Privacy Policy

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. It may include name, usernames, email addresses, or other contact data. All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.

Payment data

We may collect data necessary to process your payment if you make purchases, such as your payment wallet address, payment instrument number, and the security code associated with your payment instrument.

Mobile device access & application data

We may request access to your mobile device's camera, storage, Bluetooth, and other features. If you wish to change our access or permissions, you may do so in your device's settings. If you use our application(s), we may also collect location data if you choose to provide us access.

Device data

We automatically collect device information (such as your device ID, model, manufacturer, operating system, browser type, hardware model, ISP and/or mobile carrier, and IP address). This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

Push notifications

We may request to send you push notifications regarding your account or features of the application(s). You can opt out at any time in your device's settings.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, IP address, language preferences, referring URLs, location, Web3auth login data, Unhosted Wallet Connect data, connected wallets data and transaction history, and similar technical information.

Recipients of the data

Personal data is accessed and processed only by those with a legitimate need:

• Internal departments: authorized personnel within Customer Support, IT, Compliance, and other relevant departments on a need-to-know basis.
• Service providers: third-party partners (e.g., cloud hosting, database management) processing data under our Data Processing Agreements.
• Legal authorities: government bodies, regulatory authorities, or law enforcement where required by law.

2. Why do we process your information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent, including:

• To facilitate account creation, authentication, and account management.
• To request feedback about your use of our Services.
• To protect our Services, including fraud monitoring and prevention.
• To identify usage trends and improve our Services.
• To determine the effectiveness of our marketing and promotional campaigns.
• To save or protect an individual's vital interest.

Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by applicable laws (tax, accounting, anti-money laundering). When no longer needed, we delete or anonymize it. If immediate deletion isn't possible (e.g., backups), we securely isolate it from further processing until deletion is feasible.

Social media

Our website may contain links to our official social media pages. Interactions with those pages are governed by the relevant platform's own privacy policies — we don't control them.

3. Legal bases we rely on

We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are in the EU or UK

The GDPR and UK GDPR require us to explain the valid legal bases we rely on. We may rely on:

• Consent — you can withdraw it at any time.
• Legitimate interests — to analyze how our Services are used, support marketing, diagnose problems and prevent fraud, and improve user experience.
• Legal obligations — to comply with law, cooperate with regulators, or exercise/defend legal rights.
• Vital interests — to protect the vital interests of you or others.

If you are in Canada

We may process your information with your express or implied consent, which you can withdraw at any time. In limited exceptional cases, applicable law may permit processing without consent (e.g., investigations, fraud prevention, business transactions, witness statements, court orders, journalistic purposes, publicly available information).

4. When and with whom we share personal information

• Vendors and service providers. Hosting providers, customer service vendors, cloud services, content delivery, data warehouse, support and safety monitoring, email communication software, web analytics, payment and transaction providers. They access, process, or store Personal Data only in the course of performing their duties to us.
• Business transfers. If we are involved in a strategic transaction, reorganization, bankruptcy, receivership, or transition of service, your Personal Data may be disclosed in diligence and transferred to a successor or affiliate.
• Government authorities or other third parties. Where required by law, to defend our rights, to detect or prevent fraud or illegal activity, or to protect the safety of users or the public.
• Affiliates. Entities under common control with UNHOSTED, used in a manner consistent with this Privacy Policy.

5. Cookies and tracking technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.

6. How long do we keep your information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, AML or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if not possible (e.g., backup archives), securely store it and isolate it from any further processing until deletion is possible.

7. How do we keep your information safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. Do we collect information from minors?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under 18, contact us at hi@unhosted.com (Ref: Privacy).

9. What are your privacy rights?

In some regions (like the EEA, UK, and Canada), you have certain rights under applicable data protection laws. These may include the right to (i) request access and obtain a copy of your personal information, (ii) request rectification or erasure, (iii) restrict processing, and (iv) where applicable, data portability. You may also have the right to object to processing in certain circumstances.

You can make such a request by using the contact details in section 13. We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority. Find their contact details at ec.europa.eu. Swiss residents can reach the FDPIC at edoeb.admin.ch.

Withdrawing your consent

If we are relying on your consent, you have the right to withdraw it at any time by contacting us at the address below or updating your preferences. Withdrawal will not affect the lawfulness of processing before withdrawal.

Account changes & termination

You can review or change your account info or terminate your account at any time. Upon a termination request, we will deactivate or delete your account from our active databases, retaining some information only as necessary to prevent fraud, troubleshoot, assist investigations, enforce our legal terms, and comply with applicable legal and AML requirements.

Cookies

Most web browsers accept cookies by default. You can usually set your browser to remove or reject cookies — note that this could affect certain features of our Services. If you have questions about your privacy rights, email hi@unhosted.com.

10. Controls for Do-Not-Track features

Most browsers and some mobile OSes include a Do-Not-Track ("DNT") feature. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we'll inform you in a revised version of this Privacy Policy.

11. Do California residents have specific privacy rights?

Yes. California Civil Code Section 1798.83 ("Shine The Light") permits California residents to request, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all such third parties. Submit requests in writing using the contact information below.

If you are under 18, reside in California, and have a registered account with Services, you can request removal of unwanted data you publicly post on the Services by contacting us. We will ensure the data is not publicly displayed on the Services, but it may not be completely removed from all our systems (e.g., backups).

12. Updates to this policy

We may update this Privacy Policy from time to time. The updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently.

13. How can you contact us about this policy?

The data controller for the processing of your personal data is Unhosted AG. If you have any questions, requests, or concerns regarding your personal data, please contact us:

hi@unhosted.com (Ref: Privacy)

Unhosted AG
Bahnhofstrasse 7
6300 Zug, Switzerland

14. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us at hi@unhosted.com (Ref: Privacy).