RILLALERT logoRILLALERT
Back to home

Privacy Policy

Last Updated: February 27, 2026

Introduction

This privacy policy (the "Privacy Policy") is designed to help you understand how Lokie Labs, S.L. ("Lokie Labs", "we", "us", "our", the "Company" or the "Controller") collects, uses, processes and shares the personal information and data you provide when you access and/or use RILLALERT, an NFT listing alert and monitoring platform within the RILLAZ ecosystem, located at https://rillalert.xyz (the "App", the "Platform", the "Site" or the "Website", indistinctly), and any other services or interfaces owned or controlled by Lokie Labs that link to this Privacy Policy (each a "Service" and collectively, the "Services").

Laws incorporated in this Privacy Policy

This Privacy Policy is adapted to the Spanish and European regulations in force regarding the protection of personal data on the Internet. Specifically, it respects the following rules:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR").
  • The Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights ("LOPD-GDD").
  • Royal Decree 1720/2007, of December 21, 2007, approving the Regulations for the development of Organic Law 15/1999, of December 13, 1999, on Personal Data Protection ("RDLOPD").
  • Law 34/2002, of July 11, 2002, on Information Society Services and Electronic Commerce ("LSSI-CE").

Data Controller

The person responsible for the processing of personal data (the "Data Controller") is Lokie Labs, S.L., a business entity incorporated under the laws of Spain, with registered office at Alcobendas (Madrid), and provided with tax identification number (N.I.F.) B13930714.

Data Protection Officer

The data protection officer (the "Data Protection Officer", "DPO" or "DPD", indistinctly) is responsible for ensuring compliance with data protection regulations, and in connection with this, that the rights and freedoms of data subjects are not adversely affected by the data processing operations. You can contact the DPO of Lokie Labs at the following e-mail address: contact@lokielabs.com.

Incorporation to files

In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by Lokie Labs through the App will be incorporated and processed in our files for the purposes referred to in this Privacy Policy.

Principles applicable to the processing of personal data

The processing of the user's personal data shall be subject to the following principles set out in Article 5 of the GDPR:

  • Principle of lawfulness, fairness and transparency: the consent of the user will be required at all times after fully transparent information of the purposes for which the personal data are collected.
  • Purpose limitation principle: personal data will be collected for specified, explicit and legitimate purposes.
  • Principle of data minimization: personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
  • Accuracy principle: personal data must be accurate and always up to date.
  • Principle of limitation of the storage period: personal data shall only be kept in such a way as to allow the identification of the user for the time necessary for the purposes for which they are processed.
  • Principle of integrity and confidentiality: personal data will be processed in a way that ensures their security and confidentiality.
  • Principle of proactive responsibility: the Data Controller shall be responsible for ensuring that the above principles are complied with.

Categories of personal data

The categories of personal information we collect will depend on your interaction with us, your use of our Services, and the requirements of applicable laws. We collect personal information that you provide to us, personal information that we obtain automatically when you use our Services, and personal information from other sources, such as third-party services and organizations, as described below.

A) Information you provide directly to us

We may collect the following personal information that you provide to us:

  • Wallet address: When you connect your digital wallet to the App, we collect your public wallet address. Your wallet address serves as your primary identifier on the App and constitutes a pseudonymous identity — while it does not directly reveal your legal name or personal identity, it may be linked to your real-world identity through publicly available blockchain transaction history, on-chain activity patterns, or third-party analytics services. We will never ask for or collect your private keys or seed phrases.
  • Profile information: You may optionally provide a display name (profile name) for your account. This information is publicly visible on the Leaderboard and in connection with your activity on the App.
  • X/Twitter information: If you connect your X/Twitter account or provide your X handle, we collect your X user ID, X handle (username), and profile image URL. This information may be used to deliver public or semi-public notifications on your behalf and to display your profile on the App and Leaderboard.
  • Email address: You may optionally provide an email address to receive private email notifications when your Alerts are triggered. If provided, your email address is verified through a one-time code (OTP) sent to the email address you provide. Email addresses are not required to use the App and are collected only if you opt in to email notifications.
  • Alert configuration data: When you create an Alert, we collect the details of the Alert, including the NFT collection, token ID, target price, selected blockchain, notification preferences, and alert duration.
  • Contact information: We may collect personal information, such as name or email address, when you contact us via email or other communication channels.

B) Information collected automatically

We may collect personal information automatically when you use our Services, such as:

  • Automatic data collection: We may collect certain information automatically when you use our Services, such as information about your browser or device, information about your location (including approximate location derived from IP address), and metadata about the content you provide. We may also automatically collect information about your use of our Services, such as the pages you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
  • Blockchain and transaction data: We collect publicly available on-chain data related to your wallet address, including NFT holdings (for verifying RILLAZ holder discount eligibility), NFT purchase transactions (for detecting Successful Hunts), and token balances (for payment processing). This data is publicly available on the respective blockchain networks.
  • Alert and notification activity: We automatically collect data about your Alert activity, including alerts created, alerts triggered, notifications sent (including tweet URLs), email delivery status, and Successful Hunts. This data is used to provide the Services, calculate Points, and populate the Leaderboard.
  • Cookies and local storage: We, as well as third parties that provide content or other functionality on our Services, may use cookies, local storage and other technologies ("Technologies") to automatically collect information through your use of our Services.
    • Cookies are small text files placed on device browsers that store preferences and facilitate and enhance your experience.
    • Local storage is used to persist wallet connection state and user preferences across sessions.
    • Analytics: We may use tools to process analytical information on our Services. These technologies allow us to process usage data to better understand how our Services are used and to continually improve them.
    • Social media platforms: Our Services may contain social media buttons, such as links to X/Twitter, which may include widgets or interactive elements. These features may collect your IP address and the page you are visiting on our Services and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing them.

You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as allowed by your browser or device. However, if you adjust your preferences, our Services may not function properly.

C) Information gathered from other sources

  • Third-party APIs and marketplaces: We obtain information from third-party NFT marketplaces (such as OpenSea) and blockchain data providers (such as Alchemy) to provide the Alert and monitoring Services. This includes NFT listing data, collection metadata, pricing information, and transaction data. This information is generally publicly available and is not personal data, except to the extent it relates to your wallet address.
  • X/Twitter: If you connect your X/Twitter account, we may receive information about you from X/Twitter that you have made available through your privacy settings on that platform. Your access through X/Twitter is also subject to X/Twitter's privacy policy, so we encourage you to read and understand their privacy policy.

Purposes of the processing for which the personal data is used

Personal data are collected and managed by Lokie Labs for the following purposes:

  • Service provision: To provide, maintain, and improve the RILLALERT Services, including creating and managing Alerts, delivering notifications, tracking Successful Hunts, calculating Points, and maintaining the Leaderboard.
  • Authentication and security: To verify your identity through wallet connection, verify your email address through OTP codes, and maintain the security of your account and the App.
  • Communication: To send you service-related communications, including Alert notifications (via in-app, email, and/or X/Twitter), email verification codes, and important service updates.
  • Payment processing: To process payments for Alert creation, verify RILLAZ holder discount eligibility, and maintain transaction records.
  • Analytics and improvement: To analyze usage patterns, improve the App's functionality, and develop new features.
  • Abuse prevention and enforcement: To detect, prevent, and address fraud, abuse, manipulation, Sybil attacks, and other prohibited activities, and to enforce compliance with our Terms and Conditions.
  • Legal and regulatory compliance: To comply with applicable laws, regulations, legal obligations, and lawful requests from competent authorities, including anti-money laundering (AML) and sanctions regulations.

At the time the personal data is obtained, the user will be informed about the specific purpose or purposes of the processing for which the personal data will be used.

Legal basis for processing

We process your personal data on the following legal bases:

  • Contract performance (Article 6(1)(b) GDPR): Processing necessary for the performance of the Services you have requested, including Alert creation, notification delivery, and payment processing.
  • Consent (Article 6(1)(a) GDPR): Where you have given consent for specific processing activities, such as providing your email address for email notifications or connecting your X/Twitter account.
  • Legitimate interest (Article 6(1)(f) GDPR): Processing necessary for our legitimate interests, such as improving our Services, preventing fraud, detecting and preventing abuse or manipulation of the platform, ensuring the security of the App, and displaying user activity on the public Leaderboard. The public Leaderboard serves a legitimate interest by fostering community engagement, transparency, and healthy competition within the RILLAZ ecosystem. We have conducted a balancing test and concluded that the display of pseudonymous wallet addresses, profile names, Points, and Successful Hunt counts on the Leaderboard does not unduly prejudice the rights and freedoms of data subjects, given the pseudonymous nature of wallet identifiers and the voluntary nature of profile information. Users who wish to minimize their public visibility may refrain from providing optional profile information such as display names and X/Twitter handles.
  • Legal obligation (Article 6(1)(c) GDPR): Processing necessary for compliance with legal obligations to which Lokie Labs is subject, including AML, sanctions, and other regulatory requirements.

Recipients of personal data

Lokie Labs does not sell users' personal data to third parties. However, Lokie Labs shares or allows access to users' personal data to the following categories of recipients:

  • Data Processors: Third-party service providers who process data on our behalf to deliver the Services, including:

    • Supabase (database hosting and real-time data services)
    • Alchemy (blockchain data provider and RPC services)
    • Resend (email delivery service for Alert notifications and verification codes)
    • Amazon Web Services (AWS SES) (backup email delivery service)
    • Vercel (application hosting)
    • OpenSea (NFT marketplace data)

    These relationships are regulated in their corresponding data processing agreements and comply with all requirements of the applicable Spanish and European legislation on Personal Data Protection.

  • X/Twitter: If you opt in to public or semi-public X/Twitter notifications, your Alert information (including collection name, listing details, and depending on the notification type, your X handle) will be posted publicly on X/Twitter through the RILLALERT account (@RILLALERT). You acknowledge that information posted on X/Twitter is publicly accessible and subject to X/Twitter's terms and privacy policy.

  • Public Leaderboard: Your wallet address, profile name, X handle, profile image, Points, and Successful Hunts count are displayed publicly on the Leaderboard. By using the App, you acknowledge that this information is publicly visible.

  • Blockchain networks: Transactions made through the App (such as Alert payments in $APE) are recorded on the applicable blockchain network and are publicly visible. Lokie Labs has no control over the public nature of blockchain data.

  • Law enforcement and regulatory authorities: We may disclose personal data to law enforcement agencies, regulatory authorities, courts, or other competent bodies where required by applicable law, regulation, or legal process, or where Lokie Labs believes in good faith that such disclosure is necessary to comply with a legal obligation, protect the rights, property, or safety of Lokie Labs, its users, or third parties, or investigate suspected fraud, abuse, or other violations of these Terms.

In the event that the Data Controller intends to transfer personal data to a third country or international organization, at the time the personal data is obtained, the user will be informed about the third country or international organization to which it intends to transfer the data, as well as the existence or absence of an adequacy decision of the European Commission.

The provisions of this paragraph are without prejudice to the communication of personal data to third parties in cases of legal obligation.

International data transfers

Some of our Data Processors may be located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or that the transfer is to a country that has been deemed to provide an adequate level of data protection by the European Commission.

Public and Immutable Nature of Blockchain Data

You acknowledge and accept that blockchain technology is inherently public and immutable. Transactions recorded on blockchain networks — including NFT purchases, token transfers, and payment transactions — are permanently and publicly visible to anyone with access to the relevant blockchain. This has the following implications for your personal data:

  • Immutability: Once data is recorded on a blockchain, it cannot be altered, deleted, or erased by Lokie Labs or any other party. This means that the rights of erasure ("right to be forgotten") and rectification under the GDPR cannot be fully exercised with respect to on-chain data, as the technical architecture of blockchain networks does not permit modification or deletion of confirmed transactions.
  • Public visibility: Your wallet address, transaction history, NFT holdings, and payment records are publicly accessible on blockchain explorers and may be viewed, indexed, or analyzed by any third party. Lokie Labs has no control over how third parties access or use publicly available blockchain data.
  • Pseudonymous nature: While your wallet address does not directly reveal your legal identity, it constitutes a pseudonymous identifier that may be linked to your identity through patterns of use, publicly available information, third-party analytics, or voluntary disclosures (such as connecting an X/Twitter account or publishing your wallet address publicly).
  • Scope of Lokie Labs' obligations: Lokie Labs' data protection obligations under the GDPR and applicable law apply exclusively to the personal data that Lokie Labs collects, processes, and stores within its own systems (off-chain). Lokie Labs cannot and does not assume responsibility for the public availability, immutability, or third-party processing of data that exists on public blockchain networks.

By using the App and interacting with blockchain networks, you expressly acknowledge and accept these inherent characteristics of blockchain technology and their impact on your data protection rights.

Personal data of minors

In accordance with articles 8 of the GDPR and 7 of the LOPD-GDD, only those over 18 years of age may use the App and consent to the processing of their personal data by Lokie Labs. The App involves interactions with digital wallets, cryptocurrencies, and NFTs, and is not intended for use by persons under the age of eighteen (18). We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete such information.

Secrecy and security of personal data

Lokie Labs undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorized communication of or access to such data.

Specific security measures implemented include:

  • Email verification codes are stored as SHA-256 cryptographic hashes; the original codes are not stored in our database.
  • Row Level Security (RLS) is enforced on all database tables to prevent unauthorized data access.
  • Server-side processing ensures that all write operations are performed through secure, authenticated server-side API routes.
  • Production environment guards restrict access to test and debug functionality in production environments.

However, because Lokie Labs cannot guarantee the impregnability of the Internet or the total absence of hackers or others who fraudulently access personal data, the Data Controller undertakes to notify the user without undue delay when a breach of security of personal data occurs that is likely to involve a high risk to the rights and freedoms of natural persons.

Following the provisions of Article 4 of the GDPR, a breach of security of personal data means any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorized communication of or access to such data.

Personal data will be treated as confidential by the Data Controller, who undertakes to inform and to ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible.

Time of conservation of personal data

The personal data provided will be kept for the time necessary to fulfill the purpose for which they are collected, subject to the following retention periods:

  • Profile data (wallet address, profile name, X handle): Retained for as long as you maintain an active account on the App.
  • Alert data: Active alerts are retained for the duration of the alert period. Expired alerts are retained for record-keeping and historical purposes.
  • Successful Hunts: Retained indefinitely as part of the historical record and Leaderboard.
  • Email verification codes: Expire after 10 minutes and are marked as used upon successful verification.
  • Email delivery records: Retained for service quality monitoring and troubleshooting purposes.
  • Notification data: Retained for the duration of your account activity.
  • Points and Leaderboard data: Retained for as long as the Points system is active.

In addition, data may be retained for the periods established in applicable regulations on archives and documentation. However, you may request deletion at any time, subject to our legal and contractual obligations.

Accuracy and veracity of personal data

You undertake to ensure that the data you provide us with is correct, complete, accurate and current, as well as to keep it duly updated. As a user of our Services you are solely responsible for the veracity and accuracy of the data you submit, exonerating Lokie Labs from any liability in this regard.

Acceptance and consent

As a user of the Services, you declare that you have been informed of the conditions on personal data protection, you accept and consent to the processing of such data by Lokie Labs in the manner and for the purposes indicated in this Privacy Policy.

Acceptance and changes to this Privacy Policy

It is necessary that you have read and agree with the conditions on the protection of personal data contained in this Privacy Policy, as well as that you accept the processing of your personal data so that the Data Controller can proceed in the manner, during the periods and for the purposes indicated. The use of the App will imply the acceptance of its Privacy Policy.

Lokie Labs reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency (Agencia Española de Protección de Datos). When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy. In the event of any material change that substantially affects how your personal data is collected, used, or shared, we will use reasonable efforts to notify you through appropriate means, such as an in-app notification or a prominent banner on the App. Where required by applicable law, material changes may require your re-acceptance. We encourage you to periodically review this privacy statement to be informed of how Lokie Labs is protecting your information. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy becomes effective.

Automated Decision-Making and Profiling

In accordance with Articles 13(2)(f), 14(2)(g), and 22 of the GDPR, Lokie Labs informs you of the following automated processing activities:

A) Points Calculation and Leaderboard Ranking

The App uses automated algorithms to calculate Points based on user activity, including Alert creation, Alert triggering, and Successful Hunts. Points are aggregated and used to determine Leaderboard rankings. This processing is performed automatically without human intervention in individual ranking decisions.

  • Logic involved: Points are awarded based on predefined criteria tied to measurable on-chain and in-app activities. The algorithms consider factors such as the number of alerts created, alerts triggered, and NFTs successfully purchased following an alert.
  • Significance and consequences: Your Points total and Leaderboard ranking are publicly visible. Higher rankings may result in greater community visibility. Points have no monetary value and confer no legal entitlement.
  • Legal basis: This processing is necessary for the performance of the contract (Article 6(1)(b) GDPR), as the Points and Leaderboard system is an integral part of the Services, and is further supported by our legitimate interest (Article 6(1)(f) GDPR) in fostering community engagement.

B) Successful Hunt Detection

The App automatically monitors blockchain transactions associated with your wallet address to detect Successful Hunts (i.e., NFT purchases matching an active Alert). This detection is performed through automated cross-referencing of on-chain purchase data with active Alert parameters.

  • Logic involved: The system compares wallet purchase transactions against active Alert criteria (collection, token ID, price thresholds) to determine whether a Successful Hunt has occurred.
  • Significance and consequences: Detected Successful Hunts are recorded on your profile, contribute to your Points balance, and are displayed on the public Leaderboard.
  • Legal basis: Contract performance (Article 6(1)(b) GDPR).

C) Abuse and Manipulation Detection

Lokie Labs employs automated monitoring to detect patterns of abuse, manipulation, Sybil attacks, wash trading, and other prohibited activities. This may involve automated analysis of wallet behavior, transaction patterns, and usage anomalies.

  • Logic involved: Automated systems analyze behavioral patterns and cross-reference wallet activities to identify conduct that may indicate abuse or violation of the Terms and Conditions.
  • Significance and consequences: Users identified by automated systems as potentially engaging in abusive conduct may be subject to further investigation, suspension, or termination of access. Significant decisions with legal effects are subject to human review before final action is taken, in accordance with Article 22(1) GDPR.
  • Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in maintaining the integrity and fairness of the platform.

D) Your Rights Regarding Automated Decision-Making

Where automated processing produces legal effects concerning you or similarly significantly affects you, you have the right under Article 22 GDPR to:

  • Obtain human intervention from Lokie Labs.
  • Express your point of view.
  • Contest the decision.

To exercise these rights, please contact us at contact@lokielabs.com.

User rights

In accordance with the rights recognized in the GDPR and the LOPD-GDD, you may exercise your rights of:

  • Access: The right to obtain confirmation as to whether your personal data is being processed, and where that is the case, access to the personal data.
  • Rectification: The right to obtain the correction of inaccurate personal data concerning you.
  • Erasure ("right to be forgotten"): The right to obtain the deletion of your personal data, subject to applicable legal retention requirements.
  • Restriction of processing: The right to obtain the restriction of the processing of your personal data in certain circumstances.
  • Data portability: The right to receive your personal data in a structured, commonly used and machine-readable format.
  • Opposition: The right to object to the processing of your personal data on grounds relating to your particular situation.
  • Withdrawal of consent: The right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es) or, if you are a consumer habitually resident in another EU Member State, with the supervisory authority of your country of residence.

To exercise any of these rights, please send your request to the e-mail contact@lokielabs.com, including your wallet address for identification purposes.

Please note that certain data, such as blockchain transaction records and publicly posted X/Twitter notifications, cannot be deleted or modified due to the immutable nature of blockchain technology and third-party platform policies.

Links to third parties

The user may find links on our App or Services to other websites controlled by third parties, including NFT marketplaces (such as OpenSea), blockchain explorers, and social media platforms. Lokie Labs does not have the power to control the content provided by these other websites and is not responsible for the processing of users' personal data by those responsible for these websites. We remind you that this Privacy Policy only applies to personal data collected and processed by Lokie Labs through its App. Therefore, Lokie Labs is not responsible for any aspect related to the processing of your data that may be carried out by those responsible for these third party websites, who will be responsible for their own files and their own privacy practices.

Governing Language

This Privacy Policy has been drafted in the English language. In the event that this Privacy Policy is translated into any other language, the English language version shall prevail in case of any discrepancy or inconsistency between the English version and any translation.

Contact

If you have any questions about this Privacy Policy or the use of your personal data, or if you wish to exercise any of your rights as described above, please send an email to contact@lokielabs.com.