Privacy Policy
Last updated: April 20, 2026
1. Introduction
This Privacy Policy explains how Rugbuster ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our platform. We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (GDPR) and applicable French data protection laws.
2. Data Controller
The data controller for the processing of your personal data is Rugbuster. For any privacy-related inquiries, contact us via Telegram:
3. Data We Collect
3.1 Data provided via Telegram authentication
- Telegram user ID (unique numeric identifier)
- Telegram username
- Profile photo URL (as provided by Telegram)
3.2 Subscription and payment data
- Selected subscription tier and status
- Payment amounts (USD and SOL)
- Deposit wallet address (Solana public key)
- On-chain transaction signatures
- Payment timestamps
3.3 Usage data
- Course progress and video watch time
- Favorited tokens and tracked wallets
- Feature usage patterns (pages visited, actions taken)
3.4 Technical data
- IP address (for rate limiting and security purposes)
- Browser language preference (Accept-Language header)
- Session identifiers (encrypted cookies)
3.5 Data we do NOT collect
- Email addresses or phone numbers
- Private keys, seed phrases, or wallet passwords
- Financial information beyond on-chain transaction data
- Third-party tracking data (no Google Analytics, no ad trackers)
4. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Authenticate your identity and maintain your session | Contract performance (Art. 6(1)(b)) |
| Process subscription payments and verify on-chain transactions | Contract performance (Art. 6(1)(b)) |
| Provide personalized analytics, tracked wallets, and favorites | Contract performance (Art. 6(1)(b)) |
| Prevent abuse, enforce rate limits, and ensure platform security | Legitimate interest (Art. 6(1)(f)) |
| Track referral attribution for affiliate program | Legitimate interest (Art. 6(1)(f)) |
5. Cookies & Local Storage
We use cookies and local storage strictly for the following purposes:
| Purpose | Type | Duration |
|---|---|---|
| Encrypted session (authentication, user preferences) | Essential | 7 days |
| Security token (CSRF protection) | Essential | Session |
| Referral attribution | Functional | 24 hours |
| UI display preference (local storage) | Functional | Persistent |
We do not use any third-party advertising or analytics cookies. All cookies are strictly necessary or functional.
6. Third-Party Services
The Service interacts with the following third-party services:
- Telegram — Authentication via Telegram Login Widget. Subject to Telegram's Privacy Policy
- Solana RPC — Blockchain data queries for payment verification and market data
- CoinGecko / Jupiter — SOL/USD price feeds (no personal data shared)
- CDN — Frontend library delivery. Subject to standard CDN access logs
- AWS S3 — Video content storage for educational courses
7. Data Retention
- Account data (Telegram ID, username, profile photo): retained for the duration of your account and deleted upon request
- Payment records: retained for 5 years to comply with French accounting and tax obligations
- Session data: automatically expires after 7 days of inactivity
- Security logs (IP addresses, rate limit events): retained for 30 days
8. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to restriction — request restriction of processing in certain circumstances
To exercise any of these rights, contact us via Telegram at @rugbusterdotfun. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).
9. Data Security
We implement industry-standard security measures to protect your data, including:
- Encrypted session management with secure cookie policies
- Cross-site request forgery (CSRF) protection
- Rate limiting to prevent abuse and brute-force attacks
- Cryptographic verification of authentication data
- Standard security headers to prevent common web vulnerabilities
- Network isolation between internal services
10. Blockchain & Public Data
The Service processes publicly available blockchain data from the Solana network. This includes public wallet addresses, transaction signatures, token metadata, and market data. This information is inherently public and immutable on the blockchain. Our processing of on-chain data does not constitute collection of personal data unless it can be linked to your account.
11. International Data Transfers
Your data may be processed on servers located outside the European Economic Area (EEA), including for video content storage (AWS S3) and CDN delivery. Where transfers occur outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
12. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will promptly delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service interface. Continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact
For any privacy-related inquiries or to exercise your GDPR rights, contact us via:
- Telegram: @rugbusterdotfun
- Twitter/X: @rugbuster_bot