GlobeClaim is an interactive 3D globe where you can claim hexagonal tiles anywhere on Earth. Each tile becomes your digital territory — name it, brand it, link your project, and share it with a vanity URL.

Is GlobeClaim free to use?

Yes. Creating an account and claiming your first territories on GlobeClaim is free. Premium features (more tiles, custom themes, analytics) are available on paid plans.

Does GlobeClaim use crypto or NFTs?

No. GlobeClaim has no wallet, no gas fees and no on-chain components. Claiming a tile is a simple sign-up + click flow, just like any modern web app.

How do vanity URLs work on GlobeClaim?

When you claim a tile, you can pick a slug like globeclaim.io/your-name. That URL becomes the public profile of your territory — perfect for sharing on social, in your bio, or pointing your community to your "spot" on the globe.

How is GlobeClaim different from the Million Dollar Homepage?

The Million Dollar Homepage was a static 2D pixel grid sold once. GlobeClaim is a live, interactive 3D globe with real geography, evolving territories, vanity URLs, profile pages and a reputation system that grows over time.

What can I do with a claimed territory?

You can brand it (name, description, image, color), link to your project or social profiles, build reputation through engagement, and use the vanity URL as a memorable digital landmark for yourself, your brand or your community.

Privacy Policy

Last updated: March 21, 2026

1. Controller

Alexander Sadomsky
c/o IP-Management #42121
Ludwig-Erhard-Str. 18
20459 Hamburg, Germany
Email: [email protected]

2. Overview

We take the protection of your personal data seriously. This privacy policy explains what data we collect when you use globeclaim.io, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR).

3. Hosting & Server Log Files

This website is hosted on a dedicated server provided by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). The server is located in Frankfurt am Main, Germany (EU). All data stored by this platform resides exclusively within the European Union. Hetzner is our hosting infrastructure provider (data processor pursuant to Art. 28 GDPR). A Data Processing Agreement (DPA) with Hetzner is in place. See Hetzner's Privacy Policy.

When you visit our website, the web server automatically collects and stores information in server log files that your browser transmits:

IP address (anonymized after 7 days)
Date and time of the request
Requested URL and referrer URL
Browser type and version
Operating system

This data is processed based on Art. 6(1)(f) GDPR (legitimate interest) to ensure the security and stability of our website. Log files are automatically deleted after 14 days.

4. User Accounts & Authentication

GlobeClaim offers user accounts exclusively via third-party OAuth providers (GitHub, Google, Discord). When you create an account or sign in, the following data may be collected and stored:

Name and email address (from your OAuth provider)
Profile picture (if provided by your OAuth provider)
OAuth provider account ID
Chosen display handle
Session tokens (JWT)
IP address at the time of registration (for abuse prevention — see Section 4.1)
Timestamp of your agreement to our Terms of Service and Privacy Policy

This data is processed based on Art. 6(1)(b) GDPR (contract fulfillment — providing the service) and Art. 6(1)(a) GDPR (your consent, given by signing in). We do not receive your password from OAuth providers.

Authentication is provided by the following third-party OAuth providers, which may process your data outside the EU:

GitHub — GitHub, Inc. (a Microsoft company), 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA. Transfer basis: EU Standard Contractual Clauses (SCCs). See GitHub Privacy Statement.
Google — Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google may transfer data to the US based on EU SCCs and the EU-US Data Privacy Framework. See Google Privacy Policy.
Discord — Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA. Transfer basis: EU Standard Contractual Clauses (SCCs). See Discord Privacy Policy.

Only your public profile data (name, email, avatar) is transmitted from these providers. We do not have access to your provider passwords, private messages, repositories, or other provider-specific data.

You can revoke OAuth access at any time through your provider's account settings. You may request deletion of your account and all associated data via your account settings or by contacting us at [email protected].

4.1 Public Visibility of Profile Data

Your display name, handle, profile picture, and all tile-related content you submit (project name, description, URL, category) are publicly visible to all visitors of the Platform. Reputation scores, rank titles, and territory information are also publicly displayed. This public visibility is an inherent part of the service. Recent public activity (such as tile claims) may also appear in a live activity feed on the Platform. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment — providing a public directory service).

4.2 IP Address & Abuse Prevention

Upon account creation, your IP address is stored to detect and prevent the creation of multiple accounts by the same person (as prohibited by our Terms of Service). This data is processed based on Art. 6(1)(f) GDPR (legitimate interest in platform integrity and fraud prevention).

5. Cookies

5.1 Strictly necessary cookies

The following cookies are strictly necessary for the operation of the website and do not require your consent under Art. 6(1)(f) GDPR:

next-auth.session-token — Identifies your authenticated session; expires when browser closes or after 30 days
next-auth.csrf-token — CSRF protection for authentication; session cookie
next-auth.callback-url — Stores redirect URL during OAuth flow; session cookie
__cf_bm (Cloudflare) — Bot detection; expires after 30 minutes
cf_clearance (Cloudflare) — Security challenge clearance; expires after 30 minutes

5.2 Third-party cookies

This website does not use advertising cookies, retargeting, analytics tracking cookies, or social media tracking pixels.

6. Platform Data

When you use GlobeClaim, the following data related to your platform activity is stored:

Tile claims, territory ownership, and associated project information you provide
Reputation scores and activity logs (claims, visits)
Payment records (see Section 7)

This data is processed based on Art. 6(1)(b) GDPR (contract fulfillment — providing the platform service).

7. Payment Processing (Stripe)

Payments are processed via Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). The following data may be transmitted to Stripe:

Name and email address
Payment method details (credit/debit card number, SEPA bank details)
Transaction amount and currency
IP address and device information (for fraud prevention)

This data is processed based on Art. 6(1)(b) GDPR (contract fulfillment). Payment data is processed exclusively by Stripe in accordance with PCI DSS Level 1 compliance standards. We do not store your full card numbers or bank details on our servers. Stripe may transfer data to the United States based on EU Standard Contractual Clauses (SCCs).

Data Processing Agreement (DPA): A Data Processing Agreement pursuant to Art. 28 GDPR is in place with Stripe. Stripe provides this agreement via the Stripe Dashboard. See also Stripe's Privacy Policy.

8. Payment Processing (PayPal)

As an alternative payment method, payments may be processed via PayPal (Europe) S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg). The following data may be transmitted to PayPal:

Name and email address (from your PayPal account)
Transaction amount and currency
IP address and device information (for fraud prevention)

This data is processed based on Art. 6(1)(b) GDPR (contract fulfillment). We do not receive or store your full PayPal account details, bank information, or payment method data on our servers. PayPal may transfer data to the United States based on EU Standard Contractual Clauses (SCCs). See PayPal's Privacy Statement.

9. Cloudflare Turnstile (Bot Protection)

This website uses Cloudflare Turnstile to protect against automated abuse (bots, scripts). When you perform certain actions (e.g., claiming a tile), Turnstile may process:

IP address
Browser characteristics and interaction patterns
Cloudflare-specific challenge tokens

This data is processed based on Art. 6(1)(f) GDPR (legitimate interest in protecting the platform from automated abuse). No visible CAPTCHA is shown — Turnstile operates in managed (invisible) mode. See Cloudflare's Privacy Policy.

10. Cloudflare (CDN & Security)

This website uses Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as a Content Delivery Network (CDN) and for DDoS protection. When you visit this website, your connection is routed through Cloudflare's network. Cloudflare may process:

IP address
Browser type, language, and referring page
Date and time of request
Cloudflare security cookies for bot detection

This data is processed based on Art. 6(1)(f) GDPR (legitimate interest in website security and performance). Cloudflare is certified under the EU-US Data Privacy Framework.

Data Processing Agreement (DPA): A Data Processing Agreement pursuant to Art. 28 GDPR is in place with Cloudflare. Cloudflare provides this agreement via the Cloudflare Data Processing Addendum page. See also Cloudflare's Privacy Policy.

11. Visitor Tracking (Tile Analytics)

When you visit a claimed tile's public page, we record a pseudonymized visit for analytics purposes. A one-way hash (SHA-256) is generated from your IP address, User-Agent, and the current date. This hash cannot be reversed to identify you personally. We store:

The tile identifier visited
The pseudonymized visitor hash (not your raw IP or User-Agent)
The date of the visit

This data is processed based on Art. 6(1)(f) GDPR (legitimate interest in providing tile owners with aggregated, anonymous visitor statistics). No personal data can be derived from the stored hash.

12. Data Security

This website uses TLS/SSL encryption (HTTPS) for all data transmission. Server access is restricted to SSH key-based authentication with firewall protection. Authentication is handled exclusively via OAuth providers — no passwords are stored on our servers.

13. Data Retention

We retain personal data only as long as necessary:

Server log files: 14 days (automatically deleted)
User accounts: Until you request deletion
Platform activity: Duration of your account
Payment records (Stripe / PayPal): 10 years (German tax law, §147 AO)
Visitor hashes: 90 days (automatically purged)

14. Your Rights

Under the GDPR, you have the following rights:

Right of access (Art. 15) — obtain information about your stored data
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure (Art. 17) — request deletion of your data
Right to restriction (Art. 18) — restrict processing
Right to data portability (Art. 20) — receive your data in a structured format
Right to object (Art. 21) — object to processing based on legitimate interest
Right to withdraw consent (Art. 7(3)) — without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

15. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany
datenschutz-hamburg.de

16. Changes to This Policy

We may update this privacy policy from time to time. The date at the top indicates when this policy was last revised.