California Notice at Collection/State Law Privacy Rights: See the ‘State Law Privacy Rights’ section below for important information about your rights under applicable state privacy laws.

European Users: Please see the ‘European Privacy Notice’ section below for additional information for individuals located in the European Economic Area, the United Kingdom, or Switzerland (which we refer to as “Europe,” and “European” should be understood accordingly).

This privacy policy (“Privacy Policy”) explains how Solana Labs, Inc. and its subsidiaries (collectively “Solana Labs,” “our,” “we,” or “us”) collects, uses, and discloses information about you. This Privacy Policy applies when you access and use any of the websites we operate (the “Website” or “Websites”) and our other online products and services that link to this Privacy Policy (collectively with Website(s), the “Service” or “Services”) and when you contact our customer service team, engage with us on social media, or otherwise interact with us. Products and services outside of the Services described herein are not subject to this Privacy Policy. For example, if you are a user of a Solana mobile device and/or the Solana dApp Store, please see our Mobile Device and dApp Store Privacy Policy for information concerning how Solana processes your personal information in connection with these products and services.

This Privacy Policy also does not apply to information that we process on behalf of our business customers while providing our products and services to them (e.g., where business customers provide or make available to us data regarding their own customers or end users). We use the personal information we receive from our business customers solely on the instructions of our business customers, as governed by our agreements with those business customers. If you have concerns regarding personal information that we process on behalf of one of our business customers, please direct your concerns to that customer. 

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we will use it. 

If you have any questions about this Privacy Policy, please contact us using the following contact information:

If you are located in the European Union, pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed the European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact the EDPO regarding matters pertaining to the GDPR by using the EDPO’s online request form: https://edpo.com/gdpr-data-request/, or in writing to the EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

If you are located in the UK, pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as its UK GDPR representative. You can contact EDPO UK regarding matters pertaining to the UK GDPR by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/, or in writing to the EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

This section describes the types and categories of personal information we may collect, and how we may use that information.

We collect information you provide directly to us. For example, you share information directly with us if you contact us, fill out a form, make a purchase, contact us via third-party platforms, participate in a contest, promotion, product trial, or survey, or provide feedback, request customer support, or otherwise communicate with us. 

The types of personal information we may collect include:

When you access or use our Services, or otherwise transact business with us, we automatically collect certain categories of personal information, including:

Device and Usage Information. We may collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, general location data, unique device identifiers, browser type, and app version. 

Online activity data, such as information about your activity on our Websites or other Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Websites or other Services.

Location Information. In accordance with your device permissions, we may collect information about the location of your device. You may stop the collection of location information at any time by adjusting your device settings

Third-Party Site Interactions. Our Services may collect information about your use of third-party websites and platforms that have enabled integrations with our Services, for example, whether you have clicked on an advertisement, the website address of the site that published this advertisement, and other associated information. This personal information may be combined with other information obtained from advertising networks and other sources to create more accurate data about your viewing and click-through activity with these advertisements.  If you believe your personal information has been used in this manner, you should consult the privacy notices posted on these third-party sites for more information about the use of your personal information and your associated rights. 

Some of the automatic collection described above is facilitated by cookies and other tracking technologies. For example, our Websites may use tracking technologies, such as cookies, pixels, web beacons, and Javascript tags, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Websites and your experience, see which areas and features of our Websites are popular, and count visits. We also use cookies to enable us to provide you with the service specifically linked to your user profile when you create one, and are required for the Websites and Services to function. Web beacons are clear image files that we use on our Websites and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. Javascript tags are similar to these other tracking technologies, but may also collect information about how you use our Websites, including which areas you visit and what data you may enter into forms. We may also use one or more of these tracking technologies. to enable cross-context behavioral advertising on other sites, and to understand the effectiveness of our marketing campaigns.

We also obtain information from third-party sources. For example, we may collect information about you from public sources, identity verification services, data analytics providers, and mailing list providers (if applicable, and where we are permitted to do so). We may combine this information with other information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in a personally identifiable format.

The Websites and Services do not intentionally collect or process ‘sensitive personal information’ that comprises data describing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning a natural person’s sex life or sexual orientation, and government-issued identifiers.

If you provide account information related to financial institutions and services when interacting or otherwise using one of our contracted payment processors, we do not process this category of data directly.

We ask that you exercise caution when sharing personal information and avoid sharing sensitive information when you do so.

We use the personal information we have collected for the following purposes:

Except as described in this Privacy Policy, we will not disclose your personal information that we collect on the Service to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

In this section, we describe the rights and choices available to all users. Users located in Europe or states subject to the U.S. state privacy notice, below, can find additional information in the “European privacy notice” and “U.S. state privacy notice,” respectively.

Opt-out of communications. If you receive marketing emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving marketing emails from us, and any other promotional communications that we may send to you from time to time (e.g., by postal mail) by sending your request to us by email at privacy@solana.com or by writing to us at the address given in the ‘Contacting Us’ section of this Privacy Policy.

Please be aware that if you opt out of receiving marketing emails from us, it may take up to ten business days for us to process your opt-out request, and you may receive marketing emails from us during that period. Additionally, even after you opt out of receiving marketing messages from us, you will continue to receive security-related, administrative, and transactional messages from us regarding your use of the Services.

Access. You may access and update many categories of personal information that we have collected and hold about you. If you have a user account with one of our Services, you can access your information by logging in to your account and accessing your account settings. If you don’t have an account and if you wish to access or amend any other personal information we hold about you, you may request access by contacting us at privacy@solana.com, or by writing to us at the address given in the ‘Contacting Us’ section of this Privacy Policy.

Delete your content or close your account. You may request that we delete your personal information in our possession or control or close your account by contacting us at privacy@solana.com. We will do so where reasonably practicable within a reasonable period of time, but we may need to retain some of your personal information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com. We respond to global privacy control signals as detailed in our U.S. State Privacy Notice, below.

Cookies and other technologies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Services may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning. 

Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes. We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

We store your personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. 

To determine the appropriate retention period for personal information, we consider the reason for which retention is required, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal requirements.

Aggregated and anonymized data that no longer identifies the user of the Service is maintained for the purposes necessary to provide the Services and for our other lawful business purposes.

Our Services are not directed to users under the age of 18, and we do not knowingly collect personal information from children under the age of 18 without obtaining parental consent. If we learn that we have collected personal information from a child under the age of 18 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such personal information on our Services, please notify us at privacy@solana.com.

Where this European Privacy Notice applies. This ‘European Privacy Notice’ section applies only to individuals located in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland (i.e., “Europe” as defined at the top of this Privacy Policy).

GDPR Personal Data. References to “personal information” in this Privacy Policy should be understood to include a reference to “personal data” as defined in the “GDPR” (i.e., the General Data Protection Regulation 2016/679 (“EU GDPR”)) and the EU GDPR as it forms part of the laws of the United Kingdom (“UK GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). For the purposes of these laws, the “personal data” that we collect from and about you is described in greater detail in ‘What information do we collect?’ above.

Controller. Solana Labs is a “controller” in respect of the processing of your personal information covered by this Privacy Policy for purposes of the GDPR and the FADP. See the ‘Contacting us’ section above for our contact details.

Our GDPR Representatives. We have appointed the following representatives in Europe as required by the GDPR – you can contact them directly should you wish. See the ‘Contacting us’ section above for our Representatives’ contact details.

We need to inform you about the legal basis on which we collect and use your personal information.  When we process your personal information, we do so in reliance on the following lawful bases:

We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your personal information as well as the personal information used for that Purpose – for more information on: 

Please contact us if you need details about the specific legal basis we are relying on to process your personal information where one or more legal bases have been indicated.

No obligation to provide personal information. You do not have to provide personal information to us. However, where we need to process your personal information either to comply with applicable law or to deliver our Service to you, and you fail to provide that personal information when requested, we may not be able to provide some or all of our Service to you. We will notify you if this is the case at the time.

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following Data Subject Access Rights with respect to your personal information that we hold:

If you wish to exercise one of these rights, please contact us using the information in the ‘Contacting us’ section of this Privacy Policy. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part), we will let you know our grounds for doing so at the time, subject to any legal restrictions. Typically, you will not have to pay a fee to exercise your rights; however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We try to respond to all legitimate requests within a month of receipt. It may take us longer than a month if your request is particularly complex or if you have made a number of requests; in this case, we will notify you and keep you updated.

If you have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en

For individuals in the UK: https://ico.org.uk/global/contact-us

For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/thefdpic/contact.html

Our servers and data centers are located in the United States (US). If you choose to use the Service from outside the US, then you should know that you are transferring your personal information outside of your region and into the U.S. for storage and processing. We may also transfer your personal information from the U.S. to other countries or regions in connection with the storage and processing of data, fulfilling your requests, and operating the Service. You should know that each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region. Please note that the countries we may transfer your data to, including the US, may not have data protection laws considered by European authorities to be as comprehensive as those in your own country. 

Where we share your personal information with third parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented: 

Except as otherwise provided, this section applies to residents of states with privacy laws applicable to us that grant their residents the rights described below (collectively the “State Privacy Laws”).

This section describes how we collect, use, and share Personal Information of residents of these states and the rights these users may have with respect to their Personal Information. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of one of these states, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

For purposes of this section, the term “Personal Information” has the meaning given to “personal data”, “personal information” or other similar terms and “Sensitive Personal Information” has the meaning given to “sensitive personal information,” “sensitive data”, or other similar terms in the State Privacy Laws, except that in neither case does such term include information exempted from the scope of the State Privacy Laws. In some cases, we may provide a different privacy notice to certain categories of residents of these states, in which case that notice will apply instead of this section.

Your privacy rights. The State Privacy Laws may provide residents with some or all of the rights listed below. However, these rights are not absolute and some State Privacy Laws do not provide these rights to their residents.  Therefore, we may decline your request in certain cases as permitted by law. 

Exercising your right to information/know, access, appeal, correction, and deletion. You may submit requests to exercise your right to information/know, access, appeal, correction, or deletion via email to privacy@solana.com or via mail at our contact address above.

Exercising your right to opt-out of the “sale” or “sharing” of your Personal Information.   Certain data sharing we engage in may be classified under State Privacy Laws as a “sale” or “sharing” of your Personal Information. You can submit requests to opt-out of such sales and sharing of your Personal Information here: Do Not Sell or Share My Personal Information, via phone by calling 1 (888) 212-2019, or by broadcasting an opt-out preference signal such as the global privacy control (“GPC”) signal on the browsers and/or browser extensions that support such a signal. If you choose to use the GPC signal, you must turn it on for each supported browser or browser extension you use. If you would like us to make the connection between the GPC signal and your account, we recommend you submit the Do Not Sell or Share my Personal Information web form to allow us to make the connection.

Verification of identity; Authorized agents. We may need to verify your identity in order to process your information/know, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.  

Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf.  However, we may need to verify your authorized agent’s identity and authority to act on your behalf.  We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Laws rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request. 

Personal information that we collect, use and disclose and the purposes for doing so. The chart below summarizes the Personal Information we collect by reference to the categories of personal information described in the “What information do we collect?” section of the Privacy Policy and the categories of personal information specified in the CCPA (Cal. Civ. Code §1798.140). The chart describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The terms in the chart refer to the categories of information, statutory categories, and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of Personal Information not described below. The categories of sources from which the personal information is or was collected and the purposes for collecting such information are as described in the “What information do we collect?” and “How do we use personal information” sections above.

Deidentification. We do not attempt to reidentify deidentified information derived from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.

Contact Us. If you have questions or concerns about our privacy policies or information practices, please contact us using the contact details set forth in the “Contacting us” section, above.

To help protect your data, we take commercially reasonable steps designed to protect the data that we collect, including your personal information, against accidental or unauthorized loss, use, and disclosure. 

You should keep in mind, however, that security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. You transmit information to us at your own risk.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and, in some cases, we may provide you with additional notice (such as adding a statement to our Websites or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.