1inch Wallet Privacy Policy
Last update: October 12, 2023
At 1inch Limited (hereafter “1inch Limited”, "we", "us", "our"), one of our main priorities is the privacy of the users of our 1inch Wallet Application (the “Application”, “App”). That’s the reason why, to the maximum extent possible, we try to collect as little of your personal data as possible. However, since we still need to process some personal data, we have put in place policies and practices to ensure it all goes smoothly and that everything is secured.
This privacy policy is intended to inform you about the processing of your personal data we carry out when you use the Application (the “Privacy Policy”, the “Policy”). Therefore, it applies to all of your interactions with us via the Application, and your interactions with us in connection therewith. This Privacy Policy, however, is not applicable to any processing of personal data collected via channels other than this Application (including any other services or applications provided by third parties). For those, we advise you to consult the corresponding privacy policies.
1. Identity of the Data Controller
We, 1inch Limited, act as the data controller of the processing of your personal data. It means that we decide “why” and “how” your personal data is processed in connection with the Application.
To contact us, please refer to Section 10 (Contact us) of this Policy.
2. Categories of Data We Process
When you use our Application, the categories of personal data that we collect are the following: Data you provide to us when using the Application:
● any data you create through the Application, including public wallet addresses; ● any data related to your use of the Application;
● any identification data you voluntarily provide when contacting us via the Application (e.g., last name, first name, e-mail address, username, etc.); and
● where applicable, any personal data included in any incident reports or any support requests you submit regarding issues encountered using our Application.
Data automatically collected when you use the Application:
We may use tracking technologies to automatically collect data from when you use, access, or otherwise interact with the Application. Such data does not reveal your specific identity (such as your name or contact information), but may include the following:
● any technical information when accessing and using the Application (e.g., IP address, connection data, type of browser used, download errors, diagnostic, crash and performance logs and reports, device identifiers, pages accessed, and the duration of the pages’ views, etc.);
● any analytics data (e.g., the IP address of the device you use to access the Application; the type of browser software you are using; the operating system you are using; the date and time you access the Application; the website address, if any, that linked you to the Application; and any other traffic data);
● any personal data about your use of the Application (including, in particular, and depending on the case, data related to your use of the Application and how you interact with others using our Application, content viewed, features accessed, your status on our Application, such as Application launches, taps, clicks, scrolling data, etc.).
Third-Party Services
We may integrate services and technologies from third parties into some features of the Application. For example, we employ Cloudflare performance and security infrastructure as a proxy between you and the Application’s swap functionality. As a result, when you initiate the swap request, Cloudflare may collect your IP address. Please be aware that based on this data collection, your access to our Services may be restricted. For more information on the eligibility requirements for using the Application please refer to the 1inch Wallet Terms of Service.
Additionally, we use the services of several Remote Procedure Call (RPC) providers, such as QuickNode, Fastnode, Aurora Mainnet RPC, and zkSync Era Mainnet, to facilitate swap operations. The selection of the RPC provider is preset based on the blockchain network. When you initiate the swap request through our Application, the RPC provider usually does not collect your IP address.
However, please note that third-parties may independently collect information. We recommend reviewing their privacy policies and associated terms to understand how they collect and process your data. We are not responsible for the data protection practices of any third party.
We also use third-party services to help us understand your interactions and preferences on the Application. For more information on how we use tracking technologies please refer to Section 7 of this Policy (Tracking Technologies).
Blockchain Data
Please note that we are not responsible for (i) your use of Ethereum or any other blockchain and (ii) the use of your personal data as processed in these decentralized and permissionless blockchain networks.
Your private key which you utilize to access your Ethereum or other blockchain funds and initiate transactions is stored only on your own device. We have no access to and will never ask you for your private keys or wallet seed. Never trust anyone or any application that asks you to enter your private keys or wallet seed.
You should also be aware that due to the inherent transparency of the blockchain networks, transactions that you approve in the Application may be publicly accessible. This includes, but is not limited to, your public sending address, the public address of the receiver, the amount sent or received, and any other data a user has chosen to include in a given transaction.
Transactions and addresses available on blockchain may reveal personal data about the user’s identity, and personal data can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement.
We encourage you to review how privacy and transparency on the blockchain network work. 3. How and Why We Process Your Personal Data
In the table below, you will find the various purposes for which we may process your personal data and the corresponding legal basis. Depending on the circumstances, we use different legal bases to process the same personal data for different purposes.
You also have specific rights depending on the legal basis applied. You always have the right to request access to, rectification of, or deletion of your personal data. These are detailed in Section 8 of this Policy (Your rights).
We process your personal data for the following purposes and on the following legal bases:
Purpose | Legal Basis | Categories of Data Concerned |
To provide the Application as well as to assess, analyze and improve the performance of the Application, related services and features, and to perform maintenance work (e.g., to ensure proper functioning of the Application, facilitate transactions, troubleshoot and correct any problems, fix errors, test our new features and ensure their proper functioning, improve user experience on the Application, conduct surveys and other research to determine what you appreciate about our Application and what can be improved, collect feedback on our features and Application, produce statistics, etc.). | The processing of your personal data is based on our legitimate interest to optimize our tools and solutions and ensure the satisfaction of users on our Application. | ● personal data you provide when using the Application as described under Section 2 of this Policy; ● personal data automatically collected when you use the Application as described under Section 2 of this Policy. |
To manage our contractual relationship with you and fulfill our contractual obligations when you use our Application in accordance with the provisions | The processing of your personal data is based on the necessity of contract performance or necessity to enter into a contract with you (where your personal data is required for us to | ● personal data you provide when using the Application as described under Section 2 of this Policy; ● personal data automatically collected |
of the 1inch Wallet Terms of Service. | perform our undertakings and obligations in accordance with a contract we are entering into with you when you use the Application). | when you use the Application as described under Section 2 of this Policy. |
To provide customer support (e.g., providing information and advice regarding the use of the Application, investigating incidents, etc.). | The processing of your personal data is based on our legitimate interest to ensure proper communication with the users of our Application. | ● personal data you provide when using the Application as described under Section 2 of this Policy; ● personal data automatically collected when you use the Application as described under Section 2 of this Policy. |
To manage any potential or actual disputes with you or third parties. | The processing of your personal data is based on our legitimate interest to defend our interests, including through legal proceedings. | ● personal data you provide when using the Application as described under Section 2 of this Policy; ● personal data automatically collected when you use the Application as described under Section 2 of this Policy. |
To maintain a secured trusted environment (e.g., prevention and fight against computer fraud (spamming, hacking)). | The processing of your personal data is based on our legitimate interest to ensure compliance with applicable laws, compliance with our Terms of Use, prevent fraud, improve the security and ensure the proper performance of our Application. | ● personal data you provide when using the Application as described under Section 2 of this Policy; ● personal data automatically collected when you use the Application as described under Section 2 of this Policy. |
To comply with legal and regulatory obligations that may apply to us. | The processing of your personal data is necessary for compliance with our legal obligations (e.g., to answer requests from competent administrative or judicial authorities or data subjects’ requests or claims). | ● personal data you provide when using the Application as described under Section 2 of this Policy; ● personal data automatically collected when you use the Application as described under Section 2 of this Policy. |
Please note that we will not process your personal data for any purpose that is incompatible with the purposes listed above.
4. Sharing Your Personal Data
In the context of processing your personal data in accordance with this Policy, we may communicate your personal data to the following recipients, if necessary:
1. our subsidiaries or affiliates (if any) only if necessary for operational purposes; 2. 1inch Foundation only if necessary for the purposes set out in this Policy, including assistance in addressing data subject requests;
3. service providers, external suppliers, contractors, agents to the extent that they assist us in carrying out the purposes set out in this Policy (e.g., analytics and storage service providers to assist us in the improvement and optimization of the Application; product engineering providers and technical maintenance vendors to ensure proper functioning of the Application; marketing and communication providers to promote the use of the Application; AML compliance and risk assessment service providers to comply with AML laws and regulations and ensure safe environment within the Application; etc.);
4. competent courts, public authorities, government agencies, and law enforcement agencies to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to in response to subpoenas, search warrants, or court orders;
5. third parties in connection with a merger, division, restructuring, change of control, bankruptcy, or other organizational change;
6. third parties which may collect your personal data on our Application via tracking technologies; or
7. third-party business partners to assist such partners’ investigations including into known cybersecurity breaches or cyber-hacks, or in case of a serious crime that is likely to affect users of our Application. In this case, we disclose information only to our trusted business partners based on the duration and quality of our business relationship, the reputation and regulatory status of the partner, and the requirements of the applicable data protection legal framework. We will only communicate your personal data if we have sufficient legitimate interest to do so.
We will only communicate your personal data to any recipient on a need-to-know basis and only when the processing by the recipient is strictly limited to the purposes identified in this Policy. We do not sell your personal data.
5. Transfer of Personal Data
As we operate globally, we may process your personal data around the world where our facilities or providers are located. Therefore, for the purpose of processing your personal data as described in this Policy, we may have to transfer your personal data outside the European Economic Area (“EEA”).
In these cases, we implement appropriate transfer mechanisms and safeguards to ensure that the personal data transferred benefit from the same level of protection as within the EEA. In practice, this means that each of the envisaged transfers is at least based on one of the following mechanisms:
● the existence of an adequacy decision issued by the European Commission for the country to which your personal data is transferred; or, failing that,
● the conclusion of standard contractual clauses as adopted by the European Commission; or, failing that,
● the existence of an exemption linked to one of the specific situations exhaustively provided for by the General Data Protection Regulation n°2016/679 ("GDPR"). For example, where you have explicitly given your consent to the proposed transfer after having been informed of the absence of safeguards; where the transfer is necessary for the performance of a contract between you and us; where the transfer is necessary for the conclusion or performance of a contract concluded, in your interest, between us and a third party; or where the transfer is necessary for the establishment, exercise or defence of our legal claims, etc.
Information on the transfer mechanisms and safeguards may be requested by contacting us: please see Section 10 of this Policy (Contact us).
6. Data Retention Period
We retain your personal data only for as long as necessary for the purposes for which it has been collected, as specified in this Policy, and in accordance with the applicable laws.
This means that the retention periods we apply may vary depending on the purpose for which we process your personal data. When determining the appropriate retention period, we take into account the category and amount of personal data, potential risks, and harm that may arise from unauthorized access or disclosure, the specific purposes for which the data is processed, the availability of alternative means to achieve those purposes, and the applicable legal requirements.
We also retain personal data in order to comply with legal and regulatory obligations that may apply to us. Sometimes business and legal requirements oblige us to retain certain data, for specific purposes, for an extended period of time (e.g., to comply with AML compliance requirements, or record-keeping obligations imposed by applicable accounting, financial, or regulatory laws).
In some situations, we may anonymize personal information about you so that it can no longer be used to identify you. In such cases, we can use this information indefinitely without further notice to you.
7. Tracking Technologies
We may use third-party service providers that use tracking technologies to analyse and improve your user experience within the Application, in particular, Mixpanel, Branch, Firebase, and Storyly. For more information about how these third-parties process your data, please refer to the corresponding policies: ● Mixpanel Privacy Program;
● Branch Policies;
● Firebase;
● Storyly.
Such services rely on tracking technologies, such as cookies, pixels, plugins, and software development kits (SDKs) that can be stored on your devices when you visit the Application, so that it can be accessed later. The data collected includes statistical and performance information arising from your use of the Application. This type of data will only be used by us in an aggregated or anonymised manner.
You have the option to disable the use of tracking technologies on your device at any time. Your mobile settings may provide options that allow you to limit the use of tracking technologies associated with your mobile device. Additionally, within our Application, you can navigate to the “Settings” and “Language and Permissions” sections to disable tracking technologies.
Additionally, you can choose to disable cookies through your individual browser options. The settings for each browser are different. They are described in the help menu of your browser, which will enable you to know how to change your cookies preferences. For example:
● in Microsoft Edge please refer here.
● in Safari please refer here.
● in Chrome please refer here.
● in Firefox please refer here.
● in Opera please refer here.
8. Your Rights
In accordance with the applicable personal data protection regulation, including the GDPR, you have the following rights: access, rectification, deletion, objection, restriction of processing, and data portability of your personal data.
Please note that some of these rights are subject to specific conditions set out in the applicable personal data protection regulation. Therefore, if your particular situation does not meet these conditions, we will unfortunately not be able to respond to your request. In this case, we will inform you of the reasons for our refusal.
● Right of access – You may request access to your personal data at any time. If you exercise your right of access, we will provide you with a copy of your personal data in our possession as well as all information relating to its processing.
● Right of rectification – You have the right to ask us to rectify or complete any personal data in our possession that you consider to be inaccurate or incomplete.
● Right to erasure/to be forgotten – You can ask us to delete your personal data if, for example, it is no longer necessary for the processing we carry out. We will use our best efforts to comply with your request. Please note, however, that we may have to retain some or all of your personal data if we are required to do so by applicable law or if the personal data is necessary for the establishment, exercise, or defence of our rights.
● Right to restriction of processing – You may also request that we restrict the processing of your personal data on grounds relating to your particular situation. For example, if you dispute the accuracy of your personal data or object to the processing of your personal data, you may also request that we do not process your personal data for the time necessary to verify and investigate your claims.
In such cases, we will temporarily refrain from processing your personal data until necessary verifications have been made or until we comply with your requests.
● Right to data portability – You may request portability of the personal data you have provided us with. At your request, we will provide you with your personal data in a readable and structured format so that you can easily re-use it.
The portability of your personal data applies only to personal data that you have provided to us or that result from your activity on our Application, under the condition that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with your request, we will inform you of the reasons for our refusal.
● Right to object – You may object at any time, on grounds relating to your particular situation, if we use your personal data. We will then stop processing your personal data unless there are overriding legitimate grounds for continuing to process your personal data (for example, if your personal data is necessary for the establishment, exercise, or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal. You can also object at any time to our processing of your personal data for marketing purposes.
● Right to withdraw consent - You have the right to withdraw consent at any time for personal data processing based on consent. Withdrawing your consent prevents us from processing your personal data but does not affect the lawfulness of the processing carried out before the withdrawal.
Country Specific Rights: You may also be granted specific rights as regards our processing of your personal data depending on the law applicable in the country you are residing in. You may contact us should you have any questions in that regard.
Also, keep in mind that many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of personal data, in particular when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled or operated by us, we are not able to erase, modify, or alter your personal data from such networks.
9. How to Exercise Your Rights
If you wish to exercise your rights, you may contact us by using the contact information provided in Section 10 of this Policy (Contact us). To be able to process your request efficiently, we may ask you to provide additional information to confirm your identity and/or to help us retrieve the personal data related to your request.
Please note that you can lodge a complaint with a data protection regulator in one or more of the European Union member states. You can find a list of data protection authorities in Europe here.
10. Contact Us
If you have any questions regarding the processing of your personal data under this Policy, including the exercise of your rights as detailed above, you can contact us by email at [email protected].
11. Changes to this Privacy Policy
We periodically review this Policy to ensure it is compliant and up to date with applicable data protection regulations. We will post updates on this page accordingly. When the changes are made, we will update the “Last updated” date at the top of this Policy.
Therefore, we encourage you to review this Policy regularly. Any modifications will take effect when posted or on the date specified as the effective date (if any). Your continued access to and use of the Interface indicates your acknowledgment and acceptance of the updated Privacy Policy.