Nightflame Privacy Policy
Understand what data NightFlame collects, how it is used, and how privacy applies to documentation, analytics, and token-gated access.
This Privacy Policy (“Policy”) explains how Nightflame (“Nightflame,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards information when you access or use our websites, documentation, and token-gated Academy (collectively, the “Services”).
Important: Nightflame provides educational materials only. Nightflame does not provide financial, investment, legal, or tax advice, and does not act as a broker, exchange, custodian, or money services business.
1) Who This Policy Applies To & Geographic Restrictions
1.1 Eligibility and geographic use restriction
Nightflame is intended only for individuals who are not residents of:
- the United States (including its territories),
- the European Union (EU),
- the European Economic Area (EEA),
- Switzerland.
If you are a resident of any of the above jurisdictions, do not access or use the Services. We do not knowingly offer the Services to, or knowingly collect personal information from, residents of the U.S., the EU, the EEA, or Switzerland.
1.2 If we unintentionally collect restricted-jurisdiction data
If we discover that we have collected personal information from a resident of a restricted jurisdiction, we will take steps to delete it, subject to any retention required by applicable law.
1.3 Hosting & routing location
Our infrastructure (including hosting, databases, and content delivery) may be located in, or route through, the United States and/or other countries. If you are a resident of a restricted jurisdiction, you must not use the Services.
2) About Nightflame & Contact Details
Controller: Nightflame Contact (privacy): support@nightflame.xyz
3) What We Do (Educational-Only)
Nightflame publishes educational resources such as articles, guides, tutorials, and community updates. Some portions of the Services (the “Academy”) are access-controlled using a token-gating mechanism.
We do not:
- offer e-commerce checkout or payment processing through the Services;
- serve targeted advertising based on cross-site tracking; or
- request or store your wallet private keys or seed phrases.
We may optionally allow you to link a Discord account to your wallet address to support Discord “Role Connections” (eligibility badges/roles). Discord linking is optional and not required to browse most public content.
4) What We Collect
We try to minimize the information we collect. The information we collect depends on how you use the Services.
4.1 Information you provide directly
- Contact information (e.g., email address) if you email us or complete a contact form.
- The content of your communications with us (e.g., questions, feedback, support requests).
4.2 Information collected automatically (when you visit or interact with the Services)
- Device and usage data such as IP address, basic browser/device information, pages viewed, and the date/time of requests.
- If you consent to analytics, analytics-related usage data collected through Vercel Web Analytics. This may include anonymous page views or custom events and limited associated metadata such as event timestamp, page URL, dynamic path, referrer, filtered query parameters, geolocation, device operating system and version, browser and version, device type, and analytics script version.
- Security and abuse-prevention data. For example, we use IP-based rate limiting on certain endpoints (nonce generation, balance checks, and verification attempts) to protect the Services from abuse.
4.3 Token-gating and wallet verification data
If you use the token-gated Academy or Discord, we process the following to verify eligibility:
- Wallet address (public key).
- A signed message and signature (used to verify that you control the wallet address). We do not receive your private key.
- A short-lived nonce value (to prevent replay attacks).
- On-chain balance information (e.g., SOL balance or token holdings) queried from the Solana blockchain via an RPC provider to determine eligibility.
After successful verification, we set a signed session token in a cookie to maintain your access to the token-gated portions of the Services.
4.4 Discord linking data (optional)
If you choose to link Discord, we may collect and store:
- Discord user ID and username.
- Discord OAuth tokens (access token and refresh token) and token expiry time, stored encrypted at rest.
- The wallet address you linked and the most recent eligibility/balance metadata used for Discord Role Connections.
Discord linking uses the Discord API and requires the scopes necessary to identify you and to write role connection data.
4.5 Admin accounts (Academy content management)
Nightflame uses an administrative content management system for the Academy. Admin users authenticate with an email address and password. Administrative authentication may set additional security/session cookies for administrators.
5) Why We Use Your Information
We use information for the following purposes:
- To provide and operate the Services, including delivering content and maintaining site functionality.
- To verify token-gated eligibility and maintain token-gated sessions.
- To link Discord accounts (if you choose) and to update Discord Role Connections metadata.
- To measure aggregated usage of the Services and improve content, navigation, reliability, and performance, where you have consented to analytics.
- To secure the Services (e.g., rate limiting, fraud/abuse prevention, debugging).
- To respond to your inquiries and provide support.
- To comply with legal obligations and enforce our terms.
6) When We Share Information
We may share information in the following circumstances:
- Service providers and infrastructure: We use vendors for hosting, databases, file/media storage (e.g., object storage used by our CMS), and privacy-focused analytics. These providers process information on our behalf under contractual obligations.
- Vercel Web Analytics: If you consent to analytics, analytics event data and related technical metadata are transmitted to Vercel so that we can view aggregated website statistics.
- Solana RPC providers: When verifying token-gated eligibility, our servers query the Solana blockchain through an RPC provider. The RPC provider may receive your wallet address and our server’s network identifiers as part of standard blockchain queries.
- Discord: If you link Discord, we share necessary information with Discord to complete OAuth and to update Role Connections metadata.
- Legal and safety: We may disclose information if required by law, legal process, or to protect the rights, safety, and security of Nightflame, our users, or others.
- Business transfers: If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction.
7) International Processing & Cross-Border Transfers
Information may be processed in countries other than your country of residence, including the United States, where data protection laws may differ. By using the Services, you understand that information may be transferred and processed internationally.
8) Security
We use reasonable technical and organizational measures designed to protect information. Examples include encrypted storage of sensitive tokens (e.g., Discord OAuth tokens), cookies for session tokens, and rate limiting on sensitive endpoints. No system is 100% secure, and we cannot guarantee absolute security.
9) Data Retention
We retain information only as long as necessary for the purposes described in this Policy, then delete or irreversibly de-identify it, unless longer retention is required by law.
Examples:
- Support emails/inquiries: retained as long as needed to address your request and maintain minimal records.
- Discord link records: retained until you request deletion or until no longer needed for the Role Connections feature, subject to legal obligations.
- Cookie consent records: the
nightflame_cookie_consentpreference cookie is stored in your browser for up to 12 months unless you clear it sooner. - Logs and rate-limiting counters: retained for short periods necessary for operations and security.
- Analytics session hashing: Vercel states that the visitor session lifespan used for analytics is not stored permanently and is automatically discarded after 24 hours.
10) Cookie Policy (Cookies & Similar Technologies)
We use cookies and similar technologies (such as local storage and embedded third-party scripts) to operate the Services. Some of these technologies are strictly necessary for security and access control, while others are used only if you consent.
10.1 What are cookies?
Cookies are small text files stored on your device by your browser. Cookies can be “first-party” (set by Nightflame) or “third-party” (set by another company). Cookies may be “session” cookies (deleted when you close your browser) or “persistent” cookies (remain until they expire or you delete them).
10.2 First-party cookies we use
Our Services primarily use strictly necessary cookies for security and access control (token gating and Discord linking). We also use a consent-preferences cookie so we can remember your choices. We do not use advertising cookies for targeted ads.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
nightflame_gate | Token-gated session token after successful wallet verification (HttpOnly). | Strictly necessary | Session (token validated for up to 7 days by default) |
nightflame_gate_nonce | Stores a short-lived nonce used in wallet signature verification. | Strictly necessary | 5 minutes |
nightflame_discord_nonce | Stores a short-lived nonce used in Discord linking signature verification. | Strictly necessary | 5 minutes |
nightflame_discord_state | OAuth state value used to prevent CSRF in the Discord linking flow. | Strictly necessary | Up to 10 minutes (configurable) |
nightflame_discord_link | Short-lived token used to authorize the Discord linking process. | Strictly necessary | Up to 10 minutes (configurable) |
nightflame_cookie_consent | Stores your cookie and analytics consent preferences. | Strictly necessary | Up to 12 months |
| CMS admin auth cookies (name varies) | Administrator authentication/session cookies for the Academy CMS. | Strictly necessary (admin only) | Session or persistent (depends on admin settings) |
10.3 Consent-based analytics (Vercel Web Analytics)
If you opt in to analytics through our banner or preferences controls, we load Vercel Web Analytics on the public website. In our implementation, Vercel Web Analytics is not loaded until analytics consent is present.
Vercel states that its Web Analytics product does not use third-party cookies for visitor analytics. Instead, it records anonymous page views and optional custom events and uses a hash created from the incoming request to recognize a visitor for analytics purposes. Vercel states that this visitor session lifespan is not stored permanently and is automatically discarded after 24 hours.
The analytics data associated with each event may include the event timestamp, URL, dynamic path, referrer, filtered query parameters, geolocation, device operating system and version, browser and version, device type, and analytics script version. We use this information only in aggregated form to understand usage of the Services and improve the site.
10.4 Third-party content and cookies
Some pages may include third-party embeds (for example, YouTube video embeds or X/Twitter embed widgets). These third parties may set their own cookies or collect usage data under their own privacy policies.
10.5 Your controls
You can control cookies through your browser settings. You can usually delete existing cookies, block cookies, or configure your browser to notify you when cookies are set. You can also accept, reject, or later change analytics preferences using our cookie banner and preferences controls. If you disable strictly necessary cookies, token-gated features and Discord linking may not function properly.
11) Your Choices & Requests
Depending on how you use the Services, you can:
- Limit what you send us (e.g., only provide information you are comfortable sharing).
- Clear or block cookies via your browser settings.
- Accept, reject, or later change analytics preferences using our cookie banner and preferences controls.
- Log out of the token-gated session via the Services (which clears the token-gate cookie).
- Request access to or deletion of personal information by emailing support@nightflame.xyz (subject to verification and applicable law).
12) Children’s Privacy
The Services are not directed to children and we do not knowingly collect personal information from children.
13) Third-Party Links
The Services may link to third-party sites or services (including Discord, YouTube, and X/Twitter). We are not responsible for the privacy practices of those third parties.
14) Blockchain and Wallet Interactions
Certain parts of the Services use blockchain-based verification (token gating). Wallet addresses and on-chain transactions are public by design. When you connect a wallet and sign a message, we verify control of the wallet address and query on-chain balances/holdings to determine eligibility.
We do not store your private keys or seed phrases. Wallet signing occurs in your wallet provider. If you choose to link Discord, we may associate your Discord account with your public wallet address in our database.
15) Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date. Your continued use of the Services after an update means you accept the updated Policy.
16) How to Contact Us
Questions or concerns about this Policy? Email: support@nightflame.xyz