Last updated September 15, 2022
Please read this Policy carefully and contact us with questions at firstname.lastname@example.org.
Applicability of This Policy
What We Collect
When you interact with our Services, we may collect:
Contact Information, such as your name, email address, physical address and country information.
Financial Information, such as your Ethereum network address, cryptocurrency wallet information, transaction history, trading data and associated fees paid.
Transaction Information, such as information about the transactions you make on our Services, such as the type of transaction, transaction amount, and timestamp.
Correspondence, such as your feedback, questionnaire and other survey responses, and information you provide to our support teams, including via our help chat or social media messaging channels.
Online Identifiers, such as username, geo location or tracking details, browser fingerprint, operating system, browser name and version, and IP addresses.
Usage and Diagnostics Data, such as conversion events, user preferences, crash logs, device information and other data collected via cookies and similar technologies.
Information We Get from Others. We may get information about you from other sources as required or permitted by applicable law, including public databases. We may combine the information collected from these sources with the information we get from this Site in order to comply with our legal obligations and limit the use of our Services in connection with fraudulent or other illicit activities.
How We Use Information
operate, maintain, customize, measure, and improve our Services, and manage our business;
create and update user accounts;
send information, including confirmations, notices, updates, security alerts, and support and administrative messages; and
to create de-identified or aggregated data.
Safety and Security. We may use your information to help maintain the safety, security, and integrity of you and our Services, including to:
protect, investigate, and deter against fraudulent, unauthorized, or illegal activity;
monitor and verify identity or service access, combat spam, malware or security risks;
perform internal operations necessary to provide our Services, including to troubleshoot software bugs and operational problems;
comply with applicable security laws and regulations.
Customer Support. We may use information we collect to provide customer support, including to:
direct questions to the appropriate customer support person;
investigate and address user concerns; and
monitor and improve our customer support responses and processes.
Research and Development. We may use the information we collect for testing, research, analysis, and product development to improve your experience. This helps us to improve and enhance the safety and security of our Services, improve our ability to prevent the use of our Services for illegal or improper purposes and develop new features and products relating to our Services.
Legal and Regulatory Compliance. We may verify your identity by comparing the personal information you provide against third-party databases and public records. We may use the information we collect to investigate or address claims or disputes relating to use of our Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
Direct Marketing. We may use the information we collect to market our Services to you. This may include sending you communications about our Services, features, promotions, surveys, news, updates, and events, and managing your participation in these promotions and events. If you do not want us to send you marketing communications, please opt out by selecting “unsubscribe” to any marketing email sent by us or by contacting us at email@example.com.
How We Share and Disclose Information
We may share your information in the following circumstances:
With Your Consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies.
With Service Providers or Other Third Parties. We may share your information with service providers or other third parties who help facilitate business and compliance operations, such as marketing and technology services.
During a Change to Our Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all of your information may be shared or transferred, subject to standard confidentiality arrangements.
Aggregated or De-identified Data. We may share aggregated or anonymized data with other persons for their own uses.
To view or update your information, contact us at firstname.lastname@example.org. We store your information throughout the life of your use of the Services and thereafter.
We maintain administrative, technical and physical safeguards designed to protect the personal information we maintain against unauthorized access or disclosure and require our third-party service providers to have appropriate safeguards. No system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure. You are responsible for all activity on the dYdX protocol relating to any of your Ethereum network addresses or cryptocurrency wallets.
To the extent prohibited by applicable law, we do not allow use of our Services or Sites by anyone younger than 18 years old. If you learn that anyone younger than 18 years old has unlawfully provided us with personal data, please contact us at email@example.com and we will take steps to delete such information, close any such accounts, and, to the extent possible, prevent the user from continuing to use our Services.
Changes to This Policy
If we make any changes, we will change the Last Updated date above. We encourage you to review this Policy to stay informed. If we make material changes, we will provide additional notice, such as via the email specified in your account or through the Services or Sites.
Online Tracking Opt-Out Guide
Like many companies online, we use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies—such as cookies and web beacons—to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third-party cookies or trackers.
Platform opt-outs. The following advertising partner offers opt-out features that let you opt-out of use of your information for interest-based advertising:
Advertising industry opt-out tools. You can also use the opt-out options set forth below to limit use of your information for interest-based advertising by participating companies. Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Digital Advertising Alliance: http://optout.aboutads.info
Network Advertising Initiative: http://optout.networkadvertising.org/
Notice to California Residents ("CCPA Notice")
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide this CCPA Notice to California residents to explain how we collect, use and share their personal information, and the rights and choices we offer California residents regarding our handling of their personal information.
CCPA Scope and Exclusions
This CCPA Notice, including the description of our Privacy Practices and your Privacy Rights, apply only to California residents whose interactions with us are limited to:
visiting our consumer websites; and
signing up for email alerts; and
This CCPA Notice does not apply to the personal information we collect, use or disclose about:
individuals who provide information to us to initiate or complete the process of trading on our platform, which are subject to the notice set forth in the Additional Disclosure section of this Policy; or
representatives of businesses that seek to obtain our products or Services, or to provide products or services to us.
The CCPA grants individuals the following rights:
Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. For details about the personal information we have collected over the last 12 months, including the categories of sources, please see the What We Collect section of this Policy. We collect this information for the business and commercial purposes described in the How We Use Information section of this Policy. We share this information with the categories of third parties described in the How We Share and Disclose Information section of this Policy.
Access. You can request a copy of the personal information that we maintain about you.
Deletion. You can ask us to delete the personal information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will also respond to requests for information and access only to the extent we are able to associate, with a reasonable effort, the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination.
How to Submit a Request
To request access to or deletion of personal information to firstname.lastname@example.org.
The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.
California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Notice to European Union Residents ("GDPR Notice")
In accordance with the General Data Protection Regulation (the “GDPR”), we are providing this GDPR Notice to European Union (“EU”) residents to explain how we collect, use and share their personal data (as defined in the GDPR), and the rights and choices we offer EU residents regarding our handling of their personal information.
We process personal data for the purposes described in the How We Use Information section of this Policy. As an EU resident, you have various rights in connection with the processing of your personal data as follows:
You have the right to information about your personal data processed by us and to the following information: (a) the processing purposes; (b) the categories of personal data being processed; (c) the recipients or categories of recipients to whom the personal data have been or are being disclosed, in particular recipients in third countries or international organizations; (d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; (e) the existence of a right to rectification or deletion of your personal data, to restricting the processing of your personal data or to objecting to such processing; (f) the existence of a right of appeal to a supervisory authority; (g) if the personal data is not collected from you, all available information about the origin of the data; (h) the existence of automated decision-making and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject; and (i) in the case of the transfer of personal data to a third country or an international organization, on the appropriate safeguards in relation to the transfer.
You have the right to immediately request the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the completion of incomplete personal data, by means of providing a supplementary statement.
You have the right to request the immediate erasure of personal data concerning you and we are obliged to delete this data immediately if one of the following reasons applies: (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent on which the processing was based under Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing; (iii) you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing or you object to the processing pursuant to Article 21(2) of the GDPR; (iv) your personal data has been processed unlawfully; (v) the deletion of your personal data is necessary to fulfill a legal obligation under EU law or the law of the member states to which we are subject; (vi) the personal data have been collected in relation to information society services provided in accordance with Article 8(1) of the GDPR. If we have made personal data public and are obliged to erase personal data in accordance with Article 17(1) of the GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform controllers who process the personal data you have requested the erasure by such controllers of any links to or copies or replications of, such personal data.
The rights in the foregoing paragraph do not apply to the extent that processing is necessary (A) to exercise the right of freedom of expression and information; (B) to fulfill a legal obligation required for processing under EU law or the law of the member states to which we are subject; or (C) to assert, exercise or defend legal claims.
You have the right to request us to restrict processing if one of the following conditions is met: (1) the accuracy of the personal data is contested by you, for a period of time that enables us to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose to delete the personal data and instead requests the restriction of the use of your personal data; (3) we no longer need your personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims; or (4) you have objected to the processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate interests of our company override your legitimate interests.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance, provided that the processing is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means. When exercising your right to data portability, you have the right to have your personal data transferred directly by us to another controller, to the extent that such transfer is technically feasible.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
You have the right to revoke your consent to the processing of your personal data at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.
If you wish to assert your rights to information, correction, deletion or restriction of processing, object to data processing or revoke your consent to data processing, please send an email to email@example.com. If you consider that the processing of personal data concerning you infringes the GDPR, then you can lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement.
Additional Disclosure for Our Consumers and Customers ("Additional Disclosure")
This Additional Disclosure governs our collection, use and sharing of personal information that users provide to us to initiate or complete the process of trading on the dYdX protocol. To the extent there are conflicting provisions between this Additional Disclosure and other sections of this Policy, this Additional Disclosure will govern.
The types of personal information we collect and share can include:
Cryptocurrency balances and wallets
Notwithstanding anything to the contrary in this Policy, when you are no longer our customer, we continue to share your information as described in this Additional Disclosure.
Reasons We Can Share Your Personal Information
We need to share users’ personal information to operate certain aspects of the dYdX protocol and our business. Whether we share your personal information, the reasons for which we share your personal information and whether you can limit this sharing include the following:
We share users’ personal information for our everyday business purposes, such as to process and match your orders and respond to court orders and legal investigations. You cannot limit our sharing of this information.
We share users’ personal information for our marketing purposes, such as to offer our products and services to you. You cannot limit our sharing of this information.
We do not share users’ personal information for joint marketing with financial companies.
We do not share users’ personal information for our affiliates’ everyday business purposes.
We do not share users’ personal information for our affiliates to market to you.
We share users’ personal information for nonaffiliates to market to you.
How Does dYdX Protect My Personal Information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured ﬁles and buildings.
How Does dYdX Collect My Personal Information?
We collect your personal information, for example, when you deposit cryptoassets in the dYdX protocol, make trades using the dYdX protocol, or withdraw cryptoassets from the dYdX protocol.
We may also collect your personal information from other companies.
Why Can’t I Limit All Sharing?
Applicable laws give you the right to limit only (a) sharing for affiliates’ everyday business purposes, (b) affiliates from using your information to market to you, and (c) sharing for nonaffiliates to market to you.
State laws, regional laws and individual companies may give you additional rights to limit sharing. See above for more on your rights under state law.
As used in this Additional Disclosure section, “affiliates” refer to companies related by common ownership or control; “nonaffiliates” refer to companies no related by common ownership or control; and “joint marketing” refers to a formal agreement between nonaffiliated financial companies that together market financial products or services to you.
Please contact us if you have any questions about this Policy or if you are seeking to exercise any of your statutory rights. We will respond within a reasonable timeframe. You may contact us at firstname.lastname@example.org or at our mailing address below:
Privacy Officer dYdX Trading Inc. 44 Montgomery Street, Suite 2310 San Francisco, California 94104