Privacy Policy

Last Update: May 21, 2025

Please click here to view the previous version of our Privacy Policy.

California Notice at Collection/State Law Privacy Rights: See the ‘State Law Privacy Rights’ section below for important information about your rights under applicable state privacy laws.

European Users: Please see the ‘European Privacy Notice’ section below for additional information for individuals located in the European Economic Area, the United Kingdom, or Switzerland (which we refer to as “Europe,” and “European” should be understood accordingly).

Introduction

This privacy policy (“Privacy Policy”) explains how Solana Labs, Inc. and its subsidiaries (collectively “Solana Labs,” “our,” “we,” or “us”) collects, uses, and discloses information about you. This Privacy Policy applies when you access and use any of the websites we operate (the “Website” or “Websites”) and our other online products and services that link to this Privacy Policy (collectively with Website(s), the “Service” or “Services”) and when you contact our customer service team, engage with us on social media, or otherwise interact with us. Products and services outside of the Services described herein are not subject to this Privacy Policy. For example, if you are a user of a Solana mobile device and/or the Solana dApp Store, please see our Mobile Device and dApp Store Privacy Policy for information concerning how Solana processes your personal information in connection with these products and services.

This Privacy Policy also does not apply to information that we process on behalf of our business customers while providing our products and services to them (e.g., where business customers provide or make available to us data regarding their own customers or end users). We use the personal information we receive from our business customers solely on the instructions of our business customers, as governed by our agreements with those business customers. If you have concerns regarding personal information that we process on behalf of one of our business customers, please direct your concerns to that customer.

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we will use it.

Contacting us

If you have any questions about this Privacy Policy, please contact us using the following contact information:

Solana Labs, Inc. 530 Divisadero St. PMB 722 San Francisco, CA 94117 privacy@solana.com

If you are located in the European Union, pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed the European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact the EDPO regarding matters pertaining to the GDPR by using the EDPO’s online request form: https://edpo.com/gdpr-data-request/, or in writing to the EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

If you are located in the UK, pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as its UK GDPR representative. You can contact EDPO UK regarding matters pertaining to the UK GDPR by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/, or in writing to the EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

What information do we collect?

This section describes the types and categories of personal information we may collect, and how we may use that information.

Information you provide us directly

We collect information you provide directly to us. For example, you share information directly with us if you contact us, fill out a form, make a purchase, contact us via third-party platforms, participate in a contest, promotion, product trial, or survey, or provide feedback, request customer support, or otherwise communicate with us.

The types of personal information we may collect include:

  • Contact and profile data, such as your name, email address, Telegram address, postal address, phone number, the name of the company you work for, links to your profile on social media, and any content you may provide in connection with building your profile on the Services.
  • Account data, such as the username and password that you may set to establish an account through the Service and any other information you may add to your account.
  • Transactional and payment data, such as information relating to or needed to complete your orders on or through the Services and payment information needed to complete transactions, including credit card information, one or more wallet addresses, and any other payment information that you may provide.
  • Marketing data, such as your preferences for receiving our marketing communications.
  • User-generated content, such as personal information comprised in photos, images, music, videos, comments, questions, messages, works of authorship, feedback and other content or information that you generate, transmit, or otherwise make available on the Services.
Automatically collected information

When you access or use our Services, or otherwise transact business with us, we automatically collect certain categories of personal information, including:

Device and Usage Information. We may collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, general location data, unique device identifiers, browser type, and app version.

Online activity data, such as information about your activity on our Websites or other Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Websites or other Services.

Location Information. In accordance with your device permissions, we may collect information about the location of your device. You may stop the collection of location information at any time by adjusting your device settings.

Third-Party Site Interactions. Our Services may collect information about your use of third-party websites and platforms that have enabled integrations with our Services, for example, whether you have clicked on an advertisement, the website address of the site that published this advertisement, and other associated information. This personal information may be combined with other information obtained from advertising networks and other sources to create more accurate data about your viewing and click-through activity with these advertisements. If you believe your personal information has been used in this manner, you should consult the privacy notices posted on these third-party sites for more information about the use of your personal information and your associated rights.

Some of the automatic collection described above is facilitated by cookies and other tracking technologies. For example, our Websites may use tracking technologies, such as cookies, pixels, web beacons, and Javascript tags, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Websites and your experience, see which areas and features of our Websites are popular, and count visits. We also use cookies to enable us to provide you with the service specifically linked to your user profile when you create one, and are required for the Websites and Services to function. Web beacons are clear image files that we use on our Websites and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. Javascript tags are similar to these other tracking technologies, but may also collect information about how you use our Websites, including which areas you visit and what data you may enter into forms. We may also use one or more of these tracking technologies. to enable cross-context behavioral advertising on other sites, and to understand the effectiveness of our marketing campaigns.

Information we collect from other sources

We also obtain information from third-party sources. For example, we may collect information about you from public sources, identity verification services, data analytics providers, and mailing list providers (if applicable, and where we are permitted to do so). We may combine this information with other information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in a personally identifiable format.

Collection and processing of sensitive information

The Websites and Services do not intentionally collect or process ‘sensitive personal information’ that comprises data describing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning a natural person’s sex life or sexual orientation, and government-issued identifiers.

If you provide account information related to financial institutions and services when interacting or otherwise using one of our contracted payment processors, we do not process this category of data directly.

We ask that you exercise caution when sharing personal information and avoid sharing sensitive information when you do so.

How do we use your personal information?

We use the personal information we have collected for the following purposes:

Service delivery and operations

  • Provide, maintain, and secure our Websites and Services;
  • Establish and maintain your account, if and when you create an account profile;
  • Send you technical notices, security alerts, and support and administrative messages;
  • Assess and respond to your inquiries;
  • Respond to your comments and questions and provide customer service; and
  • Communicate with you about the Services.

Service personalization

  • Understand your needs and interests;
  • Personalize your experience with the Services and Services-related communications; and
  • Remember your selections and preferences as you navigate web pages.

Service improvement, research and analytics

  • Monitor and analyze trends, usage, and activities in connection with our Services;
  • Improve the Services, improve the rest of our business, help us understand user activity on the Services and user interactions with our emails, and to develop new products and services; and
  • Enroll you in various surveys, interviews, and focus groups in order to receive feedback about your use of our Services and gain insights into how we can improve them;

Events, promotions and contests

  • Administer contests, sweepstakes, and promotions (including to process and deliver entries and rewards)
  • Communicate with you about contests, sweepstakes, and promotions in which you may participate; and
  • Hold and administer events and/or contact or market to you after collecting your personal information at an event.

Marketing and advertising

  • Interest-based advertising. To display personalized or targeted content to you, and to display targeted advertising on third-party websites.
  • Direct marketing. To send you direct marketing communications.

Compliance and protection

  • Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity;
  • Protect our, your or others’ rights, privacy, safety or property (including by assessing, making and defending legal claims);
  • Audit our internal processes for compliance with legal and contractual requirements or our policies;
  • Enforce the terms and conditions that govern the Services;
  • Debug, identify and repair errors in our Services; and
  • Comply with our legal and financial obligations, including lawful requests and legal process.

Business transactions

  • Facilitate actual or prospective business transactions (as those business transactions are described in fuller detail below in ‘When do we share personal information?’).
  • Share certain personal information in the context of those actual or prospective business transactions.

To create aggregated, de-identified and/or anonymized information

  • We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

Further uses

  • Carry out any other purpose described to you at the time the information was collected.
  • Use your already-collected personal information for further uses, in which case we will ask for your consent to use your personal information for those further purposes if they are not compatible with the initial purpose for which information was collected.
When do we share personal information?

Except as described in this Privacy Policy, we will not disclose your personal information that we collect on the Service to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

  • Affiliates, such as parent, subsidiary and affiliated entities;

  • Service providers. We share personal information with vendors, service providers, and consultants that need access to personal information in order to perform services for us, such as companies that assist us with web hosting, software development, fraud prevention, identity verification, customer service, and marketing and advertising;

  • Payment processors. Any payment card information you use to make a purchase on the Services is collected and processed directly by our payment processors;

  • Advertising partners. Third-party advertising companies for the advertising purposes described above;

  • Data and marketing partners. Third parties with whom we partner, including parties to whom we may license certain data and parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you;

  • Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so;

  • Linked third-party services. If you link an account for a Service to a third-party service (e.g., for log-in purposes or to connect a wallet), we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service;

  • Authorities and others. We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of our users, the public, or others or us. We may also disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;

  • Professional advisors. We share personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests;

  • Business transferees. We may share personal information in connection with, or during negotiations concerning, any business transaction, including any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company or in the event of any bankruptcy or dissolution event – for example, we may need to share certain personal information with prospective counterparties and their advisers;

  • Other users and the public. Your profile and certain other user-generated content may be visible to other users of the Services or the public. For example, you may choose to make your profile or other personal information available to others through the Services, such as when you provide comments, reviews, survey responses, or share other content. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information; and

  • We also share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful business purpose.

Your choices

In this section, we describe the rights and choices available to all users. Users located in Europe or states subject to the U.S. state privacy notice, below, can find additional information in the “European privacy notice” and “U.S. state privacy notice,” respectively.

Opt-out of communications. If you receive marketing emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving marketing emails from us, and any other promotional communications that we may send to you from time to time (e.g., by postal mail) by sending your request to us by email at privacy@solana.com or by writing to us at the address given in the ‘Contacting Us’ section of this Privacy Policy.

Please be aware that if you opt out of receiving marketing emails from us, it may take up to ten business days for us to process your opt-out request, and you may receive marketing emails from us during that period. Additionally, even after you opt out of receiving marketing messages from us, you will continue to receive security-related, administrative, and transactional messages from us regarding your use of the Services.

Access. You may access and update many categories of personal information that we have collected and hold about you. If you have a user account with one of our Services, you can access your information by logging in to your account and accessing your account settings. If you don’t have an account and if you wish to access or amend any other personal information we hold about you, you may request access by contacting us at privacy@solana.com, or by writing to us at the address given in the ‘Contacting Us’ section of this Privacy Policy.

Delete your content or close your account. You may request that we delete your personal information in our possession or control or close your account by contacting us at privacy@solana.com. We will do so where reasonably practicable within a reasonable period of time, but we may need to retain some of your personal information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com. We respond to global privacy control signals as detailed in our U.S. State Privacy Notice, below.

Cookies and other technologies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Services may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Advertising choices. You may be able to limit the use of your information for interest-based advertising through the following settings/options/tools:

  • Browser settings. Changing your internet web browser settings to block third-party cookies.
  • Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.
  • Platform settings. Certain platforms offer opt-out features that let you opt-out of the use of your information for interest-based advertising. For example, you may be able to exercise that option for Google and Facebook, respectively, at the following websites:
    • Google: https://adssettings.google.com/
    • Facebook: https://www.facebook.com/about/ads
  • Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
    • Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
    • Digital Advertising Alliance: optout.aboutads.info.

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes. We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

How long do we keep your personal information for?

We store your personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.

To determine the appropriate retention period for personal information, we consider the reason for which retention is required, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal requirements.

Aggregated and anonymized data that no longer identifies the user of the Service is maintained for the purposes necessary to provide the Services and for our other lawful business purposes.

What is our policy on children?

Our Services are not directed to users under the age of 18, and we do not knowingly collect personal information from children under the age of 18 without obtaining parental consent. If we learn that we have collected personal information from a child under the age of 18 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such personal information on our Services, please notify us at privacy@solana.com.

European Privacy Notice General

Where this European Privacy Notice applies. This ‘European Privacy Notice’ section applies only to individuals located in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland (i.e., “Europe” as defined at the top of this Privacy Policy).

GDPR Personal Data. References to “personal information” in this Privacy Policy should be understood to include a reference to “personal data” as defined in the “GDPR” (i.e., the General Data Protection Regulation 2016/679 (“EU GDPR”)) and the EU GDPR as it forms part of the laws of the United Kingdom (“UK GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). For the purposes of these laws, the “personal data” that we collect from and about you is described in greater detail in ‘What information do we collect?’ above.

Controller. Solana Labs is a “controller” in respect of the processing of your personal information covered by this Privacy Policy for purposes of the GDPR and the FADP. See the ‘Contacting us’ section above for our contact details.

Our GDPR Representatives. We have appointed the following representatives in Europe as required by the GDPR – you can contact them directly should you wish. See the ‘Contacting us’ section above for our Representatives’ contact details.

Legal basis for processing in Europe

We need to inform you about the legal basis on which we collect and use your personal information. When we process your personal information, we do so in reliance on the following lawful bases:

  • Where we need to process your personal information in order to deliver the Service to you, or where you have asked us to take specific action which requires us to process your personal information (“Contractual Necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your personal information for is set out in the table below.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).

We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your personal information as well as the personal information used for that Purpose – for more information on:

  • relevant Categories of Personal Information – see ‘What information do we collect?’ above;
  • these Purposes – see ‘How do we use your personal information?’ above; and
  • associated data sharing relevant to such Purposes see ‘When do we share personal information?’ above.

Please contact us if you need details about the specific legal basis we are relying on to process your personal information where one or more legal bases have been indicated.


PurposeCategories of personal information involvedLegal basis
Service delivery and operations
  • Contact and profile data
  • Transactional and payment data
  • User-generated content
  • Information we collect from other sources
  • Device and Usage Information
  • Location Information
  • Contractual Necessity.
  • Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our Service, our business and associated IT services, systems and networks.
Service personalization
  • Information you provide us directly
  • Automatically collected information
  • Information we collect from other sources
  • Legitimate Interests. We have a legitimate interest in providing you with a good service via the Service, which is personalized to you and that remembers your selections and preferences.
  • Consent, in respect of any optional processing relevant to personalization (including processing directly associated with any optional cookies used for this purpose).
Service improvement, research and analytics
  • Contact and profile data
  • Transactional and payment data
  • Marketing data
  • User-generated content
  • Automatically collected information
  • Information we collect from other sources
  • Legitimate Interests. We have a legitimate interest in providing you with a good service and analyzing how you use it so that we can improve it over time, as well as developing and growing our business.
  • Consent, in respect of any optional cookies used for this purpose.
Events, promotions and contests
  • Contact and profile data
  • Marketing data
  • User-generated content
  • Information we collect from other sources
  • Contractual Necessity, to administer events, promotions and contests (including communicating with you as and where necessary).
  • In respect of promoting these events, promotions and contests:
    • Legitimate Interests – we have a legitimate interest in promoting these events, promotions and contests, including associated publicizing of our business and operations.
    • Consent – in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of relevant promotional communications (e.g., when marketing to you after collecting your personal information at an event).
Marketing and Advertising (Interest-based advertising)
  • Automatically collected information
  • Information we collect from other sources
  • Consent
Marketing and Advertising (Direct marketing)
  • Contact and profile data
  • Marketing data
  • Information we collect from other sources
  • Legitimate Interests. We have a legitimate interest in promoting our operations and goals as an organization and sending marketing communications for that purpose.
  • Consent, in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given marketing communications.
Compliance and protection
  • Any and all data types relevant in the circumstances
  • Compliance with Law.
  • Legitimate Interests. Where Compliance with Law is not applicable, we have a legitimate interest in participating in, supporting, and following legal process and requests, including through cooperation with authorities. We may also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our rights, property, and/or safety.
Business transactions
  • Any and all data types relevant in the circumstances
  • Legitimate Interests. We have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate event (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations).
To create aggregated, de-identified and/or anonymized information
  • Any and all data types relevant in the circumstances
  • Legitimate Interests. We have a legitimate interest in taking steps to preserve the privacy of our users.
Further uses
  • Any and all data types relevant in the circumstances
  • The legal basis described to you at the time the information was collected.
  • The original legal basis relied upon (other than consent), if the relevant further use is compatible with the initial purpose for which the personal information was collected.
  • Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected or where consent was the original legal basis relied upon.

No obligation to provide personal information. You do not have to provide personal information to us. However, where we need to process your personal information either to comply with applicable law or to deliver our Service to you, and you fail to provide that personal information when requested, we may not be able to provide some or all of our Service to you. We will notify you if this is the case at the time.

European privacy rights

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following Data Subject Access Rights with respect to your personal information that we hold:

  • Right of access. You have the right to access the personal information that we hold about you;
  • Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information we hold about you;
  • *Right to erasure.* In certain circumstances, you may have the right to the erasure of your personal information we hold about you (for example, where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • Right to restriction. You may have the right to request that we restrict the processing of your personal information in certain circumstances (for example, where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information);
  • *Right to portability.* In some limited circumstances, you may have the right to portability, which allows you to move, copy, or transfer personal information from one organization to another;
  • Right to object. You have a right to object to us processing your personal information when the processing is based on legitimate interests and also to stop us from sending you direct marketing;
  • Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision that affects you based solely on automated processing. However, please note that no part of the Service involves any automated decision-making and/or profiling which produces legal or similarly significant effects.
  • Right to withdraw consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time.

If you wish to exercise one of these rights, please contact us using the information in the ‘Contacting us’ section of this Privacy Policy. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part), we will let you know our grounds for doing so at the time, subject to any legal restrictions. Typically, you will not have to pay a fee to exercise your rights; however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We try to respond to all legitimate requests within a month of receipt. It may take us longer than a month if your request is particularly complex or if you have made a number of requests; in this case, we will notify you and keep you updated.

Questions or Complaints

If you have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en

For individuals in the UK: https://ico.org.uk/global/contact-us/

For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/thefdpic/contact.html

Where do we store and process your personal information?

Our servers and data centers are located in the United States (US). If you choose to use the Service from outside the US, then you should know that you are transferring your personal information outside of your region and into the U.S. for storage and processing. We may also transfer your personal information from the U.S. to other countries or regions in connection with the storage and processing of data, fulfilling your requests, and operating the Service. You should know that each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region. Please note that the countries we may transfer your data to, including the US, may not have data protection laws considered by European authorities to be as comprehensive as those in your own country.

Where we share your personal information with third parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:

  • Standard Contractual Clauses. We may use the Standard Contractual Clauses (SCCs) or other appropriate guards for transfers of personal information. Amongst other things, these clauses require the recipients to protect the personal information they receive in a manner that accords with the requirements of European data protection laws and regulations. Details of our use of SCCs can be provided upon request.

  • Derogations. In certain limited circumstances, we may transfer personal information in reliance on an exception, or ‘derogation’, which permits us to transfer your personal information despite the absence of an ‘Adequacy Decision’ or SCCs (or other ‘appropriate safeguards’) – for example, reliance on your explicit consent to that transfer.

  • Adequacy Decisions. Where applicable, we may rely on adequacy decisions provided by the European Commission under Article 45 of the GDPR to transfer your personal information outside of the EEA, the UK, or Switzerland.

U.S. state privacy notice

State privacy rights notice

Except as otherwise provided, this section applies to residents of states with privacy laws applicable to us that grant their residents the rights described below (collectively the “State Privacy Laws”).

This section describes how we collect, use, and share Personal Information of residents of these states and the rights these users may have with respect to their Personal Information. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of one of these states, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

For purposes of this section, the term “Personal Information” has the meaning given to “personal data”, “personal information” or other similar terms and “Sensitive Personal Information” has the meaning given to “sensitive personal information,” “sensitive data”, or other similar terms in the State Privacy Laws, except that in neither case does such term include information exempted from the scope of the State Privacy Laws. In some cases, we may provide a different privacy notice to certain categories of residents of these states, in which case that notice will apply instead of this section.

Your privacy rights. The State Privacy Laws may provide residents with some or all of the rights listed below. However, these rights are not absolute and some State Privacy Laws do not provide these rights to their residents. Therefore, we may decline your request in certain cases as permitted by law.

  • Information. You can request the following information about how we have collected and used your Personal Information:

    • The categories of Personal Information that we have collected.

    • The categories of sources from which we collected Personal Information.

    • The business or commercial purpose for collecting and/or selling Personal Information.

    • The categories of third parties with which we share Personal Information.

    • The categories of Personal Information that we sold or disclosed for a business purpose.

    • The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

  • Access. You can request a copy of the Personal Information that we have collected about you.

  • Appeal. You can appeal our denial of any request validly submitted.

  • Correction. You can ask us to correct inaccurate Personal Information that we have collected about you.

  • Deletion. You can ask us to delete the Personal Information that we have collected from you.

  • Opt-out.

    • Opt-out of certain processing for targeted advertising purposes. We may process Personal Information for targeted advertising purposes. You can opt-out of certain processing of personal information for targeted advertising purposes.

    • Opt-out of profiling/automated decision making. We do not use your Personal Information to engage in profiling or to perform automated decision-making that results in significant financial impacts, significant impacts on housing, education, employment, health care, or criminal justice, or similarly significant impacts.

    • Opt-out of other sales of personal data. You can opt-out of other sales of your Personal Information.

  • Consumers under 16. We do not have actual knowledge that we collect, sell or share the personal information of consumers under 16 years of age.

  • Sensitive Personal Information. We do not intentionally collect Sensitive Personal Information.

  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the State Privacy Laws.

Exercising your right to information/know, access, appeal, correction, and deletion. You may submit requests to exercise your right to information/know, access, appeal, correction, or deletion via email to privacy@solana.com or via mail at our contact address above.

Exercising your right to opt-out of the “sale” or “sharing” of your Personal Information. Certain data sharing we engage in may be classified under State Privacy Laws as a “sale” or “sharing” of your Personal Information. You can submit requests to opt-out of such sales and sharing of your Personal Information here: Do Not Sell or Share My Personal Information, via phone by calling 1 (888) 212-2019, or by broadcasting an opt-out preference signal such as the global privacy control (“GPC”) signal on the browsers and/or browser extensions that support such a signal. If you choose to use the GPC signal, you must turn it on for each supported browser or browser extension you use. If you would like us to make the connection between the GPC signal and your account, we recommend you submit the Do Not Sell or Share my Personal Information web form to allow us to make the connection.

Verification of identity; Authorized agents. We may need to verify your identity in order to process your information/know, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.

Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Laws rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request.

Personal information that we collect, use and disclose and the purposes for doing so. The chart below summarizes the Personal Information we collect by reference to the categories of personal information described in the “What information do we collect?” section of the Privacy Policy and the categories of personal information specified in the CCPA (Cal. Civ. Code §1798.140). The chart describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The terms in the chart refer to the categories of information, statutory categories, and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of Personal Information not described below. The categories of sources from which the personal information is or was collected and the purposes for collecting such information are as described in the “What information do we collect?” and “How do we use personal information” sections above.


Personal Information (“PI”) we collect / CCPA statutory categoryPurposesCategories of third parties to whom we “disclose” PI for a business purposeCategories of third parties to whom we “sell” or “share” PI**
Identifiers
  • Contact and profile data
  • User-generated content
  • Device and usage information
  • Service delivery
  • Service personalization
  • Service improvement, research and analytics
  • Marketing and advertising
  • Events, promotions and contests
  • Compliance and protection
  • Data sharing in the context of corporate events
  • To create anonymous, aggregated or de-identified data
  • Affiliates
  • Service providers
  • Payment processors
  • Advertising partners
  • Data and marketing partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Third parties designated by you
  • Linked third-party services
  • Other users and the public
  • Advertising partners
  • Data and marketing partners
Internet or other electronic network activity information
  • Marketing data
  • Device data
  • Online activity data
  • Location data
  • Third-party site interactions
  • Service delivery
  • Service personalization
  • Service improvement, research and analytics
  • Marketing and advertising
  • Events, promotions and contests
  • Compliance and protection
  • Data sharing in the context of corporate events
  • To create anonymous, aggregated or de-identified data
  • Affiliates
  • Service providers
  • Payment processors
  • Advertising partners
  • Data and marketing partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Third parties designated by you
  • Linked third-party services
  • Advertising partners
  • Data and marketing partners
Commercial information
  • Contact and profile data
  • Transactional and payment data
  • Marketing data
  • Online activity data
  • Service delivery
  • Service personalization
  • Service improvement, research and analytics
  • Marketing and advertising
  • Events, promotions and contests
  • Compliance and protection
  • Data sharing in the context of corporate events
  • To create anonymous, aggregated or de-identified data
  • Affiliates
  • Service providers
  • Payment processors
  • Advertising partners
  • Data and marketing partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Third parties designated by you
  • Linked third-party services
  • Other users and the public
  • Advertising partners
  • Data and marketing partners
California customer records
  • Contact and profile data
  • Transactional and payment data
  • Marketing data
  • Service delivery
  • Service personalization
  • Service improvement, research and analytics
  • Marketing and advertising
  • Events, promotions and contests
  • Compliance and protection
  • Data sharing in the context of corporate events
  • To create anonymous, aggregated or de-identified data
  • Affiliates
  • Service providers
  • Payment processors
  • Advertising partners
  • Data and marketing partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Third parties designated by you
  • Linked third-party services
  • Other users and the public
  • Advertising partners
  • Data and marketing partners
Inferences
May be derived from:
  • Contact and profile data
  • Transactional and payment data
  • Marketing data
  • User-generated content
  • Device data
  • Online activity data
  • Location data
  • Service delivery
  • Service personalization
  • Service improvement and analytics
  • Marketing and advertising
  • Compliance and protection
  • Data sharing in the context of corporate events
  • To create anonymous, aggregated or de-identified data
  • Affiliates
  • Service providers
  • Payment processors
  • Advertising partners
  • Data and marketing partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Third parties designated by you
  • Linked third-party services
  • Advertising partners
  • Data and marketing partners

**Each of the categories of Personal Information that is sold or shared with third parties is sold or shared for purposes of marketing, advertising, analytics and for other service improvement purposes.

Deidentification. We do not attempt to reidentify deidentified information derived from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.

Additional information for California residents.

  • Shine the light law. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. We do not share Personal Information with third parties for those third parties’ own direct marketing purposes.

Contact Us. If you have questions or concerns about our privacy policies or information practices, please contact us using the contact details set forth in the “Contacting us” section, above.

How do we secure your personal information?

To help protect your data, we take commercially reasonable steps designed to protect the data that we collect, including your personal information, against accidental or unauthorized loss, use, and disclosure.

You should keep in mind, however, that security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. You transmit information to us at your own risk.

Updates to this Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and, in some cases, we may provide you with additional notice (such as adding a statement to our Websites or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

© 2025 Solana Mobile Inc.