Privacy Policy
Last updated: July 1, 2024
Introduction
DataCurve, Inc., (“DataCurve,” “we,” “us” or “our”) provides a platform that enable customers and users managed by customers to maintain a digital custodial, non-custodial, or smart wallet that manages access to digital assets on the blockchain and integrates with decentralized applications provided by third parties.
This privacy policy ("Privacy Policy") discloses our privacy practices for personal information we collect and use when you access our products, services, features, or content, without limitation, through our website at https://datacurve.io (the “Site”), our services to facilitate the creation, purchase, storage, and transfer of certain fungible or non-fungible tokens (“NFT(s)”), and software provided on or in connection with those services (collectively, the “Service(s)”), or when you apply or express interest in employment with DataCurve.
By accessing, browsing and/or otherwise using the Site and/or our Service, we collect the personal data of each user (the "User" or, indistinctly, the "Users") in accordance with this Privacy Policy and any other policy that may replace it in the future.
DataCurve’s Roles and Responsibilities
DataCurve is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated. Please note that this Privacy Policy does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as a “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own websites and applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Data via our cloud products and services.
Each of our customers, not DataCurve, controls whether they provide users with a log-in based account, wallet, smart wallet or other access to the DataCurve cloud service through a licensing agreement, subscription or other agreement, and if they provide users with such accounts or other access through their licensing agreement, subscription, or other agreement, customers control what information about users that they submit to our service. This content may include contact information (such as users first and last name, email address, and phone number), or other types of information that a user chooses to submit. Use of this content by DataCurve for a customer is governed by agreements between DataCurve and the customer but DataCurve may use this information for providing additional services to a user.
For detailed privacy information applicable to situations where a DataCurve customer (and/or a customer affiliate) who uses DataCurve’s cloud products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy. If not stated otherwise either in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a processor or service provider on behalf of a customer (and/or its affiliates), who is the responsible controller of the applicable Personal Data.
If your Personal Data has been submitted to us by or on behalf of a DataCurve customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly.
1. Acceptance of this Privacy Policy
By accessing, browsing and/or otherwise using the Site and/or our Services, you accept the terms of this Privacy Policy. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should discontinue access or use of our Site and Service.
2. Data Controller
The data controller responsible for the collection and processing of your personal data is DataCurve, domiciled at 276 State Street, Los Altos, CA 94022 (United States of America).
Personal Information and Data Sources
DataCurve collects and processes various information from users. This information may, in many cases, constitute users' personal data. This information will be considered "personal data" when it can directly identify or allow us to identify a natural person.
The categories of personal information we collect depend on how you interact with our Service and the requirements of applicable law. This personal data may have been directly provided by the User, when interacting on the Site or completing any of the available forms, or which may have been inferred from the relationship we have with you. Specifically:
A. Information you provide to us. To sell or purchase an NFT, establish an account with a wallet, and access our Service, we will request that you provide us with important information about yourself. If you choose not to share certain information with us, we may not be able to serve you effectively or offer you our Service. Any information you provide to us that is not required is voluntary. We collect information about you when you provide it to us, when you interact with our products and services, websites and electronic systems, and when other sources provide it to us, as further described below.
We may collect the following types of information from you:
1. User Data:
• Contact data, such as first and last name, email address, mailing address, and phone number.
• Personal identification information, such as date of birth, nationality, gender, signature, and photographs.
• Formal Identification Information, Government issued identity documents such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
• Communications Third-party platform usernames and identifying information or information that we exchange with you, including when you contact us through the Service, social media, or otherwise regarding the Service.
• Transaction data relating to or needed to complete your transactions through the Service, such as the wallet addresses, your name, the transaction amount, NFT, and/or timestamp.
• Security Information. Data used for security purposes to protect our products and services
2. Potential users and clients
• Marketing data such as your preference for receiving our marketing communications and details about your engagement with them.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
B. Information we may collect automatically about you.
1. Service Data. To the extent permitted under the applicable law, we, our service providers, and our business partners may automatically collect information about you, your computer, mobile device, and your interaction over time with the Service, our communications and other online services. Information collected automatically includes:
• Wallet data, in order to provide the Service, we will create an account with a custodial wallet address and will collect data about your wallet such as the NFT related attributes on the blockchain and details about transactions that you executed.
• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
2. Cookies and similar technologies. We, as well as third parties that provide content, or other functionality on the Service, may use cookies if permitted, local storage, and other technologies to automatically collect information through the Service. Examples of these technologies include:
• Cookies. Cookies are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
• Local storage technologies. These are technologies like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
• Web beacons. Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.
• Device Data. We may collect certain information from and about your device, such as unique device identifiers, browser type, the operating system installed on your device, certain device configurations, and similar device or version information (“Device Data”). We use Device Data to identify the location of the device, which we use to provide necessary disclosures, obtain necessary consents, prevent access to our products and services as required by applicable law, and comply with any other requirements applicable to DataCurve, to detect, investigate, and combat fraud, security incidents, and other deceptive or malicious behavior, and to help us determine that users from one type of device use our websites, products and services.
The Device Data we collect can include the following:
A. Location Data. We may collect information about your location when you use our websites, mobile applications, and products and services. Your location can be determined with varying degrees of accuracy by your IP address and information about things near your device, such as Bluetooth-enabled devices. The types of location data we collect and how long we store it depend in part on your device and settings. If we collect your precise geolocation data, we will do so only with your consent.
B. Metadata. We may collect metadata about you, including technical data about your performance or use of our website, products and services.
3. Analytics. We use website analytics software to help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails.
4. Social Sign In. Our Service allows you to sign in with Google SSO or third party social sign services. These features may collect your IP address and which page you are visiting on our Service, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.
If required by applicable law, in 1 – 4 above we will obtain the necessary consents or treat this information always under an appropriate legal basis.
C. Information we may receive from third parties.
We receive personal data about you from third parties:
• Due to mergers or acquisitions, when we obtain your data from another company.
• Public sources, such as government agencies, public records, social media platforms, identification verification partners, credit bureaus, and other publicly available sources.
• Data providers, such as information services and data licensors that provide demographic and other information.
• Public blockchain data, such as public addresses and public transaction data.
• Third-party services, such as Google or third party SSO or social media services, that you use to log into, or otherwise link to, your service or wallet account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service. These features may collect your IP address and which page you are visiting on our Service, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.
D. Use Of Personal Information
Our primary purpose in collecting personal information is to provide, develop and, ultimately, improve the provision of the Service, and to provide you with a customized experience. We may use your personal information for the following purposes - or as otherwise described at the time of collection:
1. Delivering our service. When you create your wallets with the DataCurve Service and use our Service, you accept our Terms of Service and thus enter into a contract. In order for us to fulfill our obligations under that agreement, we may need to access and process your personal information. We will not be able to service you if you do not include your details in your account registration or if, when you make a purchase or proceed to payment, you do not provide your personal details.
Within the framework of this purpose of treatment, we may use your personal information to:
§ fulfill our contract with you and third parties to provide the Service.
§ enforce our terms in our user agreement (e.g., Terms of Service) and other agreements.
§ provide Service communications.
§ provide customer service in responding to questions, comments, and other requests.
§ enhance your experience, improve Service, and develop new services.
§ ensure quality control.
Third parties such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services on our behalf.
2. Research and development. We may use your personal information to better understand the way you use and interact with our Service, including to analyze and improve the Service and our business and to develop new services.
3. Direct marketing. Based on your communication preferences, we may send you direct marketing communications. You may opt-out of marketing communications in every such communication we send you or as described in the Opt-out of marketing section below. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.
4. With your consent. We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
5. To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data identifiable to you.
We may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our Service, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.
Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.
6. Compliance and protection.
We may use your personal information to:
• comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities
• comply with anti-money laundering regulations and help detect, prevent, and mitigate fraud and abuse of our Service;
• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements or our internal policies; and
• enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
3. Legal bases for processing your information
For individuals who, at the time when we collect your personal data, are located in the European Economic Area, the United Kingdom or Switzerland (jointly, “EEA Residents''), our legal bases for processing your personal information pursuant to the EU General Data Protection Regulation (“GDPR”) will depend on the personal information at issue, the specific background where the personal information is collected and the purpose for which such information is used.
We usually only process your data where we are legally required to, where processing is necessary to perform our services and/or any agreements we entered with you, where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or rights, or where we have obtained your consent to do so.
Below is a list of how we use your personal information with the corresponding legal bases for processing:
a. to enforce our terms in our user agreement and other agreements.
b. to provide the Service (including any content provided by the NFT project creator/seller, when applicable);
c. to provide Service communications
d. to provide customer service; and
e. to ensure quality control
Based on our agreement with you, or to take steps at your request prior to entering into an agreement, or based on your agreement with one of our clients.
i. for research and development purposes;
ii. to enhance your experience; and
iii. to engage in direct marketing activities
Based on our legitimate interests. When we process your personal data for our legitimate interests, we ensure that we balance any potential impact on you and your rights under applicable laws.
i. to maintain legal and regulatory compliance, including but not limited to anti-money laundering regulations;
ii. to detect and prevent fraud, funds loss, spam or other malware or security risks, as well as any other illegal activity
iii. to ensure network and information security;
iv. to audit our internal systems; and
v. protect our, your or others’ rights, privacy, safety or property.
Based on our legal obligations or the public interest.
i. to enhance your experience;
ii. to engage in third party marketing activities;
iii. to manage our recruiting and process employment applications; and
iv. for any purpose to which you consent.
Based on your consent.
4. How We Share Your Personal Information
The holdings and transactions associated with a wallet address are publicly available on the blockchain. Therefore, information about your holdings and transactions will be accessible to third parties due to the nature of the blockchain. We may share your personal information with the following categories of third parties and as otherwise described in this Privacy Policy or at the time of collection:
Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Our Customers. We may share your Contact data with our customers who deploy our Services of any NFTs you purchase through the Service.
Service providers. We may share your personal information with our third-party service providers that provide services on our behalf or help us operate the Service or our business. This includes service providers that provide us with technology support, hosting, payment processing (including financial institutions with which we partner to process payments you have authorized), transaction monitoring, customer service, auditing, analytics, maintenance, security or other related business purposes. We may use third-party Application Program Interfaces (“APIs”) and Software Development Kits (“SDKs”) as part of the functionality of our Service.
Additionally, we may share your personal information with third party identity verification services in order to prevent fraud. This allows us to confirm your identity by comparing the information you provide us to public records and other third-party databases. These service providers may create derivative data based on your personal information that can be used in connection with the provision of identity verification and fraud prevention services.
Authorities and others. We may release your information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above (including an investigatory or enforcement action by the Federal Trade Commission (FTC) or any other U.S. authorized statutory body).
Business Transferees. We may release your information to a third party if we are involved in a merger, acquisition, or sale of all or a portion of our stock or assets. If this occurs, you will be notified of any change to this Privacy Policy, as well as any choices you may have regarding your personal information.
Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
5. International Data Transfers
Your Personal Data may be collected, transferred to, processed, and stored by us in the United States, and by our affiliates, service providers, and third parties that are based in other countries. The addresses of our offices where DataCurve and its affiliates are located can be found online at https://datacurve.io
Some of the countries where your Personal Data may be processed, including the United States, are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and may lack data protection laws as comprehensive as or may not provide the same level of data protection as your jurisdiction, such as the European Economic Area, the United Kingdom, or Japan. For example, as of the effective date of this policy, the United States does not have a federal privacy law that covers all types of data; however, privacy is regulated by federal and state agencies and by various state laws. In light of regional differences, DataCurve has put in place various safeguards and the security measures described above. For example, when we share Personal Data, we take reasonable steps so that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate agreements containing relevant data protection provisions or we will ask you for your prior consent to such international data transfers.
DataCurve complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. DataCurve has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Auth0, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DataCurve commits to resolve complaints about our collection or use of your personal data transferred to the U.S. pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU individuals with inquiries or complaints should contact DataCurve at [email protected]. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, you can refer your unresolved inquiries or complaints to the Data Privacy Framework Services owned and operated by BBB National Programs here. The services of the Data Privacy Framework Services are provided at no cost to you. If your DPF Principles-related complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms, as described here. Individuals located in the EEA, UK or in Switzerland with DPF Principles-related inquiries or complaints may email or write to us, using the contact information described in the “Contact Us” section below.
6. Your Privacy Choices
Access or update your information. If you have registered for a wallet through the Service, you may review and update certain account information by contacting us.
Opt-out of marketing communications. You may receive transaction-related emails regarding the Service you have requested. We may also send you certain non-promotional communications regarding us and our Service and you will not be able to opt out of those communications (e.g., communications regarding the Service or updates to our Terms of Service or this Privacy Policy).
You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email.. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails pursuant to your use of the Service.
Cookies and similar technologies. You may stop or restrict the placement of cookies and web beacons on your device or remove them by adjusting your preferences as your browser or device permits.
Linked third-party platforms. If you choose to connect to the Service through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which we collected it to provide the Service, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes, or as otherwise communicated to you.
8. Information Security
We take steps to secure your information in accordance with this Privacy Policy. We have technical and administrative safeguards to protect the security and confidentiality of your personal information. Unfortunately, no system is 100% secure when transmitting and storing data, and we cannot ensure or warrant the security of any information you provide to us.
By using the Service or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Service. If we learn of a breach, we may attempt to notify you electronically by posting a notice on the Site or by sending you an email.
9. Third Party Websites or Applications
The Service may contain links to other websites/applications and other websites/applications may reference or link to our Service. In addition, our content may be integrated into websites or other online services that are not associated with us. We encourage our users to read the privacy policies of each website and application with which they interact. These third- party services are not controlled by us. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
10. Changes to our Privacy Policy
We may, in our sole discretion, change this Privacy Policy from time to time by posting a revised version at https://datacurve.io/privacy-policy. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
11. Your privacy rights
Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information, as disclosed below. If any of these rights are not provided under law for the jurisdiction in which you reside, we reserve our right to provide you with those rights.
Access: you have the right to obtain the confirmation that your personal information is being processed as well as the right to obtain a copy of such information.
Rectification: you may request the rectification of any personal information held by us which you deem inaccurate. You can also change your personal information directly in your account at any time.
Deletion: you can, in some cases, have your personal information deleted. However, please note that even after closing your account we may keep certain account information in our database pursuant to applicable law and to assist law enforcement.
Portability: in some cases, you can ask to receive your personal information which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your personal information on your behalf directly to another data controller.
Withdraw consent: to the extent we are processing your information based on your consent, you have the right to withdraw your consent at any time. This withdrawal does not affect the lawfulness of the processing based on the consent given before the withdrawal.
Note these rights may be limited where we can demonstrate we have a legal requirement to process your personal data.
12. Contact Us
If you have any questions about our privacy practices or this Privacy Policy or would like to file a complaint, please contact us at:
Company Name:
DataCurve, Inc.
Mailing Address:
276 State Street
Los Altos, CA 94022
Email: [email protected]
13. Dispute Resolution
At DataCurve, we prioritize your concerns and are committed to resolving any complaints or disputes in a timely and fair manner. If you have a complaint, you may bring it directly to our attention by contacting us at [email protected]
14. Applicable Law and Jurisdiction
For all users, the laws of the State of Delaware, United States, shall govern all matters related to the Site or the activities carried out therein. The parties expressly submit themselves to the Courts of Delaware, United States, for the resolution of all disputes arising from or related to its use.
External Links:
• DPF preparation link: https://www.dataprivacyframework.gov/s/article/How-to-Join-the-Data-Privacy-Framework-DPF-Program-part-1-dpf
• DPF Principles: https://www.dataprivacyframework.gov/s/framework-text
• BBB Link: https://bbbprograms.org/programs/all-programs/dpf/join-dpf