U$ERU$ER
Privacy Policy

Privacy for the U$ER testing platform.

This policy describes how U$ER, dba SAGA MOBILE DAO, collects, uses, stores, and shares information in the tester app, developer portal, admin tools, landing site, chat features, rewards flow, and Android analytics SDK.

Effective dateMay 6, 2026
Last updatedMay 6, 2026
OperatorU$ER, dba SAGA MOBILE DAO

Plain-language summary

U$ER is a wallet-gated app testing and rewards platform for Saga and Seeker device owners and developers. The platform needs wallet, account, device, test, chat, screenshot, app submission, SDK observability, billing, and reward information to run test rounds, verify eligibility, generate reports, operate chat, enforce quotas, and pay rewards. We do not list a mailing address or individual legal representative here because none was provided for this project.

1. Information collected 2. How it is used 3. Sharing 4. Storage and retention 5. Cookies and local storage 6. Choices 7. Security 8. Contact

1. Information collected

Wallet and eligibility data

  • Solana wallet addresses, wallet signatures, nonces, and login challenge records used for Sign-In With Solana and wallet ownership checks.
  • Saga or Seeker Genesis token verification results, token type, mint details where returned by verification services, SKR or reverse-domain data where available, and wallet-to-profile links.
  • Admin and developer wallet status used to route access to protected dashboards.

Account data

  • Tester profile data such as email when provided, display name, avatar URL, bio, role, device type, points, streaks, achievements, status, and linked wallet.
  • Developer account data such as email, display name, company name, wallet address, plan tier, status, API keys, subscription state, and login sessions.
  • Password hashes and salts for email/password accounts. Plaintext passwords are not stored by the application code.
  • Opaque session tokens are stored client-side and hashed server-side.

App submissions and developer content

  • Submitted app name, project description, package name, app URL, APK download URL or uploaded file path, SHA-256 hash, version code, testing instructions, proof requirements, custom questions, budget or funding amount, reward configuration, raffles, and bounties.
  • Developer-created SDK keys and SDK billing records, including Solana Pay USDC payment sessions, recipient wallet data configured for billing, references, and confirmed transaction signatures.

Tester flow data

  • Test runs, active step state, start and completion timestamps, pause state, minimum duration checks, step completions, point awards, raffle entries, bounty claims, reward payouts, wallet addresses for rewards, and payout transaction signatures.
  • Poll responses, guided walkthrough answers, confidence ratings, would-use-again answers, dropoff screens, written feedback, comments, bug reports, issue severity and category, ratings, and social proof URLs or descriptions.
  • Device and session information used for testing, including device model, Android version, target package, in-app WebView or installed app target, and optional capture or artifact data.
  • Flow events collected by the tester app where enabled by the testing flow, such as screen views, package names, class names, view IDs, content descriptions, bounds, button taps, navigation events, and timestamps.
  • Screenshots, annotated images, APKs, text files, logs, or other uploaded artifacts saved through the storage API.

Chat, reports, and moderation data

  • Global and per-app chat messages, chat room membership and visibility state, ratings, hides, reports, Sentinel flags, and moderation or admin audit records.
  • AI-generated or AI-assisted bug triage, feedback summaries, screenshot analyses, session insights, and aggregated reports generated from submitted tester and flow data.

SDK observability data

  • For apps that integrate the U$ER Android SDK: app ID, app version, SDK version, device ID, device model, OS version, session ID, log level, event type, message, stack trace, metadata, fingerprint, timestamps, promoted fields such as user ID, screen name, duration, and environment, and repeated-crash alert data.
  • SDK integrators control what they send in metadata, messages, stack traces, and user IDs. Developers should not send sensitive personal data unless they have a lawful reason and user notice.

Forms and operational data

  • Contact form data: name, email, project name, app type, app URL, test focus, wallet address, message, package name, download URL, description, and funding amount.
  • Feedback form data: category, message, screen, device info, app version, optional email, optional wallet address, and status.
  • Server logs, request metadata, rate-limit counters, error logs, and security logs generated by hosting and API infrastructure.

2. How information is used

  • Verify wallet ownership, Saga or Seeker Genesis eligibility, tester access, developer access, and admin access.
  • Create and maintain tester and developer accounts, sessions, profiles, leaderboards, achievements, and account status.
  • Accept app submissions, approve or reject rounds, configure questions, run test sessions, collect proof, and generate developer reports.
  • Operate rewards, points, raffles, bounties, payout ledgers, Solana Pay billing, SDK plan enforcement, API key quotas, and subscription sweeps.
  • Store and deliver screenshots, APKs, artifacts, report exports, chat messages, and files that users submit.
  • Analyze feedback, flow events, crashes, screenshots, and logs to produce UX insights, bug triage, alerts, and aggregated reports.
  • Moderate chat, respond to flags and feedback, prevent abuse, debug incidents, secure the service, and enforce these terms.
  • Contact developers or testers about submissions, accounts, rewards, billing, feedback, support, or operational updates.

3. Sharing

Information is shared only as needed to run the platform:

  • Developers: Developers can receive test outputs for their own submissions, including aggregated reports, poll results, written feedback, issue details, social proof, relevant artifacts, and SDK observability data for their own app ID.
  • Testers: Certain profile, leaderboard, chat, achievement, raffle, bounty, and round data may be visible to other users where the product experience requires it.
  • Admins and moderators: Admin users can access operational dashboards, submissions, accounts, reports, chat flags, files, rewards, and audit data to operate U$ER.
  • Infrastructure providers: Data may be processed by hosting, database, realtime, storage, wallet verification, RPC, AI analysis, notification, and deployment providers used by the codebase, including Railway/Postgres, Supabase for chat Realtime tables, Solana RPC or Helius verification services, AI analysis providers configured for Sentinel and reporting, and configured Discord, Telegram, or Slack webhooks for notifications.
  • Blockchain networks: Wallet addresses and payment or payout transaction signatures can be public on Solana or related token networks.
  • Legal and safety: Data may be used or disclosed if needed to comply with law, enforce platform rules, protect users, investigate abuse, or secure the service.

U$ER does not sell personal information as part of the platform behavior shown in the codebase.

4. Storage and retention

  • The primary runtime database is Postgres. Supabase is used for chat Realtime tables and selected mirrored or protected data where configured.
  • Uploaded files are stored by the application storage API as database-backed file records, including bucket, path, MIME type, size, uploader, and bytes.
  • Tester bearer sessions are designed for a 30-day lifespan. Developer portal sessions are designed for a 14-day lifespan. Wallet challenges are short-lived, generally 5 minutes, and single use where applicable.
  • Operational, submission, test, reward, SDK, chat, report, artifact, and audit records are retained while needed to provide the service, maintain reports and payout ledgers, resolve disputes, meet operational needs, or until deleted through admin tooling or a valid request.
  • Because reward records and blockchain transactions can be part of a public or accounting ledger, some records may not be fully removable.

5. Cookies and local storage

The landing and dashboard code uses browser local storage or session storage for items such as tester tokens, developer session tokens, admin tokens, and recently connected wallet addresses. The codebase does not show application cookies for authentication. Third-party assets such as Google Fonts may cause the browser to make requests to third-party domains, which can disclose standard request metadata such as IP address and browser headers to those providers.

6. Choices and controls

  • You may choose not to provide optional email, bio, avatar, feedback follow-up, social proof, or wallet fields where the interface marks them optional.
  • You can disconnect wallets in your wallet software and clear local/session storage in your browser to remove local tokens from that device.
  • Developers can control what their apps send through the SDK and can rotate or disable SDK keys through the portal where supported.
  • You can use the U$ER website forms or developer portal to ask for access, correction, or deletion of information. Some data may be retained where needed for security, rewards, billing, reports, audit logs, or legal obligations.

7. Security

The platform uses measures reflected in the codebase, including hashed passwords, hashed bearer tokens, hashed SDK API keys, rate limiting, protected admin and developer routes, per-row ownership checks, private artifact access checks, and Supabase RLS policies where deployed. No internet service can be guaranteed secure, and users should avoid submitting secrets, seed phrases, private keys, or unnecessary sensitive data.

8. Children, regions, and changes

U$ER is not directed to children. Data may be processed in locations where infrastructure providers operate. This policy may be updated as the product changes. Updated versions will be posted on this page with a new last-updated date.

9. Contact

For privacy requests or questions, use the contact, feedback, or developer portal flows available on the U$ER website. No physical address or individual contact name is stated here because it was not provided for this project.

Submit a website request or Open the developer portal