§1
Data Collection
TL;DR
We collect only what the platform needs to assign tasks, verify your output, and send Bitcoin to your wallet.
The table below is the complete inventory of data categories ProdUp collects. There are no hidden profiles, no inferred interest graphs, and no cross-site tracking.
| Data Category | Purpose | Retention |
|---|---|---|
| Identity Info | Account creation, login, referral tracking | Duration of account |
| Task Evidence | Verifying productivity submissions for payout | 30 days post-verification |
| Wallet Address | Routing Bitcoin payouts to your self-custody wallet | Permanent (financial record) |
| Referral Tree | Calculating multi-level commission distributions | Duration of account |
| System Logs | Anti-fraud analysis, abuse detection, uptime | 90 days |
1.1 Account Data
Your username, email address, profile picture (auto-resized to 200×200 WEBP), and referral code are stored for the duration of your account. Your referral code is a 12-character alphanumeric token auto-generated at registration.
1.2 Task Activity
Each task you complete generates a UserTask record and a UserTaskSubmission entry containing your submitted evidence. This evidence is used solely to verify your output before releasing the reward to your balance.
1.3 Device & Network
We log IP address and user-agent strings in server logs for up to 90 days, used exclusively for anti-fraud and abuse detection. These are never linked to advertising or third-party data brokers.
§2
Data Retention
TL;DR
We hold data only as long as needed. Task evidence is auto-deleted after payout is confirmed.
ProdUp applies minimum-retention principles. Data is purged automatically once it has served its platform purpose, unless financial or legal obligations require longer retention.
task_evidence → 30 days after UserTask status = COMPLETED
wallet_address → indefinite (blockchain audit trail)
system_logs → 90 days rolling window
referral_tree → active until root account closure
2.1 Deletion Requests
You may request account deletion at any time via privacy@produp.com. Wallet address records are retained for a minimum period for financial audit purposes, even after account closure.
§3
Proof Protection Clause
TL;DR
Once your UserTask is marked COMPLETED and the reward moves to Available balance, the raw submission evidence is scheduled for deletion.
Every task progresses through a defined lifecycle: PENDING → COMPLETED → EXPIRED. When a UserTask reaches COMPLETED status, the associated UserTaskSubmission evidence — screenshots, metadata, timestamps — is retained for 30 days solely for dispute resolution, then purged.
The UserTaskSubmissionReward record (amounts only, no raw evidence) is retained indefinitely as a financial ledger entry.
UserTaskSubmission.evidence → purged 30 days post COMPLETED
UserTaskSubmission.metadata → purged 30 days post COMPLETED
UserTaskSubmissionReward.amount → retained (financial record)
UserTaskSubmissionReward.created_at → retained (audit trail)
§4
Financial Integrity
TL;DR
Your Bitcoin wallet address is stored only to route payouts — it is never linked to your real-world identity outside of platform logic.
ProdUp stores your Bitcoin wallet address to route UserBalance.withdrawal_balance payouts. This address is a pseudonymous on-chain identifier — Bitcoin's design means the address itself is public, but ProdUp does not link it to your real-world identity, government ID, or any external database.
bc1q••••••••••••••••••••••••••7k9z
Internal balances (pending_balance and withdrawal_balance) are ledger values within the ProdUp database. On-chain transactions are pseudonymous by Bitcoin's design and visible on the public blockchain once a withdrawal is processed.
id_verification: none
on_chain_visibility: public (Bitcoin by design)
wallet_linked_to_real_identity: false
// ProdUp does not implement KYC. Your wallet address is stored // only for payout routing. The public ledger nature of Bitcoin // means confirmed transactions are visible to anyone with the address.
§5
No-Sell Guarantee
Your Data Is Never Sold.
ProdUp earns revenue from subscription plans — not from selling your activity, identity, or wallet data to advertisers, data brokers, or third parties.
This is not a footnote. It is the business model.
5.1 Revenue Model
Subscription plans (Bronze, Silver, Gold, Platinum, Diamond) are ProdUp's sole revenue source. User data is never sold, licensed, rented, or otherwise transferred to external commercial parties.
5.2 Third-Party Processors
We use BTCPay Server for Bitcoin payment processing. This is a technical integration for subscription billing — not a data-sharing relationship. BTCPay Server does not receive your task history, balance data, or referral tree.
§6
Your Rights
TL;DR
You can access, correct, export, or request deletion of your data at any time by contacting us.
Access
Request a copy of all data ProdUp holds on your account at any time.
Correction
Update inaccurate profile or identity information directly from your account dashboard, or by contacting us.
Erasure Also called the Right to be Forgotten. Certain financial records must be retained by law.
Request account and associated data deletion. Wallet address records and financial ledger entries may be retained for a minimum period due to audit obligations.
Portability Your data exported in JSON or CSV format on request.
Receive your task history and balance records in machine-readable format (JSON or CSV) by submitting a data export request.
Objection
Object to any processing beyond what is strictly necessary for platform operation. We do not process data for marketing or profiling purposes.
subject_line: "Data Rights Request — [your username]"
response_time: 30 days (GDPR standard)
// We will acknowledge your request within 72 hours.
§7
Security
TL;DR
Passwords are hashed, all traffic is encrypted in transit, and wallet addresses are access-controlled server-side.
Password Storage — Hashing One-way transformation — the original password cannot be recovered from the stored value. via bcrypt An adaptive password hashing algorithm with configurable cost factor.
Passwords are never stored in plaintext. Django's authentication system applies bcrypt hashing before writing to the database. Even ProdUp staff cannot read your password.
Transport — TLS Transport Layer Security — encrypts data between your browser and ProdUp's servers. 1.2+
All connections to ProdUp endpoints are encrypted via TLS 1.2 or higher. Plaintext HTTP is not permitted in production.