legal
privacy policy
Last updated: February 2026
information we collect
When you use Sigil, we may collect: wallet addresses you connect, verification data from channels you authorize (GitHub username, X handle, etc.), transaction data related to fee claims and governance votes, and technical data (IP address, browser type, device information).
how we use information
We use collected information to: process verification requests and create attestations, route fees to verified builders, enable governance participation, improve the Protocol and user experience, and prevent fraud and abuse.
onchain data
Sigil attestations are created onchain via EAS on Base. This data is public, permanent, and cannot be deleted. By verifying, you acknowledge that your verification status and associated data will be publicly visible onchain.
third-party services
We integrate with third-party services for verification: GitHub (OAuth), Facebook/Instagram (OAuth), zkTLS providers for X verification, and DNS providers for domain verification. These services have their own privacy policies. We only receive the minimum information needed for verification.
data retention
Off-chain data is retained as long as necessary to provide the service. Onchain attestations are permanent by design. You may request deletion of off-chain data by contacting us, but this will not affect onchain records.
security
We implement reasonable security measures to protect your information. However, no system is completely secure. Smart contracts are audited but may contain vulnerabilities.
your rights
Depending on your jurisdiction, you may have rights to access, correct, or delete your personal information. Contact privacy@heysigil.com for requests.
changes to this policy
We may update this policy periodically. Continued use after changes constitutes acceptance.
contact
For privacy-related questions, contact privacy@heysigil.com.