GMS · LEGAL DOCUMENT · PRIVACY
Backend · checking…
Legal · Document

Privacy Policy.

Effective: May 9, 2026 Last updated: May 9, 2026 Publisher: Pukapasoft
Section 01

Overview

This Privacy Policy describes how Pukapasoft ("we", "us", "our") collects, uses, and protects information when you use GibMeme Strategist ("the App", "GMS") — a tactical companion application for the gib.meme on-chain card tournament, distributed for Android devices in the Solana ecosystem.

We built GMS to be lean on data and transparent about handling. The sections below describe exactly what we collect, why, and what we do not collect.

◆ Plain Summary We collect your public wallet address, tier status, purchase signatures, and stored holdings preferences. We do not collect names, emails, locations, contacts, or any personal identifiers. We do not run advertising, tracking, or third-party analytics SDKs. The app talks to one backend — ours.
Section 02

Data We Collect

The following table lists every category of data the App and our backend handle.

DataPurposeStored where
Public wallet addressPublic on-chain Identity for tier verification, on-chain purchase association, and optional in-app identity display. Our backend server
Tier statusFree / Premium / Golden / Platinum / Diamond Gating forecast depth and feature access. Verified against on-chain transaction record. Our backend server (cache)
On-chain transaction signatureBlockchain-public Proof of tier purchase or shop payment. Submitted to us for verification. Solana mainnet (inherently public) + our backend as reference
SKR / SOL identity nameUser-toggleable Optional display of your Solana Name Service entry on the in-app header. Cached on a manual scan. Our backend server (cache)
Wallet-scan resultsCharges-based Reading owned gib.meme cards from your wallet. Cached briefly; not retained as continuous tracking. Our backend server (5-minute cache)
Forecast / shop request logsOperational Server-side request logs containing wallet identifier and request timestamps for rate limiting and debugging. Our backend server; rotated
Holdings preferencesDevice-local Which cards you have marked as owned. Stored on your device only — never transmitted to our backend unless you initiate a wallet scan. Your device (local app preferences)
◆ What we do NOT collect We do not collect: your name, email address, phone number, location, contact list, camera or microphone data, photos, biometric data, screen content, keystrokes, device advertising ID, or information about other apps on your device.
Section 03

Wallet & On-Chain Data

GMS uses Mobile Wallet Adapter (MWA) to authenticate your Solana wallet. We request a sign-in signature to verify wallet ownership — we never request authority to send transactions on your behalf without your explicit confirmation in your wallet application.

Tier purchases and shop transactions are on-chain transactions on Solana mainnet. By the immutable nature of blockchain technology, these transactions — including the sending address, amounts, and timestamps — are permanently and publicly visible on the Solana ledger. We do not control and cannot modify this public record.

Your public wallet address is stored on our backend to associate your tier license and any consumable balances (forecast boosts, scan charges) with your wallet. A public wallet address is a pseudonymous identifier you created and published to the blockchain. We make no attempt to link it to your real-world identity.

Section 04

Wallet Scanner

GMS offers an optional wallet scanner that reads your Solana wallet for owned gib.meme cards. The scanner runs on our backend, queries on-chain data sources to enumerate the assets at your address, and returns a list of recognized cards.

Scan results are cached server-side for approximately five minutes to prevent redundant on-chain RPC calls. The cache is keyed by wallet address. After the cache expires, the result is discarded; we do not retain a continuous record of your wallet's contents over time.

Scans are charge-based — you bring your own SOL or SKR to purchase a small bundle of scans. The scanner is opt-in: it never runs in the background. You initiate every scan from inside the app.

Section 05

Holdings & Local Data

Your holdings — which cards you have marked as owned — and your app preferences (theme, layout, slider positions) live on your device only, in the app's private DataStore. They are not transmitted to our backend.

The exception is when you initiate a wallet scan: in that case, the scan returns recognized cards and updates your local holdings list automatically. The list itself remains on-device.

If you uninstall the App, the local holdings and preferences are cleared with it. Your tier license — which is on-chain — is not affected.

Section 06

Backend Server

Our backend is a private VPS operated by Pukapasoft, hosted in the European Union. It stores tier and purchase records keyed by wallet address, scan-charge balances, brief scan-result cache entries, and operational request logs.

The server is not a third-party service. All data transmitted between the app and our backend travels over HTTPS with TLS 1.2+. No third-party cloud provider (AWS, Google Cloud, Firebase, etc.) holds your data.

◆ Data Location Backend servers are located in the European Union. If you are located outside the EU, your wallet address and operational data are transferred to and stored in the EU solely to deliver app features.
Section 07

Third Parties & Data Sharing

We do not sell, rent, or share your data with advertisers, data brokers, or marketing platforms. There is no advertising SDK in the app, no tracking pixel, no analytics service, and no third-party crash reporting SDK with remote transmission.

The app has the following external data dependencies:

  • Solana blockchain — public ledger; all on-chain reads and writes are public by design.
  • Your wallet provider (Seed Vault, Solflare, Backpack, etc.) — has its own independent privacy policy covering wallet operations.
  • Solana RPC providers (Helius, public endpoints) — used by our backend, never directly by the app. Your wallet address may be sent to these RPC providers as part of on-chain queries we initiate on your behalf.
  • Public market-data sources — used by our backend to compute card power scores. No user data is sent to these sources.

We may disclose data if required by law, court order, or to protect against fraud or abuse — in which case we will disclose only the minimum necessary.

Section 08

Data Retention & Deletion

Tier records and on-chain purchase associations are retained for as long as the App is active, since they're tied to your wallet's permanent license. If you wish to have all server-side records associated with your wallet removed, email us at the address in Section 13 with your wallet address and we will delete the records within 14 days.

Wallet-scan cache entries expire automatically after approximately 5 minutes. Operational request logs are rotated and purged on a 30-day cycle. SKR / SOL identity-name caches expire after 24 hours of inactivity.

On-chain transaction records on the Solana blockchain cannot be deleted by us or by anyone — they are an immutable public ledger by design.

Section 09

Security

We apply the following measures to protect data stored on our backend:

  • HTTPS / TLS 1.2+ on all client–server communication
  • Database access restricted to the application process; no public-facing database port
  • No plaintext secrets in version control; API keys and signing credentials are environment-scoped on the server
  • Server hardened with firewall rules, SSH key-only access, and routine security updates
  • Sensitive client-side keys stored in EncryptedSharedPreferences where applicable

No internet transmission is 100% secure. If you believe your data has been compromised, contact us immediately at the address in Section 13.

Section 10

Children & Minors

GibMeme Strategist is not directed at children under the age of 13, or under the age of 16 where applicable by local law (e.g. GDPR jurisdictions). The App requires Solana wallet ownership and involves cryptocurrency transactions, which are not appropriate for minors.

We do not knowingly collect data from anyone under the applicable minimum age. If we become aware that a minor has submitted data, we will delete it promptly upon request.

Section 11

Your Rights

Depending on your jurisdiction, you may have the following rights over data we hold about you:

  • Access — request a copy of the data we hold linked to your wallet address
  • Correction — request correction of inaccurate data
  • Deletion (Right to be Forgotten) — request removal of your records
  • Restriction — request that we stop processing your data while a dispute is resolved
  • Portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • CCPA opt-out — California residents: we do not sell data, so there is nothing to opt out of

To exercise any of these rights, contact us at the address in Section 13. We will respond within 30 days. Requests are free of charge.

◆ GDPR — EU/EEA users Our legal basis for processing wallet-linked data is legitimate interest (delivering app features you opted into by using the app) and contract performance for purchases. You may withdraw at any time by requesting deletion. For complaints, you have the right to lodge a complaint with your national data protection authority.
Section 12

Policy Changes

We may update this policy to reflect changes in the App, applicable law, or our practices. When we do, we will update the "Last updated" date at the top of this page and, for material changes, post a notice in the app.

Continued use of GibMeme Strategist after a policy update constitutes acceptance of the revised policy. If you do not agree with a change, you may stop using the app and request deletion of your data.

Section 13

Contact

For any privacy-related questions, data requests, or concerns:

◆ Email

contact@pukapasoft.xyz

Response within 30 days · English and Czech accepted
◆ Publisher

Pukapasoft

gms.pukapasoft.xyz