Privacy Policy

This Privacy Policy (“Policy”) describes how dYdX Trading Inc. and its affiliates (“dYdX”, “we”, “us” or “our”) may collect, process, use, safeguard and disclose personal information, and your rights choices regarding this information. For the purposes of this Policy, “personal information” is any information related to an identified or identifiable individual.

Please note that we may change this Policy from time to time. We encourage you to review this Policy periodically.

Please read this Policy carefully. You can contact us with questions using the details in the “Contact Us” section of this Policy.

Applicability of This Policy

This Policy applies to personal information collected in connection with the Services (in each case, as defined in the Terms of Use). If you do not agree with the terms of this Policy, do not access or use the Services, or any other aspect of our business.

What We Collect

When you interact with the Services, we may collect personal information about you from different sources listed below.

Personal information you provide to us

• Contact Information, such as your name, email address, physical address and country information.

• Financial Information, such as your Ethereum network address, cryptocurrency wallet information, transaction history, trading data and associated fees paid.

• Transaction Information, such as information about the transactions you make on the Services, such as the type of transaction, transaction amount, and timestamp.

• Correspondence, such as your feedback, questionnaire and other survey responses, and information you provide to our support teams, including via our help chat or social media messaging channels.

Personal information collected via automated means

• Online Identifiers, such as username, geo-location or tracking details, browser fingerprint, operating system, browser name and version, and IP addresses.

• Usage and Diagnostics Data, such as conversion events, user preferences, crash logs, device information and other data collected via cookies and similar technologies.

• Information from cookies and other tracking technologies. We, and third parties we authorize, may use cookies, web beacons, and similar technologies to record your preferences, track the use of the Services, including our mobile applications, and collect information about the use of the Services, as well with other information we collect about you. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of the Services may not function properly.

Personal information we receive from third parties

• Information We Receive from Third Parties. Sometimes, we receive personal information about you from other sources as required or permitted by applicable law, including public databases. We may combine the information collected from these sources with the information we get from the Services in order to comply with our legal obligations and limit the use of the Services in connection with fraudulent or other illicit activities.

How We Use Information

We use your personal information in accordance with your instructions, including any applicable terms in the Terms of Use, and as required by applicable law. We may also use the personal information we collect for:

• Providing Services and Features. We may use the personal information we collect to provide, maintain, and improve the Services, including as we described in the Terms of Use. In particular we will use your personal information to perform our contractual obligation towards you to allow you to browse and use the Services. This includes using information to:

  • operate, maintain, customize, measure, and improve the Services, and manage our business;

  • create and update user accounts;

  • process transactions; and

  • send information, including confirmations, notices, updates, security alerts, and support and administrative messages.

• Safety and Security. It is in our legitimate business interest to use your personal information to help maintain the safety, security, and integrity of you and the Services, including to:

  • protect, investigate, and deter against fraudulent, unauthorized, or illegal activity;

  • monitor and verify identity or service access, combat spam, malware or security risks;

  • perform internal operations necessary to provide the Services, including to troubleshoot software bugs and operational problems;

  • enforce our agreements with third parties, and address violations of our Terms of Use or agreements for other products or services; and

  • comply with applicable security laws and regulations.

• Customer Support. If you reach out to us for support, it is in our legitimate business interest touse your personal information to provide customer support, including to:

  • direct questions to the appropriate customer support person;

  • investigate and address user concerns; and

  • monitor and improve our customer support responses and processes.

• Personalization. We may use your personal information to personalize your experience and use of the Services and our communications.

• Research and Development. It is in our legitimate business interest to use your personal information for testing, research, analysis, and product development to improve your experience. This helps us to improve and enhance the safety and security of the Services, improve our ability to prevent the use of the Services for illegal or improper purposes and develop new features and products relating to the Services.

• Legal and Regulatory Compliance. It is in our legitimate interests to enforce compliance with our terms and policies, including our Terms of Use, to ensure the integrity of the Services and to defend ourselves against legal claims or disputes. Where we do so, we will use the personal information relevant to such a case. We may also verify your identity by comparing the personal information you provide against third-party databases and public records and we use personal information to investigate or address claims or disputes relating to use of the Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.

• Direct Marketing. Except where consent is required, it is in our legitimate interest to use the information we collect to market the Services to you. This may include sending you communications about the Services, features, promotions, surveys, news, updates, and events, and managing your participation in these promotions and events. If you do not want us to send you marketing communications, please opt out by selecting “unsubscribe” to any marketing email sent by us or by contacting us using the details in the “Contact Us” section of this Policy.

• Anonymization and Aggregation. It is in our legitimate interests to aggregate or anonymize personal information in a form that does not allow you to be personally identified and use the resulting information for statistical analysis regarding the use of the Services, such as to better understand our customer base, or for other purposes.

When We Share and Disclose Information

We may share your information in the following circumstances:

• To Comply with Our Legal Obligations. We may share your information: (a) to cooperate with government investigations; (b) when we are compelled to do so by a subpoena, court order, or similar legal procedure; (c) when we believe in good faith that the disclosure of personal information is necessary to prevent harm to another person; (d) to report suspected illegal activity; or (e) to investigate violations of our Terms of Use, agreements for other products or services, or any other applicable policies.

• With Service Providers or Other Third Parties. We may share your personal information with service providers or other third parties who help facilitate business and compliance operations, such as marketing and technology services.

• Partners. We may share your personal information with business partners, for example marketing partners, subject to any consent requirements.

• Affiliates. We may share your personal information with our subsidiaries and affiliates, for purposes consistent with this Policy.

• During a Change to Our Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all of your personal information may be shared or transferred, subject to standard confidentiality arrangements.

• Aggregated or De-identified Data. We may share aggregated or anonymized data with other persons for their own uses.

International Data Transfers

We, our affiliates, subsidiaries and trusted third-party suppliers may process your personal information outside of your home country. Data privacy laws in the countries to which your personal information is transferred may not be equivalent to, or as protective as, the laws in your home country.

When we transfer your personal information internationally, subject to any limitations under any applicable law, we will ensure that relevant safeguards are in place to afford adequate protection for your personal information and comply with any applicable data protection laws. For more information about how we transfer personal information internationally, please contact us using the details in the “Contact Us” section of this Policy.

Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention procedures, and in accordance with applicable laws or until you withdraw your consent (where applicable).

To determine the appropriate retention period for your personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights and Choices

To view or update your information, contact us using the details in the “Contact Us” section of this Policy.

If provided under any applicable law and subject to any limitations in such law, you may:

• Ask us for access to your personal information we hold;

• Request corrections or deletions of your personal information;

• Request to restrict the processing of your personal information, or object to that processing;

• Withdraw your consent (where we are processing your personal information based on your consent) to the processing of your personal information;

• Request for the receipt or the transfer to another organization, in a machine-readable form, of the personal information that you have provided to us; and

• Complain to your local data protection authority of violation of your privacy rights, or your suffering as a result of unlawful processing of your personal information.

Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may have valid legal reasons to refuse your request, and will inform you if that is the case. If you would like to exercise your rights, or for more information on your rights, please contact us using the details in the “Contact Us” section of this Policy.

Security

We maintain administrative, technical and physical safeguards designed to protect the personal information we maintain against unauthorized access, use, disclosure, alteration or destruction in line with applicable data protection and privacy laws and we require our third-party service providers to implement appropriate safeguards.

No system can be completely secure. Therefore, although we take steps to secure you information, we cannot guarantee that your information, searches or other communication will always remain secure. You are responsible for all activity on the Services relating to any of your Ethereum network addresses or cryptocurrency wallets.

Age Limitations

To the extent prohibited by applicable law, we do not allow use of the Services by anyone younger than 18 years old. If you learn that anyone younger than 18 years old has unlawfully provided us with personal data, please contact us using the details in the “Contact Us” section of this Policy and we will take steps to delete such information, close any such accounts, and, to the extent possible, prevent the user from continuing to use the Services.

Third-Party Matters

Through the Services, we may provide links to websites, mobile applications or any other online assets that are not owned or controlled by us. This Policy does not apply to those websites. If you choose to use those websites, please check the legal and privacy statements posted on each website, mobile application or the online asset you access to understand their privacy practices. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

For the avoidance of doubt, any TradingView charts displayed on the Site is governed by this Policy and not by TradingView’s Privacy Policy.

Changes to This Policy

If we make any changes, we will change the Last Updated date above. We encourage you to review this Policy to stay informed. If we make material changes, we will provide additional notice.

Online Tracking

Cookies are small text files of letters and numbers that are stored and accessed on your browser or the hard drive of your device. Like many companies online, we use services provided by Google and other companies that use cookies and other tracking technology to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet.

The use of these technologies will improve your experience when you browse or use the Services, and allow us to enhance the functionality of the Services, increase security, and measure the use and effectiveness of the Services.

This Policy also governs:

• Pixels: A pixel is a small amount of code on a web page or in an email notification that typically works in conjunction with cookies to identify users and record user behavior. We use pixels to learn whether you have interacted with certain web or email content. This helps us measure and improve the Services and personalize your experience.

• Local Storage: Local storage is an industry-standard technology that allows a website or application to store information locally on your computer or mobile device. We use local storage, including HTML5, to customize what we show you based on your content consumption and other past interactions with the Services.

• Device Identifiers: Device identifiers are distinctive numbers associated with a smartphone or similar handheld device. We use mobile device identifiers for purposes set out in this Policy, for example to recognize your device when you return to the Services or otherwise use the Services.

We use the following types of cookies:

• Strictly necessary cookies: These cookies are necessary for the Services to function and cannot be switched off in our systems. They allow us to enable security, prevent fraud and debug the website and are usually only set in response to actions made by you which amount to a request for Services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but then some parts of the Services will not work.

• Analytical or Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the Services. They help us to know which pages are the most and least popular and see how visitors move around the Services. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited the Services and will not be able to monitor its performance.

• Functional cookies: These are used to recognize you when you return to the Services. This enables us to personalize our content for you, greet you by name and remember your account preferences.

• Marketing cookies: These cookies are used by third-party advertisers or publishers to display personalized advertising. They do this by tracking your activity across websites.

We use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period of time or until you delete them, while session cookies are deleted once you close your web browser. The cookies placed through your use of the Services are either set by us (first-party cookies) or by a third party at our request (third-party cookies)

You have a number of options to object, control or limit how we, our partners, and other third parties use cookies. You can block cookies through the mechanisms described below. However, note that cookies are important to many aspects of the Services. If you disable all cookies, you may not be able to enjoy all features of the Services.

• Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

• Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

• Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third-party cookies or trackers.

• Platform opt-outs. The following advertising partner offers opt-out features that let you opt-out of use of your information for interest-based advertising:

  • Google: https://adssettings.google.com.

• Advertising industry opt-out tools. You can also use the opt-out options set forth below to limit use of your information for interest-based advertising by participating companies. Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

  • Digital Advertising Alliance: http://optout.aboutads.info

  • Network Advertising Initiative: http://optout.networkadvertising.org/

Notice to California Residents (“CCPA Notice”)

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide this CCPA Notice to California residents to explain how we collect, use and share their personal information, and the rights and choices we offer California residents regarding our handling of their personal information.

CCPA Scope and Exclusions

This CCPA Notice, including the description of our Privacy Practices and your Privacy Rights, apply only to California residents whose interactions with us are limited to:

• visiting our consumer websites; and

• signing up for email alerts.

This CCPA Notice does not apply to the personal information we collect, use or disclose about:

• individuals who provide information to us to initiate or complete the process of trading on our platform, which are subject to the notice set forth in the "Additional Disclosure" section of this Policy; or

• representatives of businesses that seek to obtain our products or Services, or to provide products or services to us.

Privacy Practices

We do not “sell” the personal information (as defined in the CCPA) we collect for monetary value (and will not sell it without providing a right to opt out). Like many companies, we may use third-party cookies for our advertising purposes. If you would like to learn how you may opt out of our use of cookies and other tracking technologies, please review the instructions provided in the "Online Tracking" section of this Policy.

Privacy Rights

The CCPA grants individuals the following rights:

• Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. For details about the personal information we have collected over the last 12 months, including the categories of sources, please see the "What We Collect" section of this Policy. We collect this information for the business and commercial purposes described in the How We Use Information section of this Policy. We share this information with the categories of third parties described in the "When We Share and Disclose Information" section of this Policy.

• Access. You can request a copy of the personal information that we maintain about you.

• Deletion. You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will also respond to requests for information and access only to the extent we are able to associate, with a reasonable effort, the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request

To request access to or deletion of personal information, contact us using the details in the “Contact Us” section of this Policy.

Identity Verification

The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.

Authorized Agents

California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.

Additional Disclosure for Our Consumers and Customers (“Additional Disclosure”)

This Additional Disclosure governs our collection, use and sharing of personal information that users provide to us to initiate or complete the process of trading on the dYdX protocol. To the extent there are conflicting provisions between this "Additional Disclosure" section and other sections of this Policy, this "Additional Disclosure" section will govern.

The types of personal information we collect and share can include:

• Contact details

• IP addresses

• Trading history

• Cryptocurrency balances and wallets

• Conversion events

Notwithstanding anything to the contrary in this Policy, when you are no longer our customer, we continue to share your information as described in this Additional Disclosure.

Reasons We Can Share Your Personal Information

We need to share users’ personal information to operate certain aspects of the dYdX protocol and our business. Whether we share your personal information, the reasons for which we share your personal information and whether you can limit this sharing include the following:

• We share users’ personal information for our everyday business purposes, such as to process and match your orders and respond to court orders and legal investigations. You cannot limit our sharing of this information.

• Subject to any consent requirements in any applicable laws, we may share users’ personal information for our marketing purposes, such as to offer our products and services to you.

• We do not share users’ personal information for joint marketing with financial companies.

• We do not share users’ personal information for our affiliates’ everyday business purposes.

• We do not share users’ personal information for our affiliates to market to you.

• We share users’ personal information for nonaffiliates to market to you.

How Does dYdX Collect My Personal Information?

We collect your personal information, for example, when you deposit cryptoassets in the dYdX protocol, make trades using the dYdX protocol, or withdraw cryptoassets from the dYdX, protocol.

We may also collect your personal information from other companies.

Why Can’t I Limit All Sharing?

Applicable laws give you the right to limit only (a) sharing for affiliates’ everyday business purposes, (b) affiliates from using your information to market to you, and (c) sharing for nonaffiliates to market to you.

State laws, regional laws and individual companies may give you additional rights to limit sharing. See above for more on your rights under state law.

As used in this "Additional Disclosure" section, “affiliates” refer to companies related by common ownership or control; “nonaffiliates” refer to companies not related by common ownership or control; and “joint marketing” refers to a formal agreement between nonaffiliated financial companies that together market financial products or services to you.

Contact Us

dYdX is the entity responsible for the processing of your personal information. Please contact us if you have any questions about this Policy or if you are seeking to exercise any of your statutory rights. We will respond within a reasonable time frame. You may contact us at privacy@dydx.exchange or at our mailing address below:

Privacy Officer

dYdX Trading Inc.

44 Montgomery Street, Suite 2310

San Francisco, California 94104