Legal
Privacy Policy

Privacy Policy

Last Updated: February 4, 2025

This Privacy Policy ("Policy") describes how Ondo Finance Inc. and its directly or indirectly controlled affiliates, including but not limited to, Ondo I LP and Ondo USDY LLC, ("Ondo," "we," "us" or "our") may collect, use and disclose information, and your choices regarding this information. Please read this Policy carefully and contact us with questions at legal@ondo.finance.

Applicability of This Policy

This Policy applies to our Services, which include our websites and mobile applications featuring this Policy (collectively, the "Sites"), the services and tools we provide on or make available via our platform, any interaction with Ondo’s APIs or other user interfaces relating to issuances of our tokenized assets, bridging or conversion tools made available for your use, insights, or subscribing in or managing blockchain-based smart contracts or any other features or content we own or operate or third party applications or smart contracts relying on such Ondo interfaces or smart contracts, and related services, including but not limited to blockchain-based tokens that are generated or transferred by or otherwise interact with any such smart contracts (collectively, the "Services and Tools"). If you do not agree with the terms of this Policy, do not access or use the Services and Tools, Sites, or otherwise interact with our business.

This Policy does not address our privacy practices relating to Ondo job applicants, employees and other personnel. This Policy is also not a contract and does not create any legal rights or obligations. We may also choose or be required by law to provide different or additional disclosures relating to the processing of your information, which should not be interpreted as limiting the terms of this Policy.

What We Collect

The categories of information we collect depend on how you interact with us and our Services and Tools. Ondo collects information that individuals provide directly to us, information we collect automatically when individuals interact with us, and information we collect from third-party sources and other organizations.

Information You Provide

We may collect the following information you provide directly to us in connection with our Services and Tools:

  • Contact Information, such as your name, email address, physical address, and communication preferences.
  • Financial Information, such as your blockchain addresses, blockchain wallet information, asset holdings, transaction history, and associated fees paid.
  • Transaction Information such as information about the transactions you make on or using our Services and Tools, such as the type of transaction, transaction amount, and timestamp.
  • Background Information for KYC and other regulatory customer diligence requirements, which may include collection of your passport, photos, bank account statements, assets, utility bills, proof of income, incorporation documents, and tax ID and verification information.
  • Interaction Information, such as the information you submit through your interactions with us, including feedback, communications, inquiries, questionnaires and other survey responses, your use of the Services and Tools, and information you provide to our first- and third-party support teams, including via our help chat.

Information We Collect Automatically

As is true of many digital platforms, we and our third-party providers may also collect certain information from an individual’s device, browsing actions, and site usage patterns automatically when visiting or interacting with our Services and Tools, which may include:

  • Online Identifiers, such as geo location/tracking details, browser fingerprint, mobile carrier, MAC address, user settings, mobile ad identifiers, Internet service provider, operating system, browser name and version, personal IP addresses, the URL entered and the referring page/campaign, date/time of visit, the time spent on our services, and any errors that may occur during the visit to our services.
  • Usage Data, such as the electronic path taken to our services, through our services, and when exiting our services, as well as information pertaining to usage and activity on our services (including pages visited, links clicked, content interacted with, and duration and frequency of the activities).
  • Location Information, such as IP-derived location, used at the city level for fraud detection, customer support and product improvement purposes.
  • Cookies and Other Tracking Technologies. We, and third parties we authorize, collect information through (i) cookies or small data files that are stored on an individual’s device or browser and (ii) other, similar technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “Cookies”). We use Cookies to automatically collect and use or disclose information for the purposes described in this Privacy Policy, including to analyze and track data, determine the popularity of certain content, and better understand each user’s online activity. We may combine this Cookie information with other information we collect about you. You may choose to set your web browser to refuse Cookies, or to alert you when Cookies are being sent. If you do so, please note that some parts of our Services and Tools may not function properly.

Infrmation from Third Parties and Other Sources

We also obtain personal information from third-party sources, which we often combine with personal information we collect either automatically or directly from an individual.

We may receive the same categories of personal information as described above from the following third parties:

  • Affiliates. We may receive information from other companies owned or controlled by Ondo, and other companies owning or under common ownership with Ondo, particularly when we collaborate in providing the Services and Tools.
  • Social Media. If an individual chooses to interact with us on social media, we may collect personal information about them from their social media account that they make public. We use personal information collected in connection with their social media account to communicate with them, better understand their interests and preferences, and better understand our user base in the aggregate.
  • Identity Verification Providers. In certain circumstances, we may engage third-party identity verification providers to help us verify the identity of a specific individual with whom we are interacting. This information is used primarily for purposes of preventing fraud.
  • Data Analytics Providers. We rely on third-party providers to help us collect analytics relating to our services and user base. These data analytics providers often collect personal information directly from individuals or public blockchains and share some or all of this information with us in connection with their analytics services.
  • Other Service Providers. Other service providers that perform services solely on our behalf, such as website hosting and marketing providers, collect personal information and often share some or all of this information with us in connection with their services.
  • Information Providers. We may from time to time obtain information from third-party information providers to correct or supplement personal information we collect. For example, we may obtain background check information from credit bureaus or updated contact information from third-party information providers to connect with an individual who may be interested in our services.
  • Publicly Available Sources. We collect personal information about individuals that we do not otherwise have, such as information publicly available on various blockchains (see below), public contact information or an individual’s interest in our services from publicly available sources. We may combine this information with the information we collect from an individual directly.

Our Collection of Blockchain Information

Blockchain is a shared, immutable ledger used to record transactions of assets. In connection with our services, we may collect the following current and historical blockchain information directly from individuals, from the third parties identified above, or from public blockchains themselves:

  • Account Address: The unique blockchain address or domain from or to which assets are transferred.
  • Wallet Information: The wallet provider and wallet connected to a specific account address.
  • Account Balance & Assets: The balance associated with the blockchain address, as well as the assets stored in connection with that account.
  • Transaction Details: The transaction identifier, blockchain position for the transaction, date and time of the transaction, type of transaction, amount sent or received, fee amount, account address of the sender and recipient, and storage size of the transaction.

We may in certain circumstances combine the blockchain information we obtain with the information described above, such as where you are required to connect a blockchain wallet (such as through Coinbase Wallet, WalletConnect, Fortmatic, Ledger, or Trust Wallet) to the Service to facilitate the account address creation and wallet linking.

How We Use Information

We use your information and blockchain information in accordance with your instructions, including any applicable terms in the Terms of Use, to provide data processing as described in the policies and agreements of our affiliates, and as required by applicable law. We may also use the information we collect for:

Providing Services and Tools and Features

We may use the information we collect to provide, personalize, maintain, and improve our products and Services and Tools, including as we described in the Terms of Use. This includes using information to:

  • operate, maintain, customize, test, measure, and improve our Services and Tools, and manage our organization and business;
  • facilitate and process transactions;
  • send information, including confirmations, notices, updates, technical alerts, security alerts, surveys, and support and administrative messages;
  • communicate with you about the Services and Tools and events offered by Ondo and others and provide news and information that we think will interest you;
  • personalize and improve your experience on our Services and Tools;
  • monitor and analyze trends, usage, and activities in connection with our Services and Tools; and
  • to create de-identified or aggregated data.

Safety and Security

We may use your information to help maintain the safety, security, and integrity of you and our Services and Tools, including to:

  • protect, investigate, and deter against fraudulent, unauthorized, or illegal activity;
  • monitor and verify identity or service access, combat spam, malware or security risks;
  • perform internal operations necessary to provide our Services and Tools, including to test, diagnose, and troubleshoot software bugs and technical and operational problems;
  • help maintain the safety, security, and integrity of our property and Services and Tools, technology assets, and business;
  • enforce our agreements with third parties, and address violations of our Terms of Use or agreements for other Services and Tools;
  • detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Ondo and others; and
  • comply with applicable security laws and regulations.

User Support

We may use information we collect to provide support, including to:

  • direct questions to the appropriate support person;
  • respond to your comments and questions and provide customer service
  • investigate, troubleshoot, address and resolve user concerns and problems using the Services and Tools; and
  • monitor and improve our customer support responses and processes.

Research and Development

We may use the information we collect for testing, research, analysis, and product development to improve your experience. This helps us to improve and enhance the safety and security of our Services and Tools, improve our ability to prevent the use of our Services and Tools for illegal or improper purposes and develop new features and products relating to our Services and Tools.

Legal and Regulatory Compliance

We may verify your identity and conduct KYC and other customer diligence requirements by comparing the personal information you provide against third-party databases and public records, or conducting a background check. We may use the information we collect to investigate or address claims or disputes relating to use of our Services and Tools, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries. We may process the information to facilitate business transactions and reorganizations impacting the structure of our business, or to otherwise comply with our legal and financial obligations.

Direct Marketing

We may use the information we collect to market our Services and Tools to you. This may include sending you communications about our Services and Tools, features, promotions, surveys, news, updates, and events, and managing your participation in these promotions and events. If you do not want us to send you marketing communications, please opt out by selecting "unsubscribe" to any marketing email sent by us or by contacting us at legal@ondo.finance.

How We Share & Disclose Information

We may share your information and blockchain information in the following circumstances:

  • With Affiliates: We share information with other companies owned or controlled by Ondo, and other companies owning or under common ownership or control with Ondo, particularly when we collaborate in providing Services and Tools.
  • At Your Direction. We may share information with third parties you engage with through our Services and Tools or as needed to fulfill a request or transaction. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to the recipient’s privacy policies.
  • To Comply with Our Legal Obligations. We may share your information: (A) to cooperate with government or regulatory investigations; (B) when we are compelled to do so by a subpoena, court order, or similar legal procedure; (C) when we believe in good faith that the disclosure of personal information is necessary to prevent harm to another person; (D) to report suspected illegal activity; or (E) to investigate violations of our User Agreement or any other applicable policies.
  • With Service Providers. We may share your information with service providers who help facilitate business and compliance operations such as marketing and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us.
  • Identity Verification Providers. Where we engage a third-party identity verification provider to help us verify the identity of a specific individual with whom we are interacting, we will typically provide the third-party identity verification provider sufficient information to facilitate the identity verification service.
  • With Public Blockchains. We will make information relating to certain transactions available on public blockchains to the extent such information is customarily shared in connection with consummating a blockchain transaction. Please note this information is publicly available and may be shared freely.
  • During a Change to Our Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all of your information may be shared or transferred, subject to standard confidentiality arrangements.
  • Legal Obligations and Rights. We share or otherwise disclose information to third parties, such as our lawyers, other professional advisors and law enforcement:
  • Where necessary to obtain advice or otherwise protect and manage our business interests;
  • In connection with the establishment, exercise, or defense of legal claims;
  • To comply with laws or to respond to lawful requests or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
  • To protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
  • To detect, suppress, or prevent fraud;
  • To protect the health and safety of us and others; or
  • As otherwise required by applicable law.
  • Aggregated or De-identified Data. We may share aggregated and/or anonymized data with others for their own uses.

Legal Bases for Using Your Information

Where the law requires the identification of the legal basis on which rely to process your information, the legal bases for using your information as set out in this Privacy Policy are as follows:

  • Where we need to perform the contract we are about to enter into or have entered into with you for the Services and Tools.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation in the relevant jurisdiction.
  • Where we have your consent to process your information in a certain way.

Your Rights and Choices

If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Us” section below at any time. Your local laws may permit you to request that we:

  • provide access to and/or a copy of certain information we hold about you.
  • update information which is out of date or incorrect.
  • delete certain information that we are holding about you.
  • restrict the way that we process and disclose certain of your information.
  • permit you to revoke your consent for the processing of your information.

We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

Data Retention

To view or update your information, contact us at legal@ondo.finance. We store your information throughout the life of your use of any Sites or Services and Tools and retain your information for a minimum of five (5) years to comply with our legal obligations or to resolve disputes. If you cease using any Sites or Services and Tools, we may still process and share your information with third parties, such as may be necessary to prevent fraud and assist law enforcement, as required by law, or as otherwise to protection our legal rights, or those of others, such as in the case of litigation, or otherwise in accordance with this Policy.

Security

We maintain administrative, technical and physical safeguards designed to protect the personal information we maintain against unauthorized access or disclosure. No system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure. You are responsible for all activity relating to any of your blockchain network addresses and/or blockchain-based wallets.

Age Limitations

To the extent prohibited by applicable law, we do not allow use of our Services and Tools or Sites by anyone younger than the legal age in the jurisdiction in which the user resides. If you learn that anyone younger than the legal age has unlawfully provided us with personal data, please contact us at legal@ondo.finance and we will take steps to delete such information, close any such accounts, and, to the extent possible, prevent the user from continuing to use our Services and Tools.

Changes to This Policy

If we make any changes, we will change the Last Updated date above. We encourage you to review this Policy to stay informed. If we make material changes, we will provide additional notice, such as via the email specified in your account or through the Services and Tools or Sites.

Online Tracking Opt-out Guide

Like many companies online, we use services provided by Google and other companies that use Cookies. These services rely on Cookies to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

  • Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org (opens in a new tab).
  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes. Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features.
  • Platform opt-outs. The following advertising partner offers opt-out features that let you opt-out of use of your information for interest-based advertising:
  • Google Analytics. For more information about how Google uses your data, please visit Google Analytics Privacy Policy (opens in a new tab). You can also view Google’s currently available opt-out options for Google Analytics here (opens in a new tab).
  • Advertising industry opt-out tools. You can also use the opt-out options set forth below to limit use of your information for interest-based advertising by participating companies. Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Additional Disclosure for Our Consumers and Customers

This Additional Disclosure governs our collection, use and sharing of personal information that users provide to us to initiate or complete the process of interacting with the financial Services and Tools. To the extent there are conflicting provisions between this Additional Disclosure and other sections of the Privacy Policy, the Additional Disclosure will govern.

The types of personal information we collect and share can include:

  • Contact details
  • Transaction history
  • Cryptocurrency balances and wallets

When you are no longer our customer, we continue to share your information as described in this Policy.

Reasons We Can Share Your Personal Information

We need to share users' personal information to operate certain aspects of our Sites, Services and Tools and business. The below includes information on whether we share your personal information, the reasons we share your personal information and whether you can limit this sharing.

  • We share users' personal information for our everyday business purposes, including to operate, maintain and upgrade our Services and Tools and to support the use thereof, and to respond to court orders and legal investigations. You cannot limit our sharing of this information.
  • We share users’ personal information for our marketing purposes, such as to offer our products and services to you. You cannot limit our sharing of this information.
  • We do not share users’ personal information for joint marketing with partner financial companies.
  • We do not share users' personal information for nonaffiliates to market to you, subject to the terms of this Policy and any agreement between you and us.

"Affiliates" refer to companies related by common ownership or control; "nonaffiliates" refer to companies no related by common ownership or control; and "joint marketing" refers to a formal agreement between nonaffiliated financial companies that together market financial products or services to you.

How Does Ondo Protect My Personal Information?

To protect your personal information from unauthorized access and use, we use security measures that comply with applicable law. These measures include computer safeguards and secured files and buildings.

How Does Ondo Collect My Personal Information?

We collect your personal information when you register for an account through the Services and Tools before you deposit Digital Assets in the Services and Tools, make transactions using the Services and Tools, withdraw Digital Assets from the Services and Tools, or otherwise interact with us or the Services and Tools. We may also collect your personal information automatically through your use of the Services and Tools or from other companies.

Contact Us

Please contact us if you have any questions about this Policy or if you are seeking to exercise any of your statutory rights. Subject to applicable laws, we will respond within a reasonable timeframe. You may contact us at legal@ondo.finance.

Terms of ServiceCookies Policy