Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains what data DigiFlip (operated by Orange-Hat, LLC) collects, how we use it, and what your options are. We've tried to keep both the policy and the data we collect as small as possible.

1. Who we are

DigiFlip is operated by Orange-Hat, LLC. We are the data controller for information you provide to, or that is collected automatically through, the Service.

2. What we collect

We collect only what we need to run the Service. In practice that is:

• Your DigiByte address. DigiFlip uses Digi-ID for authentication. Your address is your identity on the site; we never ask for your name, email, or any other personal identifier for account creation.
• A session cookie (df_session) that keeps you logged in. The cookie is marked HttpOnly and SameSite=Lax, which means JavaScript cannot read it and other websites cannot use it to make requests on your behalf.
• Wallet and market activity. Deposit addresses you're assigned, your DGB balance, votes you cast, outcome attestations, market proposals, comments, dispute reasons, and feedback. This is the data required to operate the market.
• IP address (hashed). To rate-limit abuse and flag suspicious activity, we store a salted SHA-256 hash of your IP address against submissions like feedback and authentication attempts. We do not store your raw IP address against these records.
• User-agent string. Stored with feedback submissions to help diagnose browser-specific bugs.
• Optional contact email. Only if you choose to provide one with an anonymous feedback submission. We never add you to a mailing list from this.
• Server logs. Fastify request logs capture HTTP method, URL, status code, and response time for operational purposes. These logs are rotated and not retained long-term.

3. What we do not collect

• No real names, addresses, phone numbers, or government IDs.
• No passwords. Digi-ID replaces them entirely.
• No credit card or traditional financial account information. All money in and out is DGB on the DigiByte blockchain.
• No third-party analytics, ads, or tracking pixels.

4. Cookies and local storage

• df_session (HttpOnly cookie) — session token. Cleared on logout or when the session expires.
• digiflip_onboarded (localStorage) — set after you dismiss the first-visit tour so we don't show it again. Not sent to the server and holds no personal data.

5. How we use your data

• To run the market. Compute balances, resolve markets, pay out winners, and maintain the public record of votes and resolutions.
• To prevent abuse. Rate-limit traffic, detect suspicious activity, and enforce these Terms.
• To improve the Service. Diagnose bugs you report and prioritize feature work based on feedback.

We do not sell your data. We do not share it with advertisers or data brokers. We do not use your data to train machine-learning models.

6. Who can see your data

• Public data. Your DigiByte address (used as your username), the votes you cast, your market proposals, your approved comments, and your aggregate statistics (accuracy, total staked, leaderboard rank) are visible to anyone on the Internet. This is essential to the product — public prediction markets need a public record.
• Admin-only data. Feedback you submit, disputes you file, pending (unapproved) comments, and the hashed IP / user-agent on those submissions are visible only to DigiFlip administrators.
• Compelled disclosure. We may disclose data if required by a lawful court order or other legal process. If this happens, we will attempt to notify you unless we are legally prohibited from doing so.

7. Retention

• Sessions expire automatically and are deleted from the database on logout.
• Market data (votes, comments, resolutions, dispute history) is kept indefinitely as part of the public record of the Service.
• Feedback is kept indefinitely for operational use. Contact emails in feedback entries can be removed on request.
• Hashed IPs are retained with the records they relate to for the life of those records.

8. Your rights

You can:

• Withdraw your DGB balance to a DigiByte address you control at any time.
• Request that we delete your feedback submissions and any contact email attached to them.
• Request closure of your DigiFlip account. Because market records are part of a public ledger, the votes you cast, proposals you made, and approved comments will remain visible under your pseudonymous DigiByte address even after account closure. Your session, watchlist, and ability to log in will be revoked.
• Request a copy of the non-public data associated with your account.

Send requests through the feedback form with category "General".

9. Security

We follow standard practices to protect your data:

• TLS on all browser traffic; the session cookie is marked Secure in production.
• Session tokens are stored in the database only as SHA-256 hashes. A database dump does not reveal live session tokens.
• Admin mutations are logged to an append-only audit trail.
• Per-IP and per-route rate limits deter credential-stuffing and abuse attempts.

No system is perfectly secure. If you believe your account has been compromised, withdraw your balance and contact us immediately.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on the Service at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy, or requests to exercise the rights above, can be sent through the feedback form.

See also: Terms of Service · How it works