Skip to main content
0xLISTS
Sign inGet started

Privacy Policy

Last updated: 2026-04-28

Empire Marketing LLC (“we”, “us”) operates 0xLists. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. What we collect

When you use 0xLists, we collect:

  • Account info: email, optional full name, password (hashed), Telegram handle (optional).
  • Payment info: handled by Stripe / NowPayments. We don't store card numbers; we receive transaction IDs and amounts.
  • Bot configuration: bot token (encrypted at rest), network channel IDs, scheduling preferences, channel list.
  • Usage data: logs of bot activity, audit trail of admin actions, signup/login timestamps, IP addresses, user agents.
  • Affiliate program: if you participate, your payout wallet address and commission earnings.

2. How we use it

  • Provide the Service: deploy bots, schedule promotions, dispatch.
  • Billing and subscription management.
  • Transactional emails: signup verification, password reset, payment receipts, trial reminders, lifecycle notifications.
  • Customer support and abuse detection.
  • Security: rate limiting, fraud prevention, audit logs.

3. Cookies

  • vk_ref — affiliate referral tracking. Set when you arrive via an affiliate link. 30-day window. HttpOnly + Secure + SameSite=Lax.
  • Session cookies — required for login. Cleared on logout.

We do not use third-party advertising or analytics cookies.

4. Third parties (data processors)

  • Stripe— payment processing. Subject to Stripe's privacy policy.
  • NowPayments — crypto payment processing.
  • Resend — transactional email delivery.
  • Cloudflare — CDN, DDoS protection, DNS, Email Routing.
  • Telegram— your bot tokens authenticate against Telegram's API; no user data is shared with Telegram beyond standard bot operation.

5. Data retention

  • Active accounts: data is retained as long as the account is active.
  • Closed accounts: 30 days after deletion request, then purged.
  • Payment records: kept 7 years per US tax law (Empire Marketing LLC, Delaware).
  • Audit logs: 12 months for security and compliance.

6. Your rights (GDPR, CCPA)

If you are in the EU/EEA (GDPR) or California (CCPA), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal retention).
  • Object to specific uses of your data.
  • Data portability — receive a machine-readable export.

Email [email protected] for any of the above. We respond within 30 days.

7. Security

Bot tokens are encrypted at rest using rotating keys. Passwords are hashed with Argon2. Database connections use TLS. Server access is SSH-key only with 2FA on root accounts.

8. Data breaches

In the event of a breach affecting personal data, we will notify affected users within 72 hours per GDPR Article 33.

9. Children

The Service is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes

Substantial changes to this Policy will be notified by email at least 14 days before taking effect.

11. Contact

Privacy questions: [email protected].

Empire Marketing LLC, Delaware, United States.