sbarter-logo

SBARTER PROTOCOL - PRIVACY POLICY

dots overlay
sbarter logo

Last updated: May 29, 2026

1. INTRODUCTION AND DATA CONTROLLER

This Privacy Policy describes how Sbarter Limited (“Sbarter”, “We”, “Us”), a company incorporated in Malta under company number C114163, and a fully owned subsidiary of Association Sbarter, with registered office at Quantum House, 75, Abate Rigord Street, Ta’ Xbiex XBX 1120, Malta, collects, uses, shares, and protects your personal data when you use the Sbarter App and the Sbarter Protocol (together, the “Services”).

Sbarter is the data controller for the personal data described in this Policy. We operate on a strict principle of data minimisation: we collect only the minimum information necessary to provide the Services, ensure legal compliance, and maintain the security and integrity of the Sbarter Protocol. We do not sell your personal data.

This Policy should be read together with the Sbarter Terms and Conditions, available within the Sbarter App and at https://sbarter.com.

2. DATA WE COLLECT

We collect and retain only the following categories of personal data in our own systems:

2.1 Authentication Data

  • Email address or mobile phone number, used as your username for account creation, login, and account recovery.

2.2 Eligibility and Compliance Data

  • Date of Birth: retained to verify that you meet the minimum age requirement of 18 years.
  • Country of Residence: retained to enforce geographic restrictions and ensure compliance with applicable laws in your jurisdiction. This data is provided during onboarding and must be updated if your country of residence changes.

2.3 Technical and Protocol Data

  • Public Wallet Address: your public blockchain address, used to facilitate transactions and interact with Smart Contracts on the Solana blockchain. Note that wallet addresses are inherently public on-chain; see Section 7.
  • Device identifiers and IP addresses: collected solely for security purposes, fraud detection, and enforcement of geographic restrictions (geoblocking). This data is not used for advertising or behavioural profiling.

2.4 Reputation Data — Integrity Score

  • The Sbarter Protocol automatically generates an Integrity Score based on your Event participation history (including records of validated and Non-Validated Events). This score is a protocol-level metric used to promote fair competition. It is not a financial or legal assessment. For further information on automated processing, see Section 9.

2.5 User-Generated Content

We process content that you voluntarily submit through the Sbarter App, including:

  • result submissions and related gameplay data;
  • profile information, messages, and in-App communications;
  • evidence submitted in connection with the Community Dispute Resolution mechanism (such as gameplay screenshots, video clips, or recordings). Such evidence is shared with the panel of independent community resolvers handling the relevant dispute, as described in Section 5.3.

2.6 Data Not Retained by Sbarter

The following data is processed by independent third parties and is not retained in Sbarter’s own systems:

  • KYC identity documents (e.g., government-issued ID, passport): you submit these directly to our independent KYC provider, SumSub. Sbarter does not store identity documents on its own servers. Sbarter may access the SumSub administrative dashboard exclusively if required by applicable law, court order, or lawful request from a competent authority. Outside of such legally mandated circumstances, Sbarter does not access, view, copy, or retain identity documents held by SumSub.
  • On-chain data: your wallet address and full transaction history are permanently and publicly recorded on the Solana blockchain. This data is inherent to blockchain technology and is not under Sbarter’s control; see Section 7.

3. HOW WE USE YOUR DATA

We use your personal data only for the specific purposes set out below. For each purpose, we identify the applicable legal basis under the EU General Data Protection Regulation (“GDPR”) Regulation (EU) 2016/679:

PurposeData usedLegal basisGDPR Article
Account authentication and recoveryEmail / MobilePerformance of contractArt. 6(1)(b)
Age verification (18+ requirement)Date of BirthLegal obligation + ContractArt. 6(1)(b)(c)
Geographic restriction enforcementCountry, IP AddressLegal obligation + ContractArt. 6(1)(b)(c)
Protocol operation (Events, Smart Contracts)Wallet Address, UGC, Integrity ScorePerformance of contractArt. 6(1)(b)
Community Dispute ResolutionUGC evidence, Wallet AddressPerformance of contractArt. 6(1)(b)
Security, fraud detection, geoblockingIP Address, Device IDsLegitimate interestsArt. 6(1)(f)
Service notifications (non-marketing)Email / MobilePerformance of contractArt. 6(1)(b)
Marketing communicationsEmail / MobileConsentArt. 6(1)(a)
Legal and regulatory complianceEmail/Mobile, Date of Birth, CountryLegal obligationArt. 6(1)(c)

Where we rely on legitimate interests as the legal basis, we have assessed that our interests in maintaining the security and integrity of the Protocol are not overridden by your rights and freedoms, given the limited nature of the data processed and the strictly security-specific purpose for which it is used.

4. HOW VERIFICATION WORKS

Access to the Sbarter Protocol is subject to successful identity verification (“KYC”). We use a model designed to minimise the personal data Sbarter itself processes:

  • Third-party provider: you submit your identity documents directly to our independent KYC provider, SumSub, via their secure interface. SumSub processes your documents under its own privacy policy, available at https://sumsub.com/privacy-notice/.
  • Verification attestation: once SumSub verifies your identity and eligibility, a cryptographic attestation credential is issued to your Wallet via the Solana Attestation Service (SAS). This credential confirms your verified status without exposing your underlying documents.
  • Sbarter’s role: Sbarter verifies only the presence of a valid attestation credential in your Wallet. Sbarter retains off-chain only your Date of Birth, Country of Residence, and Email address or mobile number, as described in Section 2.
  • Limited administrative access: Sbarter may access the SumSub administrative dashboard exclusively if required by applicable law, court order, or lawful request from a competent authority. No access occurs outside of such legally mandated circumstances.
  • Wallet loss: if you lose access to your Wallet, you lose the associated verification credential. You may need to re-complete the KYC Process with SumSub. Sbarter cannot restore wallet access or re-issue credentials.

5. DISCLOSURE OF YOUR INFORMATION

We do not sell your personal data. We may share your data only in the following limited circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who process it on our behalf under our instructions, subject to appropriate data processing agreements:

  • Cloud infrastructure providers (e.g., AWS, Firebase) for secure data hosting and App operation.
  • SumSub, our KYC provider, for identity verification services as described in Section 4.

5.2 On-Ramp and Payment Providers

If you choose to use a third-party fiat on-ramp service to acquire SBT Tokens, Sbarter acts as a referrer only. You interact directly with the on-ramp provider under its own terms and privacy policy. Sbarter does not process or retain payment card or banking data.

5.3 Community Dispute Resolution

When a dispute regarding an Event result is referred to the Community Dispute Resolution mechanism, evidence submitted by Participants (including gameplay screenshots, video clips, or other User-Generated Content) is shared with the panel of independent community resolvers assigned to the dispute. Resolvers are other verified Users of the Sbarter Protocol. By submitting evidence in a dispute, you consent to this limited sharing with community resolvers for the purpose of resolving the specific dispute.

5.4 Legal Requirements

We may disclose your Email address or mobile number, Date of Birth, and Country of Residence if strictly required by applicable law, court order, regulation, or lawful request from a competent governmental or regulatory authority. Where permitted by law, we will notify you of such a request.

5.5 Business Transfers

In the event of a merger, acquisition, or transfer of all or part of Sbarter’s business, your personal data may be transferred to the acquiring entity, subject to the same or equivalent data protection obligations. You will be informed of any such transfer in advance.

6. INTERNATIONAL DATA TRANSFERS

Sbarter is incorporated in Malta, a Member State of the European Union, and your data is primarily processed within the European Economic Area (“EEA”).

However, some of our service providers, including SumSub and our cloud infrastructure providers, may process or store data outside the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • adequacy decisions issued by the European Commission for the relevant third country; or
  • other legally recognised transfer mechanisms under Chapter V of the GDPR.

You may request further information about the specific safeguards applicable to transfers of your data by contacting us at support@sbarter.com.

7. BLOCKCHAIN TRANSPARENCY

Please be aware that the Sbarter Protocol operates on the Solana blockchain, which is a public, decentralised ledger. As a result:

  • Your public wallet address and all on-chain transaction history are permanently and publicly visible to anyone with access to the Solana blockchain. This is an inherent characteristic of blockchain technology.
  • Sbarter cannot delete, hide, modify, or restrict access to any data recorded on the blockchain. This data falls outside the scope of Sbarter’s data deletion and correction obligations under the GDPR.
  • Your wallet address alone does not identify you by name to Sbarter. However, third parties may potentially link on-chain wallet activity to your identity through independent means outside Sbarter’s control.

 

By using the Sbarter Protocol and connecting your Wallet, you acknowledge the public and immutable nature of on-chain data.

8. DATA RETENTION AND DELETION

8.1 Retention Periods

We retain your personal data only for as long as necessary for the purposes described in this Policy:

  • Email address / mobile number: retained for the duration of your User Account. Deleted within 30 days of account closure, unless retention is required by law.
  • Date of Birth and Country of Residence: retained for the duration of your User Account for ongoing eligibility verification. Deleted upon account closure, subject to legal retention obligations below.
  • Device identifiers and IP addresses: retained for a maximum of 12 months from collection, used solely for security and fraud prevention purposes.
  • Integrity Score and Event participation records: retained for the duration of your User Account. Deleted upon account closure.
  • User-Generated Content (including dispute evidence): retained for the duration of your User Account and for up to 12 months following account closure to allow resolution of any pending disputes or investigations.

8.2 Legal Retention Obligations

Notwithstanding the above, we may retain certain data for up to five (5) years following account closure where required by applicable anti-money laundering laws, financial crime prevention obligations, or other mandatory legal requirements. Such retention is strictly limited to the data and duration required by the relevant legal obligation.

8.3 Deletion Requests

You may request deletion of your account and associated off-chain personal data at any time through the Sbarter App settings or by contacting support@sbarter.com. Please note:

  • Deletion of your account does not affect data permanently recorded on the Solana blockchain, which cannot be removed.
  • Deletion may be delayed or restricted if your account is under active investigation for a breach of the Fair-Play Policy, misconduct, or applicable legal requirements.
  • We will confirm completion of deletion within 30 days of a valid request, or inform you of any legal basis for retention beyond that period.

9. AUTOMATED DECISION-MAKING

The Sbarter Protocol uses automated processing to calculate your Integrity Score based on your Event participation history, including records of validated and Non-Validated Events. This automated processing may produce effects on your participation within the Protocol (for example, being excluded from Events that require a minimum Integrity Score).

The Integrity Score is not a financial, legal, or credit assessment. It is a community-driven fair-play metric. The score:

  • is calculated exclusively by algorithmic rules embedded in the Protocol;
  • is not manually adjusted or reviewed by Sbarter;
  • cannot be purchased, transferred, or manipulated;
  • is visible to you within your profile in the Sbarter App.

If you believe your Integrity Score has been calculated incorrectly, or if you wish to obtain an explanation of the automated processing logic, you may contact us at support@sbarter.com. We will respond within a reasonable timeframe. Please note that, due to the automated and decentralised nature of the Protocol, Sbarter cannot manually override individual Integrity Score values.

10. MARKETING COMMUNICATIONS

With your explicit consent, we may send you marketing and promotional communications relating to the Sbarter Protocol, new features, Events, or relevant updates. The legal basis for this processing is your consent under Article 6(1)(a) GDPR.

You may withdraw your consent at any time, at no cost, by:

  • using the unsubscribe link included in any marketing email or message;
  • updating your notification preferences in the Sbarter App settings; or
  • contacting us at support@sbarter.com.

Withdrawal of consent does not affect the lawfulness of any processing carried out before withdrawal. We will continue to send you non-marketing service notifications necessary for the operation of your account, as these are based on performance of the contract between us.

11. YOUR RIGHTS

Depending on your location and applicable law, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at support@sbarter.com. We will respond within one (1) calendar month, or notify you if additional time is required.

11.1 Rights Under the GDPR

  • Access (Art. 15): request a copy of the personal data we hold about you.
  • Rectification (Art. 16): request correction of inaccurate data, including your email address, mobile number, or country of residence.
  • Erasure / Right to be Forgotten (Art. 17): request deletion of your personal data from our systems, subject to the blockchain limitations described in Section 7 and the legal retention obligations described in Section 8.2.
  • Restriction of processing (Art. 18): request that we restrict the processing of your data in certain circumstances, for example while the accuracy of data is disputed.
  • Data portability (Art. 20): receive a structured, machine-readable copy of the personal data you provided to us, where technically feasible.
  • Objection (Art. 21): object to processing based on legitimate interests. We will cease such processing unless we can demonstrate compelling legitimate grounds, or where processing is necessary for legal claims.
  • Rights regarding automated decision-making (Art. 22): request an explanation of automated processing affecting you, as described in Section 9.
  • Right to lodge a complaint: you have the right to lodge a complaint with the Malta Information and Data Protection Commissioner (IDPC), the competent supervisory authority for Sbarter, at www.idpc.org.mt. You may also contact the supervisory authority in your country of habitual residence.

11.2 California Residents — CCPA

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know about personal data collected, the right to request deletion, and the right to non-discrimination for exercising your privacy rights. To exercise any CCPA right, please contact us at support@sbarter.com. As Sbarter does not sell personal data, the right to opt out of the sale of personal data does not apply.

12. CHILDREN'S DATA

The Services are not directed at, and are not intended for use by, persons under the age of 18. We do not knowingly collect personal data from anyone under 18. We enforce this restriction through mandatory KYC age verification at onboarding. If we become aware that we have inadvertently collected personal data from a person under 18, we will delete that data promptly. If you believe a person under 18 has registered an account, please contact us at support@sbarter.com.

13. SECURITY

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data storage, access controls, and regular security reviews.

Our non-custodial wallet model means that Sbarter never holds your Private Keys or Recovery Phrase; the security of your Wallet is your sole responsibility. No method of transmission over the Internet or electronic storage is completely secure. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you in accordance with GDPR Article 34.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will notify you through the Sbarter App or by email, and update the “Last Updated” date at the top of this Policy. Material changes will not apply retroactively. Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the changes.

15. CONTACT US

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we process your personal data, please contact us:

Data Controller: Sbarter Limited

Registered address: Quantum House, 75, Abate Rigord Street, Ta’ Xbiex XBX 1120, Malta

Email: support@sbarter.com

We will acknowledge your request within five (5) business days and provide a substantive response within one (1) calendar month, or inform you if additional time is required.