Privacy Policy

Welcome! Thanks for visiting Membrane. Use of the words “Membrane,” “we,” “us,” or “our” refers to Membrane Labs, Inc. and its affiliates. Membrane provides Blockchain Users access to clearing, netting and settling tools for certain Digital Assets (the “Platform”). This Privacy Policy explains what Personal Information (as defined below) we collect, why we collect it, how we use and disclose it, your choices, any rights you may have, and how you can contact us about our privacy practices. By continuing to use the Platform, you agree to this Privacy Policy. This Privacy Policy does not apply to third-party websites, products, or services, even if we provide links to them or they link to us.

Your privacy matters to us so please do take the time to get to know and familiarize yourself with our policies and practices. Feel free to print and keep a copy of this Privacy Policy, but please understand that we reserve the right to change any of our policies and practices at any time.

1.Personal Information We Collect

Personal information typically means information that identifies or is reasonably capable of identifying an individual, directly or indirectly, and information that relates to, describes, is reasonably capable of being associated with or could reasonably be linked to an identified or reasonably identifiable individual. For the purposes of this Privacy Policy, only the definition of personal information from the applicable law of your legal residence will apply to you and be deemed your “Personal Information.”

  • Personal Information we collect from you

We may collect the following categories of Personal Information directly from you:

  • Identification Information, such as name, email, phone number, postal address, government identification numbers (which may include Social Security Number or equivalent, driver’s license number, passport number);
  • Commercial Information, such as trading activity, deposits, withdrawals, account balances;
  • Financial Information, such as bank account information, routing number;
  • Correspondence, such as information that you provide to us in correspondence, including account opening and customer support;
  • Sensory Information, such as images collected for identity verification; and
  • Institutional Information, such as for institutional customers, we may collect additional information, including: institution’s legal name, Employer Identification Number (“EIN”) or any comparable identification number issued by a government, and proof of legal existence (which may include articles of incorporation, certificate of formation, business license, trust instrument, or other comparable legal document).
  • Personal Information we collect automatically

We may collect the following categories of Personal Information automatically through your use of our services:

  • Online Identifiers, such as IP address, domain name, geo location/tracking details, browser fingerprint, operating system;
  • Device Information, such as hardware, operating system, browser; and
  • Usage Data, such as authentication data, security questions, click-stream data, public social networking posts, system activity, internal and external information related to the Platform pages that you visit, clickstream information

Our automatic collection of Personal Information may involve the use of Cookies, described in greater detail below.

  • Personal Information we collect from third parties

We may collect or verify the following categories of Personal Information about you from Third Parties:

  • Identification Information, such as name, email, phone number, postal address, government identification numbers (which may include Social Security Number or equivalent, driver’s license number, passport number);
  • Financial Information, such as bank account information, routing number;
  • Transaction Information, such as public blockchain data (bitcoin, ether, and other Digital Assets (as defined in our User Agreement) are not truly anonymous). We, and any others who can match your public Digital Asset address to other Personal Information about you, may be able to identify you from a blockchain transaction because, in some circumstances, Personal Information published on a blockchain (such as your Digital Asset address and IP address) can be correlated with Personal Information that we and others may have. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you);
  • Credit and Fraud Information, such as identity or account verification, fraud detection, or as may otherwise be required by applicable law; and
  • Additional Information, as permitted by law or required to comply with legal obligations, which may include criminal records or alleged criminal activity, or information about any person or corporation with whom you have had, currently have, or may have a financial relationship.

Personal Information you provide during the registration process may be retained, even if your registration is left incomplete or abandoned.

2.How We Use Your Personal Information

The Personal Information we collect, and the practices described above are done to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve the Platform. We may use your Personal Information to:

  • Provide you with our services. We use your Personal Information to provide you with our services pursuant to the terms of our User Agreement.
  • Comply with legal and regulatory requirements. We process your Personal Information as required by applicable laws and regulations. For example, we have identity verification requirements to fulfill our obligations under the anti-money laundering laws of numerous jurisdictions.
  • Detect and prevent fraud. We process your Personal Information to detect and prevent fraud on your account, which is especially important given the irreversible nature of cryptocurrency transactions.
  • Protect the security and integrity of our services. We use your Personal Information to further our goal of maintaining the security of your account.
  • Provide you with customer support. We process your Personal Information anytime that you reach out to our Customer Support team, such as when there are issues arising from your account.
  • Optimize and enhance our services. We use your Personal Information to understand how our products and Services are being used to help us improve our Services and develop new products.
  • Market our products to you. We may contact you with information about our products and services that we believe may be of interest to you. You may use tools that we provide to opt out of marketing communications from us at any time.
  • Research and Development Purposes. We may use your Personal Information to better understand the way you use and interact with Membrane’s services. In addition, we may use such information to customize, measure, and improve Membrane’s services and the content and layout of our website and applications, and to develop new services.
  • With your consent. We may use your Personal Information for additional purposes with your consent.
  • Other business purposes. We may use your Personal Information for additional purposes in the operation of our business, that would be reasonably expected based on context, and as permitted by law or required to comply with our legal obligations.

3.Anonymized and Aggregated Data

Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated customer data (e.g., information about our customers that we combine together so that it no longer identifies or references an individual customer).

Membrane may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.

Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.

4.How We Share Your Personal Information

We will not share your Personal Information with third parties, except as described below:

  • Service Providers. We may share your Personal Information with third-party service providers for business or commercial purposes. Your Personal Information may be shared so that they can provide us with services, including identity verification, fraud detection and prevention, credit verification, security threat detection, payment processing, customer support, data analytics, Information Technology, advertising, marketing, data processing, network infrastructure, storage, transaction monitoring, and tax reporting. We share your Personal Information with these service providers only so that they can provide us with services, and we prohibit our service providers from using or disclosing your Personal Information for any other purpose. Our third-party service providers are subject to strict confidentiality obligations.
  • Affiliates. We may share your Personal Information with our affiliates, for the purposes outlined above, and as it is necessary to provide you with our Services.
  • Legal Obligations. We may be required to share your Personal Information with law enforcement, government agencies, regulators or third parties to comply with legal or regulatory requirements.
  • Corporate Transactions. We may disclose Personal Information in the event of a proposed or consummated merger, acquisition, reorganization, asset sale, or similar corporate transaction, or in the event of a bankruptcy or dissolution.
  • Professional Advisors. We may share your Personal Information with our professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with our legal obligations.
  • Consent. We may share or disclose your information with your consent.
  • Other business purposes. We may share or disclose your Personal Information for other business purposes as permitted by law or required to comply with legal obligations.

If we decide to modify the purposes for which your Personal Information is collected, used, or shared, or our practices relating to your Personal Information, we will amend this Privacy Policy as described below.

5.Cookies

When you access the Platform, we may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (herein, “Cookies”) on your computer or other devices used to visit the Platform. We use Cookies to help us recognize you as a customer, collect information about your use of the Platform to better customize our services and content for you, and collect information about your computer or other access devices to ensure regulatory and legal compliance.

We may make use of third-party Cookies or analytics services.

Third-party tracking technologies are not controlled by us, and statements regarding our practices do not apply to these third-parties or their use of information. We make no representations regarding the policies or practices of such third parties. You may be able to opt out of the practices of some of these third parties if they are members of the Network Advertising Initiative (“NAI”) by visiting http://www.networkadvertising.org/choices or if they participate in the Digital Advertising Alliance (“DAA”) by visiting http://www.aboutads.info/choices. We are not responsible for effectiveness of or compliance with any third-parties’ opt-out options. We do not respond to browser “Do Not Track” signals.

You also can learn more about cookies by visiting https://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices.

Please note that if you reject cookies, you will not be able to use some or all of the Platform.

If you do not consent to the placing of Cookies on your device, please do not visit, access, or use the Platform.

6.Direct Marketing

Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from or about you. You may opt-out of such marketing communications at any time by emailing us at legal@membranelabs.com. You may also opt-out of such communications by following the directions provided in any marketing communication. It is our policy to not provide your Personal Information to third parties for their own direct marketing purposes without your consent. If you opt out of marketing communications, please note that we may still send you necessary information about transactions or our business relationship.

7.Children’s Personal Information

The Platform is not intended for children under the age of 18 and we do not knowingly collect Personal Information of children under the age of 18. If we learn that we have collected any Personal Information from a child under the age of 18, we will promptly delete it from our systems.

8.Information Security

We take reasonable measures, including administrative, technical, and physical safeguards, to protect your Personal Information from loss, theft, or misuse, and from unauthorized access, disclosure, alteration, and destruction. Nevertheless, no security is foolproof, and the Internet is an insecure medium. We cannot guarantee absolute security, but we work hard to protect Membrane and you from unauthorized access to or unauthorized alteration, disclosure, or destruction of Personal Information we collect and store. Measures we take may include encryption of the Membrane website communications; use of firewalls; data encryption; required two-factor authentication for all sessions; periodic review of our Personal Information collection, storage, and processing practices; and restricted access to your Personal Information on a need-to-know basis for our employees, contractors and agents who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

9.Retention

We retain your Personal Information for as long as is reasonably necessary to provide services to you, for our legitimate business purposes, and to comply with our legal and regulatory obligations. If you close your account with us, we will continue to retain your Personal Information as necessary to comply with our legal and regulatory obligations, including for fraud monitoring, detection and prevention, and for our tax, accounting, and financial reporting obligations.

10.International Transfers

Membrane is a global business. As a result, Personal Information may be stored and processed in any country where we have operations or where we engage service providers. We may transfer Personal Information that we maintain about you to recipients in countries other than the country in which the Personal Information was originally collected. Those other countries may have data protection or privacy rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Information remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

If you are located in the European Economic Area (“EEA”), the UK or Switzerland, engaging with Membrane, we comply with applicable law to provide an adequate level of data protection for the transfer of your Personal Information to the US or other third countries. Membrane enters into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data which have been approved by the applicable data protection regulatory authority. We may transfer personal data from Europe to third countries outside of Europe, including the United States, under the following conditions:

  • Contractual obligation. Where transfers are necessary to satisfy our obligation to you under our User Agreement, including to provide you with our services and customer support services, and to optimize and enhance Membrane; and
  • Where you have consented to the transfer of your personal data to a third country.

Where transfers to a third country are based on your consent, you may withdraw your consent at any time. Please understand, however, that our services may not be available if we are unable to transfer personal data to third countries.

11.State-Specific Privacy Rights

Depending on where you reside and in accordance with applicable law, you may have additional rights related to the personal information collected from and/ or about you, subject to certain exceptions and limitations. You may have the following rights with respect to your Personal Information:

  • The right to confirm whether we process your personal information and access your personal information in a portable and, to the extent technically feasible, readily usable format.
  • The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing.
  • The right to delete personal information we have about you.
  • The right to opt out of the processing of your personal information for purposes of targeted advertising, the sale of personal information, and/ or profiling in furtherance of decisions that produce legal or similarly significant effects.

If we deny your request, you may have the right to appeal our decision.

You can make a request by emailing us at legal@membranelabs.com. When you exercise these rights and submit a request to us, we will verify your identity by asking you to provide us with additional information such as your email address. We may also use a third-party verification provider to verify your identity. We will endeavor to honor such requests unless such a request conflicts with certain lawful exemptions under your state's consumer privacy law.

The fact that you have elected to exercise these rights will have no adverse effect on the price and quality of our products or services.

To appeal a decision we have made regarding your request, you may follow the instructions in our response denying your request or you email us at p legal@membranelabs.com.

Your California Privacy Rights

The right to know what personal information we have collected, used, disclosed, and sold about you, including (i) the specific pieces of personal information we have collected about you; (ii) the categories of personal information we have collected about you; (iii) the categories of sources from which we collect information about you; (iv) the business or commercial purposes for collecting information about you;  and (v) the categories of third parties with whom we share or have shared personal information about you.

The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing.

The right to request that we and our service providers delete personal information that we have collected from you.

The right to opt-out of the selling or sharing of your personal information, which you can exercise by clicking here available on our website or by modifying your privacy preferences (e.g., Global Privacy Control), available through certain internet browsers and extensions, that signal your preference to opt out. Please note that clearing your cookies at any time will remove the signal of your selected privacy preferences.

You can make a request by emailing us at legal@membranelabs.com. When you exercise these rights and submit a request to us, we will verify your identity by asking you to provide us with additional information such as your email address. We also may use a third-party verification provider to verify your identity. We will endeavor to honor such requests unless such a request conflicts with certain lawful exemptions under California's consumer privacy law. Please note that we are only required to honor request to know twice in a 12-month period.

The fact that you have elected to exercise these rights will have no adverse effect on the prices and quality of our services.

We may decline a Request a Delete, in part of in whole, if we determine that there is a lawful basis for retaining the information, including because the information is necessary to (i) complete a transaction or perform a contract between us; (ii) ensure security; (iii) debug or repair errors; (iv) exercise a legal right; (v) comply with another law or a legal obligation; (vi) conduct research; (vii) enable internal uses that are reasonably aligned with our consumers' reasonable expectations; or (viii) otherwise use the information, internally, in a lawful manner that is compatible with the context in which you provided the information.

12.Information For Persons Subject To UK and EU Data Protection Laws

If you are located in the EEA or the UK, we adhere to relevant UK data protection laws, and provide individuals with the following additional information. For purposes of this section, “personal data” has the meaning provided in the General Data Protection Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“GDPR”).

Lawful bases for processing

We process personal data subject to GDPR on one or more of the following legal bases:

  • Legal Obligation: to conduct anti-fraud and identity verification and authentication checks and to fulfill our retention obligations;
  • Contractual Obligation: to satisfy our obligations to you under our User Agreement, including to provide you with our services and customer support services, and to optimize and enhance the Platform;
  • Legitimate Interest: to monitor the usage of the Platform, conduct automated and manual security checks of our service, to protect our rights; and
  • Consent: to market the Platform and our services to you. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before consent is withdrawn.

European privacy rights

European Residents have the following rights under GDPR, subject to certain exceptions provided under the law, with respect to their personal data:

  • Rights to Access and Rectification. You may submit a request that Membrane disclose the personal data that we process about you and correct any inaccurate personal data.
  • Right to Erasure. You may submit a request that Membrane delete the personal data that we have about you.
  • Right to Restriction of Processing and Right to Object. You have the right to restrict or object to our processing of your personal data under certain circumstances.
  • Right to Data Portability. You have the right to receive the personal data you have provided to us in an electronic format and to transmit that Personal Information to another data controller.

When handling requests to exercise European privacy rights, we check the identity of the requesting party to ensure that he or she is the person legally entitled to make such request. While we maintain a policy to respond to these requests free of charge, should your request be repetitive or unduly onerous, we reserve the right to charge you a reasonable fee for compliance with your request.

Automated decision-making

We may engage in automated decision-making for purposes of fraud detection and prevention. When we do, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention, to express your point of view and to contest the decision.

13.Updates To this Privacy Policy

We may change this Privacy Policy from time to time to reflect changes to our privacy practices, enhance user experience, or comply with relevant laws. The “Last updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy. Your continued use of the Platform after our posting of changes to this Privacy Policy means that you understand and agree to such changes.

14.Security Breach

If you suspect that your Membrane Account or any of your security details have been compromised or if you become aware of any fraud or attempted fraud or any other security incident (including a cyber-security attack) affecting you or Membrane (collectively, a “Security Breach”), you must notify Membrane immediately at legal@membranelabs.com and provide accurate and up to date information throughout the duration of the Security Breach.

15.Computer Viruses

We shall not bear any liability, whatsoever, for any damage or interruptions caused by any computer viruses or other malicious code that may affect your computer or other equipment, or any phishing, spoofing, or other attack. We advise the regular use of a reputable and readily available virus screening and prevention software. You should also be aware that SMS and email services are vulnerable to spoofing and phishing attacks and should use care in reviewing messages purporting to originate from Membrane. Always login to your account through the Platform to review any transactions or required actions if you have any uncertainty regarding the authenticity of any communication or notice.

16.How To Contact Us or Make a Privacy Request

If you have questions or concerns regarding this policy, would like to make a privacy request, or have questions about the processing of your Personal Information, please feel free to email us at: legal@membranelabs.com.