Dapper Interface Privacy Policy

Latest Update: January 14, 2020

Dapper prides itself on its relationship with its users. Dapper promises to protect the privacy of users as detailed in this privacy policy. The Dapper interface is a non-custodial service that helps users to receive, hold and transmit select virtual currencies and tokens (the “Dapper Interface”). The Dapper Interface is proprietary to Dapper Labs Inc., a British Columbia company having its registered address at #600-565 Great Northern Way, Vancouver, British Columbia, Canada, V5T 0H8 (referred to in this privacy policy as “Dapper”, “we”, “us”, or “our”).

This privacy policy (this “Policy”) outlines how Dapper collects, maintains, processes, uses, discloses and protects your personal information. Personal information is any information that directly or indirectly identifies you or by which your identity could be deduced. The personal information collected does not include Interface Credentials (as defined in the Terms of Use). Protecting your privacy is important to us, and our goal is to maintain your trust and confidence when we handle personal information about you.

This Policy will apply to you if you visit our website at www.meetdapper.com or download or use one of our mobile applications (each, the “Site”), create an account with us (an “Account”), register for, access or use a Dapper Interface, or when you otherwise do business or make contact with us (the Site, the Dapper Interface, and each of your Accounts are hereinafter collectively referred to as the “Dapper Services”.)

The Dapper Services are intended for use by persons who are at least the age of majority in the jurisdiction where they reside. By visiting our Site, or registering for, accessing or using any of the Dapper Services, you affirm (i) you are at least the age of majority in your place of residence, (ii) you have the legal capacity to consent to this Policy, and (iii) you agree to the terms of this Policy. If you do not agree to any part of this Policy, you should not use the Site or any of the Dapper Services.

Can Dapper initiate transactions?

Dapper cannot alone initiate transactions because we do not collect sufficient information that would enable us to initiate transactions on your Dapper Interface. The Dapper Interface does not utilize private keys the way a normal wallet does. We never collect or store private keys that are associated with the Dapper Interface, or with any part of your Interface Credentials. For more information see our Terms of Use.

What information do we collect?

Dapper collects data to enable us to operate the Dapper Services effectively, and to provide you with the best experience on the Site and with the Dapper Services. You provide some of this data to us directly, such as when you create an Account or otherwise register to use the Dapper Services, subscribe to a newsletter, respond to a survey, make an enquiry through our Site, contact us for support, or contact us as a prospective user, vendor, supplier, or consultant. We get some of your data by recording how you interact with our Site and the Dapper Services by, for example, using technologies like cookies. We also obtain and process data in the context of making the Dapper Services available to you.

You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to enable us to make the Dapper Services available to you, you may not be able to sign up for an Account or use the Dapper Services.

The data we collect depends on the context of your interactions with Dapper and the Dapper Services, and the choices you make (including your privacy settings). The personal information we or our third party partners collect about you may include: email address, name, username, mobile phone, date of birth, proof of identity (e.g., drivers’ license, passport, or gov’t issued ID), additional personal information (at the discretion of our Compliance Officer), device information, screen information, browser information, operating system information, IP address, location information, time zone, log information, button clicks, page views, account information, virtual currency wallet information (but excluding Interface Credentials, as outlined in our Terms of Use), virtual currency transaction information, and correspondence. We never collect or store any part of your Interface Credentials, including your private keys.

Why do we collect personal information, and what do we do with it?

We use the data we collect to operate our business, and to make the Dapper Services available to you. This includes using the data to improve the Dapper Services, and to personalize your experiences. We may also use the data to communicate with you to, among other things, inform you about your Account, provide security updates, and give you information about the Dapper Services. We may also use the data to manage your email subscriptions, improve the relevance and security of our Site, respond to user enquiries, send you periodic marketing communications about the Dapper Services, and improve the relevance of our advertising.

Examples of such uses include the following:

How do we collect personal information?

We collect personal information directly from you, and we may receive certain personal information about you from third parties. We collect and update personal information throughout our relationship with you. The relationship begins the first time you visit our Site and continues through termination of your use of the Dapper Services. As such, personal information may be collected any time you visit the Site, set up an Account or Dapper Interface, use the Dapper Services, communicate with our customer service team, and any other time you communicate with us.

Each and every time you provide personal information to us though any means, you consent to the collection, use and disclosure of such information in accordance with this Policy. If you do not agree to the gathering of this information, you should not use Dapper’s Services or visit our Site.

Cookies; Pixels; Beacons

Dapper uses cookies - tiny data files placed on your device that contain a unique identifier that identify your browser. Cookies allow us to collect information about you as a user, to improve our platform, store preferences and settings, and help with sign-in. While you can manage cookies in your Account’s preferences setting, if you disable cookies you may not be able to use or access some or all of the Dapper Services.

Our web pages may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, and to count users who have visited those websites. We may also include web beacons in our promotional email messages or newsletters, to determine whether and when you open and act on them.

In addition to placing web beacons on our own websites, we sometimes work with other companies to place our web beacons on their websites or in their advertisements. This helps us to develop statistics on how often clicking on an advertisement on a Dapper website results in a purchase or other action on the advertiser's website.

Finally, the Dapper Services may contain web beacons or similar technologies from third-party analytics providers (like, for example, Google Analytics) that help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations. These technologies enable the analytics providers to set or read their own cookies or other identifiers on your device, through which they can collect information about your online activities across applications, websites or other products.

Consent

Consent for the collection, use and disclosure of personal information may be expressly given or implied. Your express consent, if required, may be given in writing, verbally or through electronic means. Implied consent is given by your actions, such as instances when you visit our Site or and as otherwise described herein.

Dapper can collect, use or disclose your personal information without your consent for legal, security or certain processing reasons as required by law to deter fraud and money-laundering, or for other legal purposes.

Your consent can be withdrawn by contacting support@meetdapper.com. If you do not notify us of the withdrawal of your consent, we will consider your consent to be ongoing. Should you withdraw consent, we may not be able to provide all or some of the Dapper Services to you and you are not permitted to access our Site.

How to Access and Control Your Personal Data

You can view, access, edit, delete, or request a copy of your personal data for many aspects of the Dapper Services via your Account settings. Within your user settings you can also make choices about Dapper’s collection and use of your data.

You can always choose whether you want to receive marketing communications from us. You can opt out from receiving marketing communications from us by using the opt-out link on the communication, or by visiting your Account settings or sending us an email at support@meetdapper.com.

Data Access. You can access your personal data in your Account settings.

Data Portability. You can request a copy of your personal data by submitting an email to us at support@meetdapper.com and including “Please send me a copy of my personal data” in the “Subject” line. Dapper will verify your ability to access that email, then send you a digital export of the data we hold that is associated with your email address. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Dapper may be limited in its ability to send certain personal data to you.

Data Erasure. You can request that portions of your personal data be erased by submitting an email to us at support@meetdapper.com and including “Please delete my personal data” in the “Subject” line. Dapper will verify your ability to access that email, then use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Please be aware that we require certain information about you in order to make the Dapper Services available to you; this means that if you want to delete any of these critical pieces of personal data, you may be required to delete your entire Account and no longer be able to access the Dapper Services.

Data Correction. You can modify your personal data in your Account settings. Note that since some of the data we collect is specific to you – for example, your Interface address – you may not be able to modify this data without needing to create a new user profile.

Your Communications Preferences. You can choose whether you wish to receive marketing communications from us. If you receive marketing communications from us and would like to opt out, you can do so by following the directions in that communication. You can also make choices about your receipt of marketing communications by signing into your Account, and viewing and managing your communication permissions in your Account settings, where you can update contact information, manage your contact preferences, opt out of email subscriptions, and choose whether to share your contact information with Dapper and our partners. Alternatively, you can request that we withdraw consent to use your personal data by submitting an email to us at support@meetdapper.com and including “Please withdraw my consent for marketing communications” in the “Subject” line. Dapper will verify your ability to access that email, then update our systems to remove your email address from the system we use to send marketing communications. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Please note that these choices do not apply to mandatory communications that are part of the Dapper Services, or to surveys or other informational communications that have their own unsubscribe method.

Data Retention

We may retain your personal information as long as you continue to use the Dapper Services, have an Account with us, or for as long as is necessary to fulfill the purposes outlined in this Policy. You can ask to close your Account by contacting us as described above, and we will delete your personal information on request.

We may, however, retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.

We will retain your personal data for as long as necessary to make the Dapper Services available to you, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different types of data, actual retention periods can vary significantly.

How we share information and third-party servicers

We share your personal data with your consent, or as necessary to make the Dapper Services available to you. We also share your data with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security and integrity of the Dapper Services; and to protect our rights or our property.

Companies we have hired to provide cloud hosting services, off-site backups, and customer support may need access to personal data to provide those functions. In such cases, these companies are required to abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. If you would like to consult a list of our current vendors, or have questions or concerns about the vendors, feel free to contact us at support@meetdapper.com.

We may disclose your personal data as part of a corporate transaction such as a corporate sale, merger, reorganization, dissolution, or similar event.

Finally, we will access, transfer, disclose, and/or preserve personal data, when we have a good faith belief that doing so is necessary to:

1. comply with applicable law or respond to valid legal process, judicial orders, or subpoenas;

2. respond to requests from public or governmental authorities, including for national security or law enforcement purposes;

3. protect the vital interests of our users, customers, or other third parties (including, for example, to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone);

4. operate and maintain the security or integrity of the Dapper Services, including to prevent or stop an attack on our computer systems or networks;

5. protect the rights, interests or property of Dapper or third parties;

6. prevent or investigate possible wrongdoing in connection with the Dapper Services; or

7. enforce our Terms of Use.

We may use and share aggregated non-personal information with third parties for marketing, advertising, and analytics purposes.

We do not sell or trade your personal information to third parties.

Where we Store and Process Personal Data; International Transfers

Personal data collected by Dapper may be stored and processed in Canada or in any other country where Dapper or its affiliates, subsidiaries or service providers maintain facilities. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect is processed according to the provisions of this Policy, and the requirements of applicable law wherever the data is located.

We transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where Dapper processes personal data, please visit: ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Protection and Security of Information

We make reasonable efforts to protect your personal information using appropriate physical, technological and organizational safeguards. No security is foolproof, and the Internet is an insecure medium. However, we work hard to protect you from unauthorized access, alteration, disclosure and destruction of your personal information collected and stored by us. As such, we have policies, procedures, guidelines and safeguards in place to ensure your personal information is protected. Only authorized employees of Dapper have access to your information, and these employees are required to keep the information confidential. Additionally, we periodically review our practices related to collection, storage and use of personal information and how such practices are utilized by our employees, contractors and agents to ensure high levels of protection.

Be aware that virtual currencies and digital assets are not necessarily truly anonymous. Generally, anyone can see the balance and transaction history of any public digital asset address. It may be possible to match your public digital asset address to other personal information about you and to identify you from a blockchain transaction. This is because, in some circumstances, personal information published on a blockchain (such as your digital asset address and IP address) can be correlated with personal information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction itself. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other personal information about you. You understand that we have no control over whether third parties utilize such techniques to identify you or obtain your personal information, and you agree that we will not be liable to you for any such activities. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such personal information about you. You agree to allow us to perform such practices and understand that we do so.

How do we Ensure that our Processing Systems remain Confidential, Resilient, and Available?

We implement a variety of measures to ensure that our processing systems remain confidential, resilient, and available. Specifically, we have implemented processes to help ensure high availability, business continuity, and prompt disaster recovery. We commit to using third party services that maintain strong physical and logical access controls.

High Availability. Every part of the Dapper Services utilizes properly-provisioned, redundant servers (e.g., multiple load balancers, web servers, replica databases) in case of failure. The third parties we use take servers out of operation as part of regular maintenance, without impacting availability.

Business Continuity. We keep encrypted backups of data daily in multiple regions on Google Cloud Platform. In the rare case case of production data loss (i.e., primary data stores loss), we will restore organizational data from these backups.

Disaster Recovery. In the event of a region-wide outage, we will bring up a duplicate environment in a different Google Cloud Platform region. Our operations team has extensive experience performing full region migrations.

Physical Access Controls. The Dapper Services are hosted on Google Cloud Platform. These data centers feature a layered security model, including extensive safeguards such as custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. Dapper employees do not have physical access to these data centers, servers, network equipment, or storage.

Logical Access Controls. Dapper is the assigned administrator of its infrastructure on GCP, and only designated authorized Dapper operations team members have access to configure the infrastructure on an as-needed basis

Penetration Testing. We engage an independent, third-party agency to perform black box penetration testing on an annual basis. Information about security vulnerabilities that are successfully exploited through penetration testing is then used to set mitigation and remediation priorities.

Third Party Links

Dapper’s Site and the other elements of the Dapper Services may contain links to other sites. The owners of the linked sites are solely responsible for their privacy practices and content. Dapper is not responsible and does not endorse or control the content and privacy practices of third-party websites. Anytime you access a third-party website, you will be subject to the terms of their applicable privacy policies and should review them carefully.

Accessing and Keeping your Personal Information Accurate

We take reasonable and practical steps to ensure that your personal information is accurate with regards to the purpose for which it is used. It is your responsibility to provide accurate personal information about yourself. If any information that has been provided is no longer correct, it is your responsibility to contact us to update this information. Corrections can be made through your Dapper Account or by contacting us at support@meetdapper.com.

Subject to certain exceptions under applicable law, you may request access to the personal information that we hold about you in order to view, verify and correct such personal information by contacting us at support@meetdapper.com. When handing such requests, we will verify the identity of the requesting party through the same or similar methods that we use to verify a user’s email address upon Account creation to ensure that they are the person legally entitled to make the request. It is our policy to not charge for such requests, however, in the case that the requests become repetitive or unduly onerous, or there is request for copies of documents, a charge may apply. We will let you know at the time of the request if there will be a charge. Normally, such requests will be responded to within 30 days.

Changes to this Policy

Dapper reserves the right to amend this Policy from time to time. The most up to date version will be available on our Site with the most recent version’s date listed clearly at the top of the page. Changes are effective at the time we post them on the Site. While Dapper may make reasonable attempts to notify active Account and Dapper Interface holders when this Policy is updated, we nonetheless recommend that you consult this Policy each time you visit our Site or use any of the Dapper Services to be assured that you are familiar with the most current version of this Policy.

Questions, Concerns and Complaints

If you have questions, concerns or complaints regarding this Policy, the handling of your personal information or Dapper’s privacy or data protection practices, including but not limited to the use of any service providers outside of Canada, please contact support@meetdapper.com. We investigate all complaints and will generally respond within 30 days of receipt of your complaint. If we find a complaint to be justified, we will take all appropriate measures, including, as necessary, amending our policies and practices.

Please note that when you send us a message, you will be providing us with personal information, including your email address, name, and any other information provided in the message. In some cases, additional personal information may be needed in order to answer your questions, concerns or requests. Such information will be handled in accordance with this Policy.