Last updated September 18, 2023

If you visit any of our websites including http://www.hyperionlabs.xyz (the “Sites”) or use our digital asset accounting software platform, (the “Platform,” together, our “Services”), Hyperion Ledger Labs, Inc. d/b/a Hyperion (“Hyperion,” "Company," "we," "us," "our") will ask for, collect, and store Personal Data about you (your “Personal Data”). We would not be able to provide our Services to you without the Personal Data you provide us, which is why we want you to know that we take our responsibility to protect your Personal Data very seriously. We also want to make very clear how we use your Personal Data so that you can make informed choices about your use of our Services. This document (our “Privacy Policy”) is subject to the Hyperion Terms of Service available.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@hyperionlabs.xyz.

If you do not want us to collect Personal Data from you or share Personal Data with any third parties or otherwise use your Personal Data, you should not use the Platform, visit our Sites, or use our Services.

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by reading the full privacy policy below.

What Personal Data do we process? When you visit, use, or navigate our Services, we may process Personal Data depending on how you interact with us and the Services, the choices you make, and the products and features you use. 

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which types of parties do we share Personal Data? We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your Personal Data. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. 

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your Personal Data. 

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review this Privacy Policy in full.

1. WHAT PERSONAL DATA DO WE COLLECT?

In Short: We collect Personal Data that you or third parties provide to us and directly from the blockchain. Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

In the table below, we provide the list of categories of Personal Data that Hyperion has collected within the last twelve months and some examples for a better understanding. We also have identified the main sources and purposes for collection: 

Categories of Personal Data

Examples

Sources of Personal Data

Purposes for Personal Data Collection

Identifiers

First and last name and middle initial, email address, phone number, username, password, or other account access credentials.

Consumer directly (e.g. forms you complete or services you obtain from us)

Third parties (e.g., Google and digital asset trading platforms)

• Keep track of the Personal Data associated with your account
• Help you access and restore access to your account
• Send administrative information to you
• Engage in marketing activities
• Respond to inquiries and offer customer support

Customer Records

Digital asset wallet address, digital asset transaction history

Consumer directly (e.g. forms you complete or services you obtain from us)

Various blockchains (e.g. Ethereum), digital asset trading platforms, digital asset wallet software, digital asset data aggregators

• Enforce our Terms of Service and other agreements
• Provide our Services to you

Internet or other electronic network activity information

Browser type, IP address, computer or mobile device unique ID number, operating system, referring and exit pages, device event information.

Consumer indirectly (e.g. from activity on our Sites or Platform)

• Analytics
• Keep our Sites and Platform safe and secure
• Identify usage trends
• Improve our services
• Ensure network and information security

Geolocation Data

Approximate location based on IP address

Consumer indirectly (e.g. from activity on our Sites of Platform)

• Analytics
• Determine your eligibility for using our Services

2.      SHARING OF PERSONAL DATA

In Short: We may share Personal Information in specific situations described in this section and/or with the following categories of third parties.

Except as described in this Privacy Policy and unless otherwise expressly authorized by you in writing, we will never share, sell, or communicate your Personal Data to or with anyone for any reason. We only share and disclose your Personal Data with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection.

Categories of third parties with whom Personal Data has been shared

Why we share your Personal Data

Is Personal Data shared for a business purpose?

Service Providers

We may share your Personal Data with service providers including website hosting service providers, cloud computing services, data analytics services, performance monitoring tools, sales and marketing tools, communication and collaboration tools who perform services on our behalf and require access to such data to do that work. 

Yes

Purchasers of Our Business

We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Yes

Law Enforcement

We may share your Personal Data in order to comply, as necessary, with applicable laws and regulatory requirements, as well as legal process, respond to mandatory legal or governmental requests or demands for information, enforce our agreements, policies, procedures and terms of use, and protect ourselves, our customers, or the general public from illegal activities.

No

Payment Processors and Financial Services Providers

We may share your Personal Data with our payment processors and financial service providers as necessary to enable them to process payments, and for anti-fraud purposes.

Specifically we may share your Personal Data with Stripe. Stripe Privacy Policy can be found at https://stripe.com/privacy 

Yes

Business Partners and Affiliates

We may share your Personal Data with our business partners or affiliates as necessary to operate the Sites and Platform. 

Yes

3. SOCIAL SHARING FEATURES

In Short: We may include social media features such as “Like” or “Share” buttons on our Sites. 

The Sites may include social media features, such as the Facebook "Like" or "Share" buttons. These features may collect your IP address and which pages or features you are using or visiting on the Sites, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third-party or hosted by us. Your interactions with these features are governed by the privacy policy of the company providing them. We do not control and we take no 

responsibility for the use of your Personal Data by these third-party sites.

4. THIRD-PARTY LINKS

In Short: We may include links to third-party websites or applications on our Sites.

The Sites may contain links to other websites or applications such as Google. If you choose to connect your account to a third-party application or API, the providers of those services or products may receive information about you that Hyperion, you, or others share with them. Your access to and use of such linked websites or applications are not governed by this Privacy Policy but, instead, is governed by the privacy policies of those third-party websites or applications. We are not responsible for the Personal Data practices of such third-party websites. Please review the privacy policies of such sites before you disclose your Personal Data to them. 

‍

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may allow others to provide analytics services and serve advertisements on our behalf across the Internet and in applications.  These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked and conversion information.  

These tools allow us to:

• Provide you Services that allow you to email or chat with our customer service team
• Perform website analytics
• Improve the advertisements you see
• Prevent fraud and prevent attacks against our websites and Services
• Advertise Hyperion products and services, and additional products and services from our partner companies

We use cookies and trackers to assign you a unique identifier so we can record:

• Websites you visit
• Length of time the advertisement was visible
• IP Address

You can block cookies at any time using your web browser settings, but doing so may limit your browsing experience and your ability to use certain features of the Site. 

We do not currently respond to “Do Not Track” or DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.

Hyperion also uses Google Analytics. The following link explains how Google uses data when you use its partners’ websites and applications: www.google.com/policies/privacy/partners/. Your use of the Sites and Platform is evidence of your consent to Hyperion storing and accessing cookies and other information on your computer or phone and Hyperion’s use of Google Analytics in connection with such activities. Please read the information at the link provided so you understand what you are consenting to.

‍

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your Personal Data for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). Even after we delete your Personal Data, we can retain copies of information about you for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions consistent with applicable law.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize such information, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

If you ever decide to stop using our Services, you can just ask us to delete your Personal Data by contacting us at privacy@hyperionlabs.xyz. Please note that even if we delete your Personal Data from our own servers, your transaction history will continue to remain visible on the public blockchain forever. Hyperion does not control, operate, or own the underlying blockchain infrastructure.

‍

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your Personal Data through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any Personal Data we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your Personal Data, transmission of Personal Data to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 16 years of age.

We do not knowingly solicit data from or market to children under 16 years of age. By using the Services, you represent that you are at least 16 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that Personal Data from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 16, please contact us at privacy@hyperionlabs.xyz.

9. YOUR ACCOUNT

In Short: You may contact us at any time to make changes to your account. 

If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

You may opt out of receiving promotional emails from Hyperion by following the instructions in those emails.  However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

10. WHAT ARE YOUR PRIVACY RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATIONS?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your Personal Data. You may review, change, or terminate your account at any time.

If you are a resident of the EEA, you have the following data protection rights:

• If you wish to access, correct, update, or request deletion of your Personal Data, you can do so at any time by contacting us at privacy@hyperionlabs.xyz. If you have requested us to delete your Personal Data, your Personal Data will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.
• In addition, you can object to the processing of your Personal Data, ask us to restrict the processing of your Personal Data, or request portability of your Personal Data. Again, you can exercise these rights by contacting us at privacy@hyperionlabs.xyz.
• You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us at privacy@hyperionlabs.xyz. 
• If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You have the right to complain to a data protection authority about our collection and use of your Personal Data. If you are located in the EEA, click here for contact details of your local data protection authority. If you are located in the UK, click here for the UK data protection authority. If you are located in Switzerland, click here for the Federal Data Protection and Information Commissioner. 

11. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your Personal Data when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to provide you with services, to enter into or fulfill our contractual obligations, or to fulfill our legitimate business interests.

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only (i) where we need the Personal Data to carry out our obligations under the Terms of Service; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Site and Platform and communicating with you as necessary to provide you our Services, for example when responding to your queries, creating reports, or improving our Site.

If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

12. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Data in the United States, and other countries.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your Personal Data in accordance with this privacy notice and applicable law.

13. CALIFORNIA PRIVACY RIGHTS

In Short: If you are a resident of California, you are granted specific rights regarding access to your Personal Data.

CCPA Privacy Notice

As a California consumer, you have the following choices regarding our use and disclosure of your Personal Data subject to certain limitations under the California Consumer Privacy Act (“CCPA”):

• Right to know. You may request, up to twice in a 12-month period, the following information about the Personal Data we have collected, used, disclosed or sold about you during the past 12 months:

• the categories and specific pieces of Personal Data we have collected about you;
• the categories of sources from which we collected the Personal Data;
• the business or commercial purpose for which we collected the Personal Data;
• the categories of third parties with whom we shared the Personal Data; and
• the categories of Personal Data about you that we disclosed for a business purpose and sold to third parties, and the categories of third parties to whom the information was disclosed or sold.

• Right to delete. You may request that we delete the Personal Data we have collected from you, subject to certain limitations under the CCPA.
• Right to opt-out from sale and sharing of Personal Data. You have the right to opt-out of the sale and sharing of your Personal Data with certain third-party, interest-based advertising partners. We do not sell your Personal Data or share your Personal Data.
• Right to correct. You may request to correct certain inaccurate Personal Data we have collected about you.
• Right to limit processing and disclosure. You have the right to limit the use, processing, and disclosure of certain sensitive Personal Data we have collected about you.
• Non-discrimination. The CCPA provides that you may not be discriminated against for exercising these rights.

To submit a request to exercise any of the rights described above, you may email us at privacy@hyperionlabs.xyz or mail your request to the following address: 

Hyperion Ledger Labs 

8 The Green STE A 

Dover, DE 19901 

United States

We will verify your identity before responding to your request by either verifying that the email address from which you send the request matches your email address that we have on file, or by requiring you to log into your account. 

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use Personal Data provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Consumer Request by an Authorized Agent

If any authorized agent submits a consumer request under the CCPA on your behalf, we require the authorized agent to submit the following information so that we can confirm their authority to act on your behalf:

• Evidence of authorization to act on behalf of the California consumer: (1) California Secretary of State authorization, (2) notarized written permission from the California consumer, or (3) power of attorney.
• Evidence of identity of the California consumer: (1) first and last name, (2) email address, and (3) password.

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS PRIVACY POLICY?

a

If you have questions or comments about this Privacy Policy, you may email us at privacy@hyperionlabs.xyz or contact us by post at:

Hyperion Ledger Labs 

8 The Green STE A 

Dover, DE 19901 

United States

‍