What we see, and what we don't.

When you use TOLDPROOF, we store:

• Your X handle and X numeric user ID (so we can link tweets to predictions).
• Your Sui wallet address (so the on-chain receipt has an owner).
• The text of your prediction (kept scrambled on Walrus; unscrambled by Seal on your chosen unlock date).
• The unlock date, topic tag, and any optional links you attach.
• A short-lived session cookie after you sign in with X.
• A log of the verify bot’s replies — which tweet asked, which prediction matched, when we replied — so it doesn’t reply twice.
• Basic site analytics (page views, country, browser) via Plausible, which doesn’t use tracking cookies.

We do not collect, and we cannot see:

• Your X password or any other social login password.
• Your wallet’s private key or seed phrase — wallet signing happens in your wallet, not on our servers.
• Your DMs, your full timeline, or your contact list — our X OAuth scope is only what we need to read and post tweets you authorise.
• Any payment details. Card payments (if and when Pro launches) will run through Stripe; we never see your card number.

Sui and Walrus are public networks. By design, anything you write to them stays there forever, readable by anyone:

• The receipt on Sui — your address, the unlock date, a fingerprint of the prediction, hit/miss verdict once judged.
• The scrambled prediction text on Walrus — readable only after the unlock date, when Seal releases the key.
• The AI judge’s reasoning, also written to Walrus.

We can't delete any of that. Neither can you. If you want a prediction not to be public, don't lock it. Once you click seal, the receipt is permanent.

We also keep a small database (Neon Postgres) to make the site fast and the bot reliable. This database holds:

• An index linking X handles to Sui addresses, so we can show predictions on a profile page.
• A queue of predictions waiting to unlock, so the cron job knows what to reveal.
• A log of bot mentions we’ve already answered, so we don’t reply to the same tweet twice.
• A waitlist email address, if you joined one.

If you ask us to, we'll delete your row from this database — your profile page goes away, your leaderboard entry goes away, and the bot stops replying about you. The on-chain receipts remain. See section 8 for how to request deletion.

We share data with the third parties we depend on:

• Vercel — hosts the site and runs the cron jobs.
• Neon — runs the Postgres database described in section 4.
• Mysten Labs / Sui validators — process the on-chain transactions you sign.
• Walrus storage nodes — store the scrambled prediction text and judge reasoning.
• Seal key servers — hold the time-locked key that unscrambles your prediction at the unlock time.
• X — receives the OAuth handshake when you sign in and the tweets we post on your behalf.
• Anthropic — receives the unscrambled prediction text (and any user-submitted evidence) for the AI judge to read. Anthropic doesn’t train on this data.
• Plausible — receives anonymised page-view stats.

We don't sell your data to anyone, and we don't run ads.

We use exactly one cookie: a sign-in cookie so the site remembers you after you connect your X account. It expires when you sign out or after 30 days, whichever comes first.

We don't use advertising cookies. Plausible analytics works without cookies.

TOLDPROOF is not for anyone under 13 (or under 16 if you're in the EEA or UK). If we learn we've stored data on someone under that age, we'll delete the off-chain parts and stop indexing their on-chain receipts.

You can ask us to:

• Show you what we have about you in our database.
• Correct anything wrong.
• Delete your row from our database (the on-chain receipts stay — see section 3).
• Stop the bot from replying about you.
• Take down your public profile page.

Email privacy@toldproof.xyz with your X handle or Sui address. We'll get back to you within 14 days.

If you're in the EU, UK, or California, you have extra rights under GDPR, UK GDPR, and CCPA respectively (data portability, a formal complaint to your supervisory authority, etc.). The email above is the easiest way to use them.

• Off-chain database rows: while your account is active, plus 30 days after deletion (for audit).
• Bot mention logs: 90 days, then deleted.
• Server logs: 30 days.
• On-chain receipts and Walrus blobs: forever (we can’t delete these).

Our hosting (Vercel) and database (Neon) run in the US. The Sui validators, Walrus storage nodes, and Seal key servers are spread globally. If you're in the EU/UK, your data crosses borders when you use TOLDPROOF — by signing up, you accept that transfer.

We use industry-standard practices: HTTPS everywhere, environment variables for secrets, no plaintext passwords (we don't have any — you sign in via X OAuth and Sui wallet signature).

No system is perfectly secure. If we find that your data has been accessed by someone who shouldn't have it, we'll tell you within 72 hours and report it to the relevant regulators.

We'll update this page when we change how we handle data. If we make a meaningful change, we'll refresh the "Last updated" date and post a note at the top.