Welcome to Burnt.com ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website burnt.com and use our services.
Burnt.com is operated by the Inferno Research Foundation. Our services include: (a) providing access to the Xion Blockchain ("Xion") for users who want to interact with Xion for purposes including, but not limited to, participating in governance, staking, and bridging assets; and (b) providing instant data verification infrastructure ("Truth") that enables businesses and individuals to verify user-provided data directly from the source using privacy-preserving cryptographic methods, including Zero-Knowledge Proofs (ZKPs), without storing sensitive personal information.
This Privacy Policy applies to all features and services offered through our websites (including burnt.com and truth.burnt.com) and applications.
We may collect personally identifiable information that you voluntarily provide to us, including but not limited to:
When you choose to sign in or register using a third-party authentication provider (such as Google, Apple, or other OAuth 2.0-based services), we may receive certain information from that provider, depending on your settings and the permissions you grant. This may include your name and profile picture, email address, unique account identifier, and any other information you explicitly authorize the provider to share with us.
We only request the minimum scopes and permissions necessary to provide our services. You can review and revoke the permissions you have granted at any time through your third-party provider's account settings.
With your explicit consent, we may request access to your Google account data, including email metadata or content, solely to perform a specific verification check on your behalf. When this occurs:
The Truth verification service may also collect supporting information that you voluntarily provide during a verification flow (such as your name, job title, or work email). This information is provided by you directly and is clearly disclosed at the time of collection.
When you visit our website, we may automatically collect certain information about your device and usage, including IP address, browser type and version, device type and operating system, referring/exit pages, date and time stamps, clickstream data, and cookies and similar tracking technologies.
We may use the information we collect for various purposes, including providing, maintaining, and improving our services; creating and managing your account; authenticating your identity when you sign in; performing data verification checks you have requested; processing transactions; sending administrative information, updates, and security alerts; monitoring and analyzing usage and trends; detecting, preventing, and addressing technical issues and fraudulent activity; and complying with legal obligations.
We use Google user data solely to provide and improve the user-facing features of our service that you have requested. We do not use Google user data for serving advertisements or retargeting, selling, renting, or licensing data to third parties, determining creditworthiness or for lending purposes, profiling, surveillance, or building user profiles beyond what is necessary for the requested verification, or any purpose unrelated to providing or improving the user-facing services you have requested.
When you use the Truth service to verify a fact from a non-Google source (such as a bank, payroll portal, or loyalty program):
We may share your information with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, cloud hosting, and customer support. These providers are contractually obligated to use your information only as necessary to perform services on our behalf. We do not share your information with third parties for their own marketing or advertising purposes.
We do not sell, rent, or trade Google user data to any third party. Raw Google user data (including email content, metadata, and attachments) is never shared with any enterprise client, verification requesting party, or other third party. The only output shared from a Google-based verification is the "Yes" or "No" result.
When you complete a verification (whether through Google data or another source), only the verification result may be shared with the requesting party who initiated the verification. No raw personal data, email content, account credentials, or other underlying information is ever shared.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
We may disclose your information if required to do so by law or in response to valid requests by public authorities.
Burnt.com's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), access controls, and regular security reviews. Google user data accessed for verification is processed in memory within a secure environment and is not written to persistent storage.
We retain your personal information for as long as your account is active or as needed to provide you with our services. Account data is retained for the lifetime of your account. Usage and log data is retained for up to 24 months. Google email data accessed for verification is not retained and is processed in memory only and discarded immediately.
You may request deletion of your personal data at any time by emailing privacy@burnt.com with the subject line "Data Deletion Request." We will process your request within 30 days.
Depending on your location, you may have certain rights regarding your personal information, including access and correction, deletion, data portability, opt-out of promotional communications, and revoking third-party access. For EU/EEA residents, you have additional rights under GDPR, including the right to restrict processing, object to processing, and lodge a complaint with a supervisory authority.
Our website is not intended for children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@burnt.com.
Your information may be transferred to and processed in countries other than your country of residence, including the United States. We take appropriate safeguards to ensure your personal information remains protected, including the use of Standard Contractual Clauses where applicable.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, opt-out of the sale of personal information, deletion, and non-discrimination. We do not sell personal information as defined under the CCPA.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
If you have any questions about this Privacy Policy, please contact us at:
Inferno Research Foundation
Email: privacy@burnt.com