Privacy Policy
Last updated: 28 November 2025
🔒 Privacy at a Glance
- We collect minimal data: Just what's needed to run the service (email, account URL, wallet addresses).
- We never sell your data: Your information is never sold to third parties. Period.
- Blockchain is public: Wallet addresses and transactions are visible on the XRP Ledger — that's how blockchain works.
- You can delete your account: Request deletion and we'll remove your data (except blockchain records, which are immutable).
- We use minimal cookies: Only essential cookies for the service to function. No tracking or advertising cookies.
Table of Contents
1. Who We Are
YesAllofUs is operated by Mark Flynn, a sole proprietorship based in Guernsey, Channel Islands. We are the data controller for the personal data processed through our service.
Data Controller: Mark Flynn (YesAllofUs)
Location: Guernsey, Channel Islands
Email: mark@YesAllofUs.com
2. Data We Collect
2.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Vendor name, account URL, email address | Account creation and communication |
| Wallet Addresses | XRP Ledger addresses (public keys) | Processing payments |
| Affiliate Data | Wallet addresses, referral codes | Commission tracking and payments |
| Payment Information | PayPal email (for subscriptions) | Subscription billing |
2.2 Information Collected Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| API Usage Data | Endpoints called, timestamps, IP addresses | Rate limiting, security, debugging |
| Transaction Records | Order IDs, amounts, payout status | Service delivery, record keeping |
| Device Information | Browser type, operating system | Compatibility, troubleshooting |
| Log Data | Error logs, access logs | Debugging, security monitoring |
2.3 Information We Do NOT Collect
- Private keys or wallet seeds
- Personal identification documents
- Social Security or national ID numbers
- Banking details (other than PayPal for subscriptions)
- Biometric data
- Health or medical information
3. How We Use Your Data
We use your personal data for the following purposes:
3.1 Service Delivery
- Creating and managing your account
- Processing affiliate commission payments
- Connecting your wallet to the service
- Sending transaction notifications
3.2 Communication
- Responding to support requests
- Sending service updates and announcements
- Notifying you of changes to our terms or policies
3.3 Security and Fraud Prevention
- Monitoring for suspicious activity
- Enforcing rate limits
- Preventing abuse of the service
3.4 Service Improvement
- Analysing usage patterns to improve the service
- Debugging technical issues
- Developing new features
3.5 Legal Compliance
- Complying with applicable laws and regulations
- Responding to lawful requests from authorities
- Establishing, exercising, or defending legal claims
4. Legal Basis for Processing
Under GDPR and similar privacy laws, we process your data based on:
| Legal Basis | Applies To |
|---|---|
| Contract Performance | Processing payments, managing your account, delivering the service you signed up for |
| Legitimate Interests | Security monitoring, fraud prevention, service improvement, analytics |
| Legal Obligation | Complying with tax laws, responding to legal requests, maintaining required records |
| Consent | Marketing communications (where applicable) |
5. Data Sharing
5.1 We Share Data With:
| Recipient | Data Shared | Purpose |
|---|---|---|
| XRP Ledger | Wallet addresses, transaction amounts | Payment execution (public blockchain) |
| Xaman/Crossmark | Vendor name (in signing requests) | Wallet connection |
| Firebase (Google) | Account data, transaction records | Database hosting |
| DigitalOcean | Server logs | Infrastructure hosting |
| PayPal | Email, subscription amount | Subscription billing |
5.2 We Do NOT:
- Sell your personal data to third parties
- Share your data with advertisers
- Use your data for profiling or targeted advertising
- Share your data with data brokers
5.3 Legal Disclosures
We may disclose your data if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
6. Blockchain Data
Important: The XRP Ledger is a public blockchain. Transactions recorded on it are permanent, transparent, and cannot be deleted or modified by anyone, including YesAllofUs.
6.1 What's Public on the Blockchain
- Wallet addresses (sender and recipient)
- Transaction amounts
- Transaction timestamps
- Transaction memos (containing order IDs)
6.2 What's NOT on the Blockchain
- Your name or email address
- Your name or URL
- Any personal identification
6.3 Wallet Address Pseudonymity
While wallet addresses are public, they are pseudonymous — they don't inherently reveal your identity. However, if you publicly associate your wallet address with your identity (e.g., on social media), that connection becomes public.
7. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until deletion requested + 30 days | Service delivery |
| Transaction Records | 7 years | Tax and legal compliance |
| API Logs | 90 days | Debugging, security |
| Support Communications | 2 years | Service quality |
| Blockchain Data | Permanent | Immutable by design |
8. Your Rights
Under GDPR and similar laws, you have the following rights:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your data. Note: This does not apply to blockchain data, which is immutable.
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent for processing that relies on consent.
To exercise any of these rights, contact us at mark@YesAllofUs.com. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption in Transit: All API communications use TLS 1.2+
- Encryption at Rest: Database data is encrypted using AES-256
- Access Controls: API credentials are hashed; only you know your api_secret
- Rate Limiting: Protection against brute force and DDoS attacks
- Regular Backups: Data is backed up daily with encrypted storage
- Monitoring: We monitor for unauthorised access attempts
Despite our efforts, no system is 100% secure. If you discover a security vulnerability, please report it to mark@YesAllofUs.com.
10. International Data Transfers
YesAllofUs is based in Guernsey, Channel Islands. Your data may be transferred to and processed in:
- United States: Google Firebase (database), DigitalOcean (servers)
- European Union: Some server locations
- Globally: XRP Ledger nodes are distributed worldwide
Where data is transferred outside Guernsey/EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
11. Children's Privacy
YesAllofUs is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last updated" date at the top
- Sending an email notification for significant changes
13. Contact Us
For privacy-related questions or to exercise your rights:
If you're not satisfied with our response, you have the right to lodge a complaint with a data protection authority.