Menu
How It Works For Businesses For Token & NFT Holders Developers For Foundations FAQ Blog Pricing
Get Started
Legal

Privacy Policy

How we collect, use, and protect your information when you use The Insumer Model™ platform.

1. Introduction

The Insumer Model™ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Platform").

By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

2. Information We Collect

Information You Provide

  • Business Information: When merchants register, we collect business name, location, website, domain verification information, and configuration preferences for discount tiers. Verified businesses may be listed in our public merchant directory.
  • Contact Information: If you contact us, we may collect your name, email address, and message content.
  • Email Subscription: If you download our book or subscribe to updates, we collect your email address. This is synced with our email marketing provider (Mailchimp) to send welcome emails and occasional updates. You can unsubscribe at any time.

Information Collected Automatically

  • Wallet Addresses: When you connect a cryptocurrency wallet, we read your public wallet address to verify token holdings. We do not have access to your private keys or the ability to move your funds.
  • Token Holdings: We query public blockchain data to verify token balances for discount eligibility.
  • Usage Data: We may collect information about how you interact with the Platform, including scan logs, timestamps, and discount applications.
  • Device Information: Browser type, operating system, and device identifiers.
  • Chat Conversations: When you use InsumerChat (our website chat widget), we process your messages to generate responses using an AI language model. Conversation content is not stored after the session ends.
  • NFC Verification: When you tap an NFC tag at a merchant location, we process the tag identifier to verify eligibility. No personal data is stored from NFC scans beyond the truncated wallet snippet described above.

Blockchain Data

Our Platform interacts with public blockchain networks. All blockchain transactions are public by nature. We read publicly available blockchain data but do not store your complete transaction history.

What we store and what we don’t: Wallet addresses submitted via the scanner app are truncated before storage (e.g., 0x1234...abcd) and cannot be used to look up a wallet on a block explorer. Wallet addresses submitted via the API may appear in operational logs for up to 90 days (see API Developer Information below). Actual token balances and NFT counts are never stored or logged. By default, API responses return only boolean (true/false) results, never raw balances. If the caller explicitly opts in to Merkle storage proofs (proof=“merkle”), the raw on-chain balance is included in the response so the caller can independently verify the result. This opt-in data is not stored by our systems. All blockchain queries are transient and used only to determine eligibility at the moment of verification.

API Developer Information

  • API Key Registration: When you register for an InsumerAPI key, we collect your email address, application name, and a hashed version of your IP address for rate limiting.
  • API Usage Data: We record which endpoints you call, timestamps, and credit usage. Wallet addresses and conditions submitted in API verification requests may appear in operational logs (for debugging and abuse prevention) and are retained for up to 90 days. API responses return only boolean results — raw balances are never logged or stored.
  • Payment Information: Paid API subscriptions are processed by Stripe. We store your Stripe customer ID and subscription ID but never your card number or payment details. For crypto credit purchases (USDC, USDT, or BTC), we store the transaction hash, sender wallet address, chain, amount, and — for BTC — the exchange rate at time of verification, for payment verification and fraud prevention. The sender wallet address from your first crypto purchase is registered to your API key; subsequent purchases must originate from the same wallet unless explicitly updated.

Telegram Bot

Our Telegram bot (@insumermodelbot) responds to direct messages and @mentions in group chats. We process message content to generate responses but do not store conversation history. Telegram usernames and chat IDs are not persisted.

3. How We Use Your Information

We use the information we collect to:

  • Verify token ownership for discount eligibility
  • Process and display appropriate discounts at checkout
  • Maintain and improve the Platform
  • Provide customer support
  • Generate anonymized analytics and usage statistics
  • Prevent fraud and ensure platform security
  • Comply with legal obligations
  • Issue and manage API keys for developers
  • Enforce API rate limits and prevent abuse
  • Process API subscription payments through Stripe

4. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

  • With Merchants: When you scan a QR code, the merchant sees your verified tier level and applicable discount, not your wallet address or specific holdings.
  • Service Providers: We may share information with third-party vendors who assist in operating the Platform (e.g., hosting, analytics).
  • Legal Requirements: We may disclose information if required by law or in response to valid legal processes.
  • Business Transfers: In connection with any merger, acquisition, or sale of assets.
  • Payment Processors: Stripe processes payments for paid API subscriptions. See Stripe's Privacy Policy.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (HTTPS)
  • Time-limited cryptographic signatures for QR codes
  • Read-only blockchain access (we cannot move your tokens)
  • Regular security assessments
  • API keys hashed with SHA-256 before storage (the plaintext key is shown once at creation and never persisted)
  • ECDSA P-256 cryptographic signatures on API verification responses
  • All API and discount responses return tier-level or boolean results by default (e.g., "Gold tier, 10% discount" or true/false), never raw balance amounts or wallet addresses. Callers may explicitly opt in to Merkle storage proofs, which include raw on-chain balances for independent verification. This opt-in choice is made per request and clearly documented.

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the information we hold about you.
  • Correction: Request correction of inaccurate information.
  • Deletion: Request deletion of your information, subject to legal retention requirements.
  • Disconnect: You can disconnect your wallet at any time, which stops us from reading your token holdings.

To exercise these rights, contact us at the information provided below.

7. Data Retention

We retain information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Scan logs and analytics data may be retained in anonymized form for statistical purposes.

For API developers: keys remain active until revoked or the associated subscription ends. API request logs are retained for 90 days and then deleted. Rate limit records are purged after 24 hours.

8. Third-Party Services

The Platform integrates with third-party services including:

  • Blockchain Networks: 33 chains including Ethereum, Base, Polygon, Arbitrum, Optimism, and other EVM networks, plus Solana and XRP Ledger
  • Wallet Providers: MetaMask, Phantom, Coinbase Wallet
  • Google Analytics: For anonymized website traffic analysis
  • Mailchimp: For email subscriptions and communications
  • Anthropic: For AI-powered chat responses (InsumerChat and Telegram bot)
  • Data Providers: CoinGecko for token metadata
  • Firebase: For real-time data synchronization
  • Stripe: For paid API subscription payments
  • Blockchain Data Providers: Alchemy, Helius, and Covalent (GoldRush) for blockchain data queries
  • Cloudflare: For DNS, CDN, and security services

These services have their own privacy policies, and we encourage you to review them.

9. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Last Updated: March 9, 2026

document.getElementById('mobileMenu').classList.toggle(