stbl
Twitter
Twitter Linkedin
Access App

STBL Protocol Privacy Policy

Effective Date: 01-08-2025
Last Updated: 01-08-2025

1. DATA CONTROLLER INFORMATION

Protocol Name: STBL Protocol (the “Protocol”)
Email: [email protected]
Website: https://stbl.com
Data Protection Officer: [email protected]

2. INTRODUCTION

This Privacy Policy (the “Policy”) explains how STBL Protocol (“we,” “us,” or “our”) collects, uses, and protects information when you (“you”, “your” or “user(s)”) interact with our decentralized finance (DeFi) protocol, website, and related services. We are committed to protecting your privacy while operating in the decentralized ecosystem. This Policy outlines the limited data interactions of the users within the Protocol, how such data is used, and users’ rights regarding their information.
The terms of this Policy are applicable to you for accessing our Services as detailed in our Terms and Conditions that can be accessed via Website and are available at: https://www.stbl.com/terms-and-conditions/. You are subject to the Terms and Conditions of the Protocol. The terms used in this Policy shall have the same meaning as in the Terms and Conditions, except as otherwise provided herein. Please read this Policy carefully. If you do not agree with this Policy or any part thereof, you should not access or use any part of the Protocol and Services.
For purposes of this Privacy Policy, the term “personal data” refers to information relating to an identified or identifiable natural person. The broader term “data” may include both personal data and non-personal information (such as anonymised statistics or aggregated blockchain metrics).

3. INFORMATION WE COLLECT

When you visit the Website and use our Services, we collect: (a) technical data that is necessary to provide and improve the Services, and (b) data you voluntarily provide to us.

3.1 Blockchain Data

All interactions occur directly through your wallet on decentralized networks, and all transactions are recorded on the public blockchain. The data we may access or process includes:
  • Wallet Addresses: Public blockchain addresses you connect to our Protocol
  • Transaction Data: On-chain transactions, including amounts, timestamps, and smart contract interactions
  • Token Holdings: Information about tokens in connected wallets relevant to protocol functionality
Note: While this transaction data is used for analytics and performance improvement, blockchain transactions are inherently public and accessible via blockchain explorers.

3.2 Technical Information

We may automatically collect certain technical data through your use of the Protocol, either directly or via third-party service providers, including:
  • Log File Data: Internet protocol (IP) addresses, browser type, device identifiers, operating system version, crash data and cookie data
  • Usage Analytics: How you interact with our interface, including pages visited, time spent on pages, drop-off points, features used and other behavioral data.
  • Performance Data: Error logs, loading times, and system performance metrics

3.3 Communication Data

We may collect information you voluntarily provide when interacting with us, including:
  • Support Inquiries: Information you provide when contacting our support team
  • Community Participation: Posts in our forums, Discord, or other community platforms
  • Newsletter Subscriptions: Email addresses for updates and announcements

3.4 Third-Party Collaborations

If you interact with third-party providers (e.g., KYC/KYB service providers, fiat on/off-ramp providers, decentralized applications, or external authentication services), such providers may independently collect and process data under their own privacy policies. We do not control or assume responsibility for how third parties handle your data, and you are encouraged to review their privacy terms before engaging with them.

3.3 Communication Data

  • We do not collect private keys or seed phrases
  • We do not store personal identification documents
  • We do not track your activity across other websites or protocols

4. HOW WE USE YOUR INFORMATION

We use the data we collect for the following purposes:

4.1 To provide access to our Protocol and Services to you

We use the data we collect to provide our Services, including to allow access to the Protocol and to operate and support our Services. We may also use the data we collect to assess, analyse and improve the performance of the Protocol and Services and to perform maintenance work from time to time.
We continuously analyse user interaction data to refine our Protocol’s functionality, improve navigation, and create a seamless trading experience. Specifically, we use this data to:
  • Identify areas where users drop off before completing actions: Understanding where users abandon processes allows us to refine workflows, reduce friction, and enhance ease of use.
  • Assess how long users take to navigate certain features: Measuring time spent on different sections of the Protocol helps us determine which features are intuitive and which may require additional user guidance or redesign.
  • Improve Protocol design and ease of use: By analysing navigation behaviour, we can make data-driven improvements to our Protocol interface, simplify complex processes, and enhance the overall user journey.
  • Enhance overall Protocol performance: Understanding how users interact with our Services enables us to optimize system responsiveness, reduce latency, and provide a smoother trading experience.
  • Market & regional analysis: Tracking IP addresses allows us to gain valuable insights into our global user base. We use this information to: (i) determine which countries and regions have the highest user activity – identifying geographic trends enables us to recognize markets where our Protocol is gaining traction and where additional support or localized features may be required; (ii) focus our marketing and service efforts in regions with strong user engagement – by understanding which regions have a high concentration of active users, we can tailor our outreach strategies, develop region-specific campaigns, and allocate resources effectively; and (iii) optimize language support and customer assistance – based on regional data, we can enhance multilingual support and provide customer service that caters to specific geographic preferences.
  • Security, fair trading & compliance: To maintain a secure and trustworthy trading environment, we monitor transactional data and user activity for: (i) ensuring fair trading practices – by analysing trading patterns, we can detect any unusual activity, prevent price manipulation, and maintain a transparent trading ecosystem; and (ii) detecting fraudulent behaviour and system abuse – monitoring trade activity allows us to identify potential security threats, unauthorized access attempts, and other forms of malicious behaviour that could compromise the integrity of our Protocol.

4.2 To communicate with you

We may use the data we collect to communicate with you to:
  • Respond to your support requests and inquiries
  • Send important protocol updates and security notifications
  • Provide educational content about DeFi and our protocol
  • Deliver newsletters and promotional materials (with consent)
  • Provide you with such support as may be requested from you.

4.3 For administrative and legal purposes

We may use the data we collect for administrative and legal purposes, such as for compliance purposes. This includes enforcing our Terms and Conditions, or enforcing or defending other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency, and to comply with our legal obligations and internal policies as permitted by applicable laws, such as preventing the Protocol and Services from being accessed by individuals in sanctioned territories, or by sanctioned individuals.
Please note that we will not process your personal data for any purpose that is incompatible with the purposes listed above.

5. INFORMATION SHARING AND DISCLOSURE

We do not sell personal data. However, in the limited circumstances described below, we may share information with carefully selected third parties, subject to appropriate safeguards.

5.1 Third-Party Service Providers

We engage third-party service providers to support the operation, security, and improvement of our Services. These providers process personal data only on our behalf and under binding contractual obligations, including confidentiality and data protection requirements. Categories of service providers include:
  • Analytics Providers: Services such as Google Analytics or equivalent tools to help us understand how users interact with our website, applications, and dashboards, enabling us to improve functionality and user experience.
  • Infrastructure Providers: Cloud hosting services, content delivery networks (CDNs), and data storage providers that enable us to deliver a reliable, scalable, and secure platform.
  • Security and Monitoring Services: Vendors that provide fraud detection, risk scoring, penetration testing, vulnerability monitoring, or other services designed to maintain the safety and integrity of the Protocol.
  • Communication Tools: Email and notification delivery services used for sending updates, newsletters, and user communications.

5.2 Legal and Regulatory Requirements

We may disclose information when required by law, including:
  • Comply with a valid legal obligation, such as court orders, subpoenas, or regulatory requests.
  • Respond to lawful requests from public or governmental authorities, including national security or law enforcement requirements.
  • Protect and defend our rights, property, or safety, or that of our users, affiliates, or others.
  • Detect, prevent, or investigate fraud, security incidents, technical issues, or potential violations of our Terms and Conditions.

5.3 Business Transfers

In the event of a corporate transaction such as a merger, acquisition, restructuring, reorganization, sale of assets, or insolvency proceeding, personal data may be transferred as part of the business assets. In such cases:
  • We will ensure that the receiving entity is bound by confidentiality and data protection obligations consistent with this Policy.
  • Users will be notified in advance of any transfer where required by law or where the transaction materially changes the way their data is processed.
  • If the new entity intends to process personal data for purposes materially different from those set out in this Policy, users will be given the opportunity to opt out or exercise applicable rights.

6. STORAGE, DATA SECURITY AND RISK MITIGATION

We implement a range of technical, organizational, and administrative measures reasonably designed to protect the security of personal information against loss, misuse, unauthorized access, disclosure, alteration, or destruction. While no Internet, blockchain, or email transmission can ever be guaranteed fully secure or error-free, we continually monitor, update, and improve our safeguards to mitigate evolving risks.

6.1 Technical Safeguards

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication for administrative access
  • Secure coding practices and regular updates

6.2 Operational Security

  • Limited access to personal data on a need-to-know basis
  • Employee training on data protection and security
  • Incident response procedures for data breaches
  • Regular backup and disaster recovery procedures

6.3 User Responsibilities and Shared Risk

While we take strong measures to protect the Services, certain risks remain outside our control, especially in decentralized environments:
  • Wallet Security: We do not collect or store private keys, seed phrases, or authentication credentials. Users are solely responsible for securing their own wallets, devices, and authentication credentials.
  • Privacy Settings: Users are advised to review and adjust their privacy settings within the Protocol to control data-sharing preferences and permissions.
  • Third-Party Integrations: Some integrations may involve external providers (e.g., wallets, analytics, or infrastructure). We cannot control their security practices. Users should review third-party providers’ privacy and security policies before use.
  • Reporting Security Issues: Users are encouraged to report suspected vulnerabilities, breaches, or privacy concerns promptly to help maintain the integrity of the Protocol.

7. DATA RETENTION

7.1 Retention Periods

We retain your personal data only for as long as necessary for the purposes for which it has been collected, as specified in this Policy, and in accordance with the applicable laws. This means that the retention periods we apply may vary depending on the purpose for which we process your personal data. When determining the appropriate retention period, we take into account the category and amount of personal data, potential risks and harm that may arise from unauthorized access or disclosure, the specific purposes for which the data is processed, the availability of alternative means to achieve those purposes, and the applicable legal requirements. Specific retention practices include:
  • Transaction and On-Chain Data: Information recorded on public blockchains (e.g., wallet addresses, transaction records) is permanent and cannot be altered or erased by us. Such data is retained indefinitely on the blockchain, outside of our control. Off-chain records linked to transactions (e.g., logs or operational data) are retained only as long as necessary to provide the Services or comply with legal obligations.
  • Analytics Data: Aggregated and/or pseudonymised analytics data is retained for up to twenty-four (24) months, after which it is deleted or anonymised to ensure it no longer relates to an identifiable individual.
  • Support Communications: Correspondence with our support team (including emails, messages, or tickets) is retained for up to three (3) years after resolution, unless a longer period is required to comply with legal obligations or to resolve ongoing disputes.
  • Marketing Communications: Personal information used for newsletters, promotional materials, or other marketing purposes is retained until you unsubscribe or withdraw your consent. We may retain minimal records of your opt-out status for compliance purposes.

7.2 Data Deletion

You may request deletion of personal data we control by contacting us (see Section 15: Contact Information). We will honor such requests subject to the following limitations:
  • Legal and Regulatory Requirements: We may be required to retain certain information to comply with applicable laws, regulations, tax obligations, or lawful requests from authorities.
  • Legitimate Business Purposes: We may retain limited information necessary to protect the integrity of the Services, resolve disputes, enforce agreements, prevent fraud, or maintain security.
  • Blockchain Immutability: Data that is permanently recorded on public blockchains (e.g., wallet addresses and transaction histories) cannot be deleted, altered, or otherwise erased by us or any third party. We design our Services to minimize the recording of personal data on-chain, and where feasible, store personal data off-chain to provide greater control.
Where full deletion is not possible (e.g., due to technical or legal constraints), we will take steps to anonymise or aggregate personal data so that it can no longer reasonably be linked to an identifiable individual.

8. YOUR RIGHTS AND CHOICES

You have the following rights associated with the processing of your personal data:

8.1 Access and Control

  • Right of access You have the right to request confirmation of whether we hold any off-chain personal data about you. You may request access to such personal data at any time. If you exercise your right of access, we will provide you with a copy of the personal data we hold about you as well as information relating to its processing.
  • Right of rectification You have the right to ask us to rectify or complete any personal data in our possession that you consider to be inaccurate or incomplete.
  • Right of erasure You can ask us to delete your personal data if, for example, it is no longer necessary for the processing we carry out. We will use our best efforts to comply with your request. Please note, however, that we may have to retain some or all of your personal data if we are required to do so by applicable law or if the personal data is necessary for the establishment, exercise, or defence of our rights. Further, please note that data recorded on public blockchains (e.g., wallet addresses or transaction history on the Protocol) is immutable and cannot be deleted or altered.
  • Right to restriction of processing You may request that we restrict or limit the processing of your personal data under certain conditions (e.g., pending verification of accuracy or in case of an objection). In such cases, we will temporarily refrain from processing your personal data until necessary verifications have been made or until we comply with your requests.
  • Right to object You may object at any time, on grounds relating to your particular situation, if we use your personal data. We will then stop processing of your personal data unless there are overriding legitimate grounds for continuing to process your personal data (for example, if your personal data is necessary for the establishment, exercise, or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal. You can also object at any time to our processing of your personal data for marketing or analytics purposes.
  • Right to data portability Where applicable and technically feasible, you may request portability of the personal data you have provided us with. At your request, we will provide you with your personal data in a readable and structured format, for transfer to another service provider.
    The portability of your personal data applies only to personal data that you have provided to us or that result from your activity on the Protocol, under the condition that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with our request, we will inform you of the reasons for our refusal.
  • Right to withdraw consent You have the right to withdraw consent at any time for processing of your personal data based on consent. Withdrawing your consent prevents us from processing your personal data but does not affect the lawfulness of the processing carried out before the withdrawal.
  • Right to complain If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Information Commissioner (OIC) in the British Virgin Islands.

8.1 Access and Control

  • Unsubscribe from marketing communications
  • Opt out of non-essential analytics tracking
  • Adjust notification preferences in your account settings

8.3 Exercising Your Rights

To exercise these rights, contact us at privacy@[protocol].com with:
  • Clear identification of your request
  • Proof of identity (wallet signature or other verification)
  • Specific information about the data in question
To be able to process your request efficiently, we may ask you to provide additional information to confirm your identity and/or to help us retrieve the personal data related to your request.

9. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies and similar tracking technologies (the “cookies”) are text files that can be stored on your devices when you visit an online service such as an application or a website. Cookies are used to store information on the user’s device so that it can be accessed later.
As you navigate through and interact with the Protocol and Services, different types of cookies may be placed on your device and we may ask your consent to use those cookies. These cookies may be placed directly by us or by third parties. The data we collect automatically includes statistical and performance information arising from your use of the Protocol. This type of data will only be used by us in an aggregated or anonymized manner.
Except for cookies that are necessary for the proper functioning of the Protocol and Services, you are free to refuse the deposit of cookies on your device at any time. If you do not want cookies to be placed or read on your device and choose this option when presented to you, a refusal cookie will be stored on your device so that we can keep track of your choice. If you delete this cookie, we will no longer be able to know that you have refused the use of cookies. Similarly, when you consent to accept cookies, a consent cookie is placed on your device.
You can choose to disable cookies through your individual browser options. The settings for each browser are different. They are described in the help menu of your browser, which will enable you to know how to change your cookies preferences.

10. USER REPRESENTATIONS AND WARRANTIES

The users acknowledge and accept that:
  • Users’ interaction with any third-party services and integration, its data collection and disclosure practices are independent from the Protocol. The Protocol does not control, access, or assume liability of the data processed by these third-party providers.
  • Any interactions requiring limited, non-identifiable data processing are necessary for the proper functioning of the Services and are not retained by the Protocol.
  • Certain third-party service providers engaged through the Protocol may process data in jurisdictions outside of the user’s country of residence. Such transfers will be governed by the privacy policies of the respective third-party service providers.
  • Users are solely responsible for safeguarding their authenticating credentials, that is, passwords, private keys, recovery phrases.
  • The Protocol has no ability to restore the access of the credentials in case of failure of the users to safeguard their credentials.
  • The Protocol uses cookies and similar technologies to enhance user experience, improve the Protocol’s performance, and conduct analytics. Users can control cookie preferences through their browser settings, however, disabling certain cookies may impact the Protocol’s functionality.
  • In the event of a change in ownership, or a merger with, acquisition by, or transfer or sale of all or a portion of our assets to another entity, we reserve the right to transfer all your data including any personal data to that entity. We may use reasonable efforts to notify you of a transfer to an unaffiliated third party (by a posting on our homepage, or by email to your email address that you provided to us, as chosen by us at our discretion).

11. INTERNATIONAL DATA TRANSFERS

As our Protocol operates globally, your information may be accessed, processed, and stored in countries outside your country of residence. These jurisdictions may have different data protection laws, which may not always provide the same level of protection as the laws of your home country.
To ensure that your personal data remains protected when transferred internationally, we implement appropriate safeguards in accordance with applicable data protection laws, including (where applicable):
  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions for certain countries
  • Other legally recognized transfer mechanisms

12. CHILDREN'S PRIVACY

As provided in our Terms and Conditions, our Services are not intended for anyone who is under the age of 18 (eighteen) years or minor under their respective jurisdictions, or where the Services are being accessed (“Minor”). We do not intend to or knowingly collect any data related to a Minor. If you believe that any kind of data related to a Minor has been collected or provided to us, please contact us at [email protected].

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:
  • Publish the revised policy on our official website with a clearly indicated “Last Updated” date.
  • Provide additional notice of material changes (such as through email, in-app/protocol notifications, or community announcements) so that you are informed before the changes take effect.
  • Maintain an accessible archive of previous versions so that you may review how our practices have evolved over time.
By continuing to access or use the Protocol and Services, you are confirming you have read and understood the latest version of this Policy.

14. BLOCKCHAIN AND DECENTRALIZATION NOTICE

Important: While we strive to protect your privacy, please understand that:
  • Blockchain transactions are permanent and publicly visible
  • Smart contract interactions cannot be deleted or modified
  • Decentralized systems may have different privacy characteristics
  • Some data processing occurs outside our direct control

15. CONTACT INFORMATION

For questions about this Privacy Policy or our data practices:
Email: [email protected]
Support: [email protected]
Response Time: We aim to respond within 72 (seventy-two) hours

16. REGULATORY COMPLIANCE

This Privacy Policy complies with applicable data protection laws, including:
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable regional privacy laws
For region-specific rights and procedures, please refer to our supplemental privacy notices or contact our privacy team.
Disclaimer: This privacy policy is designed for general informational purposes. DeFi protocols should consult with legal professionals to ensure compliance with applicable laws and regulations in their specific jurisdictions.