THORChain.org Privacy Policy

Introduction

THORChain is a decentralized protocol. No single company or legal entity owns or operates the THORChain protocol. This Privacy Policy (the "Policy") is intended to describe data practices for the thorchain.org website (the "Site") and swap.thorchain.org user interface (the "Interface") that display or facilitate access to the THORChain protocol. The Site and Interface, as well as any related channels that link to this Policy, are collectively referred to as the "Services".

This Policy does not apply to the THORChain protocol itself, public blockchain networks, wallets, nodes, or other third-party services that you may use in connection with the THORChain protocol. Those services are operated independently and may have separate privacy practices.

In this Policy, "we", "us", and "our" refer to the maintainers and promoters of the Services (a community of contributors) and any service providers or affiliates used to operate the Services. This is not a statement that any single entity controls the THORChain protocol.

Please read this Policy carefully. By accessing or using the Services, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree with this Policy, please do not access or use the Services.

Summary

• We minimize the collection of personal information wherever possible
• With the exception of your wallet address and blockchain data, there is typically no need to provide personal information when using the Services
• We do not sell or trade your personal information
• Data is shared with service providers only as necessary to provide and improve the Services
• You have rights regarding your personal data as described in this Policy

1.0 What Information We Collect

This section describes information collected through the Services (for example, through the website/interface, support channels, and the AI chatbot). It does not describe information processed solely by public blockchains or your wallet provider.

1.1 Information You Provide

The Site is designed to minimize personal data collection. The Services generally do not require you to provide personal information. However, we may collect:

• Contact Information: If you voluntarily contact us for support, subscribe to updates, or participate in community activities, we may collect your email address, name, and any other information you choose to provide
• Wallet Addresses: Your public blockchain addresses when you interact with the THORChain protocol
• Transaction Information: Details about your transactions on THORChain, including transaction amounts, timestamps, and associated blockchain data
• Correspondence: Information you provide when communicating with support teams or community channels
• Chatbot Interactions: If you use an AI chatbot available through the Services, we may collect the information you submit through the chatbot (for example, messages, prompts, and any information you choose to include)

Do not share sensitive information in chatbot messages (for example, seed phrases, private keys, passwords, financial account details, or government-issued identifiers).

1.2 Information Collected Automatically

When you access or use the Services, certain information may be collected automatically:

• Device and Usage Information: IP address, browser type and version, operating system, device identifiers, access times, and pages viewed
• Analytics Data: Information about how you interact with the Services, including features accessed, clicks, scrolling behavior, and usage patterns
• Log Files: Internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, and click data
• Chatbot Usage Data: If you use an AI chatbot available through the Services, we may collect technical and usage information related to those interactions (for example, timestamps, device and browser information, and logs necessary to operate, maintain, and secure the chatbot)

1.3 Information from Third-Party Services

We may use third-party service providers that collect information when you use the Services, including:

• Remote Procedure Call (RPC) Providers: To facilitate blockchain interactions and swap operations
• Analytics Services: Such as Google Analytics, Mixpanel, Hotjar, or Fathom Analytics to understand user behavior and improve the Services
• Infrastructure Providers: Such as Cloudflare, which may collect IP addresses for security and performance purposes
• Customer Support Tools: To provide assistance and respond to inquiries

These third parties have their own privacy policies, and we encourage you to review them.

1.4 Blockchain Data

The THORChain protocol operates on public blockchains. Transactions you initiate through the Services are recorded on these decentralized networks and are publicly accessible. This includes:

• Your public wallet address
• Transaction amounts and recipients
• Timestamps and other transaction metadata

Please note: Due to the transparent nature of blockchain technology, transactions are publicly visible and permanently recorded. We cannot erase, modify, or hide information recorded on public blockchains. Blockchain data can potentially be analyzed to reveal patterns or correlate with your identity, now or in the future.

2.0 How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Maintaining the Services

• To enable you to access and use the THORChain protocol and interfaces
• To process your transactions and provide cross-chain swap functionality
• To maintain, operate, and improve the Services
• To provide customer support and respond to your inquiries

2.2 Security and Fraud Prevention

• To protect the security and integrity of the Services
• To detect, prevent, and investigate fraudulent or unauthorized activities
• To monitor for spam, malware, and security risks
• To enforce our Terms of Service and protect against misuse

2.3 Analytics and Improvements

• To analyze usage patterns and user behavior
• To test new features and optimize user experience
• To conduct research and development
• To gather demographic and statistical information in aggregated form

2.4 Communications

• To send you technical notices, security alerts, and support messages
• To provide updates about the Services, features, and protocol developments
• To send marketing communications (where you have consented or as permitted by law)
• To respond to your comments, questions, and requests

2.5 AI Chatbot

If the Services include an AI chatbot, we may process your chatbot inputs (and related technical data) to:

• Provide the chatbot functionality and respond to your requests
• Maintain, debug, and improve the chatbot's performance and reliability
• Protect the security and integrity of the Services, including detecting and preventing abuse, spam, and fraudulent activity

No training on user inputs: We do not use chatbot inputs submitted by users through the Services to train AI models.

2.6 Legal and Compliance

• To comply with applicable laws, regulations, and legal processes
• To respond to requests from government authorities and law enforcement
• To protect our rights, privacy, safety, or property
• To enforce our terms and policies

Important: We will never ask for your private keys or wallet seed phrases. We will never ask for a picture ID, phone number, or home address. Never trust anyone who requests this information.

3.0 How We Share Your Information

We may share your information in the following circumstances:

3.1 Service Providers and Partners

We share information with third-party vendors and service providers who perform services on our behalf, including:

• Technical infrastructure and hosting providers
• Analytics and data analysis services
• Customer support and communication tools
• Security and fraud prevention services
• AI service providers and related vendors that help us operate the AI chatbot (for example, model hosting, monitoring, and content moderation)

These service providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.

3.2 Blockchain Networks

When you use the THORChain protocol, your transaction data is broadcast to public blockchain networks and becomes permanently accessible to anyone. We have no control over this data once it is recorded on a blockchain.

3.3 Legal Requirements and Protection

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Respond to subpoenas, search warrants, or other legal processes
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of us, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Investigate potential violations or illegal activities

3.4 With Your Consent

We may share your information with third parties when you give us your explicit consent to do so.

3.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you.

3.6 No Sale of Personal Information

We do not sell your personal information.

4.0 Cookies and Tracking Technologies

We and our service providers may use cookies, web beacons, pixels, local storage, and similar tracking technologies to collect information about your use of the Services.

4.1 Types of Tracking Technologies

• Cookies: Small text files stored on your device that help us recognize you and remember your preferences
• Web Beacons/Pixels: Small electronic images that track user behavior and interactions
• Local Storage: Technology that allows websites to store data locally on your device
• Device Identifiers: Unique numbers associated with your device

4.2 Types of Cookies

• Strictly Necessary Cookies: Essential for the Services to function properly; cannot be disabled
• Analytics/Performance Cookies: Help us understand how users interact with the Services
• Functional Cookies: Enable enhanced functionality and personalization
• Marketing Cookies: Used by third-party advertisers to display personalized advertising

4.3 Managing Cookies

You can control cookies through your browser settings:

• Chrome: support.google.com/chrome/answer/95647
• Firefox: support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
• Safari: support.apple.com/guide/safari/manage-cookies-sfri11471/mac
• Edge: support.microsoft.com/help/4468242

You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Note: Disabling cookies may affect the functionality of the Services.

5.0 Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

• Transactional Data: Retained as necessary to provide Services and comply with legal obligations
• Analytics Data: Typically retained for 2-24 months in aggregated or pseudonymized form
• Support Communications: Retained until the issue is resolved, plus any applicable legal retention period
• Chatbot Data: Retained only for as long as necessary to provide the chatbot feature and for security, troubleshooting, and service improvement purposes, unless a longer retention period is required or permitted by law
• Legal and Compliance Data: Retained as required by applicable laws and regulations

When information is no longer needed, we securely delete or anonymize it. However, please note that blockchain data is permanent and cannot be deleted.

6.0 International Data Transfers

The Site operates globally, and your information may be processed in countries other than where you reside. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by relevant authorities
• Adequacy decisions by regulatory bodies
• Other legally compliant transfer mechanisms

By using the Services, you acknowledge and consent to the transfer of your information as described in this Policy.

7.0 Data Security

We implement reasonable technical, administrative, and physical security measures designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction.

7.1 Security Measures Include:

• Encryption of data in transit and at rest where appropriate
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Vendor security requirements and audits
• Incident response procedures

However, please be aware:

• No method of transmission over the internet or electronic storage is 100% secure
• We cannot guarantee absolute security of your information
• You are responsible for maintaining the security of your wallet and private keys
• You should use strong passwords and enable two-factor authentication where available

Never share your private keys or seed phrases with anyone.

8.0 Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

8.1 General Rights

You may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention requirements)
• Object to or restrict certain processing of your information
• Withdraw consent where processing is based on consent
• Request a copy of your information in a portable format

Important limitation: We cannot delete, modify, or control information recorded on public blockchains.

To exercise these rights, visit our community support channels.

8.2 California Residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including:

• Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You have the right to opt out of the "sale" of your personal information (we do not sell personal information)
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise your California privacy rights, visit our community support channels (Discord or Telegram).

8.3 European Union Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR), including:

• Right of Access: You can request access to your personal data
• Right to Rectification: You can request correction of inaccurate personal data
• Right to Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your personal data
• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used format
• Right to Object: You can object to our processing of your personal data in certain circumstances
• Right to Withdraw Consent: Where we process your data based on consent, you can withdraw that consent at any time

You also have the right to lodge a complaint with your local data protection authority.

To exercise your GDPR rights, visit our community support channels (Discord or Telegram).

We will respond to requests within the timeframes required by applicable law (typically 30-45 days).

9.0 Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in marketing emails
• Adjusting your communication preferences (if available)

10.0 Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Policy does not apply to those third-party services.

We are not responsible for the privacy practices or content of third parties. We encourage you to review the privacy policies of any third-party services you use.

Examples of third-party services you may encounter include:

• Wallet providers
• Blockchain explorers
• Analytics platforms
• Social media networks
• Community forums

11.0 Children's Privacy

The Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please notify us through our community support channels, and we will take steps to delete such information.

12.0 Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Post the revised Policy on the Site

We encourage you to review this Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated Policy.

13.0 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. The Services do not respond to DNT signals at this time.

14.0 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please visit our community support channels linked on the Site and Interface.

Please note: We cannot delete or modify information recorded on public blockchains.

15.0 Additional Information

15.1 Pseudonymization and Anonymization

Where possible, we process data in a pseudonymized or anonymized manner that does not directly identify you. Pseudonymized data cannot be attributed to you without additional information that we keep separate and secure.

15.2 Automated Decision-Making

We do not use your personal information for automated decision-making that produces legal or similarly significant effects, except where necessary to provide the Services or where you have provided consent.

If you use an AI chatbot available through the Services, the chatbot may generate automated responses. However, we do not use the chatbot to make decisions that produce legal or similarly significant effects about you.