Privacy Policy
Effective Date: JAN-01-2025 Entity: SHILLBILL LLC, a Delaware company (“ShillBill,” “we,” “us,” “our”) Contact: legal@shillbill.org
This Privacy Policy explains how ShillBill collects, uses, discloses, and safeguards information about you when you access or use (a) the website at shillbill.org (the “Site”), (b) ShillBill’s Telegram bot(s), widgets, SDKs, APIs, and related software (collectively, the “Bot”), and (c) any dashboards, documentation, and other services (together with the Site and the Bot, the “Services”).
By using the Services, you acknowledge this Privacy Policy. If you do not agree, please do not use the Services.
1) Information we collect
1.1 Information you provide
Account & identifiers: Telegram handle and ID, display name, contact email (if you provide one), referral codes/links you create or redeem.
Wallet data: wallet address(es) you create or link; optional nickname(s); withdrawal destinations you specify.
Support & compliance: messages you send to us, dispute or bug reports, and information you choose to provide for fraud/security checks or legal requests.
Program participation: information related to referrals (who referred whom), leaderboard participation, and payout preferences.
1.2 Information collected automatically
Device/usage telemetry: IP address, timestamps, user-agent, language, time zone, session identifiers, click and view events, feature usage, crash logs.
Bot interaction metadata: command invocations, button clicks, and configuration changes (e.g., slippage, TP/SL, auto-trade toggles).
Cookies and similar technologies (Site): strictly necessary cookies for session and security; optional analytics cookies if enabled.
1.3 Information from third parties
Telegram platform data to the extent required to operate the Bot (e.g., chat/user identifiers, message metadata the Bot receives).
Analytics/service providers (e.g., error monitoring, performance metrics) supplying aggregate/technical insights.
Fraud/abuse signals from service partners (e.g., automated abuse detection).
1.4 Public blockchain data (on-chain)
Transactions and balances on Solana (and any supported network) are public by design. We may read and associate on-chain events with your account for operations (e.g., fee attribution, referral accounting, dashboards). On-chain data is immutable and not controlled by us; see §9 (Retention) and §12 (Your rights).
2) Semi-custodial security model and key handling
We operate a semi-custodial model to enable on-chain execution and automation. For each user, a wallet is generated; private keys are encrypted and stored on backend infrastructure and are accessed only to process actions you authorize (e.g., trades or withdrawals).
You remain the owner of the wallet. You may export private keys/seed phrases to access funds independently of ShillBill.
We implement layered controls (segregation, access logging, key encryption at rest and in transit). We will never ask for your seed phrase by message or chat.
For security, compliance, or risk reasons, we may temporarily pause automation or require re-verification (see Terms of Service).
3) How we use information (purposes)
We process information to:
Provide and operate the Services (trade initiation, wallet operations, referral tracking, payouts).
Secure the Services (fraud/abuse prevention, incident detection, debugging).
Comply with legal obligations and enforce our Terms of Service (e.g., sanctions screening signals, dispute handling).
Measure and improve performance and features (analytics, telemetry, UX research on aggregate data).
Communicate with you (service announcements, transactional messages, support).
Administer referral/revenue-share programs (attribution, thresholds, statements, payouts).
Display program features you opt into (e.g., leaderboards or badges).
We do not use your information for cross-context behavioral advertising.
4) Legal bases (EEA/UK/Swiss users)
Where GDPR/UK GDPR applies, our processing is based on:
Contract necessity (Art. 6(1)(b)): providing the Services, executing your authorized actions, administering referrals/payouts.
Legitimate interests (Art. 6(1)(f)): securing and improving the Services, preventing abuse, measuring performance, defending legal claims (balanced against your rights).
Legal obligations (Art. 6(1)(c)): responding to lawful requests, sanctions restrictions, recordkeeping.
Consent (Art. 6(1)(a)): where required (e.g., non-essential cookies, optional communications). You can withdraw consent at any time.
5) How we share information
We do not sell personal information. We disclose information as follows:
Service providers / processors: hosting, databases, key-management infrastructure, analytics, error monitoring, security tooling, payment or payout facilitators (as applicable). These providers act under contract and process data on our instructions.
Affiliates and corporate transactions: to our affiliates and in connection with mergers, acquisitions, financings, or asset transfers, subject to appropriate safeguards.
Legal and safety: to comply with law, lawful requests, or to protect the rights, safety, and security of users, the public, or the Services.
Public/blockchain: your transactions are recorded on public ledgers; wallet addresses and transaction details are public by design.
Program displays: if you opt to appear on leaderboards or public attribution views, we may display your chosen handle and performance metrics.
We do not share personal information for cross-context behavioral advertising.
6) International data transfers
We may process and store information in the United States and other countries. Where required, we use appropriate safeguards for transfers, such as Standard Contractual Clauses (SCCs) for EEA/UK users, plus additional measures as needed.
7) Your choices
Export keys / self-custody: you may export keys/seed phrases and use another wallet.
Controls in the Bot/dashboard: adjust automation (e.g., TP/SL, slippage), referral participation, or visibility options (e.g., leaderboard opt-in/out, where available).
Cookies: set preferences in our cookie banner (where provided) and your browser; block non-essential cookies.
8) Your privacy rights
8.1 EEA/UK/Swiss users (GDPR/UK GDPR)
You may request: access, correction, erasure, restriction, portability, and objection to processing based on legitimate interests. Where we rely on consent, you may withdraw consent at any time. Submit requests to legal@shillbill.org. We may verify your identity. Note: on-chain data cannot be altered or deleted; where feasible, we will de-link on-chain addresses from account identifiers we control.
You may lodge a complaint with your supervisory authority (e.g., for EEA users, your national DPA; for UK users, the ICO).
8.2 U.S. state privacy laws (e.g., CA/VA/CO/CT/UT)
Subject to eligibility, you may request: access, deletion, correction, and to know categories of personal information collected, sources, purposes, and disclosures. You may also request portability.
Sale/Share: We do not sell personal information and do not share it for cross-context behavioral advertising.
Sensitive data: We do not use or disclose sensitive personal information for purposes requiring a “limited use” link.
Appeals: If we deny a request, you may appeal by replying to our decision at legal@shillbill.org with subject “Privacy Request Appeal.”
We will not discriminate against you for exercising your rights.
9) Retention
We retain information for as long as necessary to provide the Services, secure our systems, comply with legal obligations, resolve disputes, and enforce agreements. Typical periods (subject to change and legal holds):
Account/Program records: life of account + 3 years.
Telemetry and server logs: up to 12 months (shorter where feasible).
Financial/transactional records (off-chain): up to 7 years where required for tax/accounting.
On-chain records: indefinite (public blockchain; not controlled by us). Where you exercise erasure, we will de-link or minimize associated off-chain identifiers we control.
10) Security
We implement administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption of private keys, network segmentation, access controls, auditing, and monitoring. No method of transmission or storage is 100% secure; you are responsible for securing your devices, Telegram account, seed phrases, and private keys.
11) Children
The Services are not directed to or intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided information, contact legal@shillbill.org.
12) Automated decision-making
We use automation to evaluate triggers and execute pre-authorized transactions you configure (e.g., price-based buys, TP/SL). We do not use automated decision-making to make legal or similarly significant decisions about you without human oversight.
13) Do Not Track
Some browsers transmit “Do Not Track” signals. Because there is no industry standard, we do not respond to DNT signals. You can manage cookies and tracking through your browser settings and our cookie controls.
14) Third-party links
The Services may link to third-party sites and tools (e.g., Solana Explorer, Pump.fun, Dexscreener, Birdeye, Solscan). We are not responsible for their privacy practices. Review their policies before use.
15) Financial incentives (referral program) — CA notice
If you participate in our referral/revenue-share program, we may provide financial incentives (e.g., fee share) related to your participation. Participation is voluntary; you may withdraw at any time. We estimate the value by reference to factors such as the Platform Fee share, aggregate revenue attributable to your referrals, and operational costs. Program terms control participation and eligibility.
16) Changes to this Policy
We may update this Privacy Policy from time to time. Updates are effective when posted with a new Effective Date at the top. Your continued use of the Services after an update constitutes acceptance.
17) Contact us
For questions or privacy requests, email legal@shillbill.org. Postal communications (if any) may be directed to our registered address (see Terms of Service).
U.S. State Privacy Notice
Identifiers
Telegram handle/ID, wallet address, referral code
You; Telegram; on-chain
Provide Services; security; support; referrals
Service providers; affiliates; legal
Internet/usage activity
IP, device info, event logs, telemetry
Your device; analytics
Security; analytics; improve Services
Service providers
Commercial info
Program participation, payouts, statements
You; our systems
Administer referrals/payouts; accounting
Service providers; auditors
Financial (limited, off-chain)
Payout preferences (if applicable)
You
Program payouts; accounting
Service providers; payment partners
Geolocation (coarse)
Country/region inferred from IP
Your device
Regional compliance/security
Service providers
Inferences (minimal)
Non-sensitive aggregates about feature usage
Our analytics
Improve Services
Service providers
Sale/Share for advertising: No. Sensitive personal info (as defined by CPRA): Not used/disclosed for purposes requiring a “Limit the Use” link.
EEA/UK Supervisory Contacts
If you are in the EEA/UK, you may also contact your local data protection authority. For the UK, the Information Commissioner’s Office (ICO) (ico.org.uk). We will consider appointing an EU/UK representative if/when required by law.
Last updated