Last Updated: January 2023
Applicability of This Policy
This Policy applies to our services, which include the services we provide on our platform, user interface to the Protocol or any other websites, pages, features, mobile applications, or content we own or operate (collectively, the "Sites") or when you use any Ondo API or third party applications relying on such an API, and related services (collectively, the "Services"). If you do not agree with the terms of this Policy, do not access or use the Services, Sites, or any other aspect of our business.
What We Collect
When you interact with our Services, we may collect:
- Contact Information, such as your email address.
- Financial Information, such as your Ethereum address, cryptocurrency wallet information, transaction history, and associated fees paid.
- Transaction Information, such as information about the transactions you make on our Services, such as the type of transaction, transaction amount, and timestamp.
- Correspondence, such as your feedback, questionnaire and other survey responses, and information you provide to our support teams, including via our help chat.
- Online Identifiers, such as geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
- Usage Data, such as user preferences and other data collected via cookies and similar technologies.
- Information We Get from Others. We may get information about you from other sources as required or permitted by applicable law, including public databases, credit bureaus & ID verification partners. We may combine the information collected from these sources with the information we get from this Site in order to comply with our legal obligations and limit the use of our Services in connection with fraudulent or other illicit activities.
How We Use Information
Providing Services and Features
- operate, maintain, customize, measure, and improve our Services, and manage our business;
- process transactions;
- send information, including confirmations, notices, updates, security alerts, and support and administrative messages; and
- to create de-identified or aggregated data.
Safety and Security
We may use your information to help maintain the safety, security, and integrity of you and our Services, including to:
- protect, investigate, and deter against fraudulent, unauthorized, or illegal activity;
- monitor and verify identity or service access, combat spam, malware or security risks;
- perform internal operations necessary to provide our Services, including to troubleshoot software bugs and operational problems;
- comply with applicable security laws and regulations.
We may use information we collect to provide support, including to:
- direct questions to the appropriate support person;
- investigate and address user concerns; and
- monitor and improve our customer support responses and processes.
Research and Development
We may use the information we collect for testing, research, analysis, and product development to improve your experience. This helps us to improve and enhance the safety and security of our Services, improve our ability to prevent the use of our Services for illegal or improper purposes and develop new features and products relating to our Services.
Legal and Regulatory Compliance
We may verify your identity by comparing the personal information you provide against third-party databases and public records. We may use the information we collect to investigate or address claims or disputes relating to use of our Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
We may use the information we collect to market our Services to you. This may include sending you communications about our Services, features, promotions, surveys, news, updates, and events, and managing your participation in these promotions and events. If you do not want us to send you marketing communications, please opt out by selecting "unsubscribe" to any marketing email sent by us or by contacting us at firstname.lastname@example.org.
How We Share & Disclose Information
We may share your information in the following circumstances:
- With Your Consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies.
- To Comply with Our Legal Obligations. We may share your information: (A) to cooperate with government or regulatory investigations; (B) when we are compelled to do so by a subpoena, court order, or similar legal procedure; (C) when we believe in good faith that the disclosure of personal information is necessary to prevent harm to another person; (D) to report suspected illegal activity; or (E) to investigate violations of our User Agreement or any other applicable policies.
- With Service Providers. We may share your information with service providers who help facilitate business and compliance operations such as marketing and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us.
- During a Change to Our Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all of your information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data. We may share aggregated and/or anonymized data with others for their own uses.
To view or update your information, contact us at email@example.com. We store your information throughout the life of your use of the Protocol and retain your information for a minimum of five (5) years to comply with our legal obligations or to resolve disputes. If you cease using the Protocol, we will neither use your information for any further purposes, nor sell or share your information with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Policy.
We maintain administrative, technical and physical safeguards designed to protect the personal information we maintain against unauthorized access or disclosure. No system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure. You are responsible for all activity on the Protocol relating to any of your Ethereum network addresses and/or cryptocurrency wallets.
To the extent prohibited by applicable law, we do not allow use of our Services and Sites by anyone younger than the legal age in the jurisdiction in which the user resides. If you learn that anyone younger than the legal age has unlawfully provided us with personal data, please contact us at firstname.lastname@example.org and we will take steps to delete such information, close any such accounts, and, to the extent possible, prevent the user from continuing to use our Services.
Changes to This Policy
If we make any changes, we will change the Last Updated date above. We encourage you to review this Policy to stay informed. If we make material changes, we will provide additional notice, such as via the email specified in your account or through the Services or Sites.
Online Tracking Opt-out Guide
Like many companies online, we use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies-such as cookies and web beacons-to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes. Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features.
- Platform opt-outs. The following advertising partner offers opt-out features that let you opt-out of use of your information for interest-based advertising - Google: https://adssettings.google.com. Advertising industry opt-out tools. You can also use the opt-out options set forth below to limit use of your information for interest-based advertising by participating companies. Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use. Digital Advertising Alliance: http://optout.aboutads.info Network Advertising Initiative: http://optout.networkadvertising.org/
Notice to California Residents - CCPA Scope and Exclusions
This California Consumer Privacy Act of 2018 (CCPA) Notice, including the description of our Privacy Practices and your Privacy Rights, apply only to California residents whose interactions with us are limited to:
- visiting our consumer websites; and
- signing up for email alerts; and This CCPA Notice does not apply to the personal information we collect, use or disclose about:
- individuals who provide information to us to initiate or complete the process of interacting with our platform, which are subject to the notice set forth in the Additional Disclosure section of this Policy.; or
- representatives of businesses that seek to obtain our products or services, or to provide products or services to us.
The CCPA grants individuals the following rights:
- Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. For details about the personal information we have collected over the last 12 months, including the categories of sources, please see the What We Collect section of this Policy. We collect this information for the business and commercial purposes described in the How We Use Information section of this Policy. We share this information with the categories of third parties described in the How We Share and Disclose Information section of this Policy.
- Access. You can request a copy of the personal information that we maintain about you.
- Deletion. You can ask us to delete the personal information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will also respond to requests for information and access only to the extent we are able to associate with a reasonable effort the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination.
How to Submit a Request
To request access to or deletion of personal information to email@example.com.
The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.
California residents can empower an "authorized agent" to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Additional Disclosure for Our Consumers and Customers
The types of personal information we collect and share can include:
- Contact details
- Transaction history
- Cryptocurrency balances and wallets When you are no longer our customer, we continue to share your information as described in this notice.
Reasons We Can Share Your Personal Information
We need to share users' personal information to operate certain aspects of the Protocol and our business. Below, whether we share your personal information, the reasons we share your personal information and whether you can limit this sharing
- We share users' personal information for our everyday business purposes, such as to process and match your orders and respond to court orders and legal investigations. You cannot limit our sharing of this information.
- We share users' personal information for our marketing purposes, such as to offer our products and services to you. You cannot limit our sharing of this information.
- We do not share users' personal information for joint marketing with financial companies.
- We do not share users' personal information for our affiliates' everyday business purposes.
- We do not share users' personal information for our affiliates to market to you.
- We do not share users' personal information for nonaffiliates to market to you.
"Affiliates" refer to companies related by common ownership or control; "nonaffiliates" refer to companies no related by common ownership or control; and "joint marketing" refers to a formal agreement between nonaffiliated financial companies that together market financial products or services to you.
How Does Ondo Protect My Personal Information?
To protect your personal information from unauthorized access and use, we use security measures that comply with applicable law. These measures include computer safeguards and secured files and buildings.
How Does Ondo Collect My Personal Information?
We collect your personal information, for example, when you deposit Digital Assets in the Protocol, make transactions using the Protocol, or withdraw Digital Assets from the Protocol. We may also collect your personal information from other companies.
Please contact us if you have any questions about this Policy or if you are seeking to exercise any of your statutory rights. Subject to applicable laws, we will respond within a reasonable timeframe. You may contact us at firstname.lastname@example.org.