Latest update: December 6, 2023
This Privacy Notice explains how Aptos Labs ("Aptos," "our," "we," or "us") collects, uses, and discloses personal information in connection with our website, aptoslabs.com, the Aptos Community (including the Aptos Developer Portal and Aptos Learn), Aptos Names (including aptosnames.com), the Aptos Explorer, Petra Wallet (including Petra.App), Identity Connect, Games (including Graffio and Find Out), and all related services (including contact with our customer service team, engagement with us on social media, or other related interactions with us) (collectively the “services”).
This Privacy Notice does not address our privacy practices relating to Aptos job applicants, employees and other personnel. This Privacy Notice is also not a contract and does not create any legal rights or obligations.
OUR COLLECTION OF PERSONAL INFORMATION
Aptos is the controller of the personal information we collect or otherwise maintain in connection with our services. This means that we determine and are responsible for how personal information is used.
The categories of personal information we collect depend on how you interact with us and our services. Aptos collects information that individuals provide directly to us, information we collect automatically when individuals interact with us, and information we collect from third-party sources and other organizations.
Personal Information Individuals Provide Directly to Us
We may collect the following personal information individuals provide directly to us in connection with our services:
- Contact Information, including name, email address, social media handles, and communication preferences.
- Referral Information, including information about friends and family an individual would like to refer to our services.
- Account Information, including username, profile pictures, profile description, general location, trust level, join date, and the products and services developed, used, or interacted with (including access to Aptos developer tools and APIs), and any requests for feedback you provide in connection with your account, including requests for feedback on code you have developed.
- Community Information, including number of days visited, topics and posts created, topics viewed, posts read, time spent reading, likes given and received, badges, certifications, and community preferences.
- Gaming Information, including gaming accounts, games played, time spent gaming, in-game points earned and spent, rewards earned and redeemed, and in-game content generated, posted, or interacted with.
- Event, Contest, Promotion, and Survey Information, including contact information, preferences, feedback, and other relevant content provided when signing up for an event, entering a contest or promotion, or completing a survey.
- Inquiry Information, including information provided in custom messages sent through our services or provided directly to a member of our team.
When an individual chooses to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide additional privacy-related information where the scope of the inquiry/request and/or personal information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy notice will govern how we may process the information provided at that time.
Personal Information Automatically Collected
As is true of many digital platforms, we and our third-party providers may also collect certain personal information from an individual’s device, browsing actions, and site usage patterns automatically when visiting or interacting with our services, which may include:
- Log Data, such as cookie identifiers, internet protocol (IP) address, mobile carrier, MAC address, user settings, mobile ad identifiers, Internet service provider, browser or device information, the URL entered and the referring page/campaign, date/time of visit, the time spent on our services, and any errors that may occur during the visit to our services.
- Analytics Data, such as the electronic path taken to our services, through our services, and when exiting our services, as well as information pertaining to usage and activity on our services (including pages visited, links clicked, content interacted with, and duration and frequency of the activities).
- Location Data, such as general geographic location based on the log data we or our third-party providers collect.
Personal Information from Third Parties and Other Sources
We also obtain personal information from third-party sources, which we often combine with personal information we collect either automatically or directly from an individual.
We may receive the same categories of personal information as described above from the following third parties:
- Affiliates: We may receive personal information from other companies owned or controlled by Aptos Labs, and other companies owning or under common ownership with Aptos Labs, particularly when we collaborate in providing services.
- Community and Gaming Participants: We may receive personal information from other participants in the Aptos community, including users of Games, to help support an individual’s interaction with the Aptos community.
- Referrals: We offer a referral service through which an individual can provide contact information of family and friends who may be interested in our services. We use personal information collected in connection with these referral services to communicate with the friend or family member being referred and to provide the referring individual any benefits, incentives and/or rewards they may be eligible for as a result of their referral. Please share information only for people that you know.
- Single Sign-On: Some parts of our services may allow community members to login through a third-party social network or authentication service such as Discord, Google, or Github. These services will authenticate the community member’s identity and provide them the option to share certain personal information with us, which could include name, email address, address book and contacts, or other information. The data we receive is dependent on that third party’s policies and the community member’s privacy settings on that third-party site. However, we do not receive the community member’s login credentials for the relevant third-party service. Instead, we receive tokens from the single sign-on service to help identify the community member in our system (such as by their username) and confirm the community member successfully authenticated with the single sign-on services. This information allows us to more easily provide community members access to our platform.
- Social Media: If an individual chooses to interact with us on social media, we may collect personal information about them from their social media account that they make public. We use personal information collected in connection with their social media account to communicate with them, better understand their interests and preferences, and better understand our user base in the aggregate.
- Identity Verification Providers: In rare circumstances, we may engage third-party identity verification providers to help us verify the identity of a specific individual with whom we are interacting. This information is used primarily for purposes of preventing fraud.
- Event, Promotion and Other Business Partners: We may from time to time offer opportunities for individuals to take part in events or promotions, or obtain services provided in connection with a third-party business partner. Our event, promotion, and other business partners may collect or share personal information with us in connection with the relevant event, promotion or service. For example, we may receive personal information from third-party business partners that help foster the Aptos community in order to identify community members eligible for benefits in relation to a promotion.
- Data Analytics Providers: We rely on third-party providers to help us collect analytics relating to our services and user base. These data analytics providers often collect personal information directly from individuals and share some or all of this information with us in connection with their analytics services.
- Other Service Providers: Other service providers that perform services solely on our behalf, such as website hosting and marketing providers, collect personal information and often share some or all of this information with us in connection with their services.
- Information Providers: We may from time to time obtain information from third-party information providers to correct or supplement personal information we collect. For example, we may obtain updated contact information from third-party information providers to connect with an individual who may be interested in our services.
- Publicly Available Sources: We collect personal information about individuals that we do not otherwise have, such as contact information or an individual’s interest in our services, from publicly available sources. We may combine this information with the information we collect from an individual directly.
- Inferences: We may generate inferences or predictions about individuals and their interests and preferences based on the other personal information we collect and the interactions we have with the individuals.
Our Collection of Blockchain Information
Blockchain is a shared, immutable ledger used to record transactions of assets. In connection with our services, we may collect the following blockchain information directly from individuals, from the third parties identified above, or from the public blockchain itself (including the Aptos blockchain):
- Account Address: The unique blockchain address or domain from or to which assets are transferred.
- Wallet Information: The wallet connected to a specific account address.
- Account Balance & Assets: The balance associated with the blockchain address, as well as the assets stored in connection with that account.
- Transaction Details: The transaction identifier, blockchain position for the transaction, date and time of the transaction, type of transaction, amount sent or received, fee amount, account address of the sender and recipient, and storage size of the transaction.
- Connected Apps: The name of the apps to which an individual connects using our blockchain services.
We may in certain circumstances combine the blockchain information we obtain with the personal information described above.
OUR USE OF PERSONAL INFORMATION AND BLOCKCHAIN INFORMATION
We use the information we collect to:
- Manage our organization and its day-to-day operations;
- Administer, provide, maintain, improve, and personalize our products and services;
- Improve and support the Aptos community;
- Facilitate identity and transaction management services at your request;
- Process or otherwise facilitate transactions and send you related information, including confirmations, receipts, invoices, customer experience surveys, and recall notices;
- Personalize and improve your experience on our services;
- Send you technical notices, security alerts, and support and administrative messages;
- Respond to your comments and questions and provide customer service;
- Communicate with you about products, services, and events offered by Aptos and others and provide news and information that we think will interest you;
- Tailor and provide you with content and advertisements, including through in-person events, social media, email, and other online venues, based on individual interests and interactions with us;
- Monitor and analyze trends, usage, and activities in connection with our services;
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
- Test, enhance, update, and monitor the services, or diagnose or fix technology problems;
- Help maintain the safety, security, and integrity of our property and services, technology assets, and business;
- Defend, protect, or enforce our rights or applicable contracts and agreements;
- Detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Aptos and others;
- Debug to identify and repair errors in our services;
- Facilitate business transactions and reorganizations impacting the structure of our business;
- Comply with our legal and financial obligations; and
- Carry out any other purpose described to you at the time the information was collected.
OUR DISCLOSURE OF PERSONAL INFORMATION AND BLOCKCHAIN INFORMATION
We disclose the information we collect to:
- Affiliates: We share information with other companies owned or controlled by Aptos Labs, and other companies owning or under common ownership with Aptos Labs, particularly when we collaborate in providing services.
- Referrals: We may share the name of a referring individual with the friends and family the individual refers to our services, as well as any other content or custom message the referring individual wishes to share.
- Identity Verification Providers: Where we engage a third-party identity verification provider to help us verify the identity of a specific individual with whom we are interacting, we will typically provide the third-party identity verification provider sufficient information to facilitate the identity verification service.
- Event, Promotion and Other Business Partners: Just as we may receive information from our event, promotion and other business partners, we may share information with them in connection with the relevant event, promotion or service we are offering. For example, we may share information with third-party business partners that help foster the Aptos community in order to have them facilitate communication between us and members of the Aptos community.
- Data Analytics Providers: We may share information with our data analytics providers to facilitate the analytics services they are providing us.
- Other Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as web hosting, shipping and delivery, payment processing, fraud prevention, customer service, contests, sweepstakes, promotions, and marketing and advertising service. Depending on the function the provider serves, the service provider may process information on our behalf or have access to information while performing functions on our behalf.
- Business Transaction or Reorganization: We may share or otherwise disclose personal information or blockchain information to a third party during negotiations concerning, in connection with, or as an asset in a merger, sale or other transfer of company assets, joint venture, financing, or acquisition of all or a portion of our business by another company. Personal information or blockchain information may also be disclosed in the event of insolvency, bankruptcy, or receivership.
- Legal Obligations and Rights: We share or otherwise disclose information to third parties, such as our lawyers, other professional advisors and law enforcement:
- Where necessary to obtain advice or otherwise protect and manage our business interests;
- In connection with the establishment, exercise, or defense of legal claims;
- To comply with laws or to respond to lawful requests or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
- To protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
- To detect, suppress, or prevent fraud;
- To protect the health and safety of us and others; or
- As otherwise required by applicable law.
- Otherwise with Consent or Direction: We may share or otherwise disclose information with your consent or at your direction. For example, we may share certain information with a third-party app or platform to verify your online identity or transactions at your direction in connection with Identity Connect (as further described below). We may also share community or in-game content with your intended recipients, or make information available to the public Aptos blockchain to facilitate proper recording of gaming activities and other activities relating to your blockchain wallet. We also share aggregated or de-identified information that cannot reasonably be used to identify you.
ADDITIONAL SERVICE DISCLOSURES
We provide the service Aptos Names to help individuals secure their .apt domain address to start their journey on the Aptos blockchain. In order to register for a .apt domain address, you are required to connect a blockchain wallet (such as Petra, Martian, Fewcha, Pontem, Rise, Blocto, and MSafe) to the Aptos Names service to facilitate the account address creation and wallet linking. We use the information collected in connection with Aptos Name to provide the service and to accomplish the purposes otherwise set forth above.
We provide the service Aptos Explorer to help individuals explore the Aptos blockchain. In providing the service, we obtain and publicly display blockchain information from the Aptos blockchain, including transaction version, type, timestamp, sender address, recipient address, function, amount, and gas fees. Blockchain information obtained in connection with the Aptos Explorer service may also be used to accomplish the purposes otherwise set forth above.
You may access and use the Petra Wallet, which is a digital wallet created and operated by Aptos. When setting up an Account within Aptos, you will be responsible for keeping your own account secrets, which may include twelve-word seed phrases or mnemonic(s), your private keys, an account file, or other locally stored secret information. Aptos encrypts this information locally with a password you provide.
You may access and use Identity Connect, which is a protocol and platform created and operated by Aptos to allow you to manage requests from third-party applications for proof of identity and signing of transactions through designated online services, such as the Petra Wallet. When setting up Identity Connect, you can choose to verify your identity through the designated online service via a unique QR code or alphanumeric code, or through a third-party social network or authentication service, such as Discord, Google, or Github. Once set up, you can leverage Identity Connect to receive and sign transactions from third-party applications you choose to connect to your Identity Connect account. Aptos may share information necessary to facilitate proof of identity and transaction authorization with such third-party applications (such as an encrypted pairing code and/or authorization status). The user is responsible for keeping their own account secrets, which may include QR codes or numerical codes used to connect third-party applications, private keys, account files, or other locally stored secret information.
As part of the services, you may have access to an experimental service that enables you to experience the Aptos Network through interactive single or multiple player games and social applications, including, but not limited to, Find Out (available at letsfindout.ai) and Graffio (available at graffio.art), a collective art platform (collectively, “Games”). In order to play Games, you will need an account. To create an account, you are typically provided the option of connecting your eligible crypto wallet (such as through Identity Connect or Petra) or leveraging a single sign-on service (such as Discord or Google). While Games are free to play, Aptos Network gas costs may apply and certain games may require the use of in-game points to play the game or take part in certain game features. In-game points may be earned through participation in the game and/or certain community activities. In addition, Games may provide users the opportunity to earn rewards, such as in-game points, gas credits, non-fungible tokens, and other digital collectibles, to be redeemed in the Games or outside of the Games. Information about the in-game points and other rewards you earn, as well as other components of your gaming experience and user-generated content, may be shared with other users of Games, the Aptos community, or the public Aptos blockchain, pursuant to any available privacy settings.
COOKIES AND RELATED TECHNOLOGIES
We engage third parties to provide us with analytics and other services across the web and in mobile apps. We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, similar technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”) to automatically collect personal information and use or disclose the personal information for the purposes described in the sections above, including to analyze and track data, determine the popularity of certain content, and better understand each user’s online activity. Some examples of our third-party cookie providers include:
- Mailchimp. To learn about how Mailchimp uses your data, please visit the Intuit Privacy Statement.
- Stitch. To learn more about how Stich uses your data, please visit the Talend Privacy Statement.
If an individual would prefer not to accept cookies, most browsers will allow the individual to: (i) change the individual’s browser settings to notify the individual when the individual receives a cookie, which lets the individual choose whether or not to accept it; (ii) disable existing cookies; or (iii) set the individual’s browser to automatically reject cookies. Please note that doing so may negatively impact the individual’s experience using our website, as some features and offerings may not work properly or at all. Depending on the individual’s device and operating system, the individual may not be able to delete or block all cookies. In addition, if the individual wants to reject cookies across all browsers and devices, the individual will need to do so on each browser on each device the individual actively uses.
The individual may also set their email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether they have accessed our email and performed certain functions with it.
We may choose or be required by law to provide different or additional disclosures relating to the processing of personal information about residents of certain countries, regions or states. Please see below for disclosures that may be applicable to you:
- If you are a resident of the State of California, Colorado, Connecticut, Nevada, Utah, or Virginia in the United States, please see the Additional United States Privacy Disclosures below.
CHILDREN’S PERSONAL INFORMATION
Our services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If an individual is under the age of 13, they should not use our services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 13, we will promptly delete that personal information.
LINKS TO THIRD-PARTY WEBSITE OR SERVICE
Our services may include links to third-party websites, plug-ins, and applications. Except where we post, link to, or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy notices.
UPDATES TO THIS PRIVACY NOTICE
We may change this Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of this notice and, if we make material changes, we may provide you with additional notice (such as adding a statement to our services or sending you a notification). We encourage you to review this Privacy Notice regularly to stay informed about our information practices and the choices available to you.
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to: email@example.com .
ADDITIONAL UNITED STATES PRIVACY DISCLOSURES
If you are a resident of the state of Nevada in the United States, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at firstname.lastname@example.org with the subject line “Nevada Opt Out Request” to submit such a request.
California, Colorado, Connecticut, Utah and Virginia Residents
The remainder of this section supplements the information contained in our Privacy Notice by providing additional information about our personal information processing practices relating to individual residents of the States of California, Colorado, Connecticut, Utah and Virginia. For a detailed description of how we collect, use, and disclose personal information in connection with our services, please read the Privacy Notice above.
No Sales or Targeted Advertising
We do not sell personal information, and we do not process or otherwise share personal information for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from an individual’s activities across non-affiliated businesses or websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).
We do not currently collect personal information that may be classified as “sensitive” under applicable privacy laws.
We may at times receive, or process personal information to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
Your Privacy Rights
Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:
- Right to Know: The right to confirm whether we are processing personal information about you and, under California law only, to obtain certain personalized details about the personal information we have collected about you, including:
- The categories of personal information collected;
- The categories of sources of the personal information;
- The purposes for which the personal information were collected;
- The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom the personal information were disclosed;
- The categories of personal information shared for targeted advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for those purposes; and
- The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold.
- Right to Access & Portability: The right to obtain access to the personal information we have collected about you and, where required by law, the right to obtain a copy of the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
- Right to Correction: The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
- Right to Deletion: The right to have us delete the personal information we maintain about you.
Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
Submitting Privacy Rights Requests
To submit a request to exercise one of the privacy rights identified above, please: Send an email to email@example.com.
Before processing your request, we may need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we will generally either require the successful authentication of a community membership, or the matching of sufficient information you provide us to the information we maintain about you in our systems. We may at times need to request additional information from you, taking into consideration our relationship with you and the sensitivity of your request.
We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose. In certain circumstances, we may decline a privacy rights request, particularly where you are not a resident of one of the eligible states or where we are unable to verify your identity.
Submitting Authorized Agent Requests
In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.
Appealing Privacy Rights Decisions
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request.
The following disclosures only apply to residents of the State of California.
California Categories of Personal Data
California law requires we provide disclosures to you about what personal information we collect by reference to the enumerated categories of personal information set forth within California law. To address this obligation, we have identified the relevant enumerated California personal information category for the personal information described in the Our Collection of Personal Information section of our Privacy Notice, as well as the categories of personal information we collect from representatives of third-party entities, below:
- Identifiers, including name, email address, and social media handles.
- Customer Records, including Account Information, Community Information, Gaming Information, and Referral Information,
- Internet/Network Information, including Log Data and Analytics Data.
- Geolocation Data, including general geographic location based on the log data we or our third-party providers collect.
- Sensory Information, including profile pictures.
- Professional / Employment Information, including the business or organization an individual represents, their title with that business or organization and information relating to their role with the business or organization, which we use to communicate with the individual about the business or organization they represent.
- Other Personal Data, including communication preferences, inquiry information, personal information an individual permits us to see when interacting with us through social media, and personal information an individual provides us in relation to a question, request, inquiry, survey, contest or promotion.
- Inferences, including our predictions about interests and preferences and related service information.
We disclose all of these categories of personal information for a business purpose to service providers or other third parties at the consumer’s direction, as outlined in the Our Disclosure of Personal Information section of our Privacy Notice.
Retention of Personal Information
We retain personal information only for as long as is reasonably necessary to fulfill the purpose for which it was collected. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority. To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.
Removal of User-Generated Content
Users of our platforms, like the Aptos Community and Games, who are California residents under the age of 18 may request and obtain removal of user-generated content they posted on the platform. To submit such a request, please contact us at firstname.lastname@example.org. Please note that a request does not ensure complete or comprehensive removal of the material. For example, materials that were posted may have been republished or reposted by another user or third party.
Notice of Financial Incentive
We may choose to provide programs and other offerings intended to provide benefits to eligible participants that qualify as financial incentives under certain privacy laws. For example, the financial incentives we may choose to make available to interested individuals may include promotional materials or opportunities to obtain sweepstakes and contest prizes.
To obtain access to certain of these programs and other offerings, we may ask to collect or share an interested individual’s personal information, including name and contact information. We consider the value of these programs and other offerings to be reasonably related to the value of the personal information we would receive and otherwise process in connection with these programs and offerings, based on our reasonable but sole determination and taking into consideration the expenses related to facilitating the program or offering.The terms applicable to each program and other offering will be provided at the time an eligible individual is offered an opportunity to participate. Interested individuals can opt-in to these financial incentives by following the instructions presented at the time the offer is made. Participating individuals may withdraw from our programs and other offerings at any time by following the instructions provided in connection with each offering or emailing us at email@example.com.