sale/sharing where applicable to our practices. Our current practice does not involve selling or sharing personal information for cross-context behavioral advertising.

Changes to This Notice

We may update this Notice to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by additional notice.

Effective Date

October 7, 2025

© 2025. All rights reserved.