When you visit the Websites, we and zkSync service providers may obtain or request information about you, your computer or mobile device, and your interaction over time with the Websites, as described below.

Personal information that is automatically collected. When you visit the Websites, we and zkSync service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Websites, our communications and other online services, such as:

• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

Personal information that you may be asked to provide. When you visit the Websites, you may be asked to provide the following information to us:

• Contact and account information, such as your first and last name, email address, phone number, date of birth, photographic identification, government issued identification and other contact details.
• Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
• Usage information, such as information about how you use the Websites and interact with them, including information associated with any content you upload to the Websites or otherwise submit to us, and information you provide when you use any interactive features of the Websites.
• Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
• Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Personal information that we obtain from third parties. When you visit the Websites, we may obtain information from the following sources:

• Social media information. We may use plug-ins from social networks on the Websites and/or maintain pages on social media platforms, such as LinkedIn, Instagram, and other third-party platforms. When you activate plug-ins by clicking on them, the operators of the respective social networks may record that you are on the Websites and may use this information. Additionally, when you visit or interact with Website-related pages on those social media platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy. Matter Labs is not responsible for data collected by these individual social media platforms, and any processing of your personal data by social media platforms is solely their responsibility and occurs according to their privacy policies. Please check with them regarding their privacy policies.
• Third-party login information. When you link, connect, or login to the Websites with a third-party service (e.g. Google, Facebook, or Apple), you direct the service to send us information such as your registration, friends list, and profile information as controlled by that service or as authorized by you via your privacy settings at that service.
• Cryptocurrency wallets. Where the use of a cryptocurrency wallet is used to access the Websites, we may obtain information from the wallet related to your Ethereum address and transactions.
• Other sources. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers.

Blockchain transaction data. The nature of a public blockchain means that certain information is publicly available, including but not limited to: your wallet address; the address of a sender initiating a transaction; the address of a recipient (whether an Ethereum address or a smart contract address); the maximum amount of gas fees that the sender is willing to allocate for executing the transaction; the price the sender is willing to pay per unit of gas; the nonce (a sequential number issued by the sender’s address); the cryptographic signature generated using the sender’s private key; the IP address from the requester (visible only to remote procedure call nodes); and any additional data needed for the transaction, such as invoking functions in a smart contract or providing arguments for those functions. When you authorize (i.e., use a crypto wallet to “sign”) a blockchain transaction through any of the Websites, you are authorizing us to collect and use all information associated with that transaction, which we will do in accordance with this Privacy Policy. Note that we are not able to control whether or how third parties use information that is stored the blockchain, and we expressly disclaim responsibility for any such activities by third parties.

We use a variety of techniques to automatically collect information, including:

• Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

For more information on these tools, please read our Cookie Policy.

With the exception of the provider(s) of the Websites, we do not make your personal data available to third parties unless you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights concerning a contractual relationship. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR. Information collected and used is for the purpose of enabling the use of the Websites, continuously ensuring system security and stability, optimising the Websites, and for internal statistical purposes, as described below:

To operate the Websites. We use your personal information to: provide, operate, maintain, secure and improve the Websites; provide information about the Websites; communicate with you about the Websites, including by sending you announcements, updates, security alerts, and support and administrative messages; understand your needs and interests, and personalize your experience; and respond to your requests, questions and feedback and to provide support. We use this information to perform our obligations to you or when it is in our legitimate business interests to do so.

For research and development. It is in our legitimate business interests to use your personal information to analyze and improve the Websites and to develop new products and services, including by studying use of the Websites.

To conduct surveys. It is in our legitimate interest to conduct surveys and collect feedback from you.

Marketing and advertising. Except where consent is required, and unless you have opted out of receiving marketing communications, it is in our and our marketing partners’ legitimate interests to collect and use your personal information for marketing and advertising purposes. We or our advertising partners may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.

For compliance, fraud prevention, and safety. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We use your personal information to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Websites; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. In these circumstances, we will process your personal information to either to comply with a legal obligation or when it is in our legitimate business interests. Furthermore, the IP addresses may be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorised use or misuse of the Websites, for the purpose of intelligence and protection, and if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

To create anonymous data. It is in our legitimate business interests to create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Websites and promote our business.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Websites (such as customer support, hosting, analytics, email delivery, marketing, identity verification, and database management services).

Web3 partners. We may share your personal information with our web3 partners as necessary to provide the Websites.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Financial transactions. If you conduct financial transactions by credit card or debit card through the Websites, we may forward your credit/debit card information to the credit/debit card issuer and the credit/debit card acquirer. If you choose to use a credit/debit card, you may be asked to provide all the necessary information. The legal basis for passing on the data lies in the fulfilment of an agreement in the sense of Art. 6 Par. Lit. b GDPR.

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Data protection rights. You may have the following rights, as provided under applicable law and subject to any limitations in such law:

• To access the personal information we hold about you (including, if applicable, to receive it in a structured and commonly used machine-readable format);
• To request we correct any inaccurate personal information we hold about you;
• To request we delete any personal information we hold about you;
• To restrict the processing of personal information we hold about you;
• To object to the processing of personal information we hold about you; and/or
• To withdraw your consent to the processing of personal information we hold about you, when we have relied on consent as the legal basis to process your personal information.

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request, and will inform you if that is the case. For more information on your rights, please contact us using the details in the “How to contact us” section below.

Please note that part of the Websites incorporate blockchain technology. A blockchain is a shared and synchronised digital database that is stored on multiple nodes (computers that store a local version of the database). As, by design, data on a blockchain cannot be changed or deleted, your ability to exercise your data protection rights such as your right to erasure, or your rights to object or restrict processing with respect to on-chain personal information may be affected.

By using the Websites, you understand and acknowledge that we may transfer your personal information to service providers or other third parties who are located in countries which may not provide the same protections as the data protection laws where you are based. This includes service providers of the Websites and e-commerce providers such as payment solution providers to assist us in the processing of your online payments. When we transfer your personal data to third parties abroad for the purposes of the data processing described in this Privacy Policy, unless we can rely on a derogation provided under data protection law, we will ensure that relevant safeguards are in place to afford adequate protection for your personal information and we will comply with applicable data protection laws, in particular if you reside in the Cayman Islands, UK or the EEA by relying on a UK government adequacy regulation or adequacy decision by the European Commission, or on contractual protections for the transfer of your personal information. For more information about how we transfer personal information internationally, please contact us as set out in the “How to contact us” section below.

The Websites may contain links to other websites, mobile applications, blockchain protocols, blockchain applications, blockchain exchanges and other online and blockchain services (collectively, “Third Party Resources”) operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included in Third Party Resources that are not associated with us. We do not control Third Party Resources, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the Third Party Resources you use.

We take precautions to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties of personal information we maintain. Unfortunately, data transmission over the internet (including via blockchain) cannot be guaranteed as completely secure. Please note that any data transmission on the internet (including through blockchains) is generally not secure or may be accessed by third parties, and we accept no liability for data transmitted to us via the internet or through a blockchain.

The Websites are not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Websites from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Websites. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Websites.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Websites (or as otherwise indicated at the time of posting).

If you have a concern about our privacy practices, including the way we handle your personal information, please contact us at privacy@matterlabs.dev. We will endeavor to respond to your complaint as soon as possible. You can also report it to your local data protection authority that is authorized to hear those concerns.

Matter Labs is the entity responsible for the processing of your personal information in connection with the Websites, and is the data controller in respect of such processing. If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at privacy@matterlabs.dev.