LEGAL

Privacy Policy

Effective Date: March 23, 2026

The Undesirables LLC Β· Wyoming, USA

1. Overview

The Undesirables LLC ("we," "us," "our") respects your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data when you interact with our website (the-undesirables.com), mint or hold our NFTs, or use our soul.md files.

2. Data We Collect

We collect minimal data necessary to verify NFT ownership and deliver the soul.md experience:

  • Wallet Addresses: When you connect your wallet to our site, we temporarily process your Ethereum wallet address to verify on-chain ownership of Undesirable NFTs. We do not store wallet addresses in a database.
  • Server Logs: Our hosting provider (Vercel) may automatically collect standard server log data including IP addresses, browser type, referring URLs, and access timestamps. This data is retained by Vercel per their own privacy policy and is not actively used by The Undesirables LLC for profiling or tracking.
  • Raffle/Collab Submissions: When you submit a wallet address for a raffle or collaboration event, we temporarily store the address for the duration of the event to verify eligibility and select winners. This data is deleted after the event concludes.

We do not collect:

  • Names, email addresses, or phone numbers
  • Biometric data (Illinois BIPA does not apply)
  • Private keys or seed phrases β€” ever
  • Transaction history beyond what is publicly available on the Ethereum blockchain
  • Cookies for tracking or advertising purposes

3. How We Use Your Data

  • Ownership Verification: Wallet addresses are used solely to verify that you hold an Undesirable NFT before granting access to soul.md files.
  • Raffle Management: Submitted wallet addresses are used to verify NFT holdings for raffle eligibility and winner selection.
  • Security & Fraud Prevention: Server logs may be reviewed to detect and prevent bot abuse, Sybil attacks, or denial-of-service attempts on our raffle and minting infrastructure.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

4. Data Retention

  • Wallet Addresses (Verification): Processed in real-time during your session and not stored persistently.
  • Wallet Addresses (Raffles): Stored temporarily for the duration of the raffle event and deleted within 30 days of event conclusion.
  • Server Logs: Retained per Vercel's data retention policy (typically 30 days).

5. Third-Party Services

We use the following third-party services that may process data:

  • Vercel: Website hosting and serverless functions. See Vercel's Privacy Policy.
  • Cloudflare Turnstile: Bot detection on raffle forms. See Cloudflare's Privacy Policy.
  • Ethereum Blockchain: All NFT transactions are recorded on the public Ethereum blockchain. Blockchain data is permanent and immutable by design.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking or advertising scripts.

5b. TCG Oracle App & MCP Server

The following applies specifically to our TCG Oracle mobile and desktop application and the Undesirables MCP Server:

  • Bring Your Own Key (BYOK): The app requires users to provide their own API keys for AI inference (e.g., Groq, OpenRouter, OpenAI). These keys are stored exclusively on your local device using secure storage and are never transmitted to The Undesirables LLC or any third party.
  • Camera Access: The app requests camera access solely to scan and photograph trading cards for the AI grading pipeline. All image processing occurs on your device. Card images are never uploaded to our servers or any third-party service.
  • Card Market Data: The app fetches publicly available card pricing and catalog data from third-party APIs (PokΓ©mon TCG API, Scryfall, YGOProDeck, OPTCG API). These requests go directly from your device to those services. We do not act as an intermediary or log these requests.
  • Vault Data: Your card collection ("Vault") is stored locally on your device using AsyncStorage. This data never leaves your device.
  • MCP Server: The Undesirables MCP Server runs entirely on your local machine. It does not phone home, transmit telemetry, or send diagnostic data. All 34 tools execute locally with zero cloud dependency.
  • Zero Telemetry: Neither the TCG Oracle app nor the MCP Server collects usage analytics, crash reports, device identifiers, or any form of telemetry. There are no hidden network calls.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Deletion: Request deletion of your personal data. Note that we cannot delete data recorded on the public Ethereum blockchain, as it is immutable by design.
  • Right to Opt Out: You may decline to connect your wallet or participate in raffles. Access to the website content (excluding soul.md downloads) does not require any data sharing.

To exercise any of these rights, contact us at @sailorpepe_eth on 𝕏.

7. International & Regional Compliance

GDPR (EU/EEA): Wallet addresses, when combined with IP addresses or browser data, may constitute pseudonymous personal data under GDPR. Our legal basis for processing this data is legitimate interest β€” specifically, verifying cryptographic ownership of digital assets to deliver the purchased service. We process only the minimum data necessary and do not retain it beyond the session.

CCPA/CPRA (California): We do not sell personal information. California residents may request disclosure of the categories of personal information collected by contacting us.

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will take steps to delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page. Your continued use of our services after the updated Effective Date constitutes your acceptance of the revised Privacy Policy.

10. Contact

For privacy-related questions or to exercise your data rights, contact us at @sailorpepe_eth on 𝕏.

The Undesirables LLC β€” Decentralized from birth. Sovereign by design.

the-undesirables.com β€” EST. 2026

Privacy Policy β€” The Undesirables