Plasma Wallet. Privacy Policy.

This document was last updated on June 1, 2022

YOUR PRIVACY IS IMPORTANT TO US. NOTE FOR LIFE: WE DON’T ASK YOU FOR PERSONAL DATA (EXCEPT  AS DEFINED IN SECTION 4). THAT BEING SAID, YOUR CONTACT DATA, (DEPENDING ON HOW YOU  CONTACT US), MAY BE COLLECTED WHEN YOU COMMUNICATE WITH US OR IF YOU REPORT A BUG OR  OTHER ERROR RELATED TO PLASMA WALLET.

At Plasma Wallet Application (the “Application”, “App”), one of our main priorities is the privacy of our  users who are visitors to our Application. This Privacy Policy document contains types of Data that is  collected and recorded by us and how we use it.

Plasma Wallet backed by Plasma Alliance OÜ (14559099) located at: 11415, Estonia, Harju maakond, Tallinn, Lasnamäe linnaosa, Väike-Paala tn 2 which is the controller for your Personal  Data and/or Data within the scope of this Privacy Policy. If you have additional questions or require more  information about this Privacy Policy, do not hesitate to contact hello@plasma-wallet.com.

This Privacy Policy applies only to our Application and is valid for the users of the Application with regards  to the Data that they shared and/or which was collected by us. This Privacy Policy is not applicable to any  Data collected offline or via channels other than this Application. Please read this Privacy Policy carefully  to understand our policies and practices regarding your Data and how we will treat it. By using our  Application, you hereby confirm your understanding of our Privacy Policy and its terms.

This Policy is an inalienable part of Plasma Wallet Terms of Service. The generalizing and capitalizing terms  used herein have the same meaning as they have in Plasma Wallet Terms of Service.

IF YOU DO NOT HAVE THE RIGHT, POWER AND AUTHORITY TO ACT ON BEHALF OF AND BIND THE  BUSINESS, ORGANIZATION, OR OTHER ENTITY YOU REPRESENT, DO NOT ACCESS OR OTHERWISE USE THE  APPLICATION.

1. Changes to this Agreement

We reserve the exclusive right to make changes to this Privacy Policy from time to time, in our sole  discretion. Your continued access to and use of the Application constitutes your awareness of all amendments made to this Privacy Policy as of the date of your accessing and use of the Application.  Therefore, we encourage you to review this Privacy Policy regularly to keep track of any possible changes.

If, for some reason, you are not satisfied with our personal data processing practices, your immediate  recourse is to stop using the Application and our services. You do not have to inform us of this decision  unless you intend to exercise some of the data protection rights stipulated by GDPR and defined below in  this Privacy Policy.

2. Eligibility

Age. By accessing our using the Application, you represent and warrant that you are at least eighteen  (18) years of age. If you are under the age of eighteen (18), you may not, under any circumstances or for  any reason, use the Application. Please report to us any instances involving use of the Application by  individuals under the age of 18, should they come to your knowledge.

Criteria. We may, in our sole discretion, refuse to offer the Application to any person or entity and change  the eligibility criteria for use thereof at any time.

3. Applicability

This Privacy Policy applies to all of your interactions with us via the Application, and your interactions with  us in connection therewith.

Below are the categories of our processors used on the Application according to the internal data  processing roadmap providing a brief grasp of our data processing activities with regard to each piece of  the Personal Data we may collect through the App, as well as your place in every data processing event.  It’s intended to simplify your familiarity with our data protection practices. Although this roadmap may  not be treated as an exhaustive list and a full replacement of this Privacy Policy content. For a  comprehensive understanding of our data processing activities, please nevertheless consult the Privacy  Policy text. Below are the categories of our processors which can access and process your Personal Data  through the App:

1) Technical maintenance vendors;

2) Project and team management vendors;

3) Communication vendors;

4) On/Off-ramp transactions vendors;

5) Analytics, statistics, performance, marketing vendors.

4. Data processing in connection with the Application Types of Data We Collect

Personal Data is data relating to an individual, which can be used either alone or with other sources of  Data to identify that individual.  

To the maximum extent possible, we try to collect as minimum as possible Personal Data from you. We collect Personal Data that you personally provide to us, and that is collected automatically.  

Personal Data you provide:

Your Account Data. In order to generate a Wallet address, you don’t need to share any Personal  Data with us or the App. Nevertheless, you may voluntarily add Personal Data.

Various automatically generated and analytics data. (i) IP address of the device you use to access  Plasma Wallet; (ii) the type of browser software you are using; (iii) the operating system you are  using; (iv) the date and time you access or use Plasma Wallet; (v) the website address, if any, that  linked you to Plasma Wallet; (vi) the website address, if any, you leave our website and travel to;  and (vii) other traffic data.

Other Data. Data you create through the Plasma Wallet’s App, including public wallet addresses.

Customer Support. We may collect additional Data you may disclose to our customer support  team. We rely on contract performance basis when collecting and processing the Personal Data  you provide through our customer support.

Please Note: Your private key, which you utilize to access your Ethereum or Binance Smart Chain (BSC) or  other blockchain funds and initiate transactions, is stored only on your own device. In no event we are  going to ask you to share your private keys or wallet seed. Never trust anyone or any application that asks  you to enter your private keys or wallet seed. However, to facilitate your transactions and provide you  with your Wallet address balance, we store the public address associated with your private key. We use  public addresses to identify a user’s journey through our product. We group and analyse these user

journeys collectively in order to improve our product user experience. We do not use this data for any  purpose at an individual user level.

Personal Data We May Collect:

Metrics and Performance Data. We may collect service-related, diagnostic, and performance  Data. This includes Data about your activity (such as how you use our Application and how you  interact with others using our Application), and diagnostic, crash and performance logs and  reports. We rely on contract performance basis when collecting and processing service-related,  diagnostic, and performance data.  

Device and Connection Data. We may collect device-specific Data when you install, access, or use  our Application. This may include your device’s unique ID generated while installing the  Application. We rely either on contract performance or legitimate interests, depending on a  particular event, when collecting and processing this kind of data.  

Status Data. We may collect Data about your status on our Application, such as Application  launches, taps, clicks, scrolling Data, or other Data about how you interact with the Application.  We rely either on contract performance, legitimate interests, depending on a particular event,  when collecting and processing this kind of data.  

We may also receive Data about you from other sources, including through third-party services and  organizations. For example, if you access third-party services, through the Application, we may collect  Data from these third-party services.

Fully anonymized and pseudonymized Data

We collect fully anonymized and also pseudonymized Data with regard to:

• Virtual Currency transactions within the App;

• Virtual Currency transaction hash/ID that is verified and added to the Blockchain Network(s);

• Information on switched Blockchain Network(s);

• The information about your UI experience in the App;

• Other actions and information within the App.

Please note, first three kinds of data stated above are fully anonymized and cannot be technically connected to your identity in any case without additional investigation- and intelligence-related official  procedures which may be necessary for investigation of potential crimes and other potentially unlawful  activities and behavior.  

How and Why We Use Your Personal Data

We may use your Personal Data listed above only for:

• Our internal and operational purposes, when: ensuring security, identifying irregular Application behavior, preventing fraudulent activity and improving security at all possible levels; • Assessing and improving the performance of the Application;

• Providing the customer support efficiency;

• Resolving disputes and troubleshooting problems;

• Delivering targeted marketing and service update notices based on your communications  preferences;

• Analyzing the Application performance, including via, but not limited to: App Store and/or Google  Play Market, please refer to the respective sites for more Data;

• Finding and preventing fraud.

We may rely on the following legal bases to collect and process your Personal Data:

1) on the basis of contract performance or necessity to enter into a contract (where the Personal  Data is required for us to perform our undertakings and obligations in accordance with a  contract we are entering into when you use the App, or where we are at the negotiations  phase);

2) on the basis of our or our processors’ legitimate interests to protect the App, prevent any  malicious and harmful activities to the App, maintain our technical systems healthy and secure,  improve the App and products by using aggregate statistics;

3) to respond to legal requests of authorities, provide information upon court orders and  judgments, or if we have a good-faith belief that such disclosure is necessary in order to comply  with official investigations or legal proceedings initiated by governmental and/or law  enforcement officials, or private parties, including but not limited to: in response to subpoenas,  search warrants, or court orders, and including other similar statutory obligations we or our  processors are subjected to;

4) on the basis of your consent; and

5) on other legal bases set forth in the personal data protection laws.

To clear any doubts, we may use Personal Data above or any other Personal Data only for particularly tailored purposes as described above. Shall we decide to change any of those purposes, we will first  amend this Policy. You may separately require the scope of Personal Data collected and exact purpose of  its collection and use.

Blockchain Data

Please, note: we are not responsible for your use of the Ethereum or Binance Smart Chain (BSC) or other blockchains and the use of your data processed in these decentralized and permissionless Blockchain Networks and web3 applications.

You should also be aware, that due to the inherent transparency of the Blockchain Networks, transactions  that are instructed for in the Application may be publicly accessible. This includes, but is not limited to,  your public sending address, the public address of the receiver, the amount sent or received, and any  other data a user has chosen to include in a given transaction. Data stored on a blockchain may be public,  immutable, and impossible to remove or delete. Transactions and addresses may reveal Data about the  user’s identity and Data can potentially be correlated now or in the future by any party who chooses to  do so, including law enforcement. We encourage you to review how privacy and transparency on the  Blockchain Networks works.

Advertising Partners Privacy Policies

Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are  used in their respective advertisements and links that appear on Plasma, which are sent directly to users'  browser or mobile application. They automatically receive your IP address when this occurs. These  technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize  the advertising content that you see on Applications that you visit.

Note that we have no access to or control over these cookies that are used by third-party advertisers. Please, consult their Privacy Policy for more detailed Data.

Third Party Privacy Policies

Plasma Wallet Privacy Policy does not apply to other services or applications. Thus, we are advising you to  consult the respective Privacy Policies of these third-party services for more detailed Data. It may include

their practices and instructions about how to object to certain data processing and opt-out of certain  options.

You can choose to disable cookies through your individual browser options. To get more detailed  information about cookie management with specific web browsers, please find it on the browsers'  respective websites:

• For Google Chrome browser please refer to these instructions;

• For Firefox browser please look up here;

• For Safari browser please visit;

• For Internet Explorer browser please refer to.

Agents or Third-Party Partners

We may provide your Personal Data to our employees, contractors, agents, service providers, and  designees (“Agents”) to enable them for the exclusive purposes of: (i) Improvement of Application related services and features; and perform maintenance works, (i) Business transfers, whereas we may  choose to buy or sell our assets. In these types of transactions, users’ Data is typically one of the business  assets that would be transferred, (iii) Also, if we (or our assets) are acquired, or if we go out of business,  enter bankruptcy, or go through some other change of control, your Personal Data could be one of the  assets transferred to or acquired by a third party. The Agents shall abide, to the most possible extent, to  the same level of care and security as to your Personal Data.

Service Providers

In order to ensure proper functioning and development of the Application we may engage third-party  service providers for covering some parts of the Application, these may include:  • Third-party providers for On/Off-ramp transactions;

• Analytics providers that we use to assist us in the improvement and optimization of the  Application;

• Marketing Tools providers that help us to enable our marketing;

• Server owners, from whom we rent the servers, where the Personal Data is being stored;

• Email Newsletter service providers which facilitate our marketing communications with you.

Service providers will have access to your Personal Data only to the extent needed to perform their  business functions but may not use or share that Personal Data for purposes outside the scope of their  functions related to the Application. Such service providers shall abide, to the most possible extent, to  the same level of care and security as to your Personal Data.

Disclosure of Data

We may disclose any Data about you:

• to the extent required by law or if we have a good-faith belief that such disclosure is necessary in  order to comply with official investigations or legal proceedings initiated by governmental and/or  law enforcement officials, or private parties, including but not limited to: in response to  subpoenas, search warrants, or court orders;

• in connection with a merger, division, restructuring, or other association change; or

• to our subsidiaries or affiliates, only if necessary for operational purposes.

If we must disclose any of your Personal Data in order to comply with official investigations or legal  proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure  that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

If you use your Wallet address to or engage in a transaction with another user, that user will have access  to your transaction Data, respectively. Users you interact with may store or re-share your Data with others  inside or outside of our Application. We have no control over and take no responsibility for the security  and use of the Data that you share with other users when deciding to interact.  

Data Retention Period

Please, note: if you delete your Wallet or addresses from the Plasma Wallet iOS and/or Android mobile  Application, uninstall Plasma Wallet Applications from your device, or request your Data to be deleted, we  still may retain some Data that you have provided to us to maintain Plasma Wallet or to comply with  relevant laws.

We store your Personal Data during the period of your Application use under the Plasma Wallet Terms of  Service, and for 24 months upon the end of our cooperation. In any case, when we no longer need the  Personal Data, we securely delete or destroy it. Anonymized aggregated data, which cannot identify a  device/browser (or individual user) and is used for purposes of reporting and analysis does not constitute  Personal Data and, thus, is maintained for as long as commercially necessary.  

Sometimes business and legal requirements oblige us to retain certain Data, for specific purposes, for an  extended period of time. Reasons we might retain some data for longer periods of time include:

• Security, fraud & abuse prevention.

• Financial record-keeping.

• Complying with legal or regulatory requirements.

• Ensuring the continuity of our services on our Application.

Data Security

We take data security, especially Personal Data security, very seriously. We work hard to protect the  Personal Data you provide us from loss, misuse, or unauthorized access. We use a range of physical,  electronic and managerial measures to ensure a level of security appropriate to the risk of Personal Data processing. These measures include:

• education and training of relevant staff to ensure they are aware of our privacy obligations when  processing Personal Data;

• administrative and technical controls to restrict access to Personal Data;

• technological security measures, including fire walls, encryption (industry standard SSL encryption  with 128-bit key lengths, HTTPS encryption), and anti-virus software;

• external technical assessments, security audits and vendor due diligence;

• security incident reporting and management.

The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries  the risk of access and interception. You should not send us any Personal Data by open/unsecure channels  over the internet.

Please note that no electronic transmission, storage, or processing of Personal Data cannot be entirely  secure. We cannot guarantee that the security measures we have in place to safeguard Personal Data will  never be defeated or fail, or that those measures will always be sufficient or effective. Therefore, although  we are committed to protecting your privacy, we do not promise, and you should not expect that your  data and/or Data will always remain private or secure.

5. Your rights under GDPR

Under certain circumstances, you may have a number of privacy rights concerning the use, storage, and  processing of your Personal Data (e.g., the right to delete your data). Here is a list of privacy rights:

right to be informed - we are publishing this Privacy Policy to keep you informed as to what we  do with your Personal Data. You can ask us for Personal Data regarding you that we keep at any  time. This Data concerns, among other things, the data categories we process, for what purposes  we process them, the origin of the data if we did not acquire them directly from you and, if  applicable, the recipients to who we have sent your data;

right of access – you may ask us whether we process your Personal Data and you have the right  to request a copy of the Data we hold about you;

right of rectification – you have the right to correct inaccurate or incomplete data about you;

right to be forgotten – you can ask for the Personal Data that we hold about you to be erased  from our system and we will comply with this request unless we will have a legitimate reason,  legal requirement, and other statutory basis not to do so. Even if can delete (erase) the Personal  Data subjected to our active (ongoing) processing activities and cease its processing, we will,  nevertheless retain this particular Personal Data in our backup and archive storages to fulfil our  statutory and other requirements;  

right to restriction of processing – where certain conditions apply, you can ask us to ‘block’ the  processing of your Personal Data;  

right to data portability – you have the right to have the Personal Data we hold about you  transferred to another organization and to receive Personal Data in a structured, commonly used  format; Please apply to: hello@plasma-wallet.com to find out whether we currently support the  provision of the portable file containing Personal Data we process about you.

right to object - you can object to the processing of your Personal Data at any time by applying  to: hello@plasma-wallet.com for reasons that arise from your special situation provided the data  processing is based on your consent or our legitimate interest or that of a third party, or where  we carry out profiling, use machine learning or automated decision-making algorithms. In this

case, we will no longer process your Personal Data. The latter does not apply if we are able to  prove there are compelling, defensible reasons for the processing that outweigh your interests or  we require your data to assert, exercise or defend against legal claims;

right to withdraw consent - withdraw the consent you gave us with regard to the processing of  your Personal Data for certain purposes;

right to complain - we take your rights very seriously. However, if you are of the opinion that we  have not dealt with your complaints adequately, you have the right to submit a complaint to the  data privacy protection authorities responsible. You can send your complaints to the EEA  supervisory authority of your country of residence.

In addition to the above, we reference certain rights for the European Territory citizens throughout this  Privacy Policy. Pursuant to the GDPR, citizens from the "European Territories" mean the European  Economic Area (EEA). For the purpose of this Privacy Policy, the term "European Territories" shall continue  to include the United Kingdom, even after the United Kingdom leaves the European Economic Area  following Brexit, and Switzerland.

If you wish to learn more about the GDPR and your rights, the Data Commissioner’s Office Application is a reliable source.

6. Your rights under the Privacy Laws of California

FOLLOWING OUR TERMS, THE RESIDENTS OF THE USA AND CALIFORNIA PARTICULARLY (AND OF OTHER  COUNTRIES), ARE PROHIBITED TO USE OUR SERVICES, INCLUDING FROM OUR APPLICATION. PLEASE ALSO  NOTE THAT IN CASE OF POSSESSING DATA REGARDING YOUR VIOLATION OF THE DESCRIBED ABOVE BAN,  WE RESERVE THE RIGHT TO DISCONTINUE TO PROVIDE OUR APPLICATION TO YOU.

In any case, to prevent any violations on our part, if you are using our Application by violating the ban  described in the paragraph above and if you are a resident of the State of California, you may have certain

rights with respect to your Personal Data in accordance with the California Consumer Privacy Act (CCPA)  and the California Civil Code as amended by the CCPA.  

Your rights as a resident of California:

right to access - you may request that we disclose the categories of Personal Data collected, the  categories of sources from which the Personal Data is collected, the business or commercial  purpose, the categories of third parties with which the business shares the Personal Data and  specific pieces of Data that have been shared or sold;

right to opt-out - you are entitled to tell us not to sell the Personal Data about you to third parties;

right to deletion - the right to have your Personal Data deleted.

We do not “sell” your Personal Data, we do not allow anyone to “sell” your Personal Data and we don`t  know about any “sale” of your Personal Data, regardless of your age.

Keep in mind, under the California Civil Code sections 1798.83-1798.84, California residents are entitled  to ask us for a notice describing what categories of Personal Data we share with third parties or corporate  affiliates for those third parties or corporate affiliates' direct marketing purposes. That notice will identify  the categories of Data shared and will include a list of the third parties and affiliates with which it was  shared, along with their names and addresses. If you are a California resident and would like a copy of this  notice, please submit a written request by email to: hello@plasma-wallet.com. Please allow 30 days or more  for a response.

7. Privacy of children

Our Application is not directed to collect any data from people under the age of 18. We do not knowingly  allow anyone under the age of 18 to submit any data to our Application. If you believe your child may have  provided us with their data, you can contact us using the Data in the Contact section of this Policy and we  will delete the data from our Application.

8. Transfer of Personal Data

Transfers to third countries, shall be made subject to appropriate safeguards, namely standard contractual  clauses adopted by a supervisory authority and approved by the Commission. Copy of the foregoing  appropriate safeguards may be obtained by you upon a prior written request sent. We may instruct you  on further steps to be taken with a purpose of obtaining such a copy, including your obligation to assume  confidentiality commitments in connection with being disclosed the Plasma Alliance  proprietary and  personal information of third parties as well as terms of their relationships with the Plasma Wallet.

Keep in mind that the use of Application based on public blockchains intended to immutably record  transactions across wide networks of computer systems. Many blockchains are open to forensic analysis  which can lead to deanonymization and the unintentional revelation of Personal Data, in particular when  blockchain data is combined with other data. Because blockchains are decentralized or third-party  networks which are not controlled or operated by us, we are not able to erase, modify, or alter Personal  Data from such networks.

9. Data Integrity & Security of Processing

We take Data security very seriously. We work hard to protect the Personal Data you provide us from loss,  misuse, or unauthorized access. We utilize a variety of safeguards such as encryption, digital and physical  access controls, non-disclosure agreements, and other technical and organizational measures to protect  the Personal Data submitted to us, both during transmission and once it is at rest. Still, we do not control

the third-party services and therefore cannot guarantee complete security. Any Data that you provide to  us is done so entirely at your own risk.

Please note that no electronic transmission, storage, or processing of Personal Data can be entirely secure.  We cannot guarantee that the security measures we have in place to safeguard Personal Data will never  be defeated or fail, or that those measures will always be sufficient or effective. Therefore, although we  are committed to protecting your privacy, we do not promise, and you should not expect that your  Personal Data will always remain private or secure.

10. Supervisory authority oversight

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint  with a data protection regulator in one or more of the European Union member states. Here you can find  a list of data protection authorities in Europe.

11. Contact us

If you have any questions regarding this Privacy Policy or additional inquiries about the privacy of your information, you can contact us at hello@plasma-wallet.com