Sophon Privacy Policy

Last Updated: 13 June 2024

Sophon Foundation, a Cayman Islands foundation (including all affiliates and subsidiaries, collectively referred to as, “Sophon “we,” “us,” or “our”), currently provides certain information about, the Sophon network, a modular rollup leveraging zkSync’s Hyperchain technology, as well as related content and functionality about Sophon through the websites located at: https://sophon.xyz/, https://info.sophon.xyz/, https://nodes.sophon.xyz/, and https://farm.sophon.xyz/ (the “Websites”).

This privacy policy (“Privacy Policy”) applies to all Personal Data (defined below) collected through the Websites as well as marketing campaigns, product feedback forms, surveys, events, and sales. We collect and use your Personal Data in accordance with this Privacy Policy and in compliance with applicable data protection legislation, including but not limited to the Cayman Islands Data Protection Act (as amended), EU General Data Protection Regulation ((EU) 2016/679) (“GDPR“), EU Privacy and Electronic Communications Directive (2002/58/EC), and the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.).

Personal Data

“Personal Data” or “Personal Information” refers to any personally identifiable information that can be used to identify or contact you, which may include, but is not limited to:

●      Name

●      Date of birth

●      Email

●      Phone number

●      Mailing address

●      IP address

●      Wallet ID and associated metadata

●      Usage data

Information Obtained

When you visit the Websites, we and Sophon’s service providers may obtain or request information about you, your computer or mobile device, and your interaction over time with the Websites, as described below.

Personal information that is automatically collected. When you visit the Websites, we and Sophon’s service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Websites, our communications and other online services, such as:

●      Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 5G), and general location information such as city, state or geographic area when you access the Website.

●      Online activity data, such as pages or screens you viewed on the Website, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

Personal information that you provide to us. When you visit the Website, you may be asked to provide the following information to us:

●      Contact and account information, such as your first and last name, email address, phone number, date of birth, photographic identification, government issued identification and other contact details.

●      Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.

●      Usage information, such as information about how you use the Websites and interact with them, including information associated with any content you upload to the Websites or otherwise submit to us, and information you provide when you use any interactive features of the Website.

●      Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.

●      Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Personal information that we obtain from third parties. When you visit the Website, we may obtain information from the following sources:

●      Social media information. We may use plug-ins from social networks on the Websites and/or maintain pages on social media platforms, such as LinkedIn, Instagram, and other third-party platforms. When you activate plug-ins by clicking on them, the operators of the respective social networks may record that you are on the Websites and may use this information. Additionally, when you visit or interact with Website-related pages on those social media platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy. Sophon is not responsible for data collected by these individual social media platforms, and any processing of your personal data by social media platforms is solely their responsibility and occurs according to their privacy policies. Please check with them regarding their privacy policies.

●      Third-party login information. When you link, connect, or login to the Websites with a third-party service (e.g., Google, Facebook, or Apple), you direct the service to send us information such as your information as controlled by that service or as authorized by you via your privacy settings at that service.

●      Cryptocurrency wallets. Where the use of a cryptocurrency wallet is used to access the Website, we may obtain information from the wallet related to your wallet address and transactions.

●      Other sources. We may obtain your personal information from other third parties, such as marketing partners, publicly available sources and data providers.

Blockchain transaction data. The nature of a public blockchain means that certain information is publicly available, including but not limited to: your wallet address; the address of a sender initiating a transaction; the address of a recipient; the maximum amount of gas fees that the sender is willing to allocate for executing the transaction; the price the sender is willing to pay per unit of gas; the nonce (a sequential number issued by the sender’s address); the cryptographic signature generated using the sender’s private key; the IP address from the requester (visible only to remote procedure call nodes); and any additional data needed for the transaction, such as invoking functions in a smart contract or providing arguments for those functions. When you authorize (i.e., use a crypto wallet to “sign”) a blockchain transaction through any of the Website, you are authorizing us to collect and use all information associated with that transaction which we will do in accordance with this Privacy Policy. Note that we are not able to control whether or how third parties use information that is stored on the blockchain, and we expressly disclaim responsibility for any such activities by third parties.

Automatic Data Collection

We use a variety of techniques to automatically collect information through the Website, including:

●      Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

●      Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Use of Personal Information

To operate the Website. We use your Personal Information to: provide, operate, maintain, secure and improve the Website; provide information about the Website; communicate with you about the Website, including by sending you announcements, updates, security alerts, and support and administrative messages; understand your needs and interests, and personalize your experience; and respond to your requests, questions and feedback and to provide support. We use this information to perform our obligations to you or when it is in our legitimate business interests to do so.

For research and development. It is in our legitimate business interests to use your Personal Information to analyze and improve the Websites and to develop new products and services, including by studying use of the Website.

To conduct surveys. It is in our legitimate interest to conduct surveys and collect feedback from you.

Marketing and advertising. Except where consent is required, and unless you have opted out of receiving marketing communications, it is in our and our marketing partners’ legitimate interests to collect and use your Personal Information for marketing and advertising purposes. We or our advertising partners may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email. You may opt out of our marketing communications as described in the “Opt-out of marketing communications” section below.

For compliance, fraud prevention, and safety. We use your Personal Information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We use your Personal Information to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Website; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. In these circumstances, we will process your Personal Information to either comply with a legal obligation or when it is in our legitimate business interests. Furthermore, the IP addresses may be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorized use or misuse of the Website, for the purpose of intelligence and protection, and if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

To create anonymous data. It is in our legitimate business interests to create anonymous data from Personal Information collected by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Websites and promote our business.

Sharing of Personal Information

With the exception of the provider(s) of the Website, we do not make your Personal Data available to third parties unless you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights concerning a contractual relationship. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

Service providers. We may share your Personal Information with third party companies and individuals that provide services on our behalf or help us operate the Websites (such as customer support, hosting, data processors, analytics, email delivery, marketing, identity verification, and database management services).

Web3 projects and collaborators. We may share your Personal Information with web3 projects and collaborators as necessary to provide the Website.

Professional advisors. We may disclose your Personal Information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your Personal information for compliance, fraud prevention, and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all our business or assets, including your Personal Information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Financial transactions. If you conduct financial transactions by credit card or debit card through the Website, we may forward your credit/debit card information to the credit/debit card issuer and the credit/debit card acquirer. If you choose to use a credit/debit card, you may be asked to provide all the necessary information. The legal basis for passing on the data lies in the fulfillment of an agreement in the sense of Art. 6 Par. Lit. b GDPR.

Your Rights and Choices

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Data protection rights. Depending on where you live, you may have the following rights, as provided under applicable law and subject to any limitations in such law:

●      To access the Personal information we hold about you (including, if applicable, to receive it in a structured and commonly used machine-readable format);

●      To request we correct any inaccurate Personal Data we hold about you;

●      To request we delete any Personal Information we hold about you;

●      To restrict the processing of Personal Data we hold about you;

●      To object to the processing of Personal Information we hold about you; and/or

●      To withdraw your consent to the processing of Personal Data we hold about you, when we have relied on consent as the legal basis to process your Personal Information.

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on your rights, please contact us using the details in the “How to contact us” section below.

Please note that part of the Websites incorporates blockchain technology. A blockchain is a shared and synchronized digital database that is stored on multiple nodes (computers that store a local version of the database). As, by design, data on a blockchain cannot be changed or deleted, your ability to exercise your data protection rights such as your right to erasure, or your rights to object or restrict processing with respect to on-chain Personal Data may be affected.

International Data Transfers

By using the Website, you understand and acknowledge that we may transfer your Personal Information to service providers or other third parties who are located in countries which may not provide the same protections as the data protection laws where you are based. This includes service providers of the Websites and e-commerce providers such as payment solution providers to assist us in the processing of your online payments. When we transfer your Personal Data to third parties abroad for the purposes of the data processing described in this Privacy Policy, unless we can rely on a derogation provided under data protection law, we will ensure that relevant safeguards are in place to afford adequate protection for your Personal Information and we will comply with applicable data protection laws, in particular if you reside in (i) the Cayman Islands, UK or the EEA by relying on a UK government adequacy regulation or adequacy decision by the European Commission, (ii) the United States, by relying the the California Consumer Privacy Act, or (iii) other jurisdictions, by relying on contractual protections for the transfer of your Personal Information. For more information about how we transfer Personal Data internationally, please contact us as set out in the “How to contact us” section below.

The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) affords consumers residing in California certain rights with respect to their personal information. If you are a California resident, this section applies to you.

Notice to California Residents

California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of personal information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the “How to Contact Us” section below. This request may be made no more than once per calendar year.

If you are a California resident, you have certain additional rights with respect to your personal information pursuant to the CCPA.

We are required to inform you of:

●      What categories of information we may collect about you, including during the preceding 12 months: See the section above “Information Obtained”.

●      The purposes for which we may use your personal information, including during the preceding 12 months: See the section above “Use of Personal Information”.

●      The purposes for which we may share your personal information, including during the preceding 12 months: See the section above “Sharing of Personal Information”. In addition, we may share the following categories of information with the following parties:

o   Identity information: Service providers such as KYC service providers.

o   Contact information: Marketing partners and event partners.

o   Financial information: Service providers such as payment service providers and logistics providers.

●      In the preceding 12 months, we have not sold any personal information of consumers.

You have the right to request to know: (i) the categories of personal information we have collected about you in the last 12 months; (ii) the specific pieces of personal information we have about you; (iii) the categories of sources from which that personal information was collected; (iv) the categories of your personal information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your personal information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your personal information. These rights are subject to limitations as described in the CCPA. We may deny your request if we need to do so to comply with our legal rights or obligations.

We will not discriminate against any consumer for exercising their CCPA rights.

You may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. To protect your information, we may need to verify your identity before processing your request, including by collecting additional information to verify your identity, such as government issued identification documents. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information. We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose. When we verify your agent’s request, we may verify your identity and request a signed document from your agent that authorizes your agent to make the request on your behalf. To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

If you would like to exercise any of these rights, please contact us at the email in the “How to Contact Us” section below.

Other Sites, Applications and Services

The Websites may contain links to other websites, mobile applications, blockchain protocols, blockchain applications, blockchain exchanges and other online and blockchain services (collectively, “Third Party Resources”) operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included in Third Party Resources that are not associated with us. We do not control Third Party Resources, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your Personal Information. We encourage you to read the privacy policies of the Third-Party Resources you use.

Security Practices

We take precautions to protect your stored Personal Data against manipulation, partial or complete loss, and unauthorized access by third parties of Personal Information we maintain. Unfortunately, data transmission over the internet (including via blockchain) cannot be guaranteed as completely secure. Please note that any data transmission on the internet (including through blockchains) is generally not secure or may be accessed by third parties, and we accept no liability for data transmitted to us via the internet or through a blockchain.

Children

The Websites is not intended for use by children under 13 years of age. If we learn that we have collected Personal Information through the Websites from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Website. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Website.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Websites (or as otherwise indicated at the time of posting).

Complaints

If you have a concern about our privacy practices, including the way we handle your Personal Information, please contact us at: legal@sophon.xyz. We will endeavor to respond to your complaint as soon as possible. You can also report it to your local data protection authority that is authorized to hear those concerns. Contact details for certain data protection authorities can be found using the links below:

●      For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en

●      For individuals in the Cayman Islands: https://ombudsman.ky/get-in-touch

●      For individuals in the UK: https://ico.org.uk/global/contact-us/

●      For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

●      For individuals in California: https://cppa.ca.gov/about_us/contact.html

How to Contact Us

The Sophon Foundation is the entity responsible for the processing of your Personal Information in connection with the Websites and is the data controller in respect of such processing. If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us by email at: legal@sophon.xyz.