Privacy Policy
How we handle your data.
This page explains exactly what we collect when you pre-register for the Nimiq Mini Apps Competition, why, who else sees it, and how to have it removed.
1. Who's responsible
The data controller for the Nimiq Mini Apps Competition site is:
Nimiq Labs LtdKemp House, 128 City Road
London EC1V 2NX
United Kingdom
Email: info@nimiq.com
Full operator details are listed in the Imprint.
2. What we collect, and why
Email address
Collected when you submit the pre-register form. Used to send a confirmation email and, after you confirm, two launch announcements (June 1 reveal, July 6 build window). No marketing beyond that.
Legal basis: your consent (e.g. GDPR / UK GDPR Art. 6(1)(a), and equivalent provisions under other applicable laws). You can withdraw consent at any time by unsubscribing or emailing us.
IP address (transient)
Held in server memory for up to 60 seconds to enforce a 1 submission / minute rate limit per IP. Never written to disk, never logged.
Legal basis: legitimate interest in preventing spam and abuse (e.g. GDPR / UK GDPR Art. 6(1)(f); comparable bases under other applicable laws).
Cloudflare Turnstile cookies
When you open the pre-register modal, Cloudflare Turnstile loads a small bot-detection script from challenges.cloudflare.com and may set short-lived cookies on that domain to verify you're human. We don't read or store these cookies ourselves.
Legal basis: legitimate interest in site security (e.g. GDPR / UK GDPR Art. 6(1)(f)). Treated as strictly necessary under the EU ePrivacy Directive and comparable rules.
3. Who else sees your data
We use two processors. Both have published privacy policies and we rely on Standard Contractual Clauses (SCCs) where required.
- Resend — stores your email in an audience and delivers the confirmation + launch emails. Privacy policy · DPA
- Cloudflare — runs the Turnstile bot check on the pre-register modal. Privacy policy · DPA
4. International transfers
Our processors operate global infrastructure, so your data may be processed in countries other than where you live (including the EU, UK, and US). Where the law requires safeguards for such transfers, we rely on the appropriate mechanism — for example the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU-US Data Privacy Framework, or local equivalents.
5. How long we keep it
- Confirmed subscribers: until you unsubscribe, or until the competition concludes (Dec 2026), whichever comes first.
- Unconfirmed subscribers: auto-purged from Resend after 30 days if you never click the confirmation link.
- IP rate-limit state: held in server memory at most 60 seconds, then dropped.
- Email server logs: kept by Resend per their retention policy; we do not control or access these directly.
6. Your rights
Depending on where you live, applicable data-protection law (for example the EU/UK GDPR, the California CCPA/CPRA, Brazil's LGPD, and similar regimes) may give you the right to:
- know what personal data we hold about you and access a copy;
- correct inaccurate data;
- have your data deleted ("right to erasure" / "right to delete");
- restrict or object to certain processing;
- receive your data in a portable, machine-readable format;
- opt out of any "sale" or "sharing" of personal information (we do not sell or share for cross-context advertising);
- not be discriminated against for exercising these rights;
- lodge a complaint with the data-protection authority in your country or state.
7. How to exercise your rights
The fastest path: click the Unsubscribe link in any email we send you. That removes you from the active mailing list immediately.
For deletion, access, or any other request, email info@nimiq.com from the address you subscribed with. We aim to respond within 30 days, and in any event within the timeframe required by applicable law.
8. Changes to this policy
If we materially change how we handle data, we'll update this page and email confirmed subscribers before the change takes effect.