Privacy Policy
Last updated: February 23, 2026
Platform: https://app.crecimiento.build
Operator: Crecimiento
1. Introduction
This Privacy Policy explains how Crecimiento collects, uses, shares, and protects your personal information when you use the Platform.
This Privacy Policy forms an integral part of the Terms and Conditions. In all matters not expressly regulated herein, the provisions of the Terms and Conditions shall apply on a subsidiary basis.
Your consent is recorded together with the applicable policy version, timestamp, IP address, and browser information.
2. Data We Collect
2.1 Account data
Collected at signup and managed by our authentication system:
| Data | When collected | Purpose |
|---|---|---|
| Email address | Signup | Account identification, login, transactional emails |
At signup, your email address is checked against a pre-approval list maintained by the Crecimiento team. If your email matches, you may be automatically granted Citizen or Champion status without a separate application.
2.2 Profile data
Collected during onboarding and editable by the user:
| Data | Required | Visibility |
|---|---|---|
| Display name | Yes (3–100 characters) | Authenticated users (directory) |
| Bio | For Citizen/Champion applications | Authenticated users |
| City | Optional | Authenticated users |
| Organization | Optional | Authenticated users |
| Role / professional title | Optional | Authenticated users |
| Interest/skill tags | Yes (minimum 2 for applications) | Authenticated users |
| Profile picture | For Citizen/Champion applications | Public |
| X/Twitter URL | Optional | Authenticated users |
| LinkedIn URL | Optional | Authenticated users |
| GitHub URL | Optional | Authenticated users |
| Website URL | Optional | Authenticated users |
| Looking for | For applications | Authenticated users |
| Can help with | For applications | Authenticated users |
| Passion | For applications | Authenticated users |
| Story | For applications | Authenticated users |
| Goal | For applications | Authenticated users |
Visibility note: "Authenticated users" means the data is visible to logged-in users in the member directory. Only Citizen and Champion profiles that have completed onboarding appear in the directory. Unauthenticated visitors cannot access the directory.
2.3 Application data
Collected when applying for Citizen or Champion tier:
| Data | Context |
|---|---|
| Looking for, can help, working on, story | All applicants |
| Project stage (idea, early stage, scaling, consolidated, institution) | All applicants |
| Telegram handle | Optional — for team contact during review |
| Achievement proud of | Champion applicants only |
| Why Champion status | Champion applicants only |
| Hub usage intent | Champion applicants only |
Application data is visible only to the applicant and Crecimiento.
2.4 Payment data
Collected when purchasing hub access (Champions only):
| Data | Where stored |
|---|---|
| Stripe customer ID | Stored securely on the Platform |
| Stripe subscription ID | Stored securely on the Platform |
| Payment reference | Stored securely on the Platform |
| Membership plan selected | Stored securely on the Platform |
| Credit/debit card details | Stripe only — the Platform never sees or stores card numbers |
2.5 On-chain data
Collected when claiming an ENS subname (Citizens and Champions):
| Data | Deletable |
|---|---|
| Wallet address | Platform: yes. Blockchain: no |
| Wallet type | Yes |
| Username (ENS label) | Platform: yes. Blockchain: no |
| NFT token ID | Platform: yes. Blockchain: no |
WARNING: On-chain data is permanent, public, and irrevocable. See Section 6 for details.
2.6 Pop-up city data
Collected when RSVPing to pop-up city events:
| Data | Who can see |
|---|---|
| RSVP response | User and admins |
| Optional notes | User and admins |
Premium Pass (Champions only):
| Data | Who can see | Shared externally |
|---|---|---|
| Full legal name | User and admins | Yes — shared with the Workplace Operator |
| DNI / government-issued ID number | User and admins | Yes — shared with the Workplace Operator |
Premium Pass data is shared with IRSA Workplace solely for granting physical building access. Champions can decline the Premium Pass and use a Standard Pass with no additional data required.
2.7 Event data
Collected when registering for community events:
| Data | Where stored |
|---|---|
| Event registration record (event name, date) | Stored securely on the Platform |
| Email address | Sent to Luma for invitation processing |
2.8 Consent records
Recorded automatically when you accept terms:
| Data | When recorded |
|---|---|
| Consent type (terms & conditions, privacy policy, workspace terms) | Signup, workspace terms acceptance |
| Terms version accepted | At time of consent |
| Timestamp | At time of consent |
| IP address | At time of consent |
| User agent (browser information) | At time of consent |
Consent records are immutable — they cannot be modified or deleted by users.
2.9 Authentication event logs
Recorded automatically on every authentication event:
| Data | When recorded |
|---|---|
| Event type (e.g., login, logout, failed login) | Every auth event |
| Timestamp | Every auth event |
| IP address | Every auth event |
| User agent (browser information) | Every auth event |
| Additional metadata (e.g., failure reason) | When applicable |
Authentication logs are accessible only to Crecimiento admins. Users cannot view their own authentication logs. On account deletion, these records are anonymized (user ID removed) but retained for security purposes.
2.10 Admin action logs
When Crecimiento admins take actions on your account (e.g., reviewing applications, modifying profiles), these actions are logged with the admin's identity, the action taken, the timestamp, and the before/after state of the affected data. These logs are accessible only to admins and are used for internal accountability.
2.11 Email delivery records
If an email sent to your address bounces or you report it as spam, your email address is recorded in a local suppression list to prevent further delivery attempts. This record persists independently of your account data to ensure we do not send unwanted emails.
2.12 Uploaded files
| File type | Storage | Visibility |
|---|---|---|
| Profile pictures | Cloud storage (publicly accessible) | Public — accessible to anyone with the URL |
3. How We Use Your Data
We use the data described above for the following purposes:
- Service delivery — operating your account, displaying your profile, processing applications, managing memberships
- Member directory — displaying Citizen and Champion profiles to authenticated users
- On-chain identity — minting your ENS subname NFT and serving NFT metadata
- Payment processing — processing hub access subscriptions and day pass purchases via Stripe and Thirdweb
- Event management — managing pop-up city RSVPs and community event registrations via Luma
- Physical access — sharing Premium Pass data with IRSA Workplace for building access
- Transactional communication — sending emails about your account, applications, payments, and events (not marketing)
- Security — rate limiting, authentication event logging, consent tracking, input validation
- Platform integrity — detecting abuse, enforcing acceptable use policies, admin auditing
4. Data Sharing
4.1 Member directory
Citizen and Champion profiles are visible to all authenticated (logged-in) users. Tourist profiles are not listed. The directory shows: display name, username, bio, city, organization, tier, role, tags, social links, profile picture, and community interest fields. Sensitive data such as email addresses and payment information is never displayed to other users.
4.2 NFT metadata (public)
The Passport NFT metadata is publicly accessible without authentication (required by the ERC-721 NFT standard). It includes: display name, tier, city, member ID, profile picture URL, and a link to the public profile page.
4.3 On-chain data (public)
ENS subname data (wallet address, username, token ID) is publicly visible on the Ethereum blockchain to anyone. See Section 6.
4.4 IRSA Workplace (Premium Pass)
Champions who opt for a Premium Pass have their full legal name and government-issued ID number shared with the Workplace Operator for physical building access. No other data is shared with IRSA.
4.5 Third-party services
Data is shared with third-party services as described in Section 5, strictly as needed to operate the Platform.
4.6 No cross-user data access
Users cannot access other users' applications, subscriptions, day passes, payment information, email addresses, wallet addresses, or admin status.
5. Third-Party Services
The Platform integrates with or relies on certain third-party service providers in order to operate, deliver functionalities, and improve user experience. These third-party services may process personal data on Crecimiento's behalf or as independent controllers, depending on the nature of the service and the applicable data protection laws.
The use and processing of data by such third parties is subject to their respective privacy policies and terms of service.
5.1 Infrastructure providers
The Platform relies on third-party infrastructure providers for hosting, data storage, authentication, and security. These providers process data on Crecimiento's behalf under appropriate data processing agreements. The specific providers may change over time; the data categories they handle are described throughout this policy.
5.2 Stripe
| Aspect | Details |
|---|---|
| Role | Credit/debit card payment processing |
| Data sent | Email, billing details, pass details |
| Data on Stripe | Customer record, subscription details, card details (never touches our servers), payment history, invoices |
| PCI compliance | Card details are collected by Stripe on their hosted checkout page — the Platform never sees or stores card numbers |
5.3 Thirdweb
| Aspect | Details |
|---|---|
| Role | Cryptocurrency payments (USDC) and ENS subname NFT minting |
| Data sent | Wallet address, username (for minting) |
5.4 Ethereum / ENS
| Aspect | Details |
|---|---|
| Role | Permanent, public, on-chain identity — username.crecimiento.eth soulbound NFTs |
| Data on-chain | Wallet address, username, token ID, registration and transfer events |
| Permanence | Permanent and irrevocable. Blockchain data cannot be modified or deleted. |
| Visibility | All on-chain data is publicly visible via blockchain explorers and ENS resolution |
5.5 Luma
| Aspect | Details |
|---|---|
| Role | Community event calendar and registration |
| Data sent | User's email address (for event invitation) |
| Data on Luma | Guest email, invitation status, event registration — governed by Luma's privacy policy |
5.6 Resend
| Aspect | Details |
|---|---|
| Role | Transactional email delivery |
| Data sent | Recipient email, subject, HTML body (containing user name, tier, personalized content) |
| Emails sent | Welcome, application updates, payment confirmations, pop-up city confirmations, dispute alerts |
| From address | Crecimiento <hola@mail.crecimiento.build> (reply-to: contact@crecimiento.build) |
| Bounce handling | Hard bounces and complaints are suppressed immediately |
6. On-Chain Data — Permanence Warning
This section describes data that is permanent, public, and irrevocable.
When you claim an ENS subname (username.crecimiento.eth), the following data is written to the Ethereum blockchain:
| Data | Permanence |
|---|---|
| Your wallet address (as NFT owner) | Permanent — cannot be deleted |
| Your username (as ENS label) | Permanent — cannot be deleted |
| Token ID and associated blockchain events | Permanent — cannot be deleted |
ENS resolution (username.crecimiento.eth → wallet) | Permanent — cannot be deleted |
Key implications:
- This data is publicly visible to anyone in the world via blockchain explorers
- No one can delete it — not you, not Crecimiento, not any third party
- It persists even if you delete your Platform account
- The NFT is soulbound (non-transferable) — it cannot be moved to another wallet
- The username and wallet address cannot be changed after claiming
The Platform serves NFT metadata (display name, tier, city, member ID, profile image) dynamically. If your account is deleted, the metadata endpoint stops serving data, but the on-chain ownership record persists indefinitely.
7. Cookies & Tracking
7.1 Cookies
The Platform uses a single cookie:
| Cookie | Purpose | Type |
|---|---|---|
| Authentication session cookie | Maintains your login session | Functional / strictly necessary |
This cookie is required for login functionality. No other cookies are set.
7.2 No tracking
- No analytics cookies — our web analytics are cookieless
- No third-party tracking pixels (no Facebook Pixel, Google Analytics, etc.)
- No advertising technology (no ad networks, no retargeting)
- No cross-site tracking
7.3 Local storage
The Platform stores your theme preference (light/dark mode) in browser localStorage. This data stays on your device and is not transmitted to our servers.
8. Security Measures
Crecimiento implements appropriate technical and organizational measures to protect your personal data, including encryption in transit (HTTPS), access controls, input validation, rate limiting on security-sensitive endpoints, and regular review of security practices. While no system can guarantee absolute security, we are committed to continuously improving the protection of your data.
9. Data Retention & Deletion
9.1 Deletion process
There is currently no self-service account deletion. To request deletion, contact the team at contact@crecimiento.build.
9.2 What gets deleted
| Data | Deletable | Notes |
|---|---|---|
| Profile and account data | Yes | All associated data (applications, confirmations, invitations, consent records) |
| Authentication account | Yes | Deleted upon request |
| Uploaded profile pictures | Yes | Deleted from cloud storage |
| Stripe customer record | Partially | Customer deletable; Stripe may retain payment records per legal obligations |
| Luma guest records | Per Luma's policy | Governed by Luma's data retention |
| Email delivery logs | Per provider's policy | Governed by email provider's data retention |
| Rate limit counters | Auto-expires | Counters expire automatically; no personal data beyond IP address |
| Web analytics | Not applicable | Data is anonymous and not linked to users |
| Email suppression records | No | Retained to prevent sending to bounced/complained addresses |
9.3 What persists after deletion
| Data | Why it persists |
|---|---|
| On-chain data (ENS subname, wallet address, token ID) | Blockchain data is permanent and irrevocable — see Section 6 |
| Authentication event logs | Anonymized (user ID set to null) but retained for security auditing |
| Email suppression records | Retained to prevent sending to bounced/complained addresses |
10. Your Rights
You have the following rights regarding your personal data:
- Access: You may access and review your profile data at any time through the Platform. Certain information, including application data and consent records, may also be available to you within the Platform interface.
- Correction: You may update or correct your profile data at any time, including display name, bio, city, organization, role, tags, social links, community interest fields, and profile picture. Please note that certain elements, such as usernames, wallet addresses, and on-chain data, cannot be modified due to technical or blockchain-related limitations.
- Deletion: You may request the deletion of your account and associated personal data by contacting contact@crecimiento.build. Please refer to Section 9 for details regarding data that may be deleted and data that must be retained.
- Data Portability: You may request a copy of the personal data we hold about you by contacting contact@crecimiento.build.
All data-related requests are processed manually and within a reasonable timeframe, in accordance with applicable data protection laws. For any request related to your personal data, please contact contact@crecimiento.build.
11. Contact
For questions about this Privacy Policy or to exercise your data rights, contact:
- Email: contact@crecimiento.build