Privacy on GetSmart Help Internal

Privacy on GetSmart Help Internal/tags/privacy/Recent content in Privacy on GetSmart Help InternalHugoenTue, 26 May 2026 14:41:51 +0200Security & Privacy/docs/security--privacy/Tue, 26 May 2026 00:00:00 +0000/docs/security--privacy/<h1 id="security--privacy">Security & Privacy</h1> <p>GetSmart Token is operated by <strong>Digital Financial Aid Corporation</strong>, a 501(c)(3) nonprofit committed to protecting learner data and platform integrity.</p> <hr> <h2 id="security-measures">Security Measures</h2> <h3 id="infrastructure">Infrastructure</h3> <ul> <li><strong>Hosting</strong>: Cloudflare Pages (DDoS protection, WAF, edge network)</li> <li><strong>API</strong>: Edge Worker functions with no persistent server-side processes</li> <li><strong>Database</strong>: MongoDB Atlas with encryption at rest and in transit</li> <li><strong>Auth</strong>: Coinbase OAuth — we never store passwords</li> </ul> <h3 id="blockchain">Blockchain</h3> <ul> <li><strong>Network</strong>: Base (Ethereum L2) — immutable public ledger for badge records</li> <li><strong>Contracts</strong>: Smart contract addresses published and verifiable on <a href="https://basescan.org">basescan.org</a></li> <li><strong>No private keys stored</strong>: The platform never holds user wallet keys</li> </ul> <h3 id="ai-agent">AI Agent</h3> <ul> <li><strong>Cloud mode</strong>: API key held server-side in Cloudflare Edge Worker — never exposed to the client browser</li> <li><strong>Local / Air-Gap mode (Module 5)</strong>: The Gemma 4 model runs entirely in the user’s browser via WebGPU. Zero data leaves the device during local inference.</li> </ul> <h3 id="data-in-transit">Data in Transit</h3> <ul> <li>All traffic served over HTTPS / TLS 1.3</li> <li>API calls to Google Gemini API made server-side only</li> </ul> <hr> <h2 id="privacy-policy">Privacy Policy</h2> <h3 id="what-we-collect">What We Collect</h3> <ul> <li>Name and email address (for course enrollment and badge applications)</li> <li>Coinbase Wallet address (to issue NFT badges and $GETS tokens)</li> <li>Learning progress (which missions completed, evidence submitted)</li> </ul> <h3 id="what-we-do-not-collect">What We Do Not Collect</h3> <ul> <li>Passwords (handled entirely by Coinbase OAuth)</li> <li>Payment card information</li> <li>Biometrics or sensitive personal data beyond what’s listed above</li> </ul> <h3 id="how-we-use-your-data">How We Use Your Data</h3> <ul> <li>To issue NFT badges and $GETS tokens to your wallet</li> <li>To send course mission emails</li> <li>To review badge applications</li> <li>We do <strong>not</strong> sell data to third parties</li> </ul> <h3 id="user-rights-gdpr">User Rights (GDPR)</h3> <ul> <li>Right to access your personal data</li> <li>Right to request data deletion (subject to on-chain records, which are immutable)</li> <li>Right to data portability</li> <li>Requests: <a href="mailto:hello@getstoken.org">hello@getstoken.org</a></li> </ul> <hr> <h2 id="responsible-disclosure">Responsible Disclosure</h2> <p>If you discover a security vulnerability in the GetSmart platform:</p>