Privacy Policy

Last updated: March, 2026

Your privacy is important to us. It is our policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://palmeradao.xyz/, and other sites we own and operate. Wherever possible, we have designed our website so that you may navigate and use our website without having to provide Personal Data.

This Privacy Policy describes how we, as a controller, collect, use and share your personal data. It applies to personal data you voluntarily provide to us, or is automatically collected by us.

In this policy, "we", "us" and "our" refers to Keyper Labs AG a company incorporated in Switzerland with its registered address at Neuhofstrasse 22, Baar, Switzerland. Any data protection related questions you might have about how we handle your personal data or if you wish to exercise your subject rights, please contact us by post or at general@palmeradao.xyz.

In this Policy, "personal data" means any information relating to you as an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

In this Policy, "processing" means any operation or set of operations which is performed on personal data (as defined in this Privacy Policy) or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1. Navigating this Policy

If you are viewing this policy online, you can click on the below links to jump to the relevant section:

2. Glossary

What do some of the capitalized terms mean in this policy?

  1. "Blockchain" means a mathematically secured consensus ledger such as the Ethereum Virtual Machine, an Ethereum Virtual Machine compatible validation mechanism, or other decentralized validation mechanisms.
  1. "Transaction" means a change to the data set through a new entry in the continuous Blockchain.
  1. "Smart Contract" is a piece of source code deployed as an application on the Blockchain which can be executed, including self-execution of Transactions as well as execution triggered by 3rd parties.
  1. "Token" is a digital asset transferred in a Transaction, including ETH, ERC20, ERC721 and ERC1155 tokens.
  1. "Wallet" is a cryptographic storage solution permitting you to store cryptographic assets by correlation of a (i) Public Key and (ii) a Private Key or a Smart Contract to receive, manage and send Tokens.
  1. "Recovery Phrase" is a series of secret words used to generate one or more Private Keys and derived Public Keys.
  1. "Public Key" is a unique sequence of numbers and letters within the Blockchain to distinguish the network participants from each other.
  1. "Private Key" is a unique sequence of numbers and/or letters required to initiate a Blockchain Transaction and should only be known by the legal owner of the Wallet.
  1. "Safe Account" is a modular, self-custodial (i.e. not supervised by us) smart contract-based multi-signature Wallet. Safe Accounts are open-source released under LGPL-3.0.
  1. Palmera app refers to a web-based graphical user interface for Safe Accounts as well
  1. "Safe Account Transaction" is a Transaction of a Safe Account, authorized by a user, typically via their Wallet.
  1. "Profile" means the Public Key and user provided, human readable label stored locally on the user's device or externally on our servers.

3. Your Information and the Blockchain

Certain services supported by Palmera involve interaction with public blockchain networks. Blockchains, also known as distributed ledger technologies ("DLT"), record data in blocks that are cryptographically linked together in chronological order. Once information is recorded on a blockchain, it is generally very difficult or impossible to modify or delete.

Public blockchains are decentralized systems operated by a distributed network of independent nodes. As a result, there is no single entity that controls the blockchain or has the ability to alter or remove data that has already been recorded.

When users interact with Safe smart accounts or other blockchain-based infrastructure through interfaces, tools, or services supported by Palmera, certain information may become publicly recorded on the relevant blockchain network. This may include, for example,public wallet addresses, transaction data, and other information required for blockchain transactions.

Because blockchain data is typicallypublic and immutable, it may not be possible to fully exercise certain rights under data protection laws, such as the right to erasure ("right to be forgotten"), the right to rectification, or the right to restrict processing, once data has been written to the blockchain.

Palmera does not control blockchain networks and does not have the ability to modify or delete information recorded on them. Users interact with blockchain networks using their own wallets and cryptographic credentials (such as private keys), and all blockchain transactions are initiated and authorized by the user.

In most cases, decisions to:

  • initiate blockchain transactions; and
  • share or disclose a public wallet address with Palmera or any third party

are made directly by the user.

Important Notice

Public blockchains are transparent systems. Information recorded on a blockchain may be publicly accessible and permanently stored. If you wish to avoid the possibility that your wallet address or transaction information becomes publicly visible, you should avoid interacting with blockchain networks.

4. How We Use Personal Data

4.1 When Visiting Our Website

When you visit the Palmera website (palmeradao.xyz), we may collect and process limited personal data necessary to operate the website, maintain its security, and improve our services.

This may include:

  • IP address
  • device and browser information (user agent)
  • operating system
  • referring pages and navigation paths
  • date and time of access
  • general website interaction data (such as visited pages and session duration)

This information is collected automatically through standard web technologies such as server logs and analytics tools.

The purposes of this processing include:

  • operating and maintaining the website
  • ensuring security and preventing abuse
  • analyzing website usage and improving our services
  • maintaining the stability and performance of the website

The lawful basis for this processing is ourlegitimate interest (GDPR Art. 6.1(f)) in operating and improving our website and services.

4.2 Interaction with Blockchain Infrastructure

Palmera provides infrastructure, integration, and support services related to Safe smart accounts and other blockchain-based systems.

When interacting with blockchain networks or blockchain-based tools referenced on our website, certain information may become publicly visible on the relevant blockchain network. This may include:

  • public wallet addresses
  • transaction hashes
  • smart contract addresses
  • transaction metadata required for blockchain execution

This information isnot controlled or stored by Palmera, but rather recorded directly on public blockchain networks when users interact with them through their own wallets.

Palmera may process publicly available blockchain data in limited cases to:

  • analyze network activity relevant to supported integrations
  • monitor infrastructure performance
  • troubleshoot integration issues
  • provide technical support

The lawful basis for this processing is ourlegitimate interest (GDPR Art. 6.1(f)) in operating, maintaining, and improving our infrastructure services.

4.3 Analytics and Website Improvement

We may process certain information to understand how visitors use our website and to improve the user experience.

This may include:

  • anonymized or pseudonymized IP address data
  • session data and navigation patterns
  • device type and browser type
  • general interaction metrics (such as pages visited and session duration)

Where required by law, analytics cookies will only be used after obtaining your consent through our cookie banner.

The lawful basis for this processing is:

  • your consent (GDPR Art. 6.1(a)) where cookies or tracking technologies are used; or
  • our legitimate interest (GDPR Art. 6.1(f)) in improving our website and services.

Analytics data is retained only for as long as necessary to generate aggregated insights and improve the website.

4.4 Technical Monitoring and Security

We may process technical data in order to ensure the security, availability, and reliability of our website and infrastructure.

This may include:

  • IP addresses
  • access logs
  • system activity logs
  • connection metadata
  • error reports

This processing helps us:

  • detect and prevent malicious activity
  • maintain system integrity
  • monitor service availability
  • troubleshoot technical issues

The lawful basis for this processing is ourlegitimate interest (GDPR Art. 6.1(f)) in maintaining secure and reliable systems.

4.5 Communication and Support

If you contact us through email, forms, or other communication channels provided on our website, we may process personal data such as:

  • your name
  • email address
  • company name
  • the content of your message

We process this data solely for the purpose of:

  • responding to inquiries
  • providing support
  • discussing potential services or partnerships

The lawful basis for this processing is:

  • performance of pre-contractual measures (GDPR Art. 6.1(b)), where your inquiry relates to potential services; or
  • our legitimate interest (GDPR Art. 6.1(f)) in responding to communications.

4.6 Other Uses of Personal Data

We may process personal data where such processing is necessary:

  • to establish, exercise, or defend legal claims; or
  • to comply with legal obligations to which we are subject.

The lawful basis for such processing is ourlegitimate interest (GDPR Art. 6.1(f)) in protecting our legal rights, as well as compliance with applicable legal obligations.

5. Use of Third-Party Services

Palmera may rely on certain third-party service providers to operate its website and infrastructure. These providers may process limited personal data on our behalf in order to deliver their services.

We select providers that implement appropriate security and data protection measures.

5.1 Public Blockchain Networks

Services supported by Palmera may involve interaction withpublic blockchain networks. When blockchain transactions occur, certain information may be recorded directly on the blockchain, including:

  • public wallet addresses
  • smart contract addresses
  • transaction hashes and metadata
  • token balances associated with addresses

This information isrecorded directly on the blockchain network, not stored by Palmera. Public blockchains are decentralized systems operated by independent nodes, and the data recorded on them is generally public and immutable.

Blockchain Notice

Information recorded on a public blockchain may be permanently visible and cannot typically be altered or deleted. If you are unfamiliar with blockchain technology, we recommend learning about its transparency and permanence before interacting with blockchain networks.

5.2 Cloud Infrastructure Providers

We use third-party cloud infrastructure providers to host our website and backend services. These providers may process limited technical data such as server logs and system activity information.

These providers may include:

  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)

Such processing is necessary to operate, secure, and maintain our services.

5.3 Blockchain Infrastructure Providers

In order to interact with blockchain networks and retrieve publicly available blockchain data, Palmera may use infrastructure providers that operate blockchain nodes or provide access to blockchain data.

These providers may include:

  • Infura
  • QuickNode

When querying blockchain networks, publicly available blockchain data such as the following may be processed:

  • smart contract addresses
  • transaction hashes
  • transaction metadata

This information is already publicly available on the relevant blockchain network.

5.4 Error Monitoring and Technical Diagnostics

We may use third-party monitoring tools to detect technical errors, maintain service reliability, and improve system stability.

These tools may process limited technical information such as:

  • browser type and version
  • operating system
  • anonymized or truncated IP address
  • page URL at the time of the error
  • technical error logs

Such processing is carried out solely for debugging and service reliability purposes.

5.5 Internal Communication and Collaboration Tools

Palmera uses certain third-party tools to support internal operations and collaboration. These tools may process limited personal data when users communicate with us or when we manage internal documentation.

These tools may include:

  • Slack
  • Google Workspace
  • Notion

Such tools are used solely for internal business operations and are subject to their respective privacy and security policies.

6. Sharing Your Personal Data

We may pass your information to our Business Partners, administration centers, third party service providers, agents, subcontractors and other associated organizations for the purposes of completing tasks and providing our services to you.

In addition, when we use any other third-party service providers, we will disclose only the personal information that is necessary to deliver the service required and we will ensure that they keep your information secure and not use it for their own direct marketing purposes.

7. Transferring Your data outside of the EU

Wherever possible we will choose service providers based in the EU. For those outside the EU, wherever possible we will configure data to be inside the EU. We concluded the new version of the Standard Contractual Clauses with these service providers (2021/914).

Service providers in the US:

  • Amazon Web Service Inc.
  • Google LLC
  • Data Dog Inc.
  • Slack Technologies LLC
  • Notion Labs Inc.
  • ConsenSys Software Inc.

Service providers in other countries outside of the EU:

  • Tenderly d.o.o. is based in Serbia.
  • QuikNode, Inc is based in US

BLOCKCHAIN TRANSFER NOTICE:

HOWEVER, WHEN INTERACTING WITH THE BLOCKCHAIN, AS EXPLAINED ABOVE IN THIS POLICY, THE BLOCKCHAIN IS A GLOBAL DECENTRALIZED PUBLIC NETWORK AND ACCORDINGLY ANY PERSONAL DATA WRITTEN ONTO THE BLOCKCHAIN MAY BE TRANSFERRED AND STORED ACROSS THE GLOBE.

8. Existence of Automated Decision-making

We do not use automatic decision-making or profiling when processing Personal Data.

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Your Rights as a Data Subject

Under applicable data protection laws, includingRegulation (EU) 2016/679 (General Data Protection Regulation – GDPR), you have certain rights regarding the personal data we process about you.

If you wish to exercise any of these rights, you may contact us at:

general@palmeradao.xyz

We will respond to requests in accordance with applicable data protection laws.

10.1 Right of Access

You have the right to request confirmation as to whether we process personal data about you and, where that is the case, to request access to that data and additional information about how it is processed.

10.2 Right to Rectification

You have the right to request that inaccurate or incomplete personal data about you be corrected or updated.

If you believe the information we hold about you is incorrect, please contact us and we will take reasonable steps to correct it.

10.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request that we delete your personal data where:

  • the data is no longer necessary for the purposes for which it was collected
  • you withdraw consent where processing is based on consent
  • you object to the processing and no overriding legitimate grounds exist
  • the data has been processed unlawfully
  • erasure is required to comply with a legal obligation

However, we may retain personal data where processing is necessary for:

  • compliance with legal obligations
  • the establishment, exercise, or defense of legal claims
  • legitimate business purposes permitted under applicable law

Blockchain Limitation

Where personal data has been written to apublic blockchain, deletion may not be technically possible. Public blockchains are decentralized and immutable systems, meaning data recorded on them generally cannot be altered or deleted.

In such cases, we will ensure thatany personal data stored or controlled by Palmera is deleted, but we cannot remove information recorded on the blockchain.

10.4 Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances, including where:

  • you contest the accuracy of the data
  • processing is unlawful but you oppose deletion
  • we no longer require the data but you need it for legal claims

Blockchain Limitation

If personal data has been recorded on a blockchain network, it may not be possible to prevent third parties from processing or accessing that data due to the decentralized nature of blockchain systems.

10.5 Right to Data Portability

Where processing is based on your consent or on a contract with you, you have the right to receive the personal data you provided to us in astructured, commonly used, and machine-readable format, or request that it be transmitted to another controller where technically feasible.

10.6 Right to Object

You have the right to object to processing of your personal data where the legal basis for processing is ourlegitimate interests.

You may also object to the use of your personal data fordirect marketing purposes at any time.

10.7 Right to Withdraw Consent

Where the processing of your personal data is based on your consent, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

10.8 Right to Lodge a Complaint

If you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with adata protection supervisory authority, in particular in the EU Member State of your residence, place of work, or where the alleged infringement occurred.

You may also contact us directly and we will do our best to resolve your concerns.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Retention periods may vary depending on the type of data and the purpose of processing. In some cases, we may retain data for longer periods where necessary to:

  • comply with legal obligations
  • resolve disputes
  • enforce agreements
  • protect our legal rights

Where possible, personal data will be deleted, anonymized, or securely archived once it is no longer required.

12. Children's Data

Our website and services arenot intended for individuals under the age of 18.

We do not knowingly collect personal data from children. If we become aware that personal data has been collected from a person under the age of 18 without appropriate authorization, we will take steps to delete such data.

If you believe that a child has provided personal data to us, please contact us at:

general@palmeradao.xyz

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • legal or regulatory requirements
  • changes to our services
  • updates to our data processing practices

When we update this Privacy Policy, we will revise the“last updated” date at the top of the document.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Continued use of our website after changes to this Privacy Policy constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, you may contact us at:

Keyper Labs AG

Neuhofstrasse 22

6340 Baar

Switzerland

Email: general@palmeradao.xyz