1. Introduction

Welcome to StarkDeFi, hereafter referred to as “StarkDeFi”, “we”, “us” or “our”, a website-hosted user interface managed and operated by StarkDeFi Labs. We act as the data controller of the processing of your personal data. It means that we decide “why” and “how” your personal data is processed in connection with the Interface.

At StarkDeFi one of our main priorities is the privacy of participants visiting our website accessible at https://www.starkdefi.com (the “Website”) and using StarkDeFi dApp accessible at https://starkdefi.com/#/swap (the “dApp”) (collectively with the Website, referred to as the “Interface”). That’s the reason why we try our best to collect as little of your personal data as possible. However, since we still need to collect and process some personal data, we have put in place policies and practices to ensure it all goes smoothly and everything is secured.

This privacy policy is intended to inform you about the processing of your personal data we carry out when you access and/or use our Interface (the “Privacy Policy”, the “Policy”). Therefore, it applies to all your interactions with us via our Interface, and your interactions with us in connection therewith. We advise you to carefully read this Policy to understand how we collect and process the data and for which purpose.

This Privacy Policy is however not applicable to any processing of data collected via channels other than the Interface (including any other services or applications provided by third parties). For those, we advise you to consult the corresponding privacy policies.

2. Categories of Data We Process

2.1. Data you voluntarily provide to us when using the Interface

• any identification and contact data such as your email address, your name, and any other personal data you provide to us when communicating with us (in limited circumstances, e.g. when reaching out to our support service or applying to become a contributor);

• any data related to your use of the Interface (e.g., wallet addresses (public blockchain addresses), transaction, and balance information (blockchain data) that is accessible when interacting with the Interface);

• any personal data required to comply with anti-money laundering (AML), know-your-client (KYC), and know-your-business (KYB) verification requirements, when applicable.

In some cases, the provision of your personal data is necessary in order to provide you with access to certain products available via our Interface and/or the information you request. In any case, we will inform you when the communication of your personal data is necessary.

2.2. Third-Party Services

We may integrate services and technologies from third parties into some functionality of the Interface, for example connected to performance and security infrastructure as a proxy between you and the dApp. The third-party may also collect your private information, for example your IP address.

We also use cookies and similar tracking technologies to automatically collect data from and store information on your device when you use, access, or otherwise interact with our Interface.

We may use Google Analytics to analyze user behavior on the Interface. For more information on how Google Analytics processes your personal data, please refer to the Google Analytics Privacy & Terms.

Should you wish to opt out of automatic data collection, you have the option to disable cookies. For more information on cookies and other tracking technologies, as well as instructions on how to disable them, please refer to Section 6 of this Policy (Cookies and Other Tracking Technologies).

2.3. Blockchain Data

Please note that we are not responsible for (i) your use of Starknet, Ethereum or any other blockchain and (ii) the use of your personal data as processed in these decentralized and permissionless blockchain networks. Your private key which you utilize to access your Starknet, Ethereum or other blockchain funds and initiate transactions is stored only on your own device. You should also be aware that due to the inherent transparency of the blockchain networks, transactions that you approve when using the Interface may be publicly accessible. This includes, but is not limited to, your public sending address, the public address of the receiver, the amount sent or received, and any other data a user has chosen to include in a given transaction. Transactions and addresses available on blockchain may reveal personal data about the user’s identity, and personal data can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement. We encourage you to review how privacy and transparency on the blockchain network work.

3. How and Why We Use Your Personal Data

In the table below, you will find the various purposes for which we may process your personal data and the corresponding legal basis. Depending on the circumstances, we use different legal bases to process the same personal data for different purposes.

You also have specific rights depending on the legal basis applied. You always have the right to request access to, rectification of, or deletion of your personal data. These are detailed below in this Policy (Your rights).

We process your personal data for the following purposes and on the following legal bases:

4. Sharing Your Personal Data

In the context of processing your personal data in accordance with this Policy, we may communicate your personal data to the following recipients, if necessary:

• our subsidiaries or affiliates (if any) only if necessary for operational purposes;

• other third-party service providers, external suppliers, contractors, and agents to the extent that they assist us in carrying out the purposes set out in this Policy;

• competent courts, public authorities, government agencies, and law enforcement agencies to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to in response to subpoenas, search warrants, or court orders;

• third parties in connection with a merger, division, restructuring, change of control, bankruptcy or other organizational change;

• third parties which may collect your personal data on our Interface via cookies, web beacons, and similar tracking technologies, subject to your prior consent;

• third-party business partners to assist such partners’ investigations including into known cybersecurity breaches or cyber-hacks, or in case of a serious crime that is likely to affect users of our Interface. In this case, we disclose information only to our trusted business partners based on the duration and quality of our business relationship, the reputation and regulatory status of the partner, and the requirements of the applicable data protection legal framework. We will only communicate your personal data if we have sufficient legitimate interest to do so.

We will only communicate your personal data to any recipient on a need-to-know basis and only when the processing by the recipient is strictly limited to the purposes identified in this Policy. We do not sell your personal data.

5. Data Retention Period

We retain your personal data only for as long as necessary for the purposes for which it has been collected, as specified in this Policy, and in accordance with the applicable laws. This means that the retention periods we apply may vary depending on the purpose for which we process your personal data.

When determining the appropriate retention period, we consider the category and amount of personal data, potential risks and harm that may arise from unauthorized access or disclosure, the specific purposes for which the data is processed, the availability of alternative mean to achieve those purposes, and the applicable legal requirements.

We also retain personal data to comply with legal and regulatory obligations that may apply to us. Sometimes business and legal requirements oblige us to retain certain data, for specific purposes, for an extended period (e.g., to comply with AML compliance requirements, or record-keeping obligations imposed by applicable accounting, financial, or regulatory laws).

In some situations, we may anonymize personal information about you so that it can no longer be used to identify you. In such cases, we can use this information indefinitely without further notice to you.

6. Cookies and Other Tracking Technologies

Cookies and similar tracking technologies, such as “Flash” cookies, “local storage”, etc., (the “cookies”) are text files that can be stored on your devices when you visit an online service such as an application or a website. Cookies are used to store information on the user's device so that it can be accessed later.

As you navigate through and interact with the Interface, different types of cookies may be placed on your device and we may ask your consent to use those cookies. These cookies may be placed directly by us or by third parties. The data we collect automatically includes statistical and performance information arising from your use of the Interface. This type of data will only be used by us in an aggregated or anonymized manner.

Except for cookies that are necessary for the proper functioning of the Interface, you are free to refuse the deposit of cookies on your device at any time. If you do not want cookies to be placed or read on your device and choose this option when presented to you, a refusal cookie will be stored on your device so that we can keep track of your choice. If you delete this cookie, we will no longer be able to know that you have refused the use of cookies. Similarly, when you consent to accept cookies, a consent cookie is placed on your device.

You can choose to disable cookies through your individual browser options. The settings for each browser are different. They are described in the help menu of your browser, which will enable you to know how to change your cookies preferences.

Lastly, www.allaboutcookies.org provides further information on how to manage your cookies preferences.

7. Your Rights

In accordance with the applicable personal data protection regulation, including the General Data Protection Regulation, you have the following rights:

Right to access

You have the right to request confirmation from us as to whether we handle your personal data and in such a case receive a copy of your personal data together with additional information on our use of your personal data. Please note that the right to a copy of your personal data may not adversely affect the rights of others.

Right to rectification

You have the right to request that we rectify or supplement your personal data if you consider that your personal data is incorrect, incomplete, or misleading.

Right to withdraw your consent

For certain use of your personal data, we might rely on your consent. For information on when we rely on your consent for the use of your personal data, please see the information on the purposes for which we collect, use and share your personal data. When we use your personal data based on your consent, you have the right to at any time withdraw your consent. When you have withdrawn your consent, we will not continue to use your personal data based on the consent previously provided.

Right to erasure

You have in certain situations the right to request erasure of your personal data ("the right to be forgotten"). Accordingly, the right to erasure is subject to certain conditions. For example, the right to erasure applies if we keep your personal data but no longer the personal data for the purposes for which it was collected, if you withdraw your consent which we rely on for our use of your personal data, or if you object to our use of your personal data and we cannot show a compelling reason to further use your personal data notwithstanding your objection.

There are also several exemptions from the right to erasure, including if we are obligated under law to keep your personal data or if the personal data is needed to exercise, manage, and defend legal claims.

Right to object to our use of personal data

In certain situations, you have the right to object to our use of your personal data. Where we rely on our or another's legitimate interest for the use of your personal data, you have the right to object to the use for reasons which relates to your particular situation. You can see above in relation to each purpose for which we collect, use and share your personal data if we rely on a legitimate interest for the use of your personal data. If we cannot show a compelling reason to continue to use your personal data, we will stop using your personal data for the relevant purpose.

You always have an unconditional right to object to our use of your personal data for direct marketing purposes.

Right to request restriction of your personal data

In certain situations, you have the right to request restriction of your personal data which means that you can, at least for a certain period, stop us from using your personal data. The right to request restriction of your personal data applies if you consider that the personal data about you is incorrect and during the period that we verify this, if the use of your personal data is unlawful and if you wish that we continue to store your personal data instead of deleting the personal data, and if we no longer need your personal data for the purposes for which we collected the personal data, but you need the personal data to manage, defend or exercise legal claims and rights.

You also have the right to request restriction of your personal data if you have objected to our use of your personal data and during the period, we verify whether we have a compelling reason to continue to use your personal data.

If the use of your personal data has been restricted, we are normally only allowed to store your personal data and not use them for any other purpose than to manage, defend or exercise legal claims and rights. We can also use your personal data for other purposes if you have given your consent to such use.

Right to copy of certain personal data and transfer of the personal data to an external recipient (data portability)

The right to data portability means that you have a right to receive a copy of the personal data that you yourself has provided to us in a structured commonly used format. Moreover, where it is technically feasible, you also have the right to request that the copy of your personal data is transferred directly to an external recipient.

Right to lodge a complaint

You have the right to lodge a complaint with your supervisory authority.

Country Specific Rights

You may also be granted specific rights as regards our processing of your personal data depending on the law applicable in the country you are residing in. You may contact us should you have any questions in that regard.

Also, keep in mind that many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of personal data, in particular when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled or operated by us, we are not able to erase, modify, or alter your personal data from such networks.

8. How to Exercise Your Rights

If you wish to exercise your rights, you may contact us by using the contact information provided in Section 9 of this Policy (Contact Us). To be able to process your request efficiently, we may ask you to provide additional information to confirm your identity and/or to help us retrieve the personal data related to your request.

9. Contact Us

If you have any questions regarding the processing of your personal data under this Policy, including the exercise of your rights as detailed above, you can contact us by email at [email protected]

10. Changes to this Privacy Policy

We periodically review this Policy to ensure it is compliant and up to date with applicable data protection regulations. We will post updates on this page accordingly. Therefore, we encourage you to review this Policy regularly. Any modifications will take effect when posted or on the date specified as the effective date (if any). Your continued access to and use of the Interface indicates your acknowledgment and acceptance of the updated Privacy Policy.