1inch Wallet Privacy Policy  

Last update: October 12, 2023

At 1inch Limited (hereafter “1inch Limited”, "we", "us", "our"), one of our main priorities is the privacy of  the users of our 1inch Wallet Application (the “Application”, “App”). That’s the reason why, to the  maximum extent possible, we try to collect as little of your personal data as possible. However, since we  still need to process some personal data, we have put in place policies and practices to ensure it all goes  smoothly and that everything is secured.

This privacy policy is intended to inform you about the processing of your personal data we carry out  when you use the Application (the “Privacy Policy”, the “Policy”). Therefore, it applies to all of your  interactions with us via the Application, and your interactions with us in connection therewith. This  Privacy Policy, however, is not applicable to any processing of personal data collected via channels other  than this Application (including any other services or applications provided by third parties). For those,  we advise you to consult the corresponding privacy policies.

1. Identity of the Data Controller

We, 1inch Limited, act as the data controller of the processing of your personal data. It means that we  decide “why” and “how” your personal data is processed in connection with the Application.

To contact us, please refer to Section 10 (Contact us) of this Policy.

2. Categories of Data We Process

When you use our Application, the categories of personal data that we collect are the following: Data you provide to us when using the Application:  

any data you create through the Application, including public wallet addresses;  any data related to your use of the Application;

any identification data you voluntarily provide when contacting us via the Application (e.g., last  name, first name, e-mail address, username, etc.); and

where applicable, any personal data included in any incident reports or any support requests you  submit regarding issues encountered using our Application.

Data automatically collected when you use the Application:  

We may use tracking technologies to automatically collect data from when you use, access, or otherwise  interact with the Application. Such data does not reveal your specific identity (such as your name or  contact information), but may include the following:

any technical information when accessing and using the Application (e.g., IP address, connection  data, type of browser used, download errors, diagnostic, crash and performance logs and reports,  device identifiers, pages accessed, and the duration of the pages’ views, etc.);

any analytics data (e.g., the IP address of the device you use to access the Application; the type  of browser software you are using; the operating system you are using; the date and time you  access the Application; the website address, if any, that linked you to the Application; and any  other traffic data);  

any personal data about your use of the Application (including, in particular, and depending on  the case, data related to your use of the Application and how you interact with others using our  Application, content viewed, features accessed, your status on our Application, such as  Application launches, taps, clicks, scrolling data, etc.).  

Third-Party Services  

We may integrate services and technologies from third parties into some features of the Application. For  example, we employ Cloudflare performance and security infrastructure as a proxy between you and the  Application’s swap functionality. As a result, when you initiate the swap request, Cloudflare may collect  your IP address. Please be aware that based on this data collection, your access to our Services may be  restricted. For more information on the eligibility requirements for using the Application please refer to  the 1inch Wallet Terms of Service.  

Additionally, we use the services of several Remote Procedure Call (RPC) providers, such as QuickNode,  Fastnode, Aurora Mainnet RPC, and zkSync Era Mainnet, to facilitate swap operations. The selection of  the RPC provider is preset based on the blockchain network. When you initiate the swap request through  our Application, the RPC provider usually does not collect your IP address.  

However, please note that third-parties may independently collect information. We recommend  reviewing their privacy policies and associated terms to understand how they collect and process your  data. We are not responsible for the data protection practices of any third party.  

We also use third-party services to help us understand your interactions and preferences on the  Application. For more information on how we use tracking technologies please refer to Section 7 of this  Policy (Tracking Technologies).  

Blockchain Data

Please note that we are not responsible for (i) your use of Ethereum or any other blockchain and (ii) the  use of your personal data as processed in these decentralized and permissionless blockchain networks.

Your private key which you utilize to access your Ethereum or other blockchain funds and initiate  transactions is stored only on your own device. We have no access to and will never ask you for your  private keys or wallet seed. Never trust anyone or any application that asks you to enter your private  keys or wallet seed.

You should also be aware that due to the inherent transparency of the blockchain networks, transactions  that you approve in the Application may be publicly accessible. This includes, but is not limited to, your  public sending address, the public address of the receiver, the amount sent or received, and any other  data a user has chosen to include in a given transaction.

Transactions and addresses available on blockchain may reveal personal data about the user’s identity,  and personal data can potentially be correlated now or in the future by any party who chooses to do so,  including law enforcement.  

We encourage you to review how privacy and transparency on the blockchain network work. 3. How and Why We Process Your Personal Data

In the table below, you will find the various purposes for which we may process your personal data and  the corresponding legal basis. Depending on the circumstances, we use different legal bases to process  the same personal data for different purposes.

You also have specific rights depending on the legal basis applied. You always have the right to request  access to, rectification of, or deletion of your personal data. These are detailed in Section 8 of this Policy  (Your rights).

We process your personal data for the following purposes and on the following legal bases:


Legal Basis

Categories of Data Concerned

To provide the Application as  well as to assess, analyze and  improve the performance of the  Application, related services and  features, and to perform  maintenance work (e.g., to  ensure proper functioning of the  Application, facilitate  transactions, troubleshoot and  correct any problems, fix errors,  test our new features and ensure  their proper functioning,  improve user experience on the  Application, conduct surveys and  other research to determine  what you appreciate about our  Application and what can be  improved, collect feedback on  our features and Application,  produce statistics, etc.).

The processing of your personal  data is based on our legitimate  interest to optimize our tools  and solutions and ensure the  satisfaction of users on our  Application.

personal data you provide  when using the Application  as described under Section  2 of this Policy;

personal data automatically  collected when you use the  Application as described  under Section 2 of this  Policy.

To manage our contractual  relationship with you and fulfill  our contractual obligations  when you use our Application in  accordance with the provisions

The processing of your personal  data is based on the necessity of  contract performance or  necessity to enter into a contract  with you (where your personal  data is required for us to

personal data you provide  when using the Application  as described under Section  2 of this Policy;

personal data  automatically collected

of the 1inch Wallet Terms of  Service.

perform our undertakings and  obligations in accordance with a  contract we are entering into  with you when you use the  Application).

when you use the  Application as described  under Section 2 of this  Policy.

To provide customer support  (e.g., providing information and  advice regarding the use of the  Application, investigating  incidents, etc.).

The processing of your personal  data is based on our legitimate  interest to ensure proper  communication with the users  of our Application.

personal data you provide  when using the Application  as described under Section  2 of this Policy;

personal data automatically  collected when you use the  Application as described  under Section 2 of this  Policy.

To manage any potential or  actual disputes with you or third  parties.

The processing of your personal  data is based on our legitimate  interest to defend our interests,  including through legal  proceedings.

personal data you provide  when using the Application  as described under Section  2 of this Policy;

personal data automatically  collected when you use the  Application as described  under Section 2 of this  Policy.

To maintain a secured trusted  environment (e.g., prevention  and fight against computer  fraud (spamming, hacking)).

The processing of your personal  data is based on our legitimate  interest to ensure compliance  with applicable laws,  compliance with our Terms of  Use, prevent fraud, improve the  security and ensure the proper  performance of our Application.

personal data you provide  when using the Application  as described under Section  2 of this Policy;

personal data automatically  collected when you use the  Application as described  under Section 2 of this  Policy.

To comply with legal and  regulatory obligations that may  apply to us.

The processing of your personal  data is necessary for compliance  with our legal obligations (e.g.,  to answer requests from  competent administrative or  judicial authorities or data  subjects’ requests or claims).

personal data you provide  when using the Application  as described under Section  2 of this Policy;

personal data automatically  collected when you use the  Application as described  under Section 2 of this  Policy.

Please note that we will not process your personal data for any purpose that is incompatible with the  purposes listed above.

4. Sharing Your Personal Data

In the context of processing your personal data in accordance with this Policy, we may communicate your  personal data to the following recipients, if necessary:

1. our subsidiaries or affiliates (if any) only if necessary for operational purposes; 2. 1inch Foundation only if necessary for the purposes set out in this Policy, including assistance in  addressing data subject requests;  

3. service providers, external suppliers, contractors, agents to the extent that they assist us in  carrying out the purposes set out in this Policy (e.g., analytics and storage service providers to  assist us in the improvement and optimization of the Application; product engineering providers  and technical maintenance vendors to ensure proper functioning of the Application; marketing  and communication providers to promote the use of the Application; AML compliance and risk  assessment service providers to comply with AML laws and regulations and ensure safe  environment within the Application; etc.);

4. competent courts, public authorities, government agencies, and law enforcement agencies to the  extent required by law or if we have a good-faith belief that such disclosure is necessary in order  to comply with official investigations or legal proceedings initiated by governmental and/or law  enforcement officials, or private parties, including but not limited to in response to subpoenas,  search warrants, or court orders;

5. third parties in connection with a merger, division, restructuring, change of control, bankruptcy,  or other organizational change;  

6. third parties which may collect your personal data on our Application via tracking technologies;  or

7. third-party business partners to assist such partners’ investigations including into known  cybersecurity breaches or cyber-hacks, or in case of a serious crime that is likely to affect users of  our Application. In this case, we disclose information only to our trusted business partners based  on the duration and quality of our business relationship, the reputation and regulatory status of  the partner, and the requirements of the applicable data protection legal framework. We will only  communicate your personal data if we have sufficient legitimate interest to do so.

We will only communicate your personal data to any recipient on a need-to-know basis and only when  the processing by the recipient is strictly limited to the purposes identified in this Policy. We do not sell  your personal data.

5. Transfer of Personal Data

As we operate globally, we may process your personal data around the world where our facilities or  providers are located. Therefore, for the purpose of processing your personal data as described in this  Policy, we may have to transfer your personal data outside the European Economic Area (“EEA”).

In these cases, we implement appropriate transfer mechanisms and safeguards to ensure that the  personal data transferred benefit from the same level of protection as within the EEA. In practice, this  means that each of the envisaged transfers is at least based on one of the following mechanisms:

the existence of an adequacy decision issued by the European Commission for the country to  which your personal data is transferred; or, failing that,

the conclusion of standard contractual clauses as adopted by the European Commission; or,  failing that,

the existence of an exemption linked to one of the specific situations exhaustively provided for  by the General Data Protection Regulation n°2016/679 ("GDPR"). For example, where you have  explicitly given your consent to the proposed transfer after having been informed of the absence  of safeguards; where the transfer is necessary for the performance of a contract between you  and us; where the transfer is necessary for the conclusion or performance of a contract  concluded, in your interest, between us and a third party; or where the transfer is necessary for  the establishment, exercise or defence of our legal claims, etc.

Information on the transfer mechanisms and safeguards may be requested by contacting us: please see  Section 10 of this Policy (Contact us).

6. Data Retention Period

We retain your personal data only for as long as necessary for the purposes for which it has been collected,  as specified in this Policy, and in accordance with the applicable laws.  

This means that the retention periods we apply may vary depending on the purpose for which we process  your personal data. When determining the appropriate retention period, we take into account the  category and amount of personal data, potential risks, and harm that may arise from unauthorized access  or disclosure, the specific purposes for which the data is processed, the availability of alternative means  to achieve those purposes, and the applicable legal requirements.  

We also retain personal data in order to comply with legal and regulatory obligations that may apply to  us. Sometimes business and legal requirements oblige us to retain certain data, for specific purposes, for  an extended period of time (e.g., to comply with AML compliance requirements, or record-keeping  obligations imposed by applicable accounting, financial, or regulatory laws).  

In some situations, we may anonymize personal information about you so that it can no longer be used  to identify you. In such cases, we can use this information indefinitely without further notice to you.  

7. Tracking Technologies  

We may use third-party service providers that use tracking technologies to analyse and improve your user  experience within the Application, in particular, Mixpanel, Branch, Firebase, and Storyly. For more  information about how these third-parties process your data, please refer to the corresponding policies:  ● Mixpanel Privacy Program;

Branch Policies;



Such services rely on tracking technologies, such as cookies, pixels, plugins, and software development  kits (SDKs) that can be stored on your devices when you visit the Application, so that it can be accessed  later. The data collected includes statistical and performance information arising from your use of the  Application. This type of data will only be used by us in an aggregated or anonymised manner.  

You have the option to disable the use of tracking technologies on your device at any time. Your mobile  settings may provide options that allow you to limit the use of tracking technologies associated with your  mobile device. Additionally, within our Application, you can navigate to the “Settings” and “Language and  Permissions” sections to disable tracking technologies.

Additionally, you can choose to disable cookies through your individual browser options. The settings for  each browser are different. They are described in the help menu of your browser, which will enable you  to know how to change your cookies preferences. For example:  

● in Microsoft Edge please refer here.  

● in Safari please refer here.

● in Chrome please refer here.  

● in Firefox please refer here.  

● in Opera please refer here.  

8. Your Rights

In accordance with the applicable personal data protection regulation, including the GDPR, you have the  following rights: access, rectification, deletion, objection, restriction of processing, and data portability of  your personal data.

Please note that some of these rights are subject to specific conditions set out in the applicable personal  data protection regulation. Therefore, if your particular situation does not meet these conditions, we will  unfortunately not be able to respond to your request. In this case, we will inform you of the reasons for  our refusal.  

Right of access – You may request access to your personal data at any time. If you exercise your  right of access, we will provide you with a copy of your personal data in our possession as well as  all information relating to its processing.

Right of rectification – You have the right to ask us to rectify or complete any personal data in  our possession that you consider to be inaccurate or incomplete.  

Right to erasure/to be forgotten – You can ask us to delete your personal data if, for example, it  is no longer necessary for the processing we carry out. We will use our best efforts to comply with  your request. Please note, however, that we may have to retain some or all of your personal data  if we are required to do so by applicable law or if the personal data is necessary for the  establishment, exercise, or defence of our rights.

Right to restriction of processing – You may also request that we restrict the processing of your  personal data on grounds relating to your particular situation. For example, if you dispute the  accuracy of your personal data or object to the processing of your personal data, you may also  request that we do not process your personal data for the time necessary to verify and investigate  your claims.  

In such cases, we will temporarily refrain from processing your personal data until necessary  verifications have been made or until we comply with your requests.

Right to data portability – You may request portability of the personal data you have provided us  with. At your request, we will provide you with your personal data in a readable and structured  format so that you can easily re-use it.  

The portability of your personal data applies only to personal data that you have provided to us  or that result from your activity on our Application, under the condition that the disclosure of  your personal data does not infringe the rights of third parties. If we are unable to comply with  your request, we will inform you of the reasons for our refusal.  

Right to object – You may object at any time, on grounds relating to your particular situation, if  we use your personal data. We will then stop processing your personal data unless there are  overriding legitimate grounds for continuing to process your personal data (for example, if your  personal data is necessary for the establishment, exercise, or defence of our rights or the rights  of third parties in court proceedings). If we are unable to comply with your request to object, we  will inform you of the reasons for our refusal. You can also object at any time to our processing  of your personal data for marketing purposes.  

Right to withdraw consent - You have the right to withdraw consent at any time for personal data  processing based on consent. Withdrawing your consent prevents us from processing your  personal data but does not affect the lawfulness of the processing carried out before the  withdrawal.  

Country Specific Rights: You may also be granted specific rights as regards our processing of your personal  data depending on the law applicable in the country you are residing in. You may contact us should you  have any questions in that regard.

Also, keep in mind that many blockchains are open to forensic analysis which can lead to deanonymization  and the unintentional revelation of personal data, in particular when blockchain data is combined with  other data. Because blockchains are decentralized or third-party networks that are not controlled or  operated by us, we are not able to erase, modify, or alter your personal data from such networks.

9. How to Exercise Your Rights

If you wish to exercise your rights, you may contact us by using the contact information provided in Section  10 of this Policy (Contact us). To be able to process your request efficiently, we may ask you to provide  additional information to confirm your identity and/or to help us retrieve the personal data related to  your request.

Please note that you can lodge a complaint with a data protection regulator in one or more of the  European Union member states. You can find a list of data protection authorities in Europe here.

10. Contact Us

If you have any questions regarding the processing of your personal data under this Policy, including the  exercise of your rights as detailed above, you can contact us by email at [email protected].

11. Changes to this Privacy Policy

We periodically review this Policy to ensure it is compliant and up to date with applicable data protection  regulations. We will post updates on this page accordingly. When the changes are made, we will update  the “Last updated” date at the top of this Policy.  

Therefore, we encourage you to review this Policy regularly. Any modifications will take effect when  posted or on the date specified as the effective date (if any). Your continued access to and use of the  Interface indicates your acknowledgment and acceptance of the updated Privacy Policy.