Privacy Policy
Last Revised: November 15th, 2024
Vana Foundation (we”, “us”, or “our”) is committed to protecting the privacy and data security of all users of our website and related Services, as defined in the Terms of Service.
This Privacy Policy explains how we collect, use, share, and protect personal information in connection with our operations, in compliance with applicable data protection laws, including the Data Protection Act (Revised) of the Cayman Islands (the “DPA”).
By using our Services, you agree to the terms outlined in this Privacy Policy. If you do not agree, you must refrain from using the Services. These terms form a legally binding agreement between you and the Foundation. If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at: support@vanafoundation.org.
Applicability of this Privacy Policy
We provide technology to enable users to participate in a de-centralized distributed network that allows users to own, govern, and monetize their own user data (the “Vana Network”).
This Privacy Policy applies to personal information collected by the Foundation in connection with the operation of our website(s) and other Services that reference this Privacy Policy. It governs personal information voluntarily submitted to use through website forms, inquiries, and other interactions, along with automatically collected information, such as log data and cookies, necessary to ensure the functionality and security of our platform.
This Privacy Policy does not apply to personal information collected or processed by third party users, DLPs, validators, DAOs, or other entities that participate in the Vana Network (“Vana Network Participants”). We have no control or agency over the actions or inactions of such Vana Network Participants. They operate independently of the Foundation and are subject to their own policies and practices.
1. PERSONAL INFORMATION WE COLLECT
Information You Provide To Us
We collect personal information you submit directly to us, including:
- Contact Information: Name, email address, and other identifying details provided through our contact forms, email inquiries, or event registrations;
- Feedback or correspondence: Comments, suggestions, or other input shared with the Foundation regarding the Services or broader ecosystem initiatives.
- User Interface Content: Unstructured data, text, messages, files, images, videos, or other content submitted directly to us for processing. We collect personal information from you to the extent your submissions contain personal information and we will only use such personal information in accordance with this Privacy Policy.
- Marketing information: if you sign up to receive emails or other marketing information, we collect personal information, such as your preferences for receiving communications about our activities, services, and publications, and details about how you engage with our communications.
- Publicly available blockchain activity data: Information relating to or needed to complete transactions on or through the Services (including Wallet address, transaction number, transaction sender and recipient, transaction amount, and transaction history), as well as information relating to other on-chain activity associated with your publicly available Wallet address, such as applications you have interacted with on the blockchain.
- Promotion data: Information you share when you enter a competition, promotion or complete a survey.
- Other information: we may collect other personal information that you provide to us which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
Automatic Data Collection
We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state, or geographic area.
- Online activity data, such as pages or screens you viewed within the Services, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection:
- Cookies, which are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
Information from Outside Sources
We may obtain information about you from outside sources, including information that we collect directly from third parties and information from third parties that you choose to share with us. Such information may include:
- Public sources, such as public records, social media platforms, public blockchains, and other publicly available sources.
- Data providers, such as information services and data licensors.
- Partners, such as marketing and promotional partners or other third parties with which we integrate or otherwise connect in order to provide the Services.
- Service providers that provide services on our behalf or help us operate the Services or our business, including analytics service providers such as Google Analytics.
- Third-party services, such as social media services, that you use to log into, or otherwise link to the Services, and any Wallet(s) or services that you link to the Services.
2. HOW WE USE YOUR PERSONAL INFORMATION
We may use your personal information as specified below:
To operate our Services. It is in our legitimate business interests to use your personal information to:
- Provide, operate, and improve our Services and our business;
- Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
- Provide support, and respond to requests, questions, and feedback.
For research and development. It is in our legitimate business interests to analyze and improve the Services and to develop new products and services, including by studying use of our Services.
For marketing and advertising. If you have signed up or otherwise elected to receive marketing communications, we and our advertising partners may collect and use your personal information for marketing and advertising purposes. For example, we may from time-to-time send you direct marketing communications via email and text message, including, but not limited to, and notifying you of special promotions and offers. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section of your "Privacy Choices" below.
To comply with law. We may use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. We may use your personal information to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
To create anonymous data. We may use your personal information to create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by restructuring it or removing information in a way that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services, conduct research, and promote our business.
3. LEGAL BASIS FOR PROCESSING PERSONAL DATA
We consider it necessary to collect and use your Personal Data for the purposes described above, and we do so on the following legal bases:
- Consent-based processing: We process personal information on the basis of your informed consent, which may be withdrawn at any time. Examples include: Subscriptions to Foundation newsletters or updates; participation in events or surveys hosted by the Foundation.
- Legitimate Interests: Where processing is necessary to pursue the Foundation’s legitimate interests, it is balanced against your fundamental rights and freedoms. Examples include: Ensuring the functionality, security, and performance of our Services; analyzing usage data to improve user experiences; complying with the performance of a contract.
- Legal and Regulatory Compliance: The Foundation processes personal information to fulfill obligations under applicable Cayman Islands laws, such as responding to legitimate government or regulatory requests, and to comply with globally recognized data protection frameworks.
- Vital Interests: Processing is necessary in order to protect the vital interests of you as a Data Subject or of another natural person.
The Processing of personal information may be permissible under multiple of the above categories.
4. SHARING OF YOUR PERSONAL INFORMATION
Your Sharing: When you participate in the Vana Network, you may be able to provide your personal information to Vana Network Participants, including for monetary or other compensation. You agree and acknowledge that we are not affiliated with the Vana Network Participants, so please do not share any personal information with any Vana Network Participants without first doing your own due diligence.
Each Vana Network Participant’s use and processing of your personal information will be done in accordance with their respective Privacy Policies. If you have questions or concerns regarding a Vana Network Participant’s processing of your information or would like to exercise any rights that you may have with respect to information processed by a Vana Network Participant, please contact the corresponding Vana Network Participant.
Our Sharing: We may share your personal information in the following circumstances:
- Service providers. We may share your personal information with third-party companies and individuals that provide services on our behalf or help us operate our Services (such as user support, hosting, analytics, email delivery, marketing, and database management services). Although the Foundation often cannot directly monitor the processing of your personal information when provided to third party service providers, we seek to require such third parties to take reasonable and appropriate security measures to protect your personal information in accordance with this Privacy Policy.
- Advertising partners. If you have signed up or otherwise elected to receive marketing communications, we may share your personal information with third-party advertising companies, including for the interest-based advertising purposes described above.
- Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention, and safety purposes described herein.
- Business transfers. We may sell, transfer, or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.
The Foundation may transfer or provide access to your personal information, for legitimate purposes, to service providers across jurisdictions (including jurisdictions other than the jurisdictions applicable to you as a data subject) and entities in accordance with this Privacy Policy, data protection agreements, and intercompany agreements, all of which are intended to be aligned with Data Protection Laws applicable to you as a data subject. Third parties may be provided possession, control, or access to certain or all of your personal information for processing in order (i) to provide and maintain the Services; (ii) to comply with, or assist compliance with, applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries; (iii) in connection with an asset sale, merger, bankruptcy, or other business transaction; (iv) to enforce any terms of service; (v) to ensure the safety and security of the Foundation and/or its users; (vi) when you seek or request us to share certain information with third parties, such as through your use of login integrations; (vii) with professional advisors, such as auditors, law firms, cybersecurity, data analysis or consulting, or accounting firms; and (vii) in connection with aggregated data that may be shared with the general public and users of our Services.
5. PRIVACY CHOICES
You have the following choices regarding our collection and use of your personal information:
Opt-out of marketing communications. You can opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the emails you receive from us. If you do so, you will continue to receive service-related and other non-marketing emails until you cease using our services linked to those service updates.
Privacy rights. You have the right to submit requests about your personal information, depending on your location and the nature of your interactions with our Services, for:
- Information about how we have collected and used your personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
- Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction of personal information that is inaccurate or out of date.
- Deletion of personal information that we no longer need to provide our services or for other lawful purposes.
- Additional rights, such as to object to and request that we restrict our use of your personal information, and where applicable, to withdraw your consent.
To make a request, please email us as provided in the “Contact Us” section below. We may ask for specific information from you to help us confirm your identity. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our Services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
Use the following links to learn more about how to control cookies and online tracking through your browser:
Firefox; Chrome; Microsoft Edge; Safari - Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Google Analytics. We use Google Analytics to help us better understand how people engage with the Services by collecting information and creating reports about how users use our Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
- Using privacy plug-ins or browsers. You can block our Services from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third-party cookies/trackers.
- Platform opt-outs. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
Google
Facebook - Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Digital Advertising Alliance
Network Advertising Initiative
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Limits on your choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “Contact Us” section below.
Do Not Track. Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
6. THIRD-PARTY SERVICES
Our website and services can contain links to websites and other online services operated by third parties. In addition, our content can be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of or representation that we are affiliated with any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.
Certain transactions conducted via our Services may require you to connect a compatible Digital Asset Wallet ("Wallet") to the Services. By using such Wallet to conduct such transactions via the Services, you agree that your interactions with such Wallets are governed by the privacy policy for the applicable Wallet. Wallets are not maintained or supported by, or associated or affiliated with, the Foundation. Please see our Terms of Service for further information relating to our liability for actions arising from your use of Wallets, including but without limitation, actions relating to the use and/or disclosure of personal information by such Wallets.
7. CHILDREN’S PRIVACY
Our services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.
8. INFORMATION SECURITY AND RETENTION
We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect. The Foundation uses certain systems and applications to help protect personal information, which also provide, in certain cases, the following capabilities: (i) the ability to anonymize and encrypt personal information; (ii) the ability to reasonably restrict access to and protect confidentiality, integrity, availability, and resilience of processing personal information; (iii) the ability to restore availability and access to personal information in a reasonably timely manner in the event of a physical or technical incident; and (iv) a process for annual testing, assessment, and evaluation of the effectiveness of controls relating to the Services. Please be aware that despite our reasonable efforts to protect your information, no security measures are impenetrable, and we cannot guarantee “perfect security.”
In addition, please note that any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to send us sensitive or confidential information.
We retain your personal information for as long as appropriate to fulfill the purposes for which we collected it, as specified in this Privacy Policy. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will update the “Last Revised” date at the top of this Privacy Policy, use reasonable efforts to notify you (such as by posting notice of such changes on the Services or by other means consistent with applicable law), and take additional steps as required by applicable law. .
If you do not agree to any updates to this Privacy Policy, please do not access or continue to use the Services. The use of the Foundation’s websites after any updates constitutes an acknowledgement of having read and understood the Policy.
Contact Us
For inquiries or to exercise your rights, please contact our designated Data Protection Officer ("DPO") by email at support@vanafoundation.org or at the following mailing address:
Vana Foundation
c/o Highvern Cayman Limited
Second Floor, Elgin Court, Elgin Avenue, PO Box 448,
Grand Cayman, KY1-1106
Cayman Islands