Your Rights and Choices
We respect your rights regarding your personal data and provide you with reasonable access to the data that you may have provided through your use of the Services. Your principal rights under applicable data protection laws may include:
Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request access to that personal data. This includes the right to request a copy of the personal data we hold about you, as well as information about how your personal data has been used or disclosed by us in the past year (subject to some exceptions). We will need to verify your identity (for example, through secure account authentication or requesting additional information) before providing any such information. We will endeavor to respond to access requests within 30 days as per PDPA guidelines, or within the timeframe required by applicable law. Please note, in certain cases we may legally refuse access, for example if providing access would disclose personal data about another individual or if a request is frivolous or vexatious. We will inform you of any refusal and the reasons, to the extent allowed by law.
Right to Correct/Rectify: We take reasonable steps to ensure that the personal data we have about you is accurate and complete. If you believe any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. For instance, you can ask us to correct a misspelled name or update a changed phone number. We may need to verify the new information you provide, and we will correct it as required by law. If we have disclosed incorrect information to third parties (like a service provider), and if required by law, we will inform them of the correction.
Right to Deletion/Eraser: You have the right to request that we delete your personal data (also known as the “right to be forgotten”) in certain circumstances, for example if the data is no longer necessary for the purposes for which it was collected or if you withdraw consent and no other legal basis for processing exists. We will review such requests on a case-by-case basis, as certain data may be exempt from deletion (e.g., we may retain data that we need to comply with legal obligations or to establish, exercise or defend legal claims). In the context of Singapore PDPA, there isn’t an explicit deletion right, but we generally honor deletion requests as a matter of good practice and as aligned with PDPA’s obligation not to retain personal data indefinitely. Under California’s CCPA, if you are a California resident, you have the right to request deletion of your personal information we have collected, subject to certain exceptions (CCPA Privacy Policy: Requirements and Best Practices). We will comply with valid deletion requests within the timeframe required by law (typically 30-45 days). Important: Due to the decentralized nature of our Services, we cannot delete or alter data that is stored on a blockchain (like transaction records on Ethereum or other public chains). Those records are by design immutable and outside our control. If you have transacted on a blockchain, your transaction data will remain on the public ledger. However, we can delete or anonymize any personal data that we store which might be linked to those transactions (e.g., off-chain records that associate your name with a wallet address). If we cannot fully delete data (for example from backups), we will put it beyond use and eventually delete when possible.
Right to Withdraw Consent: Where processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. For example, if you consented to receive marketing emails, you can opt out; if you consented to a particular data processing, you can contact us to withdraw that consent. Once we receive notification of withdrawal of consent, we will not process your data for the purpose(s) you originally agreed to, unless another legal basis applies (for example, we may still process data if required by law). Please note, withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, and in some cases, it may mean we can no longer provide you certain Services (for instance, if use of certain personal data is essential to providing a Service, withdrawing consent might force us to deactivate your account). We will inform you if such is the case.
Right to Data Portability: For jurisdictions recognizing this right (such as under GDPR for EU residents or the forthcoming CPRA for California), you may have the right to request a copy of personal data you have provided to us in a structured, commonly used, and machine-readable format so that you can transmit it to another service provider. This generally applies to data processed by automated means and where we process it on the basis of a contract with you or your consent. If you request it, and it’s applicable, we will provide you with an electronic file of your basic account information and transaction data, insofar as required by law and technically feasible.
Right to Object to Processing: You may have the right to object to certain processing of your personal data, particularly where that data is processed for direct marketing or where we are relying on our legitimate interests (or those of a third party) as a legal basis, and you have a particular situation that makes you want to object to processing on this ground. For example, in Singapore, while PDPA doesn’t label it “right to object,” you can withdraw consent or opt out of marketing. In the EU, you can object to processing done under legitimate interest grounds. In the context of our service:
You can always object to receiving promotional communications from us by following the unsubscribe instructions in emails or by contacting us (as mentioned, that’s effectively withdrawing consent).
If we ever were to do any profiling or automated decision-making that significantly affects you, you likely would have the right to object or request human intervention. (At present, we don’t do such processing).
If you object, we will consider your request and stop or limit processing unless we have compelling legitimate grounds to continue or a legal obligation to do so.
Right to Lodge a Complaint: We are committed to addressing any concerns you may have. If you believe we have processed your personal data unlawfully or in violation of your rights, we encourage you to contact us first so we can try to resolve the issue. However, you also have the right to lodge a complaint with a data protection authority. For example, in Singapore, you can file a complaint with the Personal Data Protection Commission (PDPC). In the United States, you might reach out to state authorities or the FTC if relevant. In the EU, you would contact your local supervisory authority. We will cooperate fully with any official inquiries and follow the guidance of regulators, as required.
Exercising Your Rights: To exercise any of the above rights, please contact us at the contact details provided in Section 11 (Contact Us). Please clearly describe your request — what specific information or action you are seeking. For your protection, we may need to verify your identity before fulfilling your request (for instance, by requiring you to provide certain identifying information or log in to an account). We will respond to your request within a reasonable timeframe: typically, within 30 days for PDPA requests , and within 45 days for California/CCPA requests (which may be extended by an additional 45 days if necessary with notice to you), unless a different timeframe is required or permitted by law.
Please note:
Your rights may be subject to certain exemptions and limitations. For example, we might refuse a deletion request if we must keep the data to comply with a legal obligation. We might decline an access request that jeopardizes the privacy of others or is manifestly unfounded or excessive. We will inform you if we are unable to honor a request and provide the reasons, to the extent permitted by law.
In many cases, especially regarding communication preferences (like opting out of marketing), you can achieve this yourself. For example, you can click “unsubscribe” in marketing emails, or adjust settings in your profile if that functionality is available.
If your data has been shared with third parties as per this Policy, we will (where feasible and required) inform them of your requests such as correction or deletion. Note, however, that we cannot enforce third parties (especially those like blockchain networks or public data sources) to delete data they independently hold. But for our service providers, we will relay legitimate requests.
We will not discriminate against you for exercising any of these rights. For California residents, this means we won’t deny services or provide different quality services just because you exercised your privacy rights under CCPA. We provide the same service level and access to all users, regardless of any privacy rights invocation.
Shine the Light (California): Separate from CCPA, California’s “Shine the Light” law allows users who are California residents to annually request and obtain information about any personal information we disclosed to third parties for direct marketing purposes in the preceding calendar year. As noted above, we do not disclose personal data to third parties for their own direct marketing without consent. Thus, we believe we have no such information to report. But if you are interested in making a Shine the Light inquiry, you can contact us and we will respond as required by that law.
Do Not Sell (California opt-out): We reiterate that we do not sell personal information as defined under CCPA. Therefore, we do not have a “Do Not Sell My Info” link. If this stance changes, we will update our policy and implement proper opt-out mechanisms.
Last updated