Windfall

WINDFALL™ PRIVACY POLICY

Last Updated: December 1, 2025

Windfall XYZ LC (“Windfall,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, mobile application, or decentralized application (collectively, the “Platform”), purchase our Non-Fungible Tokens (“NFTs”), or participate in our sweepstakes and affiliate programs.

IMPORTANT NOTICE REGARDING BLOCKCHAIN DATA: By using the Platform, you acknowledge that your digital wallet address and all related transaction history are publicly visible on the Base blockchain (and other public ledgers). This data is immutable, transparent, and permanent. We cannot delete, hide, or alter information stored on the blockchain, even if you request deletion of your personal data from our internal servers.

1. INFORMATION WE COLLECT

We collect information in three ways: (1) Information you provide directly; (2) Information collected automatically; and (3) Information from public blockchain sources.

A. Information You Provide

  • Identity Data: Name, email address, mailing address, date of birth, and phone number (collected via account registration, AMOE mail-in requests, or Know Your Customer “KYC” checks).
  • Financial Data: If you are a Winner or an Affiliate earning over $600, we collect your tax reporting information via IRS Form W-9 for tax reporting purposes.
  • Wallet Information: To connect to our Platform, you must provide your public wallet address (e.g., Ethereum/Base address).
  • Correspondence: Records of customer support tickets, emails, or physical mail sent to us.

B. Automatically Collected Data

  • Device & Usage Data: IP address, browser type, operating system, device identifiers, and timestamps of your visits.
  • Cookies & Tracking: We use cookies, pixels, and local storage to maintain your session, detect fraud (e.g., multiple accounts), and track referral attributions.

C. Blockchain Data

  • On-Chain Activity: We monitor public blockchain data associated with your connected Wallet, including NFT holdings, transaction timestamps, and interactions with the Windfall Smart Contracts. We may combine this public data with your Identity Data to verify eligibility and prevent fraud (e.g., detecting wash trading or self-referrals).

2. HOW WE USE YOUR INFORMATION

We use your data for specific business purposes, primarily to administer the Sweepstakes lawfully:

  • Sweepstakes Administration: To mint/airdrop Entry NFTs, track entries, verify eligibility (age/location), conduct the random drawing via Chainlink VRF, and notify winners.
  • Compliance & Legal: To comply with US Laws, Tax laws (IRS reporting), and Anti-Money Laundering (AML/OFAC) regulations.
  • Affiliate Payouts: To track "Qualified Referrals" and process USDC commission payments to Affiliates.
  • Fraud Prevention: To detect bots, script attacks, multiple account creation, and self-referral schemes.
  • Marketing: To send you updates about new sweepstakes, promotions, or features (you may opt-out at any time).

3. DISCLOSURE OF YOUR INFORMATION

We do not sell your personal data. We disclose information only as follows:

A. Publicly Visible Information (The "Winner's List")

  • Winners: By accepting a prize, you grant us the right to publish your First Name, Last Initial, City, State, and Wallet Address on our Platform and in a publicly available Winner’s List, as required by state sweepstakes laws.
  • Blockchain: Your Wallet address and NFT transaction history are permanently visible to the public on the blockchain.

B. Service Providers

We share data with third parties who perform services on our behalf, subject to confidentiality agreements:

  • KYC/Identity Verification: Vendors (e.g., Sumsub, Jumio) used to verify identity and check against sanctions lists.
  • Smart Contract Oracles: Chainlink (for Verifiable Randomness) may interact with your anonymized Wallet address on-chain.
  • Email & Hosting: Services like AWS, SendGrid, or similar infrastructure providers.

C. Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to:

  • Comply with a subpoena, court order, or IRS regulation.
  • Protect the rights, property, or safety of Windfall, our users, or the public.
  • Investigate fraud or violations of our Official Rules.

4. WALLET SECURITY & PRIVATE KEYS

Windfall will NEVER ask for your Private Key or Seed Phrase. You are solely responsible for the security of your Wallet. If you lose access to your Wallet, you lose access to your Entry NFTs and any potential prizes. We do not have custody of your assets and cannot recover lost keys.

5. YOUR RIGHTS & CHOICES

A. Marketing Communications

You may opt-out of marketing emails by following the "Unsubscribe" link in any email. You cannot opt-out of administrative emails related to your participation in active sweepstakes (e.g., winner notifications).

B. State-Specific Rights (CCPA/CPRA & Others)

Depending on your state of residence (e.g., California, Virginia), you may have the right to:

  • Request Access: Know what specific categories of personal data we have collected about you.
  • Request Deletion: Ask us to delete your personal data stored on our servers.
    • Limitation: We cannot delete data written to the blockchain.
    • Limitation: We cannot delete data legally required to be retained (e.g., tax records, AMOE records for regulatory proof).

To exercise these rights, verify your identity and email us at [Insert Privacy Email].

6. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  • Sweepstakes Records: Retained for at least 3 years to comply with state regulatory audit periods.
  • Tax Records: Retained for 7 years to comply with IRS requirements.
  • Blockchain Data: Retained indefinitely on the public ledger (outside our control).

7. CHILDREN

The Platform is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we discover a user is under 18, we will immediately delete their off-chain data and disqualify them from all Sweepstakes.

8. INTERNATIONAL TRANSFERS

Windfall is based in the United States. If you access the Platform from outside the US, your information will be transferred to and processed in the United States. By using the Platform, you consent to this transfer. Note: The Sweepstakes is void outside the US (and specified states). International users may purchase NFTs as collectibles but are not eligible to win prizes.

9. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last Updated" date. We encourage you to review this policy frequently to be informed of how we are protecting your information.

10. CONTACT US

If you have questions about this Privacy Policy, please contact us at:

Windfall XYZ LC 1209 MOUNTAIN ROAD PL NE STE N, ALBUQUERQUE, NM 87110 USA