Privacy Policy

TURBOMINDZ (“we,” “us,” “our”) is a phygital philosophical art project run by Hugo Gaona. We operate turbomindz.com, the TURBOMINDZ mobile applications, the TURBOMINDZ Discord village, and related communications. This Privacy Policy explains what data we collect, how we use it, and your rights.

Contact for any privacy-related question: Turbomindz@turbomindz.com.

The data we collect varies by which surface you use:

• Email subscribers: your email address, the theme you selected at signup (Origin, Stoic, Eastern, Mystic, Weekend), which lead-magnet PDFs you downloaded, and the date you joined.
• Wallet holders: the public wallet address you connect (always stored lowercased), counts of NFTs you hold per collection, and your Founding Witness status. Wallet addresses are public on-chain data.
• Achievements + analytics events: anonymous session-scoped events (page view, theme switch, easter-egg discovered, NFT viewed) tied to a randomly generated session ID kept in your browser’s localStorage. If you connect a wallet we link your session events to your wallet address.
• Marriage applications (a later release): applicant wallet, the TURBOMINDZ NFT used to apply, and the payment session ID for any applicable fee.
• Mobile apps: same data as the web, plus the platform label (ios / android / pwa) for analytics. We do NOT collect device identifiers, contacts, photos, or location.

We do not collect: names, addresses, phone numbers, payment card details, government IDs, biometric data, or precise location.

• Send you the welcome email and weekly Field Journal you opted in to.
• Show your owned NFTs and personalize the gallery.
• Compute aggregate metrics (active village members, theme popularity) — never associated with you publicly.
• Process marriage applications and refund failed ones.
• Detect and prevent abuse (spam signups, contract exploitation).

We share minimum necessary data with:

• Buttondown — email delivery (your email + theme tag). See buttondown.com/privacy.
• Supabase — Postgres database hosting (all non-public app data). See supabase.com/privacy.
• Vercel — web hosting (request logs, no PII). See vercel.com/legal/privacy-policy.
• Pinata — IPFS pinning (stores NFT image + metadata files; all public). See pinata.cloud/privacy-policy.
• thirdweb — wallet connect SDK (your wallet session). See thirdweb.com/privacy.
• Stripe (Stage 2 — marriage fees only) — payment processing. We never see or store your card. See stripe.com/privacy.
• OpenSea — public NFT marketplace; ownership data is on-chain.

We never sell your data. We never share with advertisers. We never send your data to platforms not listed above.

You can:

• Export your data — email Turbomindz@turbomindz.com and we’ll send a JSON export within 14 days.
• Delete your data — same email; we remove you from Buttondown + Supabase and confirm within 14 days. On-chain NFT ownership and Polygonscan transactions cannot be deleted (public blockchain).
• Unsubscribe from email at any time via the link in every Field Journal email.
• Disconnect your wallet at any time via the wallet connect menu.

EU/UK residents have additional rights under GDPR (rectification, restriction, portability, objection). California residents have CCPA rights (know, delete, opt-out of sale — note we do not sell). Email Turbomindz@turbomindz.com to exercise any right.

We use only first-party browser storage. No third-party tracking cookies. No advertising pixels.

• localStorage: theme rotator selection, achievement session ID, easter-egg discovery flags.
• Cookies: only the Supabase session cookie when you connect a wallet. No analytics cookies.

TURBOMINDZ is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has signed up, contact Turbomindz@turbomindz.com and we will delete the record.

We use industry-standard practices: TLS for every request, row-level-security (RLS) on the database, server-only credentials for admin operations, no plaintext secrets in source code. We monitor for unauthorized access. In the event of a breach affecting your data, we notify you within 72 hours.

When we update this policy, we change the “Last updated” date above and email subscribers if the change is material (e.g., a new sub-processor, expanded data collection). The current version always lives at https://turbomindz.com/privacy.

Questions? Email Turbomindz@turbomindz.com. We respond within 7 days.