“We”, “our”, “us”, or “RockWallet” refers to the entity listed at the end of this privacy notice with which you or your organization have a relationship.
This privacy notice describes how RockWallet collects, use, and process personal information in relation to your use of our services supplied through the RockWallet platform (“Platform”), website (“Site”) and applications (“Apps”) (together, the “Services”).
Undefined capitalized terms used in this privacy notice can be found in the applicable agreement or terms of use for the Services (each, an “Agreement”). If you are a Customer, Authorized Customer (in this privacy notice each, a “Customer”) of RockWallet Services, this privacy notice applies to you as well as any Agreement or other disclosure that may be provided to you by us.
Our privacy notice is applicable to all Customers who access or utilize our Services and covers personal data processing activities carried out by us in our Services.
The designated data controller of your personal data (“Controller”) will vary depending on where you are located, as indicated at the end of this privacy notice.
RockWallet is committed to implementing security measures that are reasonably expected to safeguard Customer’s personal data from destruction, loss, modification, or any other unauthorized processing. Some of the security measures that RockWallet will implement include, without limitation:
3.1 Encryption. We employ industry-standard encryption protocols to secure the transmission and storage of personal data. This encryption helps prevent unauthorized access and ensures the confidentiality and integrity of the information.
3.2 Access Controls. Access controls are in place to restrict access to personal data to only those employees or authorized personnel who require it for legitimate purposes. These individuals are bound by strict confidentiality obligations and are aware of the importance of protecting personal data.
3.3 Self Help. Customers are encouraged to take their own precautions, such as using strong and unique passwords and regularly updating their devices and software, to further enhance the security of their personal data.
3.4 Private IP. Customer data is stored on a server with no public IP address. Only specific servers can contact this server in a separate private network.
3.5 Connections. SSH connection to public servers can only be done from the (virtual) private network of RockWallet.
3.6 Passwords. Customer passwords and private keys are always hashed (not stored in plain text). Customer data is stored in a database with access control and all user data (which is inside the database) is encrypted at rest.
At RockWallet, we value transparency and strive to provide clarity on our data collection and processing practices. The table below presents an overview of the data we collect, its source, category, a brief description, and the lawful basis for processing.
Please keep in mind that the specific data we collect may vary depending on the RockWallet Service you are using.
Therefore, the table provides a comprehensive list but does not limit the data we collect or imply that we collect this data in all instances.We collect data through various methods, such as customer registration, Transactions, program participation, industry events, and customer service communications.
While you have the option to decline providing personal data, not providing essential information may limit our ability to offer certain services.
1. Information Provided by Customers
We collect basic information provided directly by customers, which includes:
2. Information Required by Law (KYC/AML Obligations)
Certain information is collected to comply with legal obligations, including:
3. Information Voluntarily Provided by Customers
Customers may voluntarily provide additional information, including:
4. Information Collected Automatically
When using our services, we collect technical data related to device usage:
5. Information Obtained from Cookies and Similar Technologies
We use cookies to administer our services, analyze usage trends, track browsing history, and improve service functionality. More details can be found in our Cookie Policy.
6. Information Obtained from Affiliates and Third Parties
We may collect additional information from external sources, including:
7. Information from Marketing, Advertising, and Analytics Partners
8. Information from Retail Merchants and Research Partners
*For entities, we may collect some of this information for individual members such as beneficial owners, directors, etc., as applicable.
We may also collect, use, and share aggregated data, such as statistical or demographic data, for various purposes. Aggregated data is derived from your personal data but is considered non-personal data under the law, as it does not directly or indirectly disclose your identity. For example, we may analyze your Service Usage Information in an aggregated form to determine the percentage of users accessing specific features on our Sites. However, if we combine or link aggregated data with your personal data in a way that allows us to identify you directly or indirectly, we will treat the combined data as personal data and handle it in accordance with this privacy notice. Our approach to handling aggregated data aligns with industry-standard privacy practices.
RockWallet can process personal data for (one of or several) the following purposes, based on one or more legal grounds:
5.1. Performance of contract. Customer information will be utilized for account creation and identity verification to provide our Services. It may also be used for Services related to Transactions and for technical support, issue resolution, and ensuring the safety and quality of the services.
5.2. Ensure Functionality. To ensure the proper functioning of the Services, as well as the provision of ordered Services, the information listed above may be processed.
5.3. Communicate with You. We utilize the information to address your inquiries, fulfill your requests, and send crucial notifications. This encompasses activities such as sending periodic emails concerning companyupdates, policy changes, product/service enhancements, or press releases.
5.4. Marketing. We use the information we have about you to market our services. This includes, for example, sending you email communications about products, offerings, events, competitions, surveys, and webinars or customized offers or materials. Our marketing efforts are aligned with your communication preferences, and you always retain the right to unsubscribe.5.5. Improve Services. We use the information we have about you to improve our services. This includes, for example, identifying usage trends, developing data analysis, determining the effectiveness of our promotional campaigns, evaluating our business performance, researching, demonstrating, developing, and improving our products and services, and ensuring quality control.
5.6. Comply with Laws. We use the information we have about you to comply with applicable laws, regulations, and contractual obligations. This includes, for example, “know your customer” (KYC), “know your business” (KYB) obligations, conducting compliance and/or security checks, audits, or assessments, and any related reporting obligations.
5.7. Protect assets. We use the information we have about you to protect our rights and interests, ensure the security of our assets, systems, and networks, prevent, detect, and investigate fraud, unlawful or criminal activities in relation to our services, and enforce our terms and conditions.5.8. Other Purposes that require your consent. Except as required by Applicable Law, we may share or disclose your information only if you provide your prior consent.6. Third-party access to Customer’s personal dataWe do not share personal information with companies, outside organizations, individuals, or other recipients unless one of the following circumstances apply:
6.1. Legal, Regulatory, Safety, and Compliance Purposes. In certain situations, we may be required to share your information as required by law.These situations may include but are not limited to complying with a subpoena or other legal process requests; protecting your rights; protecting your safety or the safety of others; investigating fraud; and responding to a government request.
6.2. Sharing with Service Providers and Third Parties. RockWallet may disclose your information to third-party service providers who assist us in managing the Services. These providers may include IT service providers, data storage providers, identity verification service providers, payment processors, cloud service providers, and marketing service providers. However, we ensure that these providers are only allowed to use your personal information for the sole purpose of providing their services to us and not for their own promotional purposes. Your personal data may be stored within their systems, but we require them to uphold the confidentiality of your information and comply with all privacy and data protection laws. Rest assured; we do not sell your personal information to third parties.
6.3. Plaid. For Services provided by RockWallet LLC, to ensure fraud prevention and mitigation, we utilize Plaid, Inc. as a service provider for third-party identity verification. Plaid, Inc. performs bank account verification, balance confirmation, and transaction history review to approvetransactions. Your personal and financial information is handled in compliance with Plaid's privacy notice, which can be accessed at https://plaid.com/legal/#privacy-policy. By utilizing our services, you authorize RockWallet and Plaid, Inc. to access and transmit your personal and financial information from your bank according to such privacy policy.
6.4. RockWallet Affiliates. We may share your information within RockWallet Affiliates for various purposes, including providing you with our services, preventing fraud, conducting identity verifications, complying with the law, facilitating sales, mergers, acquisitions, or other liquidity events, and offering products and services to you. However, we do not share information about your creditworthiness with our Affiliates.
6.5. With your consent. We will share personal information with companies, outside organizations or individuals if we have your consent to do so.
RockWallet may transfer your data to countries outside of the country from where you have accessed our Services. To ensure compliance with applicable data protection rules, we have implemented suitable technical, organizational, and contractual safeguards, including the use of Standard Contractual Clauses. When transferring personal data outside of the EEA or the UK, we adhere to lawful transfer mechanisms. If the European Commission has determined that a country provides an essentially equivalent standard of data protection as the EEA, we may rely on an 'adequacy decision' to facilitate the transfer of personal data. When transferring personal data from the EEA or UK to the US, we may rely on standard contractual clauses.
We emphasize the protection and confidentiality of personal data when using digital assets. Public blockchains are designed to record transactions across networks of computer systems, and the use of digital assets are usually publicly recorded on these blockchains. It is important to note that public blockchains can undergo forensic analysis, which may potentially lead to the re-identification of individuals and the disclosure of personal data, particularly when combined with other data sources.As a rule, cryptocurrency transactions are less private than fiat banking transactions because they occur on public blockchains.As RockWallet does not have control over or operate these decentralized or third-party networks, we are unable to erase, modify, or alter personal data on such blockchains. We are committed to implementing appropriate safeguards and complying with applicable privacy laws and regulations to protect personal information within our control. However, we advise users to exercise caution and take necessary precautions when utilizing digital assets on public blockchains.9. Your rightsYou have the following rights in respect of Customer’s personal data being processed by RockWallet:
9.1. Data protection authorities.If you have concerns about the processing of your personal data or believe that your rights under applicable data protection laws have been violated, you have the right to lodge a complaint with the relevant supervisory authority.In the European Union, each member state has its own supervisory authority responsible for data protection matters. You can find the contact details of the supervisory authority in your country of residence or where the alleged violation occurred listed below or by searching your local governmental authority sites: https://edpb.europa.eu/about-edpb/board/members_en
We encourage you to contact the supervisory authority directly if you have any concerns or complaints regarding the processing of your personal data. However, we would appreciate the opportunity to address your concerns first, so please contact us and we will do our best to resolve any issues in a timely and satisfactory manner.Please note that you are not obligated to contact us before lodging a complaint with the supervisory authority. You have the right to file a complaint directly with the supervisory authority at any time.
9.2. Contact usIf Customer intends to use any of its above-mentioned rights, please do so by directing Customer’s request to legal@RockWallet.com or by a letter to RockWallet (see address above). RockWallet cannot handle Customer’s request without proof of Customer’s identity and the applicable legislation may impose conditions on exercising the above rights. RockWallet will request a copy of Customer’s identification document as proof that Customer are indeed concerned by the personal data and thus entitled to rights mentioned above. RockWallet will use its best efforts to respond to Customer’s request without undue delay after receipt of Customer’s request. Customer should bear in mind that RockWallet will not always be obliged to comply with a request for access, correction, removal or transfer, taking into consideration the requirements related to the establishment, exercise or substantiation of a legal claim or the legitimate exercise of the right of freedom of expression and / or information.
We retain personal information for as long as needed or as permitted in light of the purpose(s) for which it was obtained and consistent with applicable law and, in anycase, not less than five (5) years. The criteria used to determine our retention periods include:
We further declare that we do not sell your personal information in our ordinary course of business and will never sell your personal information to third parties without your explicit consent.If you seek to exercise CCPA access or deletion rights on behalf of another person, you must confirm that the person has authorized you to act as their agent under the CCPA by providing us with a completed, signed, and notarized CCPA Agent Authorisation Form pursuant to California Probate Code Section 4000 to 4465. Please note that we may deny requests from agents who do not submit the relevant proof of authorization or agents we are unable to verify their identity.Under the CCPA, you have the right, if certain parts of your personal information are part of a data security breach, to initiate a private cause of action.You have the right to limit our use of sensitive personal information (“SPI”) to what is necessary or reasonably expected of us to perform the Services. If we use SPI beyond what is necessary to provide the Services, we shall provide you notice of the additional purposes for our use of SPI and remind you of your right to request that we limit the use of the SPI.SPI is a subset of personal information that reveals (i) your social security number, driver’s license number, state identification card or passport number; (ii) your account log-in, financial account information, debit or credit card number in combination with any password or access code to grant access; (iii) your precise geolocation; (iv) your racial or ethnic origin, religious or philosophical beliefs, or union membership; (v) the content of your mail, email or text messages unless we are the intended recipient of said communications; and (vi) your genetic data.
We may update or modify this privacy notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes we make will be posted on this page with a revised "Last Updated" date. We encourage you to review this privacy notice periodically to stay informed about how we collect, use, and protect your personal data.If we make any material changes to this privacy notice, we will provide notice by email (if we have your email address) or by posting a notice on our website prior to the change becoming effective. We will also seek your consent for any material changes to the extent required by applicable data protection laws. Your continued use of our services after the effective date of any revised privacy notice constitutes your acceptance of the updated privacy notice. If you do not agree with the updated privacy notice, please refrain from using our services and contact us to deactivate your account, if applicable.Please note that we are not responsible for the privacy practices of third-party websites or services that may be linked to or from our website. We recommend reviewing the privacy policies of those third parties directly.If you have any questions or concerns about our privacy notice or practices, please contact us using the information provided in the "Contact Us" section above.13. Your data Controller Depending on where you are located, your data Controller and the Rockwallet entity providing you with this privacy notice will vary as follows.
Need Help? If you have any questions or need assistance, our support team is here for you at support@rockwallet.com.
Copyright © 20242025, RockWallet