Blowfish Privacy Policy

Ninja Security AG ("Ninja Security", "we", "us", or "our") provides fraud identification and prevention services to protect crypto wallets. This Privacy Policy describes how we collect, use, process, and share your personal data, and to help you understand and exercise your privacy rights.

This Privacy Policy describes how we process your personal data through our "Services", which include our websites, browser extensions, and other online offerings. We reserve the right to modify this Privacy Policy as we see fit. If any significant changes are made to this Privacy Policy, we will inform you as required by applicable law. By continuing to use our Ser- vices after the updated Privacy Policy takes effect, you acknowledge and accept its terms.

Contact us

If you have any question about our processing of your personal data, please contact Ninja Security AG, Grienbachstrasse 17, 6300 Zug, Switzerland, contact@blowfish.xyz.

Personal data we process

We may process the following personal data through our Services:

• Account information, such as your username
• Contact information, such as your email address
• Crypto transaction data, in particular data concerning a proposed crypto transac- tion supplied to our Services for fraud identification. This includes, for example, the user account being asked to sign a transaction, the addresses of the transaction signer and the transaction recipient, the value of the proposed transaction and the domain of the decentralized application (dApp) proposing the transaction.
• Log data, such as internet protocol (IP) address, your operating system, browser type, browser id, date/time of visit, the time spent on our Services and any errors that may occur during the visit to our Services.

If you choose not to share certain personal data with us, we may not be able to serve you as effectively or offer you our Services.

Purpose for which we process your personal data

We process your personal data to:

• Manage your information and accounts.
• Provide you access to our Services, including our fraud identification service.
• Answer requests for customer or technical support.
• Communicate with you about your account, activities on our Services, and policy changes.
• Process your financial information and other payment methods for products or Services bought.
• Test, enhance, update and monitor our Services.
• Improve and customize our Services.
• Help maintain the safety, security and integrity of our Services.
• Fulfill or enforce our legal or contractual obligations and requirements, to resolve disputes and to carry out our obligations and enforce our rights.
• Prevent, investigate or provide notice of fraud or unlawful or criminal activity

How we disclose your personal data

The categories of third parties with whom we may share your personal data are described below:

Service providers. We may share your personal data with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, authentication, security, hosting, payment pro- cessing, alerting, customer service, and related services.

We may access, preserve, and disclose any information associated with you to external parties if we, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests and legal process, such as a court order or subpoena.

If we are involved in a merger, acquisition, financing due diligence, purchase or sale of assets, or transition of service to another provider, your personal data may be transferred as part of such a transaction, as permitted by law and/or contract.

How long we retain your personal data

We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected.

Your privacy rights

In accordance with applicable data protection laws, you may have the right to:

• Access your personal data, including the right to data portability.
• Request correction of personal data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal data.
• Request deletion of your personal data
• Request restriction of, or object to, our processing of your personal information.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” above. We will process such requests in accordance with applicable laws, which may include restrictions to and exemptions to these rights.

Supplemental notice for personal data originating from the EEA, UK, Switzerland

Processing of personal data is based on the following legal bases:

• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. The legitimate interests are identifying and preventing crypto-native fraud and scams.

All personal data we process may be transferred and stored anywhere in the world, including but not limited to the United States or other countries that may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information con- sistent with the requirements of the applicable laws. If we transfer personal data which origi- nates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data pro- tection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

Our processing of personal data does not constitute automated decision-making or profiling in the sense of the GDPR and similar data protection laws. In particular, you are free to sign or not sign a transaction that has been screened by our Services.

You have the right to lodge a complaint with the competent supervisory authority. The contact details of the supervisory authorities in the EEA can be found here.