# Autonomy Privacy Policy

**Last Updated: September 15, 2022**

Bitmark Inc. (“Bitmark”, “we”, “us”, “our”) provides this Privacy Policy to inform users of our policies and procedures regarding the collection, use and disclosure of personally identifiable information received from users of Bitmark’s Autonomy mobile application (the “Application”) and the related hosted service (collectively the "Services"), and the Autonomy website, (the “Website”). Any terms not defined in this Privacy Policy are defined in our [Terms of Service]().  


## Definitions

* “Personal information” or “personal data” is information that is identified or identifiable to a natural living person, consistent with the definitions in European and California law.  It includes personally identifiable information (defined below), your account keys and information associated with your account keys.
* “Personally identifiable information” is information traditionally thought of as directly identifying a natural living person, such as full names, addresses, telephone numbers, government identification numbers, payment information, email addresses, social network identifiers, account identifiers and similar persistent and public or quasi-public identifiers.  


## Services Information Collection and Use

You will need to create an Autonomy multi-chain account (the “Account”) in order to use the Application, and may create more than one Account if desired.  Each Account is capable of storing multiple single-blockchain (or “single-chain”) account keys. The Application will collect personal information from you, or will generate personal information in order to establish the Account.  This personal information will consist of private keys or seeds (also called “recovery phrases” in the Application)  that you supply to import external single-chain accounts into your Autonomy account, or seeds generated by the Application as the basis of a hierarchical set of keys, as well as a public/private key pair specific to the Application that provides access to your Autonomy account.

Your Autonomy multi-chain Account, and any single-chain accounts created within it or imported into it, are identified to us only by the public Account key generated in the Application and communicated to the Services, and even then, only if you elect to use the Services to back up the data in the Application.  We have designed the Services so that we cannot access information transmitted to or stored within the Services.  

Please note that the Application interacts with public blockchains by design, and any information in the public blockchain network is permanently and irrevocably public by design.  That includes your public keys (including those generated from seeds or private keys), the records of any transactions associated with your public key, and any additional data you or the party you transact with may include in the record of your transaction.   

The Services may also collect anonymized information necessary for us to provide, maintain, and improve the Services, such as information about your mobile device, device manufacturer, unique device identifiers, information about software, the operating system, and version running on your system or device, and mobile network information. We do not have any ability to correlate this anonymized information to your personally identifiable information.

Finally, the Services collect anonymized information about your use of our Services, such as log information about the function of the Services, crash reports and errors, and information provided to our support team.  We do not have any ability to correlate this information to your personally identifiable information, and **_we request that you not provide any personally identifiable information when you contact us through the Services (i.e., when filing a technical support request through the Application)_**.

We use personal information collected through the Services only to provide the Services to you (including communicating with you about administrative and technical matters as you may request), to fulfill our legal or regulatory obligations, and to secure, maintain, and improve the Services. We do not correlate the personal information we collect to provide the Services, or any other information you may store in the Services, with information we collect through our Website.  These systems are separate.


## Website Information Collection and Use

It is not necessary to provide us with personally identifiable information to access or use the Website, and we do not collect personally identifiable information in connection with the ordinary operation of the Website.  We do collect personal information from the Website, as described below, but we do not associate that personal information with the personal information in the Services or with correspondence you may send us as described in the next paragraph.

If you contact us by email through the Website or through third party social network services (e.g, Discord), we may keep a record of your contact information and correspondence, and may use your email address or social network user identification, and any information that you provide to us in your message, to respond to you.  We use commercially reasonable efforts to keep this information and to delete it when keeping it is no longer necessary, but we have no obligation to keep this information confidential, nor to take any specific security measures to protect this information.  We strongly suggest that you do not use email, the Website, or third party social network services to send us information regarding your use of the Services, and that you limit such communications to technical support requests made through the Application.

When you visit the Website, Company’s servers automatically record the information that your browser sends whenever you visit a website ("Log Data"). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting. For most users accessing the Internet from an Internet service provider, the IP address may be different every time you log on. Company uses Log Data to monitor use of the Website and the services we offer via the Website and for the Website’s technical administration.  


## Do Not Track

We do not use cookies to collect personally identifiable information or track users’ online activities over time and across different websites. For more information regarding Do Not Track mechanisms, see [http://allaboutdnt.com](http://allaboutdnt.com).


## Information Shared with Others



* We may engage third party service providers to work with us to administer and provide the Services. These third-party service providers have access to personal information collected through the Services only for the purpose of performing services on our behalf, and will not use it except on our behalf within the limits of this Privacy Policy.  This includes personally identifiable information such as payment information, and the information that we may request to fulfill our legal obligation to know our customers.
* Information we collected through the Services, including personally identifiable information, is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition or asset sale, the information collected through the Services may be disclosed or transferred to the third-party acquirer in connection with the transaction, provided that the acquirer agrees to honor the terms of this Privacy Policy.  
* It is our policy to protect you from having your privacy violated through abuse of the legal systems, whether by individuals, entities or government, and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary: (a) to satisfy or comply with any applicable law, regulation or legal process or to respond to lawful requests, including subpoenas, warrants or court orders; (b) to enforce our agreements with you or third parties, to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (c) to prevent or stop activity we consider to be illegal or unethical.


## Data Retention

Generally speaking, we will retain your personal information for as long as necessary for the purposes set out in this Privacy Policy.

We retain personal information for as long as it is reasonably necessary or required to provide you with the Services, resolve any disputes, enforce our agreements with you, protect our legal rights or the legal rights of others, and honor the technical and legal requirements or restrictions with respect to the security and operation of our Services.  

Otherwise, we generally delete information when it is no longer reasonably necessary to provide you with the Services, to comply with applicable laws and regulations (including EU or California law as indicated in the “Your Rights” section below),, and to run our business.


## Security

We take reasonable technical, administrative, and organizational measures to protect your information from unauthorized access, use or disclosure of the information that we collect. The Application encrypts all information in your mobile device, in transit between your mobile device and the Services, and when stored in the Services.  

We do not have access to any of the information you store in the Application or the Services except when you may specifically share it with us (for example, as part of a technical support request).  If you share information with us through the secure channels we provide in the Application, we store it in encrypted form on secure servers and only allow access by personnel who have a need to know the information for the relevant business purpose. 

Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.


## Your Rights in Your Data

Bitmark doesn't collect, process, or disclose your personal information in connection with the Services except as we describe in this Privacy Policy.  Under applicable laws of various countries or US States, you may have certain rights concerning your personal information, such as under EU or California law, the right to access to, rectification or erasure of, and/or restriction of processing or objection to processing of your personal information.  If you wish to exercise your rights with respect to personal data collected or processed by Bitmark in connection with the Services, contact us via email at [support@bitmark.com](mailto:support@bitmark.com),  and we will respond to you with specific instructions to follow.

Please note, that as described above:



* we do not have access to any personal information within the Application or which you have stored within the Services, so you must make any changes to such personal information; and
* we do not control or act as custodians for the information stored in the public blockchain networks, and the blockchain technology used in public blockchain networks is incompatible with the ability to erase or rectify the personal information stored in those networks.  

If you are a resident in the European Union, you also have the right at no cost to lodge a complaint with EU data protection authorities. This right may also exist in other countries.  


## International Transfer

Your information (including personally identifiable information) may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. By using the Services, you consent to this transfer.


## Links to Other Sites

The Website may contain links to other websites ("Linked Sites") operated by Bitmark or third parties. Linked Sites may place their own cookies or other files on your computer, collect data or solicit personal information from you. This Privacy Policy addresses only the use and disclosure of information that Bitmark collects through the Services. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. Bitmark does not exercise control over third party Linked Sites. Your use of any Linked Site operated by Bitmark is subject to the terms and conditions provided by Bitmark for such Linked Site.  Bitmark encourages you to read the privacy policies or statements of the other websites you visit.


## Our Policy Towards Children

The Services are not directed to children under the age of majority in their jurisdiction. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at [support@bitmark.com](mailto:support@bitmark.com). In particular, if we become aware that a child under 13 has provided personally identifiable information to us, we will remove such information from our files and will not make further use of it.


## Changes to this Privacy Policy

We reserve the right to change this policy at any time without prior notice. Any changes to this policy will be posted here, and we will also attempt to notify you through the Application.  You are advised to consult this Privacy Policy regularly for any changes. If you have any questions or comments about this Privacy Policy, please contact us at [support@bitmark.com](mailto:support@bitmark.com).