U
UnchainedLab
LaunchpadCreateHow it worksCommunity
Back to home
⚠ Draft — review with legal counsel before going live for paid users.This is a starting template, not legal advice. Last updated: 2026-04-28.

Privacy Policy

This Privacy Policy explains how UnchainedLab ("we", "us") collects, uses and protects personal data when you use unchainedlab.net (the "Service"). It is written with the EU General Data Protection Regulation (GDPR) and the UK GDPR in mind. We act as a data controller in respect of the personal data described below.

1. Data we collect

When you use the Service we may collect:

  • Wallet address. The public address you connect to the Service (Ethereum or Solana). This is treated as personal data when associated with other identifying information.
  • Email address (optional). Provided at checkout if you want order updates. You can complete a purchase without one.
  • Shipping details. Recipient name, postal address, phone number (where required by the carrier) so we can deliver your order.
  • Transaction hashes and on-chain payment metadata. Used to verify payment and reconcile orders.
  • Order content. The product, size, design and collection associated with your order.
  • Support correspondence. Messages you send to support@unchainedlab.net.

2. Why we collect it (purposes)

  • Order fulfillment. To process payments, route your order to the manufacturer, ship the product, and handle returns or refunds.
  • Customer support. To respond to enquiries, investigate issues and process refund requests.
  • Fraud prevention and platform safety. To detect and prevent fraudulent transactions, chargebacks, and abuse of the listing or escrow process.
  • Legal compliance. Tax, accounting, anti-money laundering and sanctions screening obligations.

3. Lawful basis (GDPR / UK GDPR)

  • Performance of a contract (Art. 6(1)(b)) — to fulfill orders you have placed and operate the Service you have requested.
  • Legitimate interests (Art. 6(1)(f)) — for fraud prevention, network security and improving the Service. We balance these interests against your rights.
  • Legal obligation (Art. 6(1)(c)) — to retain records for tax, accounting and other regulatory requirements.
  • Consent (Art. 6(1)(a)) — where you choose to provide an optional email address for order communications.

4. Recipients of your data

We share personal data only with processors and partners necessary to operate the Service:

  • Supabase — database and storage hosting (data stored in the EU region).
  • Resend — transactional email delivery.
  • The third-party manufacturer — receives the shipping address and order details necessary to produce and ship your merchandise.
  • Shipping carriers — receive the shipping address and any contact details required for delivery.
  • Public blockchains. Wallet addresses and transaction hashes are, by their nature, public on-chain data and are visible to anyone.

We do not sell personal data. Where a processor is located outside the EEA / UK, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

5. Retention

  • Order records (including shipping address and tx hash): retained for up to 7 years to comply with tax, accounting and anti-fraud obligations.
  • Optional email address: retained for the same period if linked to an order, otherwise deleted on request.
  • Support correspondence: retained for up to 3 years.
  • SIWE session cookies: deleted on logout or after session expiry.

6. Your rights

Subject to the GDPR / UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure ("right to be forgotten") where no overriding legal obligation requires retention.
  • Restrict or object to certain processing.
  • Receive a copy of your data in a portable, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority (in the EU, your national Data Protection Authority; in the UK, the Information Commissioner's Office).

Note that on-chain data (wallet addresses, transaction hashes) is public and immutable; we cannot delete it from the underlying blockchain.

To exercise any of these rights, contact support@unchainedlab.net.

7. Cookies

We use cookies sparingly. The Service relies on a single session cookie used to maintain your authenticated session after Sign-In With Ethereum (SIWE). It is strictly necessary for the Service to function and does not require consent under EU cookie rules. We do not use third-party advertising or cross-site tracking cookies, and we do not run analytics tracking that profiles individual users.

8. Security

We use technical and organisational measures including encryption in transit (TLS), access controls, and least-privilege service credentials. No system is perfectly secure; you remain responsible for the security of your wallet, devices and credentials.

9. Children

The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related enquiries, contact us at support@unchainedlab.net.

U
UnchainedLab

The crypto-native merch launchpad. Spin up a collection, accept on-chain payments, ship worldwide.

Platform

  • Launchpad
  • Create
  • How it works

Company

  • About
  • Blog
  • Careers

Resources

  • Documentation
  • Support
  • Status

Legal

  • Privacy
  • Terms
  • Refund Policy
  • Cookie Policy

© 2026 UnchainedLab. All rights reserved.

Twitter/XDiscordGitHub

Support: support@unchainedlab.net