Privacy Policy
ION PROTOCOL
PRIVACY POLICY
Last Revised: 02/22/2024
Ion Protocol, Inc. (“Company”) is committed to protecting User’s privacy. Company has prepared this Privacy Policy (this “Policy”) to describe to User Company’s practices regarding the Personal Information (as defined below) Company collects, why Company collects it, and how Company uses and discloses it. This Policy should be read in conjunction with Company’s Terms of Use (the “Terms”), into which this Policy is incorporated by reference. User is encouraged to read the Terms first, as certain terms used in this Policy are defined in the Terms.
ACCEPTANCE OF THE POLICY
User’s privacy matters to Company, so User should take the time to get to know Company’s policies and practices. Please understand that Company reserves the right to change any of Company’s policies and practices at any time, but User can always find the latest version of this Policy here on this page. User’s continued use of the Platform after Company makes changes is deemed to be acceptance of those changes, so please check this Policy periodically for updates.
This Policy describes the types of information Company collects from User or that User may provide when User uses the Platform and Company’s practices for collecting, using, maintaining, protecting, and disclosing that information.
Please read this Policy carefully to understand Company’s practices regarding User’s information and how Company will treat it. If User does not agree with Company’s policies and practices, then please do not use the Platform. By using the Platform, User agrees to the terms of this Policy.
PERSONAL INFORMATION COMPANY COLLECTS
As used herein, “Personal Information” means information that identifies or is reasonably capable of identifying an individual, directly or indirectly, and information that is capable of being associated with an identified or reasonably identifiable individual.
Personal Information Company Collects from User. Company (or Company’s Affiliates) may collect and store the following categories of Personal Information directly from User:
Online identifier information, such as IP address and login information, domain names, and similar identifying names or addresses (collectively, “Online Identifier Information”);
Device information, such as hardware, software, operating system, browser, device name, language preferences (collectively, “Device Information”);
Usage data, such as system activity, internal and external information related to the Platform, clickstream information (collectively, “Usage Data”); and
Geolocation data, such as information about User’s device location (“Geolocation Data”).
Automatic collection of Personal Information may involve the use of Cookies, described in greater detail below. Company does not currently store Online Identifier Information, Device Information, Usage Data, or Geolocation Data on Company’s systems; however, please be aware that third-parties with which Company might interact might store such information.
Personal Information That May Be Collected Automatically. Company (or Company’s Affiliates) may collect and store the following categories of Personal Information automatically through User’s use of the Platform:
Online Identifier Information; and
Additional information, at Company’s discretion, to comply with legal obligations.
Personal Information Company Collects from Third Parties. Company (or Company’s Affiliates) may collect and/or verify the following categories of Personal Information about User from third parties:
Online Identifier Information;
Wallet (as defined in the Terms) information, and information connected to User’s use of the Platform; and
Additional information, at Company’s discretion, to comply with legal obligations.
Accuracy and Retention of Personal Information. Company takes reasonable and practicable steps to ensure that User’s Personal Information held by Company is (i) accurate with regard to the purposes for which it is to be used, and (ii) not kept longer than is necessary for the fulfillment of the purpose for which it is to be used.
INTENDED FOR USERS 18+
Company does not knowingly collect data from or market to anyone under 18 years of age. Company does not knowingly solicit data from or market to anyone under 18 years of age. By using the Platform, User represents that User is at least 18 years old, or that User is the parent or guardian of such a minor and consents to such minor dependent’s use of the Platform. If Company learns that Personal Information, from Users less than 18 years of age has been collected, Company will discontinue User’s access to the Platform, to the extent that is possible, and take reasonable measures to promptly delete such data from Company’s records. If User becomes aware of any data Company may have collected from anyone under age 18, please contact Company at support@ionprotocol.io.
HOW COMPANY USES USER’S PERSONAL INFORMATION
Company collects Personal Information about User in an attempt to provide User with the best experience possible, protect User from risks related to improper use and fraud, and help Company maintain and improve the Platform. Company may use User’s Personal Information to:
Provide User with the Platform. Company uses User’s Personal Information to provide User with the Platform pursuant to the Terms.
Comply with Legal and Regulatory Requirements. Company processes User’s Personal Information as required by applicable laws and regulations.
Detect and Prevent Fraud. Company processes User’s Personal Information to detect and prevent fraud.
Protect the Security and Integrity of the Platform. Company uses User’s Personal Information to maintain the security of User’s Wallet and the Platform itself.
Other Business Purposes. Company may use User’s Personal Information for additional purposes if disclosed to User before Company collects User’s Personal Information or if Company obtains User’s consent.
HOW COMPANY SHARES USER’S PERSONAL INFORMATION
Company will never sell, share, rent, or trade User’s Personal Information with third parties for their commercial purposes. Further, Company will not share User’s Personal Information with third parties, except as described below:
Third-Party Service Providers. Company may share User’s Personal Information with third-party service providers for business or commercial purposes, including fraud detection and prevention, security threat detection, customer support, data analytics, information technology, advertising and marketing, network infrastructure, storage, and transaction monitoring. Company shares User’s Personal Information with these service providers only so that they can provide Company with their services, and Company prohibits its service providers from using or disclosing User’s Personal Information for any other purpose.
Law Enforcement. Company may be compelled to share User’s Personal Information with law enforcement, government officials, and/or regulators.
Corporate Transactions. Company may disclose Personal Information in the event of a proposed or consummated merger, acquisition, reorganization, asset sale, or similar corporate transaction, or in the event of a bankruptcy or dissolution.
Professional Advisors. Company may share User’s Personal Information with Company’s professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with Company’s legal obligations.
Consent. Company may share User’s Personal Information with User’s consent.
If Company decides to modify the purpose for which User’s Personal Information is collected and used, Company will amend this Policy.
COOKIES
When User accesses the Platform, Company may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (herein, “Cookies”) on User’s computer or other devices used to visit the Platform. Company uses Cookies to help Company recognize User as a customer, collect information about User’s use of the Platform to better customize the Platform and content for User, and collect information about User’s computer or other access devices to: (i) ensure that User’s Account security has not been compromised by detecting irregular, suspicious, or potentially fraudulent activities; and (ii) assess and improve the Platform and advertising campaigns.
User can also learn more about Cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on Cookies and how to block Cookies on different types of browsers and mobile devices. Please note that if User rejects Cookies, User will not be able to use some or all of the Service. If User does not consent to the placing of Cookies on User’s device, please do not visit, access, or use the Service.
INFORMATION SECURITY
No security is foolproof, and the Internet is an insecure medium. Company cannot guarantee absolute security, but Company works hard to protect Company and User from unauthorized access to or unauthorized alteration, disclosure, or destruction of Personal Information Company collects and stores. Measures Company takes include encryption of Company website communications with SSL; periodic review of Company’s Personal Information collection, storage, and processing practices; and restricted access to User’s Personal Information on a need-to-know basis for Company’s employees, contractors and agents who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
INFORMATION FOR PERSONS SUBJECT TO EU DATA PROTECTION LAW
While customers who are located in the European Union (“EU”), European Economic Area (“EEA”) or the Channel Islands, or other locations subject to EU data protection law (collectively, “Europe”) are customers of Company’s Panamanian entity, Company recognizes and, to the extent applicable to Company, adheres to relevant EU data protection laws. For purposes of this section, “personal data” has the meaning provided in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
Lawful Bases for Processing. Company processes personal data subject to GDPR on one or more of the following legal bases:
Legal Obligations: to conduct anti-fraud and to fulfill Company’s retention and other legal obligations;
Contractual Obligations: to satisfy Company’s obligations to User under the Terms, including to provide User with the Platform and customer support services, and to optimize and enhance the Platform;
Legitimate Interest: to monitor the usage of the Platform, conduct automated and manual security checks of the Platform, to protect Company’s rights; and
Consent: to market Company and the Platform. User may withdraw User’s consent at any time without affecting the lawfulness of processing based on consent before consent is withdrawn.
European Privacy Rights. European residents have the following rights under GDPR, subject to certain exceptions provided under the law, with respect to their personal data:
Rights to Access and Rectification: User may submit a request that Company disclose the personal data that Company processes about User and correct any inaccurate personal data.
Right to Erasure: User may submit a request that Company delete the personal data that Company has about User.
Right to Restriction of Processing: User has the right to restrict or object to Company’s processing of User’s personal data under certain circumstances.
Right to Data Portability: User has the right to receive the personal data User has provided to Company in an electronic format and to transmit that personal data to another data controller.
To submit a request to exercise these rights, please contact Company using the methods described at the end of this Policy. When handling requests to exercise European privacy rights, Company checks the identity of the requesting party to ensure that he or she is the person legally entitled to make such request. This will require User to provide Company with User’s unique Wallet identification. While Company maintains a policy to respond to these requests free of charge, should User’s request be repetitive or unduly onerous, Company reserves the right to charge User a reasonable fee for compliance with User’s request.
COLLECTION AND TRANSFER OF DATA OUTSIDE THE EEA
The Platform operates with many of Company’s systems based in the United States. As a result, Company may transfer personal data to Europe, the United States, or other third countries, under the following conditions:
Contractual Obligation. Where transfers are necessary to satisfy Company’s obligation to User under the Terms, including to provide User with the Platform and customer support services, and to optimize and enhance the Platform; and
Consent. Where User has consented to the transfer of User’s personal data to another country.
Where transfers to a third country are based on User’s consent, User may withdraw User’s consent at any time. Please understand, however, that the Platform may not be available if Company is unable to transfer personal data to other countries.
When Company transfers personal data to third countries, Company endeavors to ensure adequate safeguards are implemented, for example through the use of standard contractual clauses or Privacy Shield certification.
CCPA
Pursuant to the California Consumer Privacy Act (the “CCPA”), and in addition to the disclosures elsewhere in this Policy, this section describes the types of Personal Information that Company may have collected, disclosed for business purposes, or sold to third parties in the last 12 months.
Personal Information Collected. Internet or other electronic network activity information, geolocation information, and inferences drawn from the foregoing. To learn more about the information Company collects, please see “Personal Information Company Collects,” above. The sources of the information are Users of the Platform and Company’s Affiliates.
Disclosure of Personal Information. In the last 12 months, Company may have disclosed the following categories of Personal Information to Company’s Affiliates or to third-party service providers for business purposes: internet or other electronic network activity information, geolocation information, and inferences drawn from the foregoing. To learn more, please see “How Company Shares User’s Personal Information” above.
“Sale” of Personal Information. In the last 12 months, Company may have “sold” (as defined in the CCPA) the following categories of Personal Information: internet or other electronic network activity information, geolocation information, and inferences drawn from the foregoing. Company does not have actual knowledge that Company sells Personal Information of consumers under 21 years of age. To learn more, please see “How Company Shares User’s Personal Information” above.
Explanation of “Sales” under CCPA. Company is not in the business of collecting and selling data, but, in some cases, Company may share information with Company’s Affiliates or third-party service providers in a transaction that constitutes a “sale” of Personal Information under California law.
CONTACT US
If User has questions or concerns regarding this policy or Company’s use of User’s Personal Information, please feel free to email Company at support@ionprotocol.io; or write to Company at:
Ion Protocol, Inc.
Attn: Chunda McCain
support@ionprotocol.io
Last updated