Alephium Privacy Policy

Last modified: June 10, 2024

This Privacy Policy (the “Policy”) explains how Alephium ("Panda Software SA", "Alephium Developer", the "Company", "we", "us" or "our") collects, uses, and shares data in connection with the Alephium website (alephium.org), the Alephium wallets and all of our other properties, products, and services (the “Services”). Your use of the Services is subject to this Policy as well as our Terms of Service.

High Level Summary

  • Alephium does not collect and store personal data, such as first name, last name, street address, date of birth, email address, or IP address, in connection with your use of the Services.
  • Alephium collects non-identifiable data, such as device type, browser version, etc. This is to help drive production vision, not track users.
  • Alephium continues to explore methods to further protect consumers' privacy, such as opt-out prompts, migrating to privacy-centric tooling and deploying proxies to anonymize network traffic.
  • Users are empowered to explore client-side privacy techniques and tools.
  • Any material changes to privacy will be reflected in an updated privacy policy.

Data We Collect

Privacy is central to everything we do. Accordingly, we aspire to be transparent about what little data we do collect. We do not maintain user accounts and do not collect and store personal data, such as your name or internet protocol (“IP”) address.

In our website at alephium.org we are using GoatCounter, a privacy-friendly web analytics tool. No personal information (such as IP address) is collected; a hash of the IP address, User-Agent, and a random number (“salt”) is kept in the process memory for 8 hours to identify a browsing session, and is never stored to disk.There is no information stored in the browser with cookies, localStorage, or other methods. The following information can be stored:

  • URL of the visited page.
  • Referer header.
  • Browser and system information (derived from User-Agent header or HTTP client hints; the original headers are not stored).
  • Screen size.
  • Country and region name derived from the IP address.
  • The browser language derived from the Accept-Language header.

In our desktop and mobile wallets we are using PostHog. The information collected by the wallets is completely anonymous. Upon the first launch of your wallet, a unique ID is generated (for example, vCJGCsDPrZ8WJaIKZMWjU) which is the only identification information required. IPs or any other personal data are not collected. Only events such as button clicks and data such as number of wallets, addresses, contacts and wallet preferences are recorded. This information helps identify useful features and areas for improvement.

How We Use Data

We use the data we collect to learn more about how users use the Services and where we can improve your experience. This data is also useful for debugging purposes.

How We Share Data

  • Legal compliance. We may use the information we collect as needed or requested by regulators, government entities, and law enforcement to comply with applicable laws and regulations.

We do not share your information with any third parties for any marketing purposes whatsoever.

Third Party Cookies

We do not use any third party cookies.

Third-Party Links and Sites

We may integrate technologies operated or controlled by other parties into parts of the Services. For example, the Services may include links that hyperlink to websites, platforms, and other services not operated or controlled by us. Please note that when you interact with these other parties, including when you leave the Site, those parties may independently collect information about you and solicit information from you. You can learn more about how those parties collect and use your data by consulting their privacy policies and other terms.

Security

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. You are responsible for all of your activity on the Services, including the security of your blockchain network addresses, cryptocurrency wallets, and their cryptographic keys.

Age Requirements

The Services are intended for a general audience and are not directed at children. We do not knowingly receive personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you believe we have received personal information about a child under the age of 18, please contact us at [email protected] .

Additional Notice to California Residents (“CCPA Notice”)

The California Consumer Privacy Act of 2018 (“CCPA”) requires certain businesses to provide a CCPA Notice to California residents to explain how we collect, use, and share their personal information, and the rights and choices we offer California residents regarding our handling of their information.

  • Privacy Practices. We do not “sell” personal information as defined under the CCPA. Please review the “Sharing and Disclosure of Information” section above for further details about the categories of parties with whom we share information.

  • Privacy Rights. The CCPA gives individuals the right to request information about how we have collected, used, and shared your personal information. It also gives you the right to request a copy of any information we may maintain about you. You may also ask us to delete any personal information that we may have received about you. Please note that the CCPA limits these rights, for example, by prohibiting us from providing certain sensitive information in response to access requests and limiting the circumstances under which we must comply with a deletion request. We will respond to requests for information, access, and deletion only to the extent we are able to associate, with a reasonable effort, the information we maintain with the identifying details you provide in your request. If we deny the request, we will communicate the decision to you. You are entitled to exercise the rights described above free from discrimination.

  • Submitting a Request. You can submit a request for information, access, or deletion to [email protected].

  • Identity Verification. The CCPA requires us to collect and verify the identity of any individual submitting a request to access or delete personal information before providing a substantive response.

  • Authorized Agents. California residents can designate an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming their authority.

Disclosures for European Union Data Subjects

We process personal data for the purposes described in the section titled “How We Use Data” above. Our bases for processing your data include: (i) you have given consent to the process to us or our service provides for one or more specific purposes; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; and/or (iv) processing is necessary for the purposes of the legitimate interested pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

Your rights under the General Data Protection Regulations (“GDPR”) include the right to (i) request access and obtain a copy of your personal data, (ii) request rectification or erasure of your personal data, (iii) object to or restrict the processing of your personal data; and (iv) request portability of your personal data. Additionally, you may withdraw your consent to our collection at any time. Nevertheless, we cannot edit or delete information that is stored on a particular blockchain. Information such as your transaction data, blockchain wallet address, and assets held by your address that may be related to the data we collect is beyond our control.

To exercise any of your rights under the GDPR, please contact us at [email protected]. We may require additional information from you to process your request. Please note that we may retain information as necessary to fulfill the purpose for which it was collected and may continue to do so even after a data subject request in accordance with our legitimate interests, including to comply with our legal obligations, resolves disputes, prevent fraud, and enforce our agreements.

Changes to this Policy

If we make material changes to this Policy, we will notify you via the Services. Nevertheless, your continued use of the Services reflects your periodic review of this Policy and other Company terms, and indicates your consent to them.

Contact Us

If you have any questions about this Policy or how we collect, use, or share your information, please contact us at [email protected].