Privacy Policy

Effective date: February 21, 2022 | Last modified: February 9, 2023

At Taho (collectively referred to as “Taho”, “we”, “us” or “our”), we respect your privacy and are committed to protecting it. This privacy policy reflects our commitment to transparency and covers all personal information collected in the use of this website and the Taho web browser extension. Our goal is to make sure you have all the data you need to make an informed decision about how to use our wallet.

Summary

• Taho offers a self-custodial wallet, which enables users to retain full control of their private keys and digital assets. Taho never has custody of, or access to, your private keys or the assets or permissions those keys control.
• Taho operations are based in the United States and follow American laws and regulations. If you live outside the United States, note that these laws and regulations could differ from those where you live.
• Taho does NOT collect or store identification data such as first name, last name, home address, passport or driver's license, or date of birth.
• Taho does NOT collect or store blockchain activity or account information, such as addresses, transactions, or balances.
• Taho collects limited usage data on our website and through our browser extension to help us improve our product and deliver on our mission. We aim to protect users by keeping the scope of this usage data to a minimum, disclosing it in detail in this policy, as well as by providing clear opt-out prompts and using open source and/or locally-hosted analytics tools.

1. Table of Contents

We cover a lot of ground in this privacy policy. Use the links below to navigate to later sections of the privacy policy of interest to you.

• Information We Collect
• How We Use Your Information
• How We Share (Disclose) Your Information
• Cookies and Automatic Data Collection Technologies
• Third Party Links
• Retention
• Data Security
• Your Rights and Choices
• International Transfers
• Children's Data
• Changes to Our Privacy Policy
• Contact Us

2. Information We Collect

When you interact with Taho, we collect only information that you provide us directly as well as limited, non-identifiable usage information that is collected automatically:

• Information you provide us - You may choose to give us information about yourself by subscribing to our newsletter, completing a survey, or contacting us via email or platforms such as Discord, Twitter, or GitHub. The scope of this information may include:
  • Contact information - Such as your email address or social media handle.
  • Survey responses - Including product feedback and broad demographic information (e.g. geographic region, years of cryptocurrency experience).
  • Correspondence - Any information you provide to us in direct correspondence, such as for technical support or employment opportunities.
  • Marketing preferences - Includes your preferences in receiving marketing from us, such as whether you would like to receive our newsletter/s and how you engage with them.
• Information we collect automatically - We automatically collect the following information using open source and/or self-hosted analytics providers such as Matomo and PostHog:
  • Product usage - Includes information about actions taken inside the Taho browser extension, such as: opening your wallet, using different features, or uninstalling your wallet. You may opt out of such tracking and delete your history anytime by going to the Settings Menu of your wallet.
  • Website activity - Includes time on site, pages visited, and referral.
  • Device info - Including your device's hardware information, operating system, platform information, browser type, and language information.
• Information we do not collect:
  • Private keys - We do not collect or store any private key information.
  • Blockchain data - We do not collect or store user addresses, transactions, or balances.
  • Identification data - We do not intentionally collect any data used for the express purpose of distinguishing individual identity, such as first name, last name, street address, date of birth, driver's license, or national identification number.
  • Protected personal data - We do not collect any Special Categories of Sensitive Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
• Personal and Aggregate Data
  • Personal Information, or personal data, means any information about an individual from which that person can be identified. We take special precautions to protect any such data that could be linked to a specific individual.
  • Aggregated Data. We may also collect, use, and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data, but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature. However, if we were to ever combine or connect Aggregated Data with personal data so that it could directly or indirectly identify you, we treat the combined data as personal data which will be protected in accordance with this privacy policy.

3. How We Use Your Information

We use the data we collect, including any personal information you provide us, in accordance with your instructions and only as the law allows. The following table includes the purpose we collect information, the type of data needed for that activity, and the lawful basis for collecting that data.

Purpose/Activity	Type of data	Lawful basis
To provide our services and protect our operations (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).	(a) Contact information (b) Correspondence (c) Product usage (d) Website activity (e) Device info	(a) Necessary for our legitimate interests (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (d) Necessary for our legitimate interests (e) Necessary for our legitimate interests
To use data analytics to improve our product, website, and overall user experience	(a) Marketing preferences (b) Product usage (c) Website activity (d) Device info	(a) User's consent (b) Necessary for our legitimate interests (c) Necessary for our legitimate interests (d) Necessary for our legitimate interests
To build and maintain our relationship with you.	(a) Contact information (b) Correspondence (c) Survey responses (d) Marketing preferences	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) User's consent (d) User's consent
To create Aggregate Data to better understand and improve user experience.	(a) Product usage (b) Website activity (c) Device info	(a) Necessary for our legitimate interests (b) Necessary for our legitimate interests (c) Necessary for our legitimate interests

We may also use your information:

• To carry out our obligations and enforce our rights.
• For additional reasons, so long as we disclose them to you at the time you choose to provide the information.

4. How We Share (Disclose) Your Information

We may share the information we collect:

• Inside the Taho organization - Including our subsidiaries, affiliates, our ultimate holding company, and its subsidiaries and affiliates.
• With partners and service providers - We may share limited information with contractors, service providers, and other third parties we use to support our business. If we offer a co-branded promotion, for instance, information may be shared with our partner.
• With your express consent - We may share your information any other time you provide us with your consent to do so.
• Stated Purpose - For additional purposes, so long as they are stated when you provide us with the information.

We may also disclose information:

• To comply with our legal obligations - To comply with any court order, law, or legal process, including responding to any government or regulatory request. To investigate suspected violations of any law, rule or regulation, or the terms or policies for our website
• Safety and security - To protect the rights, property, or safety of our business, our employees, our users, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity or fraud protection.

5. Cookies and Automatic Data Collection Technologies

Our websites may use automatic data collection technologies to distinguish you from other website users. This helps us deliver a better experience and allows us to improve our website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. For information about managing browser settings to refuse cookies, see Your Rights and Choices.
• Web Beacons, Pixel Tags, Clear Gifs. Our website pages, advertisements, and emails may contain small transparent embedded images or objects known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count website page visitors or email readers, or to compile other similar statistics such as recording website content popularity or verifying system and server integrity. For information about managing web beacons, see Your Rights and Choices.

6. Third Party Links

Some content or applications on our websites may be served by third parties, content providers, and application providers including the following:

• Third-party links. Our websites may contain links to other sites, which we do not control. Those websites have their own privacy policies and terms, and we encourage you to read those terms before interacting with third-party sites.
• User content. Our websites may allow you to upload your own content to public areas of the website. Any information you submit becomes public information, and we do not control how others may use the content you submit. We are not responsible for uses that may violate our privacy policy, the law, or your intellectual property rights.

7. Retention

We take steps to avoid collecting data that is not necessary. For example, we do not collect any personal information for Taho's browser extension, nor do we not collect unanonymized IP address on our website, nor do we do collect any information for the express purpose of identifying individuals. We will only retain your information for the period necessary to achieve purposes described in this privacy policy. Your express agreement may permit us to retain your information for a longer period. Furthermore, legal requirements may require us to retain portions or all of the data we hold for a longer period of time. When we are no longer required to retain your personal information, we will delete, erase, or de-identify your personal information as required by applicable law.

8. Data Security

The security of your data is very important to us. We use physical, digital, and administrative safeguards designed to protect your information from loss, misuse, and unauthorized access, use, alteration or disclosure. We will only retain your data for as long as reasonably necessary to fulfill the purpose of collecting it. We also require our service providers and business partners to whom we disclose the information to do the same.

However, the Internet environment is not 100% secure, and we cannot guarantee that information we collect will never be accessed in an unauthorized way.

The safety and security of your information also depend on you. You are responsible for keeping your wallet address and your personal information confidential. We ask you not to share your wallet's private key with anyone. We urge you to take care when providing information to social media accounts or message boards, which any website visitor can view.

9. Your Rights and Choices

You are empowered to make informed choices about information you provide us. We have created mechanisms to provide you with the following control over your information:

• Marketing. You may opt out of communications to your email or other contact channel from Taho, including newsletters and/or promotions, using provided opt-out links, contacting us, or by choosing to never opt into such communications.
• Product Usage. You can opt out of data analytics within the Taho browser extension through an option in your wallet's Settings menu at any time.
• Cookies and Automatic Data Collection Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.
• Accessing, Updating and Deleting Your Information. You can contact us as set forth in the Contact Us section below to request access to, correction of, or deletion of personal information that you have provided to us. We will do so with the caveat that we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or negatively affect the information's accuracy. We cannot delete personal information, if any, that has been posted to the Ethereum blockchain (or any other blockchain), through your use of a smart contract.
• California Residents. California's “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not engage in this type of disclosure.

EU/UK Residents. If you are in the European Economic Area, United Kingdom, or are otherwise subject to the General Data Protection Regulation or the UK GDPR, then this section of our privacy policy applies to you.

Data controller

The data controller is Ylvis, LLC, which can be post mailed at 2107 N. Decatur Rd. #474, Decatur, GA 94401 or emailed at [email protected].

Your data subject rights

• If you are a resident of the European Union, you have the right to:
  • Request access to your personal data, commonly known as a “data subject access request”, which allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request a correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You acknowledge we cannot correct data that has been posted to a public blockchain.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We cannot delete personal data that has been posted to a public blockchain.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • If you want us to establish the data's accuracy.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. You acknowledge you cannot withdraw consent from participating in a smart contract that has already been executed.
  • We may make automated decisions about you based on your personal information that may affect your access or services provided to you. You have the right not to be subject the automated decision making so long as the decision is not necessary for the performance of the contract with you or required by legal obligation. If the decision making is necessary, you may contest the decision and request human intervention in the decision-making process.
  • You also have a right to lodge a complaint with the relevant Data Protection Authority.
  • If you are in the European Economic Area (“EEA”), your request may be emailed to [email protected] or post mailed to Ylvis, LLC, 2107 N. Decatur Rd. #474, Decatur, GA 94401.

10. International Transfers

Taho is an international organization, and we maintain the information collected and generated in the United States that may have privacy laws that offer different levels of protection from the privacy laws of where you live. If you visit our site or use our Service, you consent to our collection, transfer, processing and use of your personal information in the United States. We will ensure that your personal information is protected by this policy and the relevant legal and regulatory requirements. If you are located in the EEA, we have put in place appropriate measures to comply with the laws and regulations to ensure that the transfer of personal data to countries outside of the EEA provides an adequate level of data protection.

11. Children's Data

Our services are not intended for or directed at minors. We do not knowingly collect personal information from children under 18. If you are under 18, do not use our Services or provide any information on this website. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us using our contact information under Contact Us.

12. Changes to Our Privacy Policy

We will post any changes we may make to our privacy policy on this page. If the changes materially alter how we use or treat your information, we will notify you through a notice on the website home page. The date the privacy policy was last revised is identified at the top of this page.

13. Contact Us

If you have any questions about our privacy policy, please contact us at [email protected].