Obvious Privacy Policy

Last Updated: Feb 2, 2023
  1. This Privacy Policy describes how HashHalli Inc (“we,” “us,” “Obvious”, or “HashHalli”) uses your personal or behavioural data, how it is collected, used, and stored when you access our website, the web application or mobile application (collectively the “Site”).
  2. We may modify this Privacy Policy from time to time which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by email (sent to the email address specified in your account), by means of a notice on our Services prior to the change becoming effective, or as otherwise required by law. Your use of the Site is at all times subject to the Obvious User Agreement, which incorporates this Privacy Policy. Any terms we use in this Privacy Policy without defining them have the definitions given to them in the Obvious User Agreement.

1. Acceptance of the privacy policy

  1. By the Site, you signify acceptance of the terms of this Privacy Policy. Where we require your consent to process your information, we will ask for your consent to the collection and use of your information as described further below.
  2. We provide additional "just-in-time" disclosures or information about the data processing practices of specific services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of the Site.
  3. If you are under the age of majority in your jurisdiction of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent's verified consent, we will use that information only to respond directly to that child(or his or her parent or legal guardian) to inform the child that he or she cannot use the Site and subsequently we will delete that information.

2. What does this privacy policy cover?

  1. This Privacy Policy sets forth our policy for collecting or using personal or behavioral data in connection with users access and using of the Site.

3. The information we collect

  1. Obvious does not track IP addresses. Where third parties collect this information by default, we take a three-step approach: 1) request manual removal of IP tracking, 2)prevent this data from being sent to our product analytics services, and 3) give users the choice to opt-out of analytics entirely.
  2. Obvious does not share user data with third parties, ever.
  3. Data Storage. On our web app, aggregated lists get passed to our backend to calculate the total value of your portfolio in real-time, but this information is not stored.Specifically, we trim timestamps on server logs to the hour, so cross-associating wallet data is not possible. If I have multiple wallets connected to Obvious, one cannot be used to identify others.
  4. We do not collect Personally Identifiable Information. You are not required to provide any PII to use the basic features of the Site. You should understand that because of the nature of the Ethereum network, your entire transactional history conducted from your Wallet is provided to us or otherwise publicly accessible by default and is necessary to support your usage of the Services.
  5. We do not automatically collect Personal Information or other nonpublic information in connection with transactions you conduct using our Services, and we do not use any automatic tracking technologies in these parts of our Services unless you explicitly agree to the use of these tracking technologies.
  6. Do Not Track Policy: Some Internet browsers - like Internet Explorer, Chrome Firefox, andSafari - include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, we do not currently process or respond to "DNT" signals.
  7. Information we will never collect: We will never ask you to share your private keys to your Wallet or other security information that could be used to access your Wallet without your explicit consent and action. Never trust anyone or any site that asks you to enter your private keys or similar security information.

4. Storage for our mobile application

  1. For our mobile users, push notifications are slightly different because we rely on Apple andGoogle’s push notification systems. In order to send notifications to a given wallet, we need to persistently store device tokens (an anonymized string) and the list of wallet addresses subscribed to notifications from that device. Anyone who wishes to avoid this data being stored entirely has the choice to disable push notifications on the Settings screen.

5. Use usage data

  1. As a general policy, we aim to protect your privacy and personal information by collecting, using or sharing as little personal information as possible. We do not collect such information even for“better UX” or the usual argument the collection of such information improves your experience.

6. Sharing of the personal information

  1. We do not share or sell the Personal Information that you provide us with other organisations without your express consent, except as described in this Privacy Policy.

7. How we protect and store information

  1. We endeavour to protect the privacy of the Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. The safety and security of your PersonalInformation also depends on you. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Your Wallet is protected by your password, private key, and/or seed phrase, and we urge you to take steps to keep this and other Personal Information safe by not disclosing your security credentials or leaving your Wallet open in an unsecured manner. We further protect your Personal Information from potential security breaches by implementing certain technological security measures including encryption, firewalls, and secure socket layer technology. We also seek to protectPersonal Information by refraining from collecting Personal Information where possible.However, these measures do not guarantee that your Personal Information will not be accessed, disclosed, altered or destroyed by a breach of such firewalls and secure server software. By using our Services, you acknowledge that you understand and agree to assume these risks.
  3. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.

8. International transfers

  1. If you are a resident of the European Economic Area (“EEA”) or Switzerland, you may have additional rights under the General Data Protection Regulation (the “GDPR”) and other applicable law with respect to your Personal Data, as outlined below.
  2. For this section, we use the terms “Personal Data” and “processing” as they are defined in theGDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, and disclosure. Obvious will be the controller of yourPersonal Data processed in connection with the Services.
  3. If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at admin@obvious.technology.

9. What personal data do we collect from you?

We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
  1. Information we collect directly from you: We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation, PersonalInformation as described above under “Information You Provide to Us” and “InformationCollected from Other Sources”, and any other information you may elect to submit in your communications with us while using our Services. You are not required to submitPersonal Data solely in connection with your use of your Wallet through our Services, but certain of our other Services may require submission of Personal Data to fully exploit those Services.
  2. Information we automatically collect when you use our Services: Some Personal Data is automatically collected when you use our Services, including without limitation, the information described above under “Information Collected Automatically.”

10. Your rights regarding your personal data

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email admin@obvious.technology.

Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary, to verify your identity and the nature of your request.
  1. Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your PersonalData by visiting the Obvious Interface or the Obvious App.
  2. Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can correct some of this information directly by editing them on the Obvious Interface or the ObviousApp.
  3. Erasure: You can request that we erase some or all your Personal Data from our systems, provided that this will not erase any Personal Data you have submitted to the Ethereum network.
  4. Withdrawal of Consent: If we are processing your Personal Data based on your consent(as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
  5. Portability: You can ask for a copy of your Personal Data in a machine-readable format.You can also request that we transmit the data to another controller where technically feasible.
  6. Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes. • Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
  7. Right to File Complaint: You have the right to lodge a complaint about Obvious’ practices with respect to your Personal Data with the supervisory authority of your country orEuropean Union Member State.

11. Transfers of personal data

  1. Certain of the Services are hosted and operated in part in the United States (“U.S.”) throughObvious and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services and providing your information, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, may be provided to Obvious in the U.S. and may be hosted on U.S.servers. You hereby consent to and authorize Obvious to transfer, store and process your information to and in the U.S., and possibly other countries. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Policy.One such step we may take to ensure the security of your Personal Information in the event that a transfer may not be subject to the same protection in the EEA or Switzerland, is to enter into specific contract clauses approved by the European Commission which ensure your personal information is given the same protection it has in Europe.

12. What if you have questions regarding your personal data?

If you have any questions about this section or our data practices generally, please contact us using the following information:
  1. Designated Representative Name: Himanshu Retarekar
  2. Physical address: 1007 N Orange St 4th floor 848, Wilmington, Delaware 19801
  3. Email address for contact: admin@obvious.technology

13. California privacy rights

Under the CCPA, you may have the following consumer rights. Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in theCCPA:
  1. For personal information collected by us during the preceding 12 months preceding your request that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. Obvious will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services.
  2. To the extent we sell your personal information to third parties, you also have the right to request that we disclose to you: (i) the categories of your personal information that we sold, and (ii) the categories of third parties to whom your personal information was sold.You have the right to direct us not to sell your personal information. Obvious does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.
  3. Should Obvious engage in any of the activities listed in this section, your ability to exercise these rights will be made available to you in your account settings. You can exercise your rights by going to your Privacy Rights Dashboard or contacting us via our Support Portal so that we may consider your request. We will need to verify your identity before processing your request. In order to verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to exercise your rights, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and right to deletion, particularly where we are unable to verify your identity.
  4. If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.