YAP Hub ("we", "us", "our") operates yaphub.xyz and the embeddable YAP Hub Widget. This Privacy Policy explains how we collect, use, and protect data in accordance with the EU General Data Protection Regulation (GDPR), the EU Digital Services Act (DSA), the German Federal Data Protection Act (BDSG), and the TTDSG.
The data controller responsible for processing personal data is:
[INSERT: Full legal name or trading name]
[INSERT: Address]
[INSERT: Email]
For all privacy-related enquiries: [INSERT PRIVACY EMAIL]
Data you provide voluntarily:
| Data | Purpose | Retention |
|---|---|---|
| Chat messages | Display in chat | 24 hours, auto-deleted |
| Anonymous username | Display in chat | Browser only (localStorage) |
| Sentiment votes | Leaderboard, statistics | 24 hours, auto-deleted |
| Token upgrade details | Display in widget | Permanent (paid service) |
| Report submissions | Content moderation | 30 days |
Data collected automatically:
| Data | Processing | Retention |
|---|---|---|
| IP address | Hashed with SHA-256 immediately — original IP never stored | Hash stored max. 24h, then auto-deleted |
| Browser UUID | Stored in your browser only, never linked to identity | Browser localStorage only |
| Message timestamps | Required for chat functionality | 24 hours |
| Processing Activity | Legal Basis (GDPR Art. 6) |
|---|---|
| Displaying chat messages | Legitimate interest (Art. 6(1)(f)) |
| Rate limiting (IP hash) | Legitimate interest (Art. 6(1)(f)) — preventing abuse |
| Content moderation | Legal obligation (Art. 6(1)(c)) — DSA compliance |
| Token upgrade data | Contract performance (Art. 6(1)(b)) |
| Fraud prevention | Legitimate interest (Art. 6(1)(f)) |
We do not use your data for advertising, profiling, sale to third parties, or automated decision-making with legal effects.
IP Address: Your IP address is immediately hashed using SHA-256 with a secret salt. The hash is used only for rate limiting. The original IP address is never stored in our database and is deleted after 24 hours.
Messages: All chat messages are encrypted at rest using AES-256-GCM encryption and permanently deleted after 24 hours.
Identity: Your anonymous username is generated locally in your browser and stored only in localStorage. It is never linked to your real identity.
| Data Type | Retention Period |
|---|---|
| Chat messages (encrypted) | 24 hours — automatically deleted |
| IP address hashes | 24 hours — automatically deleted |
| Sentiment votes | 24 hours — automatically deleted |
| System notifications | 24 hours — automatically deleted |
| Token upgrade data | Permanent — part of paid service |
| Report records | 30 days — for moderation |
MoonPay / Helio (Payments): Token upgrades redirect to MoonPay Commerce. We do not process or store payment data. See MoonPay Privacy Policy.
Alchemy / Helius (Blockchain Data): We use these APIs to fetch publicly available token metadata. No personal data is shared beyond the token contract address.
Hosting Provider: [INSERT: Server provider, e.g., Contabo GmbH, Germany]. Standard server access logs may be retained per their privacy policy.
Font Awesome (CDN): Icons are loaded via CDN which may transmit your IP to the CDN provider.
YAP Hub does not use tracking cookies or advertising cookies.
We use browser localStorage to store:
This data never leaves your device. You can clear it at any time by clearing your browser's local storage. No consent is required as this localStorage is technically necessary to provide the service you explicitly requested (TTDSG §25(2)).
For all privacy-related enquiries: [INSERT PRIVACY EMAIL]
Response time: within 30 days (GDPR requirement)
You have the right to lodge a complaint with your national data protection authority. In Germany:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn
www.bfdi.bund.de