SmashFi Privacy Policy

Updated: June 12, 2024

1. Introduction

SMASHFI LLC (hereinafter referred to as the “Company”) respects the privacy of individual users (“User”) and is dedicated to safeguarding it in compliance with this Privacy Policy (hereinafter referred to as this “Policy”). This Policy pertains to personal data collected within the “SmashFi platform” services (“Platform”) managed by the Company. The Company is responsible for handling the personal data supplied by a User or sourced from a User within the Platform. This Policy outlines the kinds of personal data the Company might gather from a User or that a User might provide, alongside the Company’s approach to collecting, using, storing, protecting, and revealing that personal data.

This Policy will become effective on October 17, 2023. Should there be any alterations, the Company will notify users by making them publicly available on the Company’s Platform or through other means (e.g., text, e-mail, messenger, or a pop-up screen prompting acceptance upon sign-in).

Terms used in this Privacy Policy correspond with meanings established in applicable laws, regulations, and the Company's terms and conditions. Any other concerns will follow general commercial practices. To utilize the Platform, you must be at least eighteen (18) years old or of the equivalent minimum age in your jurisdiction ("Minimum Age"). By accessing the Platform, you confirm that you meet the Minimum Age requirement. The Company may require age verification and has the right to end your access to the Platform without prior notice if misrepresentation is detected.

2. GDPR Compliance

We are committed to ensuring that your personal data is protected in accordance with the General Data Protection Regulation (GDPR). This includes:

• Lawful, Fair, and Transparent Processing: We process personal data lawfully, fairly, and in a transparent manner. We will always inform you about how your data is being used at the time of collection.
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
• Data Minimization: We collect only the data that is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
• Storage Limitation: We keep personal data in a form that permits the identification of data subjects for no longer than necessary.
• Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.

3. Collection of Personal Data and Methods

3.1. Types of Personal Data Collected

(a) Data Provided by Users

When signing up and using the Platform, we collect data provided directly by the user, such as email and password. For identity verification, when a user withdraws digital assets exceeding a set limit, we may collect additional data such as mobile phone number, OTP, or passport number.

(b) Data Sourced When Users Access the Platform

Various details might be collected when a user interacts with the Platform, including browser types, device data, and usage details. Data such as IP addresses, cookies, device specifics, timestamps, service access records, and any misuse logs may also be collected.

(c) Data Received from Third-party Providers

• Collection: We collect Google account information only when users choose to log in using their Google credentials. This process is initiated through a secure OAuth protocol, ensuring that the user's login details are not shared directly with us but are handled securely by Google.
• Processing: The collected Google account information is integrated into the user’s profile on the Platform. This allows for seamless account creation and login, personalized user experience, and improved customer support. The information may also be used for user authentication and account recovery purposes.
• Protection: We are committed to protecting the personal data of our users. The Google account information collected is encrypted and stored securely in compliance with industry standards and regulations. Access to this data is restricted to authorized personnel only and is protected by multiple layers of security measures, including firewalls, encryption, and access controls.
• Data Retention: The Google account information is retained for as long as the user maintains an account with us. If the user chooses to delete their account, we ensure that all personal data, including information collected from Google, is permanently removed from our servers, except where retention is required by law.
• User Control: Users have the right to access, modify, and delete their personal data at any time. They can manage their Google account permissions through their Google account settings and can revoke SmashFi's access to their Google account information. Additionally, users can contact our support team for assistance with any data-related inquiries.
• Compliance: SmashFi adheres to all relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), ensuring that users' privacy rights are respected and protected.
  

3.2. Data Collection Techniques

The Company collects users’ personal data through web pages, written documents, fax, phone calls, emails, data tools, or via partner entities. For Google login, the data is collected through a secure OAuth authentication process facilitated by Google.

4. Usage of Collected Data

Personal data collected serves several purposes:

• Facilitating Company services to users.
• Safeguarding users and services, including adherence to legal obligations and ensuring the smooth operation of the Platform.
• Fulfilling contractual responsibilities, such as transacting in crypto assets upon user request.
• Enhancing existing services and innovating new ones.
• Creating statistical data regarding Platform use and catering services or advertisements based on this data.
• Informing users about changes in the Company's policies, websites, or Platform.
• Alerting users about promotions and associated participation opportunities.
• Pursuing the legitimate interests of the Company, given they don’t infringe upon user rights.
• Using personal data with the user's prior agreement.

If the data's intended use deviates from the reasons listed above, the Company will secure the user's consent.

5. Disclosing Collected Data

The Company will not share personal data unless:

• Legally mandated.
• Requested for investigative purposes.
• Necessary for Company partners and service providers.
• The user has previously agreed or has given express consent.

6. Cookies, Beacons, and Similar Tools

Cookies and web beacons may be used to collect aggregated, non-personal information. They help improve user experience and ensure better services.

7. User Rights

Under the GDPR, users have the following rights concerning their data:

• Access: Users have the right to request access to their personal data and obtain a copy.
• Rectification: Users have the right to request correction of inaccurate or incomplete personal data.
• Erasure: Users have the right to request the deletion of their personal data under certain circumstances.
• Restriction: Users have the right to request the restriction of processing of their personal data.
• Data Portability: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
• Objection: Users have the right to object to the processing of their personal data based on legitimate interests or for direct marketing purposes.
• Withdrawal of Consent: Users have the right to withdraw their consent at any time where we rely on consent to process their personal data.

To exercise any of these rights, please contact us at [contact@smashfi.me].

8. User Responsibilities

Users must ensure their data is accurate and safeguard their credentials. Users are accountable for inaccuracies or damages stemming from their negligence.

9. Security Measures

The Company implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

10. Protection for Minors

The Company does not register or collect data from individuals below 18 years of age.

11. Technical and Managerial Safeguards

The Company has implemented comprehensive technical and managerial safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption: We use encryption to protect personal data during transmission and storage.
• Access Controls: We restrict access to personal data to authorized personnel only.
• Regular Security Assessments: We conduct regular security assessments to identify and mitigate potential vulnerabilities.
• Incident Response Plans: We have incident response plans in place to handle potential data breaches swiftly and effectively.

12. Destruction of Personal Data

Personal data is destroyed once its purpose is fulfilled, but certain data might be retained as required by laws.

13. Policy Modifications

The Company can alter this Policy. Users will be informed of any changes through the Platform or other communication methods.

14. Contact Information

For queries or updates, reach out to:

Company Name: SMASHFI LLC

Email: contact@smashfi.com

15. Exclusions

This Policy doesn’t cover third-party service providers or linked sites.

By using SmashFi, you consent to the collection and use of your personal data as described in this Privacy Policy. We are committed to ensuring that your personal data is protected in accordance with GDPR standards. If you have any questions or concerns about our privacy practices, please contact us at [contact@smashfi.me].