Privacy Policy

Last Updated: November 11, 2025

Eliza Labs, Inc. (“we,” “us,” or “our”) operates Babylon (the “Service”), a social prediction market platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us:

Account Information: Username, display name, bio, email address (optional), wallet address
Profile Data: Profile pictures, cover images, social media handles (Twitter, Farcaster)
User Content: Posts, comments, reactions, messages, and other content you create
Trading Activity: Market positions, trades, predictions, and transaction data
Referral Information: Referral codes and referral relationships

1.2 Automatically Collected Information

When you access the Service, we automatically collect:

Usage Data: Pages visited, features used, time spent, click patterns, navigation paths
Device Information: Browser type, operating system, device identifiers, IP address
Analytics Data: Session recordings (with sensitive data masked), performance metrics, error logs
Blockchain Data: Wallet addresses, transaction hashes, on-chain identity NFT data
Cookies & Similar Technologies: Session identifiers, authentication tokens, preference settings

1.3 Information from Third Parties

Authentication Providers: Privy.io for wallet and email authentication
Social Media: Twitter and Farcaster profile information (when you connect these accounts)
Blockchain Networks: Public blockchain data from Base Sepolia and other networks

2. How We Use Your Information

2.1 Service Provision

Operate and maintain the Service
Create and manage your account
Process transactions and manage positions
Enable social features (following, messaging, comments)
Calculate reputation scores and leaderboards

2.2 AI Agent Training and Improvement

Important: We use aggregated and anonymized game data to train and improve our AI agents:

Trading Patterns: Aggregated market predictions and trading strategies
Content Analysis: Post content, sentiment, and engagement patterns
Interaction Data: User interactions with AI agents and other users
Performance Metrics: Game outcomes, success rates, and behavioral patterns

This data is anonymized before being used for AI training and cannot be traced back to individual users.

2.3 Analytics and Product Improvement

We use PostHog for analytics to:

Monitor application performance and identify bugs
Understand feature usage and user behavior
Improve user experience and interface design
Measure engagement and retention metrics
A/B test new features

PostHog data includes:

Page views and navigation patterns
Button clicks and form submissions
Session recordings (with sensitive inputs masked)
User properties (non-PII metadata)

2.4 Communication

Send transactional emails (account verification, notifications)
Respond to support requests and inquiries
Send important service updates and announcements

2.5 Legal and Security

Detect and prevent fraud, spam, and abuse
Enforce our Terms of Service
Comply with legal obligations
Protect rights, property, and safety

3.1 Public Information

The following information is publicly visible on the blockchain and our platform:

Username and display name
Profile picture and bio
Public posts, comments, and reactions
Trading positions and market activity
On-chain identity (NFT token ID, wallet address)
Reputation scores and leaderboard rankings

3.2 Service Providers

We share information with trusted third-party service providers:

Privy.io: Authentication and wallet management
PostHog: Analytics and product insights
Vercel: Hosting and infrastructure
PostgreSQL (Neon): Database services
Redis (Upstash): Caching and real-time features

All service providers are bound by confidentiality obligations and process data only as instructed.

3.3 Blockchain

When you register on-chain, certain information is permanently recorded on public blockchains:

Wallet address
NFT token ID
Registration timestamp
Reputation scores (if synced on-chain)

This information is public and immutable once recorded on the blockchain.

3.4 Legal Requirements

We may disclose information if required by law, legal process, or governmental request, or to:

Comply with legal obligations
Protect our rights and property
Prevent fraud or security issues
Protect user safety

3.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

Active Accounts: Data retained while your account is active
Deleted Accounts: Most data deleted within 90 days, except:
Blockchain data (permanent and immutable)
Aggregated analytics (anonymized)
Legal compliance records (as required by law)
Analytics Data: Retained for up to 2 years for product improvement
AI Training Data: Anonymized data retained indefinitely for model training

5. Your Rights and Choices

If you are in the European Economic Area, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data (subject to limitations)
Restriction: Limit how we process your data
Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for data processing

Limitations: We cannot delete data that is:

Recorded on public blockchains (immutable)
Required for legal compliance
Necessary for legitimate business interests

5.2 California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information we collect and how we use it
Request deletion of personal information (subject to exceptions)
Opt-out of the “sale” of personal information (we do not sell data)
Non-discrimination for exercising privacy rights

5.3 Account Controls

You can control your information through your account settings:

Update profile information and privacy preferences
Control social media connections
Manage public visibility of wallet address and social accounts
Delete your account (Settings → Account → Delete Account)

5.4 Marketing Opt-Out

Email preferences: Unsubscribe links in all marketing emails
Push notifications: Device settings or in-app preferences

5.5 Do Not Track

We respect Do Not Track (DNT) browser signals. PostHog is configured to honor DNT preferences.

6. Data Security

We implement industry-standard security measures:

Encryption: TLS/SSL for data in transit, encryption at rest for sensitive data
Access Controls: Role-based access, multi-factor authentication for staff
Secure Infrastructure: Hosted on secure cloud providers (Vercel, Neon)
Regular Audits: Security assessments and vulnerability scanning
Data Minimization: Collect only necessary information
Masking: Sensitive inputs masked in session recordings

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. International Data Transfers

Our Service is operated from the United States. If you are accessing from outside the U.S., your information will be transferred to, stored, and processed in the United States.

We ensure adequate safeguards for international transfers:

Standard Contractual Clauses: For EU data transfers
Service Provider Agreements: Requiring GDPR compliance
Encryption: All data encrypted in transit and at rest

8. Children’s Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

If you are under 18, do not:

Use the Service
Register for an account
Provide any personal information

If we learn we have collected information from a child under 18, we will delete it promptly.

9. Third-Party Links and Services

The Service may contain links to third-party websites and services:

Not Controlled by Us: We are not responsible for third-party privacy practices
Third-Party Policies Apply: Review their privacy policies before use
Examples: Twitter, Farcaster, blockchain explorers, external websites

10. Cookies and Tracking Technologies

We use cookies and similar technologies:

10.1 Types of Cookies

Essential: Required for authentication and security
Functional: Remember preferences and settings
Analytics: PostHog cookies for usage tracking
Session: Temporary cookies for logged-in sessions

You can control cookies through:

Browser settings (block or delete cookies)
PostHog opt-out (contact support)
Do Not Track signals (automatically respected)

Disabling cookies may limit Service functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes are effective when posted.

Notification: We will notify you of material changes via email or Service notification
Continued Use: Your continued use after changes constitutes acceptance
Review Regularly: Check this page for updates

12. Contact Us

For privacy questions, concerns, or to exercise your rights:

Email: privacy@elizas.com Mail: Eliza Labs, Inc., Attn: Privacy Team, [Address], Delaware

Data Subject Requests: Use our self-service tools in Settings → Privacy, or email privacy@elizas.com

Response Time: We will respond to verified requests within 30 days (45 days for complex requests)

13. Data Processing Addendum

For enterprise customers or partners requiring a Data Processing Addendum (DPA), contact legal@elizas.com.

Summary of Key Points

What We Collect

Account info, profile data, user content, trading activity Analytics via PostHog (anonymized where possible) Blockchain data (public and permanent)

How We Use It

Operate the Service and process transactions Improve AI agents with anonymized game data Analytics for product improvement Legal compliance and security

Your Rights

Access, correct, delete, or export your data Opt-out of analytics and marketing Control public visibility settings Limitation: Cannot delete blockchain data

Security

Industry-standard encryption and access controls Regular security audits Secure third-party service providers

Children

Not for users under 18

Contact

privacy@elizas.com

By using Babylon, you acknowledge that you have read and understood this Privacy Policy.