This Privacy Policy explains what information TROVE collects, how we use it, and the choices you have. We aim to collect only what we need to operate the Service.
Account information you provide: email address, password (stored as a bcrypt hash, never in plaintext), display name, country of residence, preferred language.
Wallet address: the TRC20 USDT address you provide for receiving withdrawals.
Task activity: tasks you claim, proof you submit (screenshot images and/or URLs), review results, and reward history.
Technical data collected automatically: IP address, user-agent string, approximate location derived from IP, session cookies, and bot-protection signals (Cloudflare Turnstile).
To operate the Service: authenticating you, displaying tasks, reviewing submissions, processing withdrawals, and providing customer support.
To prevent fraud and abuse: detecting duplicate accounts, fake submissions, bot traffic, and suspicious withdrawal patterns.
To communicate with you: transactional emails such as account confirmation, task review results, and withdrawal notifications. We do not send marketing emails without consent.
We do not sell your personal data.
We share data with the following categories of service providers strictly for the purposes of operating the Service: hosting providers (DigitalOcean / Hetzner Cloud), DNS and bot-protection providers (Cloudflare, Cloudflare Turnstile), email delivery providers (e.g. Resend), and the TRON public blockchain for the purpose of broadcasting your withdrawal transactions (TRC20 wallet address and transaction amount are public on-chain by design).
We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of TROVE, our users, or the public.
We use a strictly necessary session cookie to keep you logged in. We do not use third-party advertising or cross-site tracking cookies.
We use HTTPS for all traffic, store passwords as bcrypt hashes, isolate the database to a private network, and apply rate limiting and bot protection on authentication endpoints. No system is perfectly secure; we ask you to choose a strong password and keep your login credentials confidential.
We retain account and task data for as long as your account is active, plus the period required to resolve disputes, prevent fraud, and comply with legal obligations (typically up to 24 months after account closure).
Withdrawal records and corresponding on-chain transactions may be retained longer for accounting and anti-fraud purposes.
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at the address below. We may need to verify your identity before acting on the request.
Note that some data (e.g. transaction records required by anti-fraud rules) may be retained even after a deletion request, to the extent permitted by law.
The Service is not directed to anyone under the age of 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.
TROVE may process data in countries other than the one in which you reside. We take steps to ensure your data receives an adequate level of protection consistent with this Policy.
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. The "Last updated" date at the top reflects the most recent revision.
For privacy questions or requests, email support@trove.app.