Skip to content

Privacy Policy

Last updated: April 23, 2026

Independent project. KeetaHub is a community-built, independent project. It is not affiliated with, endorsed by, sponsored by, or operated by Keeta Inc., the Keeta Network core team, or any official Keeta entity. “Keeta” and related marks are the property of their respective owners and are used here nominatively to describe the blockchain network KeetaHub interacts with.

1. About this policy

KeetaHub (“we”, “us”, “our”) operates the website keetahub.com and its subdomains, including kyc.keetahub.com. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have. It applies to the website, the KYC Anchor verification flow, the Sentinel Discord bot dashboard, and any other KeetaHub-branded tool linked from this site. By using our services you agree to the practices described below.

2. Data we collect

We collect the minimum data necessary to provide the service. We group it here by the feature that produces it.

2.1 Authentication (Discord OAuth2)

When you sign in we request only these Discord OAuth2 scopes:

  • identify — your Discord user ID, username, discriminator/display name, avatar hash, and locale. We do not receive your email address through this scope.
  • guilds — the list of Discord servers you belong to and your permission flags within them. We use this only to determine which servers you can manage, so we can show you the right dashboards. We do not persist the full list server-side.

We do not receive your Discord password. Your Discord access token is held inside an encrypted JWT session cookie (JWE), scoped to your browser, with a maximum lifetime of 24 hours.

2.2 KYC Anchor (on-chain identity)

  • Keeta wallet address — the public wallet address you submit to receive a certificate.
  • Encrypted Discord ID on-chain — your Discord user ID is encrypted with your wallet’s public key and written inside a KYC certificate on the Keeta Network. Only the holder of the corresponding private key can decrypt it.
  • Wallet selection record — which wallet you chose during a verification session, kept off-chain so we can display your verification status and prevent duplicate issuance.

2.3 Sentinel dashboard (Discord server administrators)

  • Server (guild) configuration — Discord guild ID, tier rules, badge rules, verification panel settings, and the Discord channel in which the panel was posted. This is configuration data you supply, not personal data about the server’s members.
  • Audit log — events generated by the Sentinel bot: verification attempts, role assignments and removals, configuration changes, timestamps, and the source (“web” or “command”). Audit entries contain Discord user IDs of affected members.
  • NFT collection cache — token / collection metadata retrieved from the Keeta Network and cached to keep tier checks fast. This is network data, not personal data.
  • Custom collection address lists — when a server administrator defines a custom NFT collection by uploading a list of Keeta token addresses (up to 10,000 per collection), we store those addresses so Sentinel can match member holdings against them. These are public blockchain identifiers, not personal data about the administrator or the members.
  • Automatic re-verification — Sentinel periodically re-checks the on-chain holdings of members with valid KYC certificates on a rolling basis (typically every 24 hours) so roles accurately reflect current balances. Each check reads public on-chain data keyed on the member’s linked wallets; the outcome is written to the audit log described above.

2.4 Portfolio analytics dashboard

If you have at least one wallet linked through KYC Anchor, you can open a signed-in portfolio dashboard. When you do, our server queries the Keeta Network on your behalf and displays:

  • Your token holdings aggregated across your linked wallets.
  • Your NFT holdings grouped by collection.
  • Recent transactions associated with your linked wallets.
  • Token price data in USD, EUR, and KTA. Prices are cached server-side for a short period so the dashboard does not hit upstream price APIs on every load.

This information is derived from public blockchain data and is displayed only to you while you are signed in. We do not persist your holdings, transaction history, or portfolio state off-chain beyond the short price cache; each dashboard load is a fresh read.

2.5 Beta-access management

Some features are rolled out to specific Discord accounts as a closed beta. For that purpose we maintain a small internal list containing the Discord user ID of each account that has been granted access, an optional internal note, the timestamp the access was added, and the specific tool(s) the access applies to. This list is only visible to the KeetaHub maintainers.

2.6 Operational data

  • Session cookies — see section 5.
  • Infrastructure logs — as with any website, our hosting provider (Amazon Web Services) necessarily observes transport-level information such as IP addresses, user-agent strings, and timestamps at the load-balancer level. Our application code does not read, store, or analyse this data. AWS retains these logs under its own policies and uses them to deliver and secure the underlying hosting service. See AWS’s privacy notice.

2.7 Data we do not collect

  • Discord passwords or 2FA secrets.
  • Email addresses, phone numbers, or real names.
  • Payment information (we take no payments).
  • Private keys, seed phrases, or any wallet credentials.
  • Browsing history or advertising identifiers.
  • Biometric or health data.

3. Why we process your data, and our legal basis

  • To issue KYC certificates and deliver the service — processing is necessary to perform the service you explicitly requested (GDPR art. 6(1)(b), contract).
  • To authenticate you via Discord OAuth2 — based on your explicit consent expressed by initiating the OAuth flow (GDPR art. 6(1)(a)).
  • To operate token-gated roles (Sentinel) for servers in which a Discord administrator has installed the bot — processing of a member’s Discord ID and on-chain holdings, including periodic re-verification of those holdings so roles stay accurate, is based on the consent the member gave when completing KYC verification (GDPR art. 6(1)(a)) and on our legitimate interests in operating a token-gating service (GDPR art. 6(1)(f)). We act as the controller for this processing. The server administrator decides which rules apply in their own server but does not act as an independent controller of member data on our behalf.
  • To provide the portfolio analytics dashboard — when you open it we query and display your linked wallets’ public on-chain state. Processing is necessary to perform the service you requested (GDPR art. 6(1)(b), contract).
  • To manage access to beta features — where we grant specific Discord accounts early access to preview tools, we store the minimum identifiers needed to authorise that access based on our legitimate interests in operating a staged rollout (GDPR art. 6(1)(f)).
  • To keep the service secure and prevent abuse — based on our legitimate interests in protecting the platform and its users (GDPR art. 6(1)(f)).
  • To remember your theme preference — strictly necessary for the user-facing interface you chose.

4. How we protect your data

  • Your Discord ID is asymmetrically encrypted before being written to the blockchain — only the holder of the associated wallet’s private key can decrypt it.
  • Your Discord access token is held in an encrypted JWT (JWE) session cookie, marked HttpOnly and Secure, with SameSite=Lax. It is never exposed to client-side JavaScript.
  • All traffic is served over HTTPS / TLS.
  • Administrative access to production databases is limited to the maintainers who operate the service.
  • We do not sell, rent, or share your personal data with third parties, except the processors listed in section 12.

5. Cookies and local storage

We use a small number of cookies. None of them are used for analytics, tracking, or advertising.

  • keetahub-theme — functional; remembers your light/dark mode choice. Set on .keetahub.com, persists for 1 year, SameSite=Lax.
  • __Host-next-auth.session-token (and related __Host-next-auth.* cookies) — strictly necessary; carries your encrypted session. Marked HttpOnly, Secure, SameSite=Lax, max 24 hours. The __Host- prefix instructs your browser to reject any copy of the cookie set from a different host or with a custom domain, which defends against cookie-tossing attacks from sibling subdomains.
  • localStorage — two functional keys may be written: theme as an early-paint fallback for your light/dark choice, and keetahub.analytics.displayUnit to remember whether you prefer USD, EUR, or KTA on the analytics dashboard. Neither contains personal data.

Because our cookies are strictly necessary or functional, no consent banner is required under the ePrivacy Directive and GDPR.

6. Data retention

  • Session cookies — up to 24 hours, or until you sign out.
  • Wallet-selection records — retained while you continue to use the service; you can ask us to delete the current record by contacting us.
  • Verification records (Discord ID ⇄ wallet mapping) — retained for as long as the associated certificate remains valid, so the service can recognise you across features.
  • Server configuration — retained while the Sentinel bot is installed in the server, including any custom NFT collection address lists the administrator has uploaded. If the bot loses access (for example, it is removed from the server), the configuration is deleted automatically after a short grace period of several days.
  • Audit logs — automatically deleted 365 days after the event, enforced by a time-to-live index on the database.
  • Beta-access list — retained until the relevant feature leaves beta or access is revoked. You can ask us to remove your Discord ID from this list at any time.
  • Token price cache — a short-lived in-memory cache of token prices used by the analytics dashboard. Contains no personal data and expires automatically.
  • On-chain certificates — written to the Keeta Network blockchain and therefore permanent and immutable by design. They cannot be deleted by us or by anyone else.
  • Infrastructure logs — held by AWS under its own retention policies; we do not control these.

7. How we share data

We share personal data only with:

  • Processors who run the service on our behalf (hosting, database) under contractual data-processing terms.
  • Discord — necessarily, to issue role changes and deliver bot interactions in servers you or a server administrator have authorised.
  • The Keeta Network — a public blockchain, where encrypted certificates become part of the ledger.
  • Legal authorities — only when required by valid legal process and only to the extent strictly necessary.

We never sell personal data. We do not use it for targeted advertising.

8. International data transfers

Our servers are hosted on Amazon Web Services (AWS). If you are located in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to and processed in the United States. AWS participates in the EU-US, UK, and Swiss-US Data Privacy Frameworks, providing adequate safeguards for cross-border transfers. Where required we supplement these with standard contractual clauses. On-chain data (KYC certificates) is stored on the Keeta Network, which is a decentralised blockchain without a fixed geographic location.

9. Your rights (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your off-chain data. We cannot delete on-chain data, because blockchain entries are immutable.
  • Restriction of processing — ask us to pause processing while a dispute is resolved.
  • Data portability — receive your data in a structured, commonly used, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — at any time, without affecting processing that already took place.
  • Lodge a complaint — with your local data protection authority. In the Netherlands, that is the Autoriteit Persoonsgegevens. In the UK, the ICO.

10. Your rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act as amended by the CPRA:

  • Right to know what personal information we collect, use, and disclose, and the categories of sources.
  • Right to delete off-chain personal information, subject to statutory exceptions; on-chain data cannot be deleted.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising.
  • Right to limit use of sensitive personal information — we do not collect sensitive personal information under the CPRA definition.
  • Right to non-discrimination for exercising any CCPA right.

To exercise any of the above rights, email info@keetahub.com. We aim to respond within 30 days and may ask you to verify your identity by proving control of the wallet or Discord account in question.

11. Automated decision-making

The Sentinel bot assigns and removes Discord roles automatically based on rules configured by the server administrator (for example, whether your linked wallet holds a specified token or NFT). These assignments have no legal or similarly significant effect on you within the meaning of GDPR art. 22. You can leave the server, unlink your wallet, or contact the server administrator to adjust the rules.

12. Third-party services

  • Discord — authentication and bot delivery. Discord privacy policy.
  • Keeta Network — public blockchain where KYC certificates are stored.
  • Amazon Web Services — hosting and database infrastructure. AWS privacy notice.
  • MongoDB — operated by us on infrastructure run by MongoDB, Inc. or AWS; used as our off-chain database.
  • IPFS gateways — when an NFT’s artwork is stored on IPFS, our server-side image proxy fetches the image from a public gateway on your behalf. We currently use w3s.link, ipfs.io, and nftstorage.link. These gateways see the content hash (CID) of the NFT art you view, but not your IP address (the fetch happens server-side) or any identifying information.

13. Children’s privacy

The service is not directed to anyone under the age of 16, which is also Discord’s own minimum age in many jurisdictions. We do not knowingly collect data from children. If we become aware that we have, we will delete it without undue delay.

14. Security incidents and responsible disclosure

We take security seriously. If you believe you have found a vulnerability in KeetaHub, please report it to info@keetahub.com. Please do not publicly disclose the issue until we have had a reasonable opportunity to fix it.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it, in accordance with GDPR arts. 33 and 34, and we will notify you directly if the risk is high.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we update the “Last updated” date at the top and, for material changes, post a notice on the site or in our Discord. Continued use after the change becomes effective constitutes acceptance.

16. Contact

For any data-protection question, to exercise your rights, or to report a breach, contact us at:

We aim to respond to all data-protection requests within 30 days.

Privacy Policy | KeetaHub