This Privacy Policy describes how personal data may be collected, used, or handled in connection with certain interfaces, onboarding tools, and services that interact with the Haven1 protocol (the "Protocol"). The Protocol is an open-source Internet-based distributed ledger protocol (Web3) composed of many different and evolving components contributed by a wide variety of participants. Use of the Protocol is governed by the Terms and Conditions available at https://haven1.org/terms-and-conditions, and all data practices described herein are subject to the limitations and responsibilities defined therein.
1. Data Governance
Haven1 (“Haven1”, the “Association”, “we”, “us”, or “our”) is a Swiss Association with its registered address at:
c/o MJP Partners AG
Bahnhofstrasse 20
6300 Zug, Switzerland
CHE-170.6.000.560-1
Email: [email protected]
The Association supports the decentralized development and broader adoption of the Protocol. In limited cases, it may provide grants and/or contract third-party infrastructure, compliance, or operational service providers (such as cloud hosting or KYC/KYB verification services) to enable ecosystem functionality. Where appropriate, the Association may assign access or delegate use of such services to grantees or ecosystem contributors. The Association itself does not manage or operate these services directly. All services are operated by independent contributors or third-party vendors under grant or contractual arrangements.
Personal data may be collected, processed and controlled by third-party providers engaged to support the Haven1 ecosystem and Protocol, whether under grant or contract. The Association does not determine the means and purposes of processing for all interfaces or applications that interact with the Protocol.
To the extent permitted by applicable law, the Association shall not be held liable for any direct or indirect damages, losses, or claims arising out of or related to the collection, storage, or processing of personal data by independent third-party applications, contributors, or grantees operating within the Haven1 Protocol.
For any privacy-related questions or data subject rights requests, users may contact [email protected].
2. Categories of Personal Data Collected
Personal data may be collected through various means, including interaction with the Haven1 website, Protocol, affiliated dashboards, and KYC/KYB verification processes. Data collected includes:
From users directly via website forms:
Email address
Individual or Business designation
Country of residence and nationality
Region
Wallet address
Automatically via tracking tools:
IP address
Browser and device information
Location data
Behavioral data (e.g., session duration, clicks)
Via third-party KYC/KYB providers (e.g., Sumsub):
Full name
Date of birth
Government-issued identification and expiry
Selfie/biometric verification
Business documentation (where applicable)
3. Collection Methods
Personal data is collected:
Through forms hosted within the Haven1 Portal and Protocol
Via embedded or redirect-based SDKs operated by third-party verification providers
Automatically via cookies and third-party analytics/tracking scripts
Through user interactions with third-party applications built on the Protocol (subject to separate user consent)
4. Data Sharing and Third Parties
Personal data submitted for identity verification is collected and stored directly by third-party providers (e.g., Sumsub) acting as data processors in support of the Protocol. Certain data (e.g., wallet addresses and usage metadata) is recorded on the Protocol and visible publicly via explorer.haven1.org. If a user grants access to third-party applications built on the Protocol, the Association is not responsible for how these third parties collect, store, or use that data.
Haven1 or any contracted third-party infrastructure, compliance, or operational service providers (collectively, “Contracted Parties”) may share personal data with the following categories of third parties, only to the extent necessary and in accordance with applicable law:
Affiliates:
Haven1 or Contracted Parties may transfer basic user information among its affiliates and contributors as necessary to operate and support the continued development and use of the Protocol.Linked Third-Party Services:
If you connect your wallet to decentralized applications built on or interacting with the Protocol, your wallet address and other relevant data may be shared with those services. These services are independently operated and governed by their own privacy policies.Vendors and Service Providers:
Haven1 works with third-party service providers (such as KYC processors, cloud infrastructure providers, and analytics platforms) to help operate and improve the Protocol. These providers are required to process data only under Haven1's instructions and contractual terms.Professional Advisors, Partners, and Authorities:
Haven1 or Contracted Parties may share data with legal advisors, regulatory bodies, law enforcement, and ecosystem partners as necessary to:- Comply with legal obligations
- Detect, investigate, or prevent fraud and abuse
- Protect the rights, property, or safety of users, Haven1, or the broader ecosystem and Protocol
5. International Data Transfers
Personal data may be stored and processed on servers located outside Switzerland, including by infrastructure providers (e.g., AWS) and analytics tools (e.g., Google Analytics). Haven1 or Contracted Parties use only reputable vendors and implements appropriate contractual protections where applicable, such as Standard Contractual Clauses.
6. Legal Basis for Processing
Personal data is processed based on one or more of the following legal grounds:
The user’s consent
Contractual necessity (e.g., issuance of hPassport)
Legitimate interests in operating and improving the Protocol ecosystem
Compliance with legal obligations
7. User Rights Under revFADP and GDPR
Users have the following rights under the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the General Data Protection Regulation (GDPR):
Right to Access: Request access to the personal data we hold about you.
Right to Rectification: Request correction of any inaccurate or outdated data.
Right to Deletion: Request deletion of your personal data (off-chain only).
Right to Object: Object to our processing based on legitimate interests.
Right to Restriction: Request limited processing under certain conditions.
Right to Data Portability: Request a copy of your data in a structured format.
Right to Withdraw Consent: Withdraw consent at any time, where applicable.
Requests can be submitted to [email protected].
If you are located in the EU or EEA, you may also have the right to lodge a complaint with your local data protection authority.
Users located in jurisdictions with additional privacy rights (such as California or other U.S. states) should contact us at [email protected] to inquire about applicable rights.
Please note that on-chain data recorded by the Protocol is immutable and cannot be altered or deleted by Haven1. Additionally, Haven1 cannot enforce or manage user rights related to data processed by third-party applications where separate consent has been granted.
8. Data Retention
Personal data is retained only as long as necessary to fulfill its intended purpose or as required by law. Blockchain data written to the Protocol is permanent and publicly accessible. Haven1 does not retain control over how long third-party applications store or use data after user consent is provided.
9. Security
Haven1 and Contracted Parties implements reasonable and appropriate technical and organizational measures to protect personal data. These include:
Encryption of data in transit (e.g., HTTPS)
Access controls for authorized personnel
Use of secure cloud infrastructure and reputable processors
10. Use by Minors
The Protocol and associated services are not intended for individuals under the age of 18. Haven1 does not knowingly collect personal data from anyone under 18 years of age. If we become aware that personal data has been collected from a minor without appropriate authorization, we will take reasonable steps to delete such information as soon as possible.
11. Automated Decision-Making & Profiling
Haven1, the Protocol and/or third party applications or Contracted Parties may apply automated systems to restrict access to the Protocol or its components based on:
User jurisdiction or nationality
IP address or wallet metadata
Interactions with banned or malicious contracts
Known sanctions lists or politically exposed persons (PEPs)
These systems are used solely to protect the integrity of the Protocol and its ecosystem. Users may contact [email protected] to request a review of any restriction, but Haven1 does not guarantee review or reversal.
12. Cookies and Tracking Technologies
The Protocol’s website and related services use cookies and similar tracking technologies to enhance site functionality, analyze usage patterns, personalize user experiences, and support marketing efforts.
The types of cookies we may use include:
Strictly Necessary Cookies: Required for basic website functionality and cannot be disabled.
Analytics Cookies: Help us understand how users interact with the site, such as through tools like Google Analytics.
Marketing Cookies: Used to deliver ads relevant to your interests and measure the performance of marketing campaigns.
Personalization Cookies: Remember your preferences, such as language, region, or user settings, to improve your experience.
You may control your cookie preferences at any time through the “Cookie Preferences” panel available on our website. Please note that disabling certain types of cookies may impact the usability and functionality of the site.
For more information, or to update your preferences, you may contact us at [email protected]
13. Changes to This Privacy Policy
The Association may update or modify this Privacy Policy from time to time to reflect changes in applicable laws, evolving practices within the Haven1 ecosystem and Protocol, or updates to services or vendors supporting the Protocol. Any material changes will be reflected by updating the “Effective Date” at the top of this page.
We encourage users to review this Privacy Policy periodically to stay informed. Continued interaction with any services or tools referencing this Privacy Policy after changes are made constitutes acceptance of the updated terms. If you do not agree with the changes, you should discontinue use of those services.
For further information about this Privacy Policy, contact [email protected]
