Skip to content

Latest commit

 

History

History
174 lines (98 loc) · 17.3 KB

PRIVACY.md

File metadata and controls

174 lines (98 loc) · 17.3 KB

Privacy Policy

Last updated: February 9th, 2026

  1. Definitions

Data Controller: A natural or legal person which determines the purposes and means of the processing of personal data.

Data Processor: A natural or legal person which processes personal data on behalf of the controller and its instructions.

Data Protection Officer (DPO): The Data Protection Officer is a designated individual within 1inch responsible for overseeing data protection strategy and compliance with applicable privacy regulations.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Processing also includes transferring Personal Data to third parties.

User/You: an individual over 18 years old who can be identified, directly or indirectly, in particular by reference to – an identifier such as a name, an identification number, location information, or an online identifier, or any relevant factors of the individual;

  1. Purpose

1inch Limited (“1inch,” “we,” “us,” or “our”) understands that your personal information is important. We are committed to processing your Personal Data responsibly and in accordance with applicable laws and regulations.

This Privacy Policy (“Policy”) applies to the Shieldy service, accessible via the Telegram bot available at https://t.me/shieldy_bot, together with any related documentation or communication channels (collectively, the “Services”), on or in which this Policy is posted, linked, or referenced.

This Privacy Policy describes how we collect and process Personal Data when you access or use the Services. When you leave the Services, this Privacy Policy no longer applies. Any third-party platform, website, application, or service you access afterward is governed by its own terms and privacy policy.

We design our Services to minimize the collection of Personal Data wherever possible. Where processing is necessary, we apply appropriate technical and organizational safeguards to protect your information.

This Privacy Policy also explains your rights and choices regarding your Personal Data, including how you may contact us with questions or concerns.

Please read this Privacy Policy carefully. If you do not agree with this Policy or any part of it, you should not access or use any portion of the Services. If you later change your mind, you must stop using the Services.

This Privacy Policy forms an integral part of the https://t.me/shieldy_bot, Terms of Use. All capitalized terms used in this Policy have the meanings assigned to them in the Terms of Use unless expressly stated otherwise.

This Policy does not apply to data collected outside the Services, including through third-party offerings such as Telegram itself. For those, please consult the relevant third-party privacy notices.

  1. Personal Data Collected

Data you voluntarily provide

When you interact with the Services, you may voluntarily provide limited Personal Data, including:

  • identifiers such as a Telegram username or handle;

  • contact information such as an email address, where provided by you (e.g., when reporting a security issue or contacting support);

  • any information you choose to include in messages, reports, or communications submitted through the Services.

Data automatically processed

When you use the Services, certain data may be processed automatically, either by us or by Telegram as a third-party platform. Such data may include:

  • metadata associated with Telegram interactions (such as timestamps, message identifiers, or bot commands);

  • technical and usage data related to how you interact with the Services;

  • security-related data necessary to detect abuse, fraud, or malicious activity.

We do not control the data collected by Telegram directly. Telegram’s processing of Personal Data is governed by Telegram’s own privacy policy and terms.

Third-Party Services

The Services are provided through Telegram, a third-party platform not owned or controlled by 1inch. Telegram may independently collect and process Personal Data according to its own policies.

We are not responsible for the data protection practices, availability, security, or content of any third-party platform or service, including Telegram. We encourage you to review Telegram’s privacy policy carefully before using the Services.

  1. Legal Grounds for Processing

We process Personal Data only where a lawful basis exists, including:

  1. Performance of an agreement - where processing is necessary to provide the Services you request;
  2. Legitimate interests - such as ensuring security, preventing abuse, improving the Services, and protecting our legal rights;
  3. Consent - where you voluntarily provide information for a specific purpose;
  4. Legal obligations - where processing is required to comply with applicable laws or lawful requests from authorities.

1inch processes Personal Data for the following purposes:

We process Personal Data for the following purposes:

  1. User assistance and communication – responding to reports, inquiries, or security disclosures;
  2. Security and integrity – detecting, preventing, and responding to exploits, abuse, or malicious activity;
  3. Service improvement – maintaining and improving the functionality and reliability of the Services;
  4. Legal and compliance purposes – complying with legal obligations and defending legal claims.

We do not use the Services for behavioral advertising and do not sell Personal Data.

  1. Sharing Your Personal Data

In the context of processing your Personal Data in accordance with this Policy, we may communicate your Personal Data to the following recipients, if necessary:

  1. our subsidiaries or affiliates (if any) only if necessary for operational purposes;
  2. competent courts, public authorities, government agencies, and law enforcement agencies to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to in response to subpoenas, search warrants, or court orders;
  3. third parties in connection with a merger, division, restructuring, change of control, bankruptcy or other organizational change;

We will only communicate your Personal Data to any recipient on a need-to-know basis and only when the processing by the recipient is strictly limited to the purposes identified in this Policy. We do not sell your Personal Data.

  1. Transfer of Personal Data

As we operate globally, we may process your Personal Data in countries outside the European Economic Area (“EEA”). In these cases, we implement appropriate transfer mechanisms and safeguards to ensure that your Personal Data benefits from a level of protection essentially equivalent to that within the EEA.

In practice, this means that each of the envisaged transfers is at least based on one of the following mechanisms:

  • the existence of an adequacy decision issued by the European Commission for the country to which your Personal Data is transferred; or, failing that,
  • the conclusion of the European Commission’s Standard Contractual Clauses, combined with supplementary technical, contractual, and/or organizational measures where required following a transfer impact assessment; or, failing that,
  • a specific derogation permitted under Article 49 GDPR. These derogations are applied only in exceptional cases, for example where you have explicitly consented to the transfer after being informed of the possible risks, or where it is required for the establishment, exercise, or defence of legal claims, or where the transfer is necessary for legal requirements or important reasons of public interest such as compliance with applicable law obligations or lawful requests from government authorities or courts. Information on the transfer mechanisms and safeguards may be requested by contacting us: please see Section XIV of this Policy (Contact us).
  1. Data Retention

We will only store your Personal Data on our systems for the necessary period to serve the outlined purposes or obligations by the applicable law (for example for bookkeeping or mandatory archiving purposes). The Personal Data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected or processed, and the storage period prescribed by the applicable law expires.

  1. Securing your Personal Data

1inch implements a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

1inch uses appropriate physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and modification of personal information. 1inch provides security such as data encryption and physical access controls to its servers. Your Personal Data is also protected through confidentiality undertakings entered into by all persons processing your Personal Data.

1inch is committed to doing its best effort in protecting the information We receive from You.

However, no method of transmission over the Internet or via third-party platforms such as Telegram is completely secure. You acknowledge that communications may be subject to interception, delay, or loss, and you use the Services at your own risk.

  1. Children’s Data

The Products is intended for use by individuals who are at least eighteen (18) years old and is not directed at children. We do not knowingly collect personal information from children. If you believe that such information has been collected in error, please contact us using the details provided in Section XII of this Policy (Contact Us).

  1. Your Rights

Your rights associated with the processing of your Personal Data are outlined below. Please note that some of these rights are subject to specific conditions set out in the applicable personal data protection regulation. Therefore, if your particular situation does not meet these conditions, we will unfortunately not be able to respond to your request. In this case, we will inform you of the reasons for our refusal.

Your rights under the General Data Protection Regulations (“GDPR”)

  1. Right of access – You may request access to your Personal Data at any time. If you exercise your right of access, we will provide you with a copy of the Personal Data we hold about you as well as information relating to its processing.
  2. Right of rectification – You have the right to ask us to rectify or complete any Personal Data in our possession that you consider to be inaccurate or incomplete.
  3. Right to erasure / to be forgotten – You may request deletion of your Personal Data when it is no longer necessary for the purposes for which it was processed. However, if we are required by law (for example, compliance or regulatory obligations under applicable law, or ongoing legal or investigative proceedings) to retain certain data, we may not be able to erase such data until the legal obligation has been satisfied. In such cases, we will inform you of the reason why deletion cannot be performed.
  4. Right to restriction of processing – You may also request that we restrict the processing of your Personal Data on grounds relating to your particular situation. For example, if you dispute the accuracy of your Personal Data or object to the processing of your Personal Data, you may also request that we do not process your Personal Data for the time necessary to verify and investigate your claims. In such cases, we will temporarily refrain from processing your Personal Data until necessary verifications have been made or until we comply with your requests.
  5. Right to data portability – You may request portability of the Personal Data you have provided us with. At your request, we will provide you with your Personal Data in a readable and structured format, so you can easily re-use it. The portability of your Personal Data applies only to Personal Data that you have provided to us or that result from your activity on the Products, under the condition that the disclosure of your Personal Data does not infringe the rights of third parties. If we are unable to comply with our request, we will inform you of the reasons for our refusal.
  6. Right to object – You may object at any time, on grounds relating to your particular situation, if we use your Personal Data. We will then stop processing of your Personal Data unless there are overriding legitimate grounds for continuing to process your Personal Data (for example, if your Personal Data is necessary for the establishment, exercise, or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal. You can also object at any time to our processing of your Personal Data for marketing purposes.
  7. Right to withdraw consent – You have the right to withdraw consent at any time for processing of your Personal Data based on consent. Withdrawing your consent prevents us from processing your Personal Data but does not affect the lawfulness of the processing carried out before the withdrawal.

Your rights under the California Consumer Privacy Act (“CCPA”)

If you are a resident of California, you have specific rights concerning your Personal Data under the California Consumer Privacy Act (“CCPA”). The CCPA provides you with the right to:

  • Know the categories and specific pieces of personal information we collect about you, the categories of sources from which it is collected; the purposes for which it is used; and the categories of third parties with whom it is shared or disclosed.
  • Access a copy of the Personal Data we maintain about you.
  • Correct inaccurate Personal Data we hold about you.
  • Delete your Personal Data, subject to certain statutory exceptions.
  • Limit the use and disclosure of sensitive personal information, if applicable.
  • Opt out of the “sale” or “sharing” of your Personal Data, including for cross-context behavioral advertising purposes. Please note that we do not sell your Personal Data as defined under California law.

You may also designate an authorized agent to submit requests on your behalf. We will take steps to verify your identity, and if applicable, the authority of your agent, before fulfilling any request.

These rights are subject to limitations as described in the relevant law. We may deny your request if we need to do so to comply with our legal rights or obligations. We will respond to requests for access, correction, or deletion to the extent we can reasonably associate the data we hold with the identifying information you provide. If we are unable to comply with your request, we will notify you and explain the reasons.

Country Specific Rights: You may also be granted specific rights as regards our processing of your Personal Data depending on the law applicable in the country you are residing in. You may contact us should you have any questions in that regard.

  1. How to exercise your rights

If you wish to exercise your rights, you may contact us by using the contact information provided in Section XII of this Policy (Contact Us).

To be able to process your request efficiently, we may ask you to provide additional information to confirm your identity and/or to help us retrieve the Personal Data related to your request.

If you are a California resident, you may also designate an authorized agent to submit a request on your behalf. The agent must present signed written permission from you authorizing them to act on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.

If you reside in the EEA, you can lodge a complaint with a data protection authority. You can find a list of the relevant supervisory authorities here. However, we encourage you to contact us first, as we are committed to addressing any concerns or complaints you may have regarding the processing of your Personal Data promptly and efficiently.

  1. Contact Us

If you have any questions regarding the processing of your Personal Data under this Policy, including the exercise of your rights as detailed above, you can contact us by email at info@1inch.io.

  1. Changes to this Privacy Policy

We periodically review this Policy to ensure it is compliant and up to date with applicable data protection regulations. We will post updates on this page accordingly. When the changes are made, we will update the “Last updated” date at the top of this Policy.

Therefore, we encourage you to review this Policy regularly. Any modifications will take effect when posted or on the date specified as the effective date (if any). Your continued access to and use of the Products indicates your acknowledgment and acceptance of the updated Privacy Policy.