Last Updated: June 18, 2024
Date of Last Revision: 20 Sep 2024
Effective: 18 June 2024
Consensys Software Inc. is the leading blockchain and web3 software company which provides services to users, creators and developers under brands such as MetaMask, MetaMask Institutional, MetaMask Developer, Infura, Diligence, Linea, Consensys Staking, Teku, Besu and Phosphor.
Consensys Software Inc. (“Consensys,” “we,” “us,” or “our”) knows your personal information is important. As a result, we process your personal information responsibly and in accordance with applicable laws and regulations.
We appreciate the trust you place in us when you use our products and services, and when you visit our websites, https://consensys.io/, https://metamask.io/, https://metamask.io/institutions/, https://metamask.io/developer/, https://infura.io/, https://consensys.io/diligence/, https://linea.build/, https://consensys.io/staking, https://consensys.io/teku, https://besu.hyperledger.org and https://phosphor.xyz (“Sites”). This Privacy Notice (“Privacy Notice”) applies to the Sites (including subdomains), applications, products and services (collectively, “Services”) on or in which it is posted, linked, or referenced.
This Privacy Notice describes how we process the personal information collected when you access the Services. When you leave the Services, this Privacy Notice no longer applies. Any subsequent website, application, or service you access is subject to its own terms of service and privacy notice (if any) and not this Privacy Notice.
This Privacy Notice tells you about your rights and choices with respect to your personal information, including how you can contact us if you have any questions or concerns. In this Privacy Notice “Personal Information” means any information relating to an identified or identifiable natural living individual.
Please read this Privacy Notice carefully. If you do not agree with this Privacy Notice or any part thereof, you should not access or use any part of the Services. If you change your mind in the future, you must stop using the Services. You may exercise your rights in relation to your Personal Information as set out in this Privacy Notice and you may contact us at any time regarding those rights using the methods described in the “Contact Us” section below.
MetaMask privacy tl;dr
MetaMask users - what does this mean for you?
We take great care to protect the safety, security and privacy of MetaMask users, and to give users the ability to control and configure their wallet to meet their personal needs. We provide a detailed overview of the settings that we allow users to configure based on their individual experience and privacy preferences. This overview can be found at our MetaMask News site (https://metamask.io/news/latest/product-spotlight-privacy-preserving-features-in-metamask).
We have updated our Privacy Notice to continue providing transparency on our processing activities. In summary, for MetaMask users this means that we:
- do not collect your private keys.
- do not sell your Personal Information.
- do not collect or retain Personal Information unless necessary to provide you the Services and a great user experience (see below for details).
- for IP addresses in particular, we may temporarily process your IP address only where required for some of our Services (depending on your MetaMask settings) to provide the best possible experience for MetaMask users. This includes, for example, the prevention of DDoS attacks (see below for more details).
- do not collect financial payment or banking information, however, when you use our on- or off-ramp features these services may necessitate you submitting this information to third-party providers.
We may temporarily process IP addresses, only where necessary and to provide the best possible experience for MetaMask users. This includes the following purposes:
- for the basic functionality of our Services where you make requests from your device in relation to the Services. This is a necessary feature of offering our Services on the internet;
- to run third-party requests through proxy infrastructure, thereby eliminating your individual device details and IP address from the request that is ultimately received by third-parties. For example, instead of MetaMask sending traffic directly from your device to multiple third-party services, we may run the request through a proxy to improve performance and/or privacy for you;
- for providing you with the best experience when using the Services (e.g. to measure latency, volume of requests per region and to route your requests to servers close to your region to improve your experience of the Services) or where interactions with Third Party Platforms are required (depending on your MetaMask settings);
- where we are required to do so to comply with our legal obligations (e.g. to help us avoid providing services to regions prohibited by sanctions laws); and
- to ensure the safety, security and integrity of the Services (e.g. for the prevention of DDoS attacks).
If users wish to further limit the collection of their device and usage information, users could consider the use of virtual private networks, or ‘VPNs’.
We do not collect other Personal Information that we do not need. Personal Information that we may process is set out below at Section 2 (including information that you may provide to us and information that is collected automatically). For MetaMask users, this includes:
- Wallet related information, including your wallet address which is temporarily processed as part of API requests (in URL parameters or bodies) when making API calls required to support the user experience. Please note that this applies where you utilise MetaMask’s default settings and configurations, which you may disable or opt-out of at any time.
- Your MetaMask preferences and settings, only as necessary to provide the Service. Generally this information is stored locally on your device. To the extent that we process this information to facilitate cross-device functionality, it is encrypted such that it can only be decrypted by you on your device(s).
- Feedback and survey responses, where you choose to provide this information.
- User event information, where you opt-in to analytics data collection (also known as MetaMetrics), to support continued improvement of the product experience. We store this data pseudonymously and we do not link it to other Personal Information unless you ask us to do so. You may disable this feature at any time.
- Marketing related information, where you opt-in to share this information (like information from cookies). This helps us to learn how you interact with our marketing communications and personalize what we share with you, such as latest developments and product features. You may disable this feature at any time.
- Device related information, where you opt-in to receive notifications from your MetaMask wallet. For example, if you opt-in and ask us to provide push notifications to your mobile device, we will retain your device identifier to facilitate such notifications for as long as you remain opted-in. You may disable this feature at any time.
Please note that the use of data described above applies when you utilise MetaMask’s default settings and configurations (which you may disable or opt-out of at any time), such as using Infura as the default Remote Procedure Call (RPC) provider. See a detailed overview of the settings that we allow users to configure based on their individual experience and privacy preferences at our MetaMask News site (https://metamask.io/news/latest/product-spotlight-privacy-preserving-features-in-metamask).
Our relationship with you is described in this section. Consensys is the entity that provides the Services and determines the purpose and the means of processing for your Personal Information.
You are subject to the Terms of Use of the Services. This means that Consensys is the entity that provides the Services and determines the purpose and the means of processing for your Personal Information, or other similar designation under law. The Services can be used by organizations or by individual Users. If you’re using the Services on behalf of your organization, your organization owns the associated accounts and may take certain actions in respect to your access or abilities to use the Services.
We collect Personal Information about you as described in this section. In summary, some information you provide to us. We also collect certain information automatically. All information we collect is subject to the use limitations described in section 3.
For example, when you use the Services we must collect certain data for the Services to work. This may include information like your email address which we may require for setting up an account for certain Services (such as MetaMask Institutional, Infura or Diligence) or your IP address (which we have to collect automatically for certain functionality). Please note that when creating a wallet with MetaMask, no email address is required.
When you visit the Services, we collect: (1) technical information that is used to deliver the contents and Services and for other purposes as described below, and (2) information that you provide to us.
Personal Information You Provide to Us
We collect a variety of information that you provide to us. The specific types of information we collect will depend upon your engagement with the Services. Some Personal Information that you provide to us is required for the use of the Services. However other Personal Information is optional.
Account and Profile Information. Certain Services require you to create an account or profile (for example, MetaMask Institutional, Infura and Diligence). If you create an account or profile to use the Services, we collect Personal Information to allow you to use these Services. When you sign up, you may provide us with your name, password, email address, mobile phone number, job title, account history, or other information necessary to create and maintain your account or profile.
Contact Information and Other Information You Choose to Provide to Us. You can provide a variety of information during your interactions with us, such as through emails or other communications. When you contact us via a website contact form, email, or other means, you provide us with Personal Information, such as your name and contact details, and the content of your communications with us.
Support Information. When you request technical support services, we will process your Personal Information such as your name and the contact details you use to contact us, as well as information regarding the reasons for your support request, the support that was provided, and any additional information you may provide in that context. We may also process Personal Information about how you engage with our Services so that we can improve the support services that we provide to users.
Financial Information. If you purchase our Services, you will need to provide payment information. We will use that information solely for the purpose of fulfilling your purchase request.
Other Information. You may provide us with additional information associated with your use of the Services, such as your wallet address. If you decide to use the Services offered, we may collect and store the content and information you create or upload to the Services. Where relevant, this includes information relating to your preferences and settings when using the Services.
This also includes additional information you may choose to provide to us, such as feedback and survey responses.
For certain Services we may require you to provide additional Personal Information in order to verify your identity or to provide the Service. We will inform you if this is the case.
Information Collected Automatically
We may automatically collect certain information due to your use of the Services. We use this information to enable the basic functionality of the Services. We strive where possible to ensure that the collected information is de-identified, aggregated and/or anonymized.
Our use of your Personal Information is described below. In summary, we only use your information for the purposes for which it is collected.
We use the Personal Information we receive or collect for the following purposes:
PLEASE NOTE: We may use AI enhanced tooling and systems in the course of our day-to-day business. For example, when you engage with our customer support team, our support agents may use AI tooling to summarize content and to respond to your queries as efficiently as possible. Consensys always uses AI tools and systems in a responsible and ethical way.
In order to provide the Services, we must share your Personal Information in certain cases. This includes sharing your Personal Information within the Consensys Group, with our Service Providers and the other third parties listed in this section. We do not sell your Personal Information.
We may disclose Personal Information about you under the following circumstances:
We engage Service Providers for the purposes described above in Section 4. These Services Providers include the unaffiliated entities listed https://consensys.io/subprocessor-list.
Your rights associated with the Services are described below. Please note these rights may only be available to you in specific regions, countries or states based on where you reside. In certain cases, we may be prevented from allowing you to exercise these rights but we will inform you if that is the case when you seek to exercise the rights.
You have the following rights associated with the processing of your Personal Information:
You may exercise these rights by contacting us as set out in the “Contact Us” section below.
Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. Note that applicable laws contain certain exceptions and limitations to each of these rights. Subject to certain restrictions, you can ask an agent to exercise your rights for you. If you have an agent exercising your rights, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.
To appeal any refusal by us to act on a data subject rights request contact us by email at: [email protected].
We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice, to make the Services available to you, or as instructed by you, unless a longer retention period is required or permitted by law. We may also keep your data for as long as it is needed in relation to a legal claim, complaint, litigation or regulatory proceedings.
We implement a variety of security measures that are reasonably designed to protect the safety of your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction when you enter or submit your Personal Information on the Services. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us via the Internet. IF YOU BELIEVE YOUR PRIVACY HAS BEEN BREACHED THROUGH USE OF THE SERVICES, PLEASE CONTACT US IMMEDIATELY.
For more information about how we secure your Personal Information when using the Services, please see our security page https://consensys.io/security.
When you use the Services, Personal Information about you will be stored in the United States.
Data Analytics are required to provide the Services, improve the Services or for marketing purposes. We collect your consent for these activities where required or where we believe it is correct to do so. This includes analytics completed by Consensys and third-party services that we use. We also describe how we advertise on third-party sites based on the analytics described here.
Subject to consent requirements, we may use first-party analytics to provide the Services, including analyzing the performance of the Services for product improvement, or for marketing purposes as described above. We may also use third-party web analytics services on the Services (subject to your consent), such as those of Google Analytics. These third-party services use the sort of technology described in the “Information Collected Automatically” section above to help us analyze how Users use the Services (such as our websites), including by noting a third-party website from which you arrive. The information collected by the technology will be disclosed to or collected directly by these third parties, who use the information to evaluate your use of the Services. We also use Google Analytics for certain purposes related to advertising, as described above. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-on.
Advertising. Subject to your consent, third-party services, which may include Google Analytics, Google Tag Manager, Hubspot, LivePerson, Segment or LinkedIn, may use cookies and web beacons to collect information about your activities on the Services (such as our websites) to provide you advertising based upon your interests. This means these third-party services may show our ads on sites across the Internet based upon your previous visits to the Services. Together with these third-party services, we may use these cookies and web beacons to report how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to your visits to the Services.
The use of tracking technologies by third-parties, technology partners or other third-party assets (such as social media links) on the site is not covered by this Privacy Notice. We do not have access or control over these technologies.
If you would like to learn more or opt out of receiving online display advertising tailored to your interests, please visit the Networking Advertising Initiative at: www.networkadvertising.org/managing/opt_out.asp or the Digital Advertising Alliance at: http://aboutads.info/choices.
The Services enable you to interact with certain third-party services, decentralized applications, and third-party platforms (collectively "Third Party Platforms"). However, this Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties, including but not limited to those that operate websites to which the Services links. The inclusion of a link on the Services does not imply that we or our affiliates endorse the practices of the linked website. Your use of such Third Party Platforms and those Third Party Platforms' use of your Personal Information is subject to their respective terms of use and privacy notice (if any) and is not subject to this privacy notice.
Where you have sought to interact with a Third Party Platform through the Services and to share Personal Information as required for such interaction, we will seek, where permitted and where possible, to limit the Personal Information shared through the use of proxies.
If our website links to other websites that include our branding, this Privacy Notice does not apply to those other websites. Visitors to those websites are advised to carefully read the notices on those individual websites.
If you are under the age of majority in your jurisdiction of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Sites and subsequently we will delete that information.
In the event of a change in ownership, or a merger with, acquisition by, or transfer or sale of all or a portion of our assets to another entity, we reserve the right to transfer all your Personal Information to that entity. We will use reasonable efforts to notify you of a transfer to an unaffiliated third party (by a posting on our homepage, or by email to your email address that you provided to us, as chosen by us at our discretion).
We reserve the right to amend this Privacy Notice at any time to reflect changes in the law, our data collection, use or sharing practices or advances in technology. We will make the revised Privacy Notice accessible throughout the Services. You should review this Privacy Notice periodically. The “Date of Last Revision" included at the beginning of this privacy notice will indicate when it was last updated.
By continuing to access or use the Services, you are confirming you have read and understand the latest version of this Privacy Notice.
If you wish to lodge a complaint about how we process your Personal Information, please contact us as described in the “Contact Us” section below. We will endeavor to respond to your complaint as soon as possible. You may also lodge a claim with the applicable supervisory authority.
If you have any questions or comments about this Privacy Notice, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us using this form.
Alternatively, you can write to us at: 5049 Edwards Ranch Rd, Fort Worth, TX 76109, United States.
Effective: 18 June 2024
This Supplemental Privacy Notice applies to you only if you are a natural living person and you are located in the European Union, a European Free Trade Association country, Turkey, Switzerland, or the United Kingdom (“EEA+”). If you are located in the EEA+ and engage with the Services, Consensys is the data controller with regard to the provision of the Services. This Supplemental Privacy Notice is incorporated into and forms part of the Consensys Global Privacy Notice.
This Supplemental Privacy Notice provides supplemental notices that are unique to the EEA+ region.
In accordance with our legal requirements in this region, we are required to identify and inform you of the legal basis that we use for the processing of your Personal Information. In this section we provide you with information about the legal bases we rely on when processing your Personal Information.
If you are located in EEA+ our legal basis for processing your Personal Information is described in this section. Please note that more than one legal basis may exist for the processing of your Personal Information:
Consent. This is the case where you have consented to the use of your Personal Information.
Contract.
The performance of the contract is used as the legal basis for the processing of your Personal Information for the purpose of providing the Services to you. For example, we need your Personal Information to provide you with our Services, to perform our obligations associated with our contract with you, such as to create and secure your account, to respond to your inquiries or to take steps that you request prior to signing up for the Services.
Legitimate Interest.
We have a legitimate business interest in processing your Personal Information to provide the Services to our Customers. We only rely on legitimate interest as a legal basis when the legitimate interests do not override your fundamental rights and freedoms associated with privacy and data protection on balance. We ensure we comply with any requests you make to exercise your associated rights. The processing of your Personal Information where legitimate interests are used as the legal basis for the processing of your Personal Information may include the following purposes: to communicate with you, to optimize our Services, for compliance, fraud and safety purposes and to provide the Services.
Legal Obligation.
We may have a legal obligation to process your Personal Information, for example to comply with tax and accounting obligations (which may include anti-money laundering (AML) laws and know-your-customer (KYC) requirements). We may process your Personal Information when necessary to establish, exercise, or defend legal claims.
The Consensys Software, Inc. Data Protection Officer can be reached at: [email protected].
As part of a global business, we need to transfer your Personal Information outside of the EEA +.In this section we describe how we ensure the protection of your Personal information, through the use of safeguards, when we transfer your Personal Information outside the EEA+.
If you provide us with your Personal Information when using the Services from the EEA, Turkey, Switzerland or the UK or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.
When we transfer your Personal Information internationally, we ensure that relevant safeguards are in place to afford adequate protection for your Personal Information and we will comply with applicable data protection laws, by relying on an EU Commission adequacy decision, or the current standard contractual protections for the transfer of your Personal Information or a derogation if one is available.
Please contact us using the methods described at Section 16 of the Global Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal information out of EEA+.
You have the right to contact the appropriate supervisory authority at any time to lodge a complaint regarding the processing of your data. The list of EU supervisory authorities is located here. All other supervisory authorities can be located via a search for their website homepage.
Effective: 18 June 2024
This Supplemental Privacy Notice applies to you only if you are a natural person and you are a resident of any state in the United States with a privacy-related Consumer Protection Law. This Supplemental Privacy Notice is incorporated into and forms part of the Consensys Global Privacy Notice.
Please note that the rules implementing some of these laws have not yet been finalized. We are continuously working to better comply with these laws, and we will update our processes, disclosures, and this notice as these implementing rules are finalized.
This Supplemental Privacy Notice provides supplemental notices that are unique to the US states referenced above.
The Personal Information we may collect, use and share over the next 12 months is set out above in the Global Privacy Notice. Specifically:
Global Privacy Control (“GPC”) is a setting you can enable in your web browser to communicate your privacy preference for not having certain information about your webpage visits collected across websites. For all the details, including how to turn on GPC, visit https://globalprivacycontrol.org/.
In the last 12 months, we have allowed third party ad providers to collect Personal Information from visitors to certain Services (for example, our websites) for the purposes of advertising and analytics. This practice may constitute the “sharing” (which is a term used to address the sharing of information for advertising purposes) of Personal Information. To the extent that our practices constitute the sharing of your Personal Information, you have the right to opt-out of the sharing of your Personal Information with the third parties in this Privacy Notice by contacting us using the methods described at Section 16 of the Global Privacy Notice. You can also opt-out by enabling Global Privacy Control (see Section 2 above).
You have the right to know whether your Personal Information is being sold. We do not sell your Personal Information. Your personal information is “sold” when it is provided to a third party for monetary or other valuable consideration for a purpose that is not a “business purpose” as set forth in the CCPA or other U.S. state data privacy laws. Please note a “sale” does not include when we disclose your personal information at your direction, or when otherwise permitted under law.
We do not sell your Personal Information, so we do not offer an opt out. We may “share” personal information with third parties for personalized advertising purposes as described above. You may indicate your choice to opt-out of the sharing of your personal data with third parties for personalized advertising on third party sites by contacting us using the methods described at Section 16 of the Global Privacy Notice. You can also opt-out by enabling Global Privacy Control (see Section 2 above).
Even if you turn off “sharing,” you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them.
U.S. state privacy laws prohibit businesses from discriminating against you for exercising your rights under the law. Discrimination may include denying services, providing a different level or quality of service, or charging different prices. We do not discriminate.