Privacy Policy
Last updated: April 2026 | ICO Registration: A1126359This policy explains how Add2Coin, operated by AI Administrator Ltd (United Kingdom), collects, uses, and protects your personal data. We are registered with the Information Commissioner's Office (ICO) under registration number A1126359. We never sell your data to any third party.
1. What Data We Collect
| Data | When collected | Why | Lawful basis |
|---|---|---|---|
| Email address | Registration | Account access, notifications, withdrawal confirmations | Contract performance |
| Polygon wallet address | Registration or withdrawal | Sending A2C to your wallet on-chain | Contract performance |
| Password (bcrypt hash) | Email registration | Account authentication. We never store your plaintext password | Contract performance |
| Tracking cookie (a2c_uid) | First visit to any page with earn.js | Attributing A2C watcher earnings to your account across sites | Consent (GDPR banner) |
| Hashed IP address | Each impression request | Fraud prevention — daily velocity checks. We store a salted SHA-256 hash, never the raw IP | Legitimate interest |
| Hashed user-agent | Each impression request | Bot detection. Daily rotating hash — never the raw user-agent string | Legitimate interest |
| Referral chain relationships | Registration via referral link | Attributing L1/L2/L3 earnings to the correct user | Contract performance |
| Identity documents (via Stripe Identity) | Before first qualifying withdrawal | KYC compliance under UK Money Laundering Regulations 2017 | Legal obligation |
| Site domain names | First impression from a site | Tracking which sites your embed code is active on | Contract performance |
2. The Referral Chain — What We Store
When you register via a referral link, we store the ID of the user who referred you. This relationship is used to calculate L1, L2, and L3 earnings on every impression. Specifically:
- Your account ID and your referrer's account ID are linked in our database
- When your site generates an impression, we walk up the chain to find up to three referrers and credit them accordingly
- Every user can see their own complete referral chain position (who they are L1/L2/L3 for) from their dashboard
- You cannot see the email addresses of users in your referral chain — only their ref codes and the earnings they generate for you
3. Identity Verification (KYC)
Before withdrawals above certain thresholds, we use Stripe Identity to verify your identity. During verification:
- You will be asked to provide a photo of a government-issued ID (passport, driving licence, or ID card)
- Stripe processes and stores the document scan — we never receive or store the raw document images
- We receive a verification result (verified / not verified), your verified name, date of birth, and country
- This data is stored securely and used only to satisfy our legal obligations under UK Money Laundering Regulations 2017
- Stripe's handling of identity documents is governed by Stripe's Privacy Policy
4. The Tracking Cookie (a2c_uid)
We set one first-party cookie named a2c_uid when you consent via the GDPR banner on any page using earn.js. This cookie:
- Is a random 64-character identifier — it contains no personal information itself
- Lasts 2 years
- Works across any website that has earn.js installed, so your watcher earnings follow you
- Is set with
SameSite=None; Secure— required for cross-site operation over HTTPS only - You can delete this cookie at any time from your browser settings. This will temporarily detach your watcher earnings until the cookie is re-set on your next visit to an earn.js site
We do not track your browsing history. The a2c_uid cookie is used only to attribute A2C earnings to your account — we do not build browsing profiles or share cookie data with advertisers.
5. Advertising — Google AdSense
Ads on Add2Coin are served by Google AdSense. Google may set advertising cookies for ad personalisation and measurement. These are controlled by the GDPR consent banner on earn.js sites — if you decline, personalised ads are not shown. Google's data practices are governed by Google's Privacy Policy.
6. The Polygon Blockchain
When A2C tokens are minted or transferred, your Polygon wallet address and the transaction amount are permanently recorded on the public Polygon blockchain. Blockchain data is public by its nature — anyone can look up any wallet address on Polygonscan. We cannot delete or amend blockchain records. You should treat your wallet address as potentially public information.
7. What We Do Not Collect
- Raw IP addresses (we store only salted hashes that rotate daily)
- Browsing history outside add2coin.com
- Payment card details (we use no card payments — crypto only)
- Location data beyond what Stripe Identity captures for KYC purposes
8. Third Parties We Share Data With
| Party | What we share | Why |
|---|---|---|
| Stripe Identity | ID verification request, your name and DOB after verification | KYC legal obligation |
| Google AdSense | Consent status, page context for ad targeting | Ad serving |
| Polygon Network | Wallet address, token amounts | Minting A2C on-chain (public by nature) |
| Coinbase (Phase 6+) | Transaction data for automated revenue conversion | Converting ad revenue to MATIC for the liquidity pool |
We do not sell, rent, or trade your data with any other third party.
9. Your Rights Under UK GDPR
- Access: Request a copy of your data
- Correction: Ask us to correct inaccurate data
- Deletion: Request deletion of your account and personal data. Note: on-chain data cannot be deleted, and deletion of your account forfeits any unclaimed A2C balance
- Portability: Receive your data in a machine-readable format
- Withdraw consent: Remove your tracking cookie via browser settings
- Object: Object to processing based on legitimate interest
Email contact@add2coin.com for any data request. We will respond within 30 days.
10. Data Retention
- Active account data: retained while your account exists
- Financial records (balances, transactions): 6 years after account closure (legal requirement)
- KYC identity data: 5 years after the verified withdrawal (AML requirement)
- Hashed IP/UA logs: 90 days (fraud prevention)
- Fraud flag records: 2 years
11. Security and Data Breaches
Passwords are stored as bcrypt hashes. IP addresses are stored as salted SHA-256 hashes that rotate daily. All data is transmitted over HTTPS (TLS). Admin access requires a long random key plus session timeout. Stripe handles identity document security — we never receive raw document images.
We take reasonable and appropriate technical and organisational measures to protect your personal data. However, no system is completely secure and we cannot guarantee the absolute security of data stored on or transmitted to our systems. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR, and will notify affected users without undue delay where required. Please report any security concerns immediately to contact@add2coin.com.
12. Contact and Complaints
contact@add2coin.com | AI Administrator Ltd, United Kingdom
If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO).