Summary

ZERION PRIVACY POLICY

Last Updated: May 22, 2024

At Zerion Inc (hereafter “Zerion”, "we", "us", "our"), we respect your privacy and take all necessary measures to protect personal data of those who are visiting our website accessible at https://zerion.io/ (the “Website”) and using our services via the web application, browser extension or mobile applications (the “Interface”).

This Privacy Policy (the “Privacy Policy,” the “Policy”) is intended to inform you about the processing of your personal data and share with you practical guidelines on how you can minimise personal data provided to us. Privacy Policy applies to all your interactions with us via our Website, Zerion Mirror page (https://zerion.mirror.xyz) and Interface.

KEY TAKEAWAYS:

Zerion does not collect and store personally identifiable data, such as first name, last name, street address, or date of birth.
Zerion might have your email if you provide it to us for product updates subscriptions or while communicating with our Customer Support team. We never cross-link your emails to your other personal data that Zerion might collect.
Zerion collects non-identifiable public on-chain data, like transaction details, assets held in the wallet, and other information, to provide you services via the Zerion Interface.
Zerion collects non-identifiable off-chain data, like device type, browser version, IP address, etc. This is to help drive production vision, not track. We do our best to store your IP addresses only in hashed versions and for no longer than 14 days in our logs.

HOW TO PRESERVE YOUR PRIVACY:

If you don’t want us to know your email, please don’t subscribe to https://zerion.io/blog/; Zerion Mirror page https://zerion.mirror.xyz; early access to Zerion product releases. We encourage you to access our Support team via app-embedded functionality but not through email or social networks;
Opt out of app usage analytics to minimise collection of your product usage data;
Turn off notifications for the Zerion App in the Settings section of your device, so we will not be able to process the Push token ID generated based on your device information. If you have two or more wallets in the Zerion App, you will have the same Push Token ID associated with each of your wallets.
You can replace the default provider with any custom node and control which RPC your data is shared with.

WHAT INFORMATION WE COLLECT

We want to share with you how we collect personal data at the different stages of your user journey and advise on how you can preserve your privacy.

1. WHEN YOU BROWSE OUR WEBSITE

AUTOMATICALLY COLLECTED DATA : ‍

Log Information:

Browser Information

Information related to Browser headers, type of browser, and locale.

IP address

In cases when it is possible, Zerion stores IP addresses in a hashed version, e.g. IP addresses are stored in logs in a hashed version.

Device Information

Information about computer or mobile device you use to access our Interfaces, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

INFORMATION YOU PROVIDE TO US

Email

If you want to receive updates from Zerion, you can share your email address with us at the page https://zerion.io/blog/, or If you wish to have early access to Zerion’s new products.

If you want to preserve the highest level of your privacy, please refrain from providing us with your email address. If you are subscribing to our updates, please be sure your email doesn’t contain your name, surname, date of birth, or other data that can identify you.

2. WHEN YOU USE OUR INTERFACES

AUTOMATICALLY COLLECTED DATA :

Log Information:

Browser Information

Information related to Browser headers, type of browser, and locale.

Device Information

Information about the computer or mobile device you use to access our Interfaces, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

IP address

In cases when it is possible, Zerion stores IP addresses in a hashed version, e.g. IP addresses are stored in logs in a hashed version.

Location

City, Country

If you don’t want us to collect your Location data, please go to the Zerion Application “Settings”, follow the “Privacy” settings, and choose to opt out of “Share app usage analytics”.

Product Usage Information

Behavioural data related to your use of the Interface (including, in particular, and depending on the case, data related to how you interact with our Interface, content viewed, features accessed, your status on our Interface, DApp launches, taps, clicks, scrolling data, timestamps etc.).

We collect your Behavioral data and process it via Metabase (hosted on the Zerion AWS server) and Firebase, Mixpanel analytic tools. If you don’t want to share your data with Firebase, Mixpanel and other analytical tools that are not hosted with us, please go to the Zerion Application “Settings,” follow “Privacy” settings, and choose to opt out of “Share app usage analytics”.

App Stories view data

Information related to your interaction with our in-app's Stories.

Engagement Data

Information relating to Zerion campaigns and User interactions. Clicks on Zerion’s advertisements, Zerion’s advertisement impressions viewed, audiences or segments to which an advertisement campaign is attributed, type of ads and the webpage from which such ads were displayed, and webpages on Zerion’s website visited by you.

Push token (device token)

We rely on Apple and Google’s push notiﬁcation systems. To send notiﬁcations to a given wallet, we must persistently store device tokens (an anonymised string) and the list of wallet addresses subscribed to notiﬁcations from that device. If you have two or more wallets in the Zerion App, you will have the same Push Token ID associated with each of your wallets.

Anyone who wishes to avoid processing Push token data entirely can turn off push notiﬁcations for the Zerion App in the Settings section of your device, so we will not be able to process your Push token ID generated based on your device information.

Intended Transaction Information

We generate the transaction before sending it for execution on the chain so you can see all available fees and choose the better option. The information contains data about the type of transaction, amount, assets, and other transaction metadata. We share this data with DEX aggregators and Private Money Makers for them to perform the transaction.

INFORMATION WE COLLECT FROM OTHER SOURCES

Publicly-available Blockchain Data

We collect your publicly available blockchain (transaction details, assets held in the wallet, and other information) to reflect at the Interface actual data related to your portfolio.

INFORMATION YOU PROVIDE TO US

Wallet Information

Your public wallet address provided while connecting the wallet to the Interface.

Contact details

Email address: in case you want to connect your wallet via email address, or in case you provide your email address to our Customer Support team to resolve your request.

Social network account names: we can receive this information from you while you communicate with our Customer Support team via Discord or X (Twitter).

Zerion doesn’t link your contact details with the public wallet addresses unless you provide this data together; in case it happens, we never share such data with third parties and keep it strictly confidential for you.

If you don’t want us to know your social network account name or email address, please submit your request to the support team via the Zerion App (“Settings” > ”Support”). If your request takes longer time to solve and we need your email to notify you about solving the issue, please be sure that the email you provide contains your name, surname, date of birth, or other data that can directly identify you.

Communications

Information provided by you to our Customer Support team.

3. WHEN YOU FOLLOW AS ON MIRROR

INFORMATION YOU PROVIDE TO US

Emails

If you want to receive updates from the Zerion Mirror page, you can share the email address with us at https://zerion.mirror.xyz.

Wallet Information

Your public wallet address provided while connecting the wallet to Zerion Interface.

Please note in case you subscribe to the Zerion Mirror page, Zerion knows your email and public address. We never cross-link your email with any other data that we might have about you.

AUTOMATICALLY COLLECTED DATA:

Log Information:

Browser Information

Information related to Browser headers, type of browser, and locale.

Device Information

IP address

IP addresses are collected automatically by analytic tools.

Engagement Data

Information relating to the interaction with the Zerion Mirror Page: content viewed, time spent on the page, clicked links, etc.

PURPOSE	LEGAL BASIS	CATEGORIES OF PERSONAL DATA	WITH WHOM WE SHARE YOUR DATA
PROVIDE ACCESS AND CERTAIN FUNCTIONALITY OF THE WEBSITE :
Provide visibility of our Website according to your browser, device, and operation system	Legitimate interest is to access the website on your device	Log Information	Network & security provider: Cloudflare Inc (USA) Cloud computing and storage services: Amazon Web Services Inc. (USA)
Provide a safe connection to the Website and protection from DDoS attacks and other cyber-attacks	Legitimate interest is to have a secure connection	Log Information	Network & security provider: Cloudflare Inc (USA) Cloud computing and storage services: Amazon Web Services Inc. (USA)
PROVIDE ACCESS TO CERTAIN FUNCTIONALITY OF THE INTERFACE :
General access to the Interface (visibility of the Interface, functionality to login)	Necessity of the Contract Performance	Log Information	Network & security provider: Cloudflare Inc (USA) Cloud computing and storage services: Amazon Web Services Inc. (USA)
Connect a wallet or create a new one	Necessity of the Contract Performance	Log Information Wallet Information	Cloud computing and storage services: Amazon Web Services Inc. (USA)
Portfolio/assets view	Necessity of the Contract Performance	Log Information Wallet Information Assets Information	Cloud computing and storage services: Amazon Web Services Inc. (USA)
Send/receive digital assets	Necessity of the Contract Performance	Wallet Information Transaction Information	Cloud computing and storage services: Amazon Web Services Inc. (USA) RPC providers (depends on the chain used for the transaction): QuikNode Inc. (USA) Alchemy Insights Inc. (USA) Triton One Limited (Isle of Man) Public nodes
Swap and Bridge digital assets	Necessity of the Contract Performance	Wallet Information Intended Transaction Information Transaction Information	Cloud computing and storage services: Amazon Web Services Inc. (USA) DEX Aggregators: ZeroEx Holdings Inc. (USA) 1Inch Foundation (Cayman Islands) Private Market Makers: Hashflow Foundation (Cayman Islands) RPC providers (depends on the protocol used for the transaction): QuikNode Inc. (USA) Alchemy Insights Inc. (USA) Triton One Limited (Isle of Man) Public nodes
Access to Staking services	Necessity of the Contract Performance	Log Information Product usage behaviour (clicks; In-app actions (e.g. application launch, the use of staking and yield action functionalities, pages viewed), time stamps); Wallet Information Transaction Information	Cloud computing and storage services: Amazon Web Services Inc. (USA) Staking/lending providers aggregator StakeKit LLC
Buy crypto through third parties	Necessity of the Contract Performance	Log Information Wallet Information Transaction Information	Cloud computing and storage services: Amazon Web Services Inc. (USA) Buy-crypto provider: Ramp Swaps Ltd (UK) MoonPay USA LLC (USA) Onramper Technologies B.V.(Netherlands)
Commence transaction/sign transaction via DApp	Necessity of the Contract Performance	Log Information Wallet Information Transaction Information	Cloud computing and storage services: Amazon Web Services Inc. (USA) RPC providers (depends on the protocol used for the transaction): QuikNode Inc. (USA) Alchemy Insights Inc. (USA) Triton One Limited (Isle of Man) Public nodes
Customer support	Legitimate interest is to ensure the proper level of communication and resolve users’ queries	Wallet Information Communications with our support team Optionally: Assets Information Transaction Information Email Social network account name	Cloud computing and storage services: Amazon Web Services Inc. (USA) Customer Support tools: Intercom Inc. (USA) Task manager tool: Atlassian Pty Ltd (Australia) Slack Technologies LLC (USA) Social Media (in case you reach us via social networks): Discord Inc. (USA) X Corp. (USA)
ANALYTICS :
Adjust quality of our services for your needs	The legitimate interest is to provide secure performance of the Interface	Browser Information Device Information Wallet Information Blockchain Data User Interactions with the Interface	Cloud computing and storage services: Amazon Web Services Inc. (USA) Analytic tools: UAB Euronitas (Epoch8) (Lithuania)
		Optional (can be opt-out):
		Browser Information Device Information Location date (City, Country)	Analytic tools: Google LLC (Firebase Analytics) (USA)
		Log Information User Interactions with the Interface	Analytic tools: Mixpanel Inc. (USA)
Provide users with updates via in-app stories	The legitimate interest is to receive necessary product update	Log Information App Stories view data	Analytic tools: App Samurai Inc (Storyly) (USA)
Provide personalized advertisements and links to Zerion services and products	The legitimate interest is to have links to the Zerion service in more efficient way for users	Log Information Engagement Data	Analytic tools: Branch Metrics, Inc. (USA)
Feedback collection	User’s consent	Log Information User Interactions with the Interface Communication/Feedback	Analytic tools: Refiner SASU (France)
Provide better quality of content at our Mirror page	The legitimate interest is to receive higher quality Mirror content	Log Information Engagement Data	Analytic tools: Google LLC (USA)
NOTIFICATIONS ALERT Please note that we collect data in cases below only with your CONSENT
Product and services updates from Zerion Blog	User’s consent	Email	Emails manager: Three Hearts Digital Ltd (UK)
Product and services updates via app notifications		Push token (device token)	Analytic tool: Google LLC (Firebase Analytics) (USA)
News and updates from Zerion Mirror page (https://zerion.mirror.xyz)		Email Wallet Address	Emails manager: Three Hearts Digital Ltd (UK) Mirror Services Reflective Technologies, Inc. (USA)
Subscription for early access to Zerion products		Email	Tool for collecting form: Typeform SL (Spain) Emails manager: Three Hearts Digital Ltd (UK)

HOW WE USE YOUR INFORMATION

Please find in the table below a list of various purposes for which we can process your personal data and the corresponding legal basis. The same personal data can be processed on a different legal basis, depending on its use and collection purposes.

Please note that when you initiate a transaction via a chain supported by Zerion Interface, the request is directed via the Zerion proxy with rpc.zerion.io url, so our node providers can’t identify the end user behind the request. However, it isn’t applicable to the usage of the DApp browser. You canreplace the default provider with any custom node URL and control to which RPC your transaction data is submitted

HOW WE PROTECT AND STORE INFORMATION

We endeavour to protect the privacy of personal data we hold in our records. However, unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. We protect your personal data from potential security breaches by implementing specific technological security measures, including encryption, ﬁrewalls, and secure socket layer technology. We also seek to protect personal data by refraining from collecting personal data where possible. However, these measures do not guarantee that your personal data will not be accessed, disclosed, altered or destroyed by a breach of such ﬁrewalls and secure server software.

WE DO NOT AND WILL NEVER STORE YOUR WALLET PASSWORD, PRIVATE KEY, OR SEED PHRASE TO YOUR WALLET. IF YOU LOSE ACCESS TO BOTH YOUR PASSWORD AND SEED PHRASE, WE WILL BE UNABLE TO HELP YOU ACCESS YOUR WALLET, AND ANY ASSETS HELD IN THE WALLET MAY BE PERMANENTLY IRRETRIEVABLE. WE URGE YOU TO KEEP THIS INFORMATION SAFE BY NOT DISCLOSING YOUR SECURITY CREDENTIALS OR LEAVING YOUR WALLET OPEN IN AN UNSECURED MANNER.

We retain your personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy. Please note that we don’t store any data related to the user for longer than five (5) years after the user erased his wallet (account). All data contained in logs is stored only for fourteen (14) days.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You have certain rights with respect to your personal data, including those set forth below. For more information about these rights or to submit a request, please email privacy@zerion.io or send your request via Interface finding in the App Settings “Feedback & Support” option. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary, to verify your identity and the nature of your request.

Access: You can request more information about the personal data we hold about you and request a copy of such personal data. You can also access certain of your personal data by visiting the Interfaces.
Rectiﬁcation: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can correct some of this information directly by editing them on the Interfaces.
Erasure: You can request that we erase some or all your personal data from our systems, provided that this will not erase any personal data you have submitted to the Ethereum network.
Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time by sending your request to privacy@zerion.io or accessing our Customer Support team.
Portability: You can request a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where it is technically feasible.
Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes.
Restriction of Processing: You can ask us to restrict further processing of your personal data.
Right to File Complaint: You have the right to lodge a complaint about Zerion’s practices with respect to your personal data with the supervisory authority of your country or European Union Member State.

THIRD-PARTY LINKS AND SERVICES

We may integrate technologies operated or controlled by other parties into parts of Interface. For example, Interface may include links that hyperlink to websites, platforms, and other services not operated or controlled by us. Please note that when you interact with these other parties, including when you leave the Interface, e.g. using Zerion DApp browser or launching transactions via third-party providers, those parties may independently collect information about you and solicit information from you. You can learn more about how those parties collect and use your data by consulting their privacy policies and other terms.

COOKIES AND OTHER TRACKING TECHNOLOGIES

Some device data, service data and third-party source data are collected through the use of first or third-party cookies and similar technologies. We do not collect, retain, or share data regarding a particular user's activity across multiple websites or applications not owned by Zerion. For more information, please see Zerion's Cookie Policy.

Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com .

TRANSFERS OF PERSONAL DATA

Services are hosted and operated in part in the United States (“U.S.”) through Zerion and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services and providing your information, you acknowledge that any personal data about you, regardless of whether provided by you or obtained from a third party, may be provided to Zerion in the U.S. and may be hosted on U.S. servers. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Policy. One such step we may take to ensure the security of your personal data in the event that a transfer may not be subject to the same protection in the EEA or Switzerland is to enter into speciﬁc contract clauses approved by the European Commission which ensure your personal data is given the same protection it has in Europe.

CHILDREN'S PERSONAL DATA

The Services are intended for a general audience and are not directed at children. We do not knowingly receive personal data (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. Consistent with the requirements of COPPA, if we learn that we have received any information directly from a child under age 13 without ﬁrst receiving his or her parent's veriﬁed consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Site and subsequently, we will delete that information. If you believe we have received personal data about a child under the age of 18, please contact us at privacy@zerion.io .

CHANGES TO THIS POLICY

We may modify this Privacy Policy from time to time which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by means of a notice on our Website or other Interface before the change becomes effective or as otherwise required by law.

СONTACT US

If you have any questions about this section or our data practices generally, please contact us using the following information:

Designated Representative Name: Evgeny Yurtaev
Physical address: 50 California Street Suite 1500, San Francisco, CA 94111
Email address for contact: privacy@zerion.io

CALIFORNIA PRIVACY RIGHTS

Under the CCPA, you have the following rights:

Right to Information/Know You can request whether we have collected your Personal data, and in certain cases, the following information about how we have collected and used your Personal data during the past 12 months:

The categories of Personal data we have collected.

The categories of sources from which we collected personal data.

The business or commercial purpose for collecting, sharing, and/or selling Personal data.

The categories of Personal data that we sold or disclosed for a business purpose.

The categories of third parties to whom Personal data was sold, shared, or disclosed for a business purpose.

Right to Access. You can request a copy of personal data that we have collected about you during the past 12 months.
Right to Correction. You can request that we correct inaccurate Personal data that we have collected about you.
Right to Deletion. You can ask us to delete personal data that we have collected from you.
Right to Opt-Out of Tracking for Targeted Advertising Purposes. While we do not sell Personal data for money, like many companies, we use services that help deliver targeted ads (also known as interest-based ads) to you, as we have described in the “How We Use Your Personal data” section above. The CCPA classifies our use of some of these services as “sharing” your Personal data with the advertising partners that provide the services, from which you have the right to opt-out.
Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.

HOW TO EXERCISE YOUR RIGHTS

Right to Information/Know, Access, Correction, and Deletion. You can exercise any of these rights by submitting a request through our Privacy Request Form or by mailing us at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA, Attention: Compliance.
Right to Opt-Out of Tracking for Targeted Advertising Purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by using our Cookie Management Center. Your request to opt-out will apply only to the browser and the device from which you submit the request.

Verification of Identity. We will need to verify your identity to process your information/know, access, correction, and deletion requests and reserve the right to confirm your California residency. To verify your identity, we will generally either require the successful login to your account or the matching of suﬃcient information you provide us to the information we maintain about you in our systems. Although we try to limit personal data collected in connection with a request to exercise your rights, certain requests may require us to obtain additional personal data from you. In certain circumstances, we may decline a request to exercise the right to know and the right to deletion, particularly where we are unable to verify your identity.

Authorized Agents. Your authorized agent may make a request on your behalf upon our verification of the agent's identity and our receipt of a copy of the valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity and provide us with written confirmation that you have given the authorized agent permission to submit the request.