Privacy Policy

Last updated: Jan 15th, 2024

Introduction

This privacy policy ("Privacy Policy") explains how Solana Mobile, Inc. (“SM,” "our," "we," or "us") collects, uses, and discloses information about you. This Privacy Policy applies when you access and use any of the websites we operate (the "Website" or “Websites”) and mobile applications, and other online products and services of SM that link to these terms (collectively, the “Service” or “Services”) and when you contact our customer service team, engage with us on social media, or otherwise interact with us. This Privacy Policy is incorporated by reference into our Terms of Service at https://solanamobile.com/tos-homepage-web.

There may be additional or other privacy policies that cover how Solana Mobile collects, uses, and discloses information about you when you use a Solana Mobile device (such as “Saga” or its successors), or through your use of the dApp store. Please refer to the privacy policies provided when you sign up to use, or purchase, these products to understand our practices regarding your personal information and how we will use it.

This Privacy Policy also describes your rights as a data subject to inquire about your personal information that we process and describes certain rights that you, as the data subject, have regarding this information.

For the purposes of European data protection laws ("Data Protection Legislation"), SM is a data controller (i.e., the company that is responsible for and controls the processing of your personal information).

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we will use it. By accepting this Privacy Policy and our Terms of Service, you agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

Contacting us

If you have any questions about this Privacy Policy, please contact us using the following contact information:

Solana Mobile, Inc.
530 Divisadero St. PMB 722
San Francisco, CA 94117
privacy@solana.com

What information do we collect?

We use your personal information to carry out the obligations arising from providing and improving the Services. This section describes the types and categories of personal information we may collect, and how we may use that information.

Information you provide us directly

We collect information you provide directly to us. For example, you share information directly with us if you create an account profile, fill out a form, make a purchase, contact us via third-party platforms, participate in a contest, promotion, product trial, survey or provide feedback, request customer support, or otherwise communicate with us. The types of personal information we may collect include your name, email address, Telegram address, postal address, phone number, the name of the company you work for, links to your profile on social media, any content you may provide, and the products that you or your company develop or may develop in the future, payment information, one or more wallet addresses, other payment information that you may provide, and any other information you choose to provide.

Automatically collected information

When you access or use our Services, or otherwise transact business with us, we automatically collect certain categories of personal information, including:

Transactional Information. When you make a payment, purchase or return, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction.

Device and Usage Information. We may collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Websites or other Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Websites or other Services. We also may collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message.

Location Information. In accordance with your device permissions, we may collect information about the precise location of your device. You may stop the collection of precise location information at any time by adjusting your device settings.

Third-Party Account Information. If you are accessing our Services through a third-party account, we will automatically collect certain data from that account.

Information Collected by Cookies and Similar Tracking Technologies. Our Websites may use tracking technologies, such as cookies and web beacons, to distinguish you from other users of the Websites and Services, and to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Websites and your experience, see which areas and features of our Websites are popular, count visits, enable advertising, and provide other Website and Service analytics. We also use cookies to enable us to provide you with the service specifically linked to your user profile when you create one, and are required for the Websites and Services to function. Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Website and Services.

Information Collected by Third-Parties. Our Services may collect information about your use of third-party websites that have enabled integrations with our Services, for example, whether you have clicked on an advertisement, the website address of the site that published this advertisement, and other associated information. This personal information may be combined with other information obtained from advertising networks and other sources to create more accurate data about your viewing and click-through activity with these advertisements. If you believe your personal information has been used in this manner, you should consult the privacy notices posted on the third-party sites for more information about the use of your personal information and your associated rights.

Information we collect from other sources

We also obtain information from other third-party sources. For example, we may collect information about you from identity verification services, data analytics providers, and mailing list providers (if applicable, and where we are permitted to do so). We may combine this information with other information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in a personally identifiable format.

Collection and processing of sensitive information

The Websites and Services do not collect or process ‘sensitive information’, which includes data describing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, and data concerning a natural person’s sex life or sexual orientation.

If you provide account information related to financial institutions and services when interacting or otherwise using one of our contracted payment processors, we do not process this category of data directly.

Certain Services we provide may allow you to enter your own content (“User Generated Content”), for example, when you use one of our chat-based products, fill out a form, or if you send us correspondence via a support channel. If you provide User Generated Content via the Services, you should exercise caution and avoid sharing sensitive information when you do so.

How do we use your personal information?

We use the personal information we have collected for the following purposes:

Provide a secure, personalized experience on our Websites and Services, if and when you create an account profile;
Process transactions and send you related information, including confirmations, receipts, invoices, customer experience surveys, and recall notices;
Provide, maintain, and improve our Websites and Services, including for internal product development purposes to develop new products, to enhance existing ones, and to debug, identify and repair errors;
Send you technical notices, security alerts, and support and administrative messages;
Respond to your comments and questions and provide customer service;
Communicate with you about products, services, trials, surveys, and events offered by SM and others and provide news and information that we think will interest you. See the ‘Communication choices’ section below for information about how to opt out of these communications at any time;
With your approval, enroll you in various surveys, interviews and focus groups in order to receive feedback about your use of our Websites and Services, and gain insights into how we can improve them;
Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
Build publicly viewable leaderboards, and other ‘gamification’ experiences;
To display personalized or targeted content to you, and to display targeted advertising on third-party websites;
Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of SM and others;
Comply with our legal and financial obligations; and
Carry out any other purpose described to you at the time the information was collected.

Except as described in this Privacy Policy, we will not disclose your personal information that we collect on our Websites and Services to third parties without your explicit consent. Therefore, we may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

We share personal information with vendors, service providers, and consultants that need access to personal information in order to perform services for us, such as companies that assist us with web hosting, shipping and delivery, payment processing, fraud prevention, identity verification, customer service, and marketing and advertising;
We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of SM, our users, the public, or others;
We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
We share personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests;
We may share personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company;
We may share your personal information for other purposes as described to you or with your consent and at your direction; and
We also share aggregated or de-identified information that cannot reasonably be used to identify you.

We may not impose contractual obligations on third parties with whom we share your information. If you provided consent for us to share your information with third parties, for example to ecosystem partners who may provide you rewards and other incentives, you should consult the privacy notices posted on the third-party sites for more information about the use of your personal information and your associated rights.

Communication choices

If you receive marketing emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving marketing emails from us, and any other promotional communications that we may send to you from time to time (e.g., by postal mail) by sending your request to us by email at privacy@solana.com or by writing to us at the address given in the ‘Contacting Us’ section of this Privacy Policy.

Please be aware that if you opt out of receiving marketing emails from us, it may take up to ten business days for us to process your opt-out request, and you may receive marketing emails from us during that period. Additionally, even after you opt out from receiving marketing messages from us, you will continue to receive security-related, administrative, and transactional messages from us regarding your use of the Services.

Rights to access

If you have a user account and profile on our Websites or Services, you have the ability to access and update many categories of personal information that you provide to us by logging in to your account and accessing your account settings. If you wish to access or amend any other personal information we hold about you, you may also contact us at privacy@solana.com, or by writing to us at the address given in the ‘Contacting Us’ section of this Privacy Policy. If you request that we delete your account with our Service, we will do so within a reasonable period of time, but we may need to retain some of your personal information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.

How long do we keep your personal information for?

We store your personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.

Aggregated and anonymized data that no longer identifies the user of the Service is maintained for the purposes necessary to provide the Service.

Additional disclosures for individuals in Europe

If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal information, and this section applies to you.

Legal basis for processing in Europe

We need to inform you about the legal basis on which we collect and use your personal information. When we process your personal information, we do so in reliance on the following lawful bases:

Where we need to perform the contract we are about to enter into or have entered into with you for the Service;
When we have your consent to do so (for example, when you opt-in to receive marketing communications from us). When consent is the legal basis for our processing of your personal data, you may withdraw consent at any time.
For the purposes of legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
Where we need to comply with a legal or regulatory obligation in the EEA, the United Kingdom, or Switzerland.

The legal basis depends on the category of personal information being processed, and the purpose for that processing. The following table indicates each category of personal information we process, and the legal bases we rely on to do so. Where legitimate interest has been used as the legal basis for processing, the specific legitimate interest we use has been described. Please contact us if you need details about the specific legal basis we are relying on to process your personal information where one or more legal bases have been indicated.

Category of personal information	Legal Basis for Processing
Contact and associated account information	The performance of a contract and to take steps prior to entering into a contract; Our legitimate interests, namely, administering the Service, for marketing purposes and communicating with users; Where we need to comply with a legal or regulatory obligation in the EU and the United Kingdom.
Payment card information in order to process payment for the Services	The performance of a contract and to take steps prior to entering into a contract; Where we need to comply with a legal or regulatory obligation in the EU, the United Kingdom, or Switzerland.
Contact information used for online inquiries, correspondence, support requests, marketing communications, and interaction with our chat-based services	The performance of a contract and to take steps prior to entering into a contract; When we have your consent to do so; Legitimate interest, namely to provide customer and technical support, for marketing purposes and to respond to general inquiries.
Automatically collected information such as user actions and IP addresses	Legitimate interest, namely better understanding your use of, and making improvements to, the Website and Services, and identifying malicious, deceptive, fraudulent, or illegal activity to protect the rights and property of SM and others. Where we need to comply with a legal or regulatory obligation in the EU, the United Kingdom, or Switzerland.

Europe privacy rights

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following Data Subject Rights with respect to your personal information that we hold:

Right of access. You have the right to access the personal information that we hold about you;
Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information we hold about you;
Right to erasure. In certain circumstances, you may have the right to the erasure of your personal information we hold about you (for example where it is no longer necessary in relation to the purposes for which it was collected or processed);
Right to restriction. You may have the right to request that we restrict the processing of your personal information in certain circumstances (for example where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information);
Right to portability. In some limited circumstances, you may have the right to portability which allows you to move, copy, or transfer personal information from one organization to another;
Right to object. You have a right to object to us processing your personal information when the processing is based on legitimate interests and also to stop us from sending you direct marketing;
Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision that affects you based solely on automated processing. We do not perform any automated decision making and profiling.

If you wish to exercise one of these rights, please contact us using the information in the ‘Contacting us’ section of this Privacy Policy.

Questions or Complaints

If you have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en

For individuals in the UK: https://ico.org.uk/global/contact-us/

For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/thefdpic/contact.html

What is our policy on children?

Children’s safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Services are not directed to users under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If we learn that we have collected personal information from a child under the age of 16 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such personal information on our Services, please notify us at privacy@solana.com.

Where do we store and process your personal information?

Our servers and data centers are located in the United States (US). If you choose to use the Service from outside the US, then you should know that you are transferring your personal information outside of your region and into the U.S. for storage and processing. We may also transfer your personal information from the US to other countries or regions in connection with the storage and processing of data, fulfilling your requests, and operating the Service. You should know that each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region. If you are located in the EEA, the United Kingdom (UK), or Switzerland, then the countries we may transfer your data to, including the US, may not have data protection laws as comprehensive as those in your own country. To ensure your personal information is protected, and that we comply with the applicable Data Protection Legislation, we have implemented the following measures:

Standard Contractual Clauses. We use the Standard Contractual Clauses (SCCs) for transfers of personal information to us, and also for transfer of personal information to third-party service providers. These clauses require the recipients to protect the personal information they receive in accordance with European data protection laws and regulations. Details of our use of SCCs can be provided upon request;
Derogations. In certain circumstances, we may transfer personal information based on the derogations contained in Article 49 of the General Data Protection Regulation (GDPR);
Supplementary Measures. In addition to the SCCs, we may use contractual, technical, and organizational measures to further protect your personal information;
Adequacy Decisions. Where applicable, we may rely on adequacy decisions provided by the European Commission under Article 45 of the GDPR to transfer your personal information outside of the EEA, the UK, or Switzerland.

California Privacy Notice Do not track

California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take.

California Shine the Light

A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California Customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes, subject to certain exceptions, as defined in California Civil Code Sec. 1798.83. We do not share Personal Information with third parties for the third parties’ direct marketing purposes.

How do we secure your personal information?

To help protect your personal information, we use commercially reasonable steps to protect the information that we collect, including your personal information. The reasonable steps include protecting this data against accidental loss, unauthorized use, and disclosure, and restricting access to personal information by our staff. The Service is hosted by a third-party hosting company that we have determined maintains adequate security controls and utilizes TLS encryption for all internet communication with the Service. We also require all staff that administer and develop the Service to follow industry-standard controls, including strong passwords, the use of anti-virus and anti-malware software, disk encryption, and other best practices.

We use various 3rd party processors to enable us to provide the Service, and as part of our vendor due diligence, we review the security controls these processors have in place and ensure they meet industry standards appropriate for the type of data we collect.

You should keep in mind, however, that the Service utilizes software, hardware, and networks, which from time to time require maintenance and experience problems beyond our control. Note that no data transmission over the public internet or encryption method can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.

Updates to this Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our Websites or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.