Privacy Policy


Epiphyte Ltd., Bahnhofstrasse 20, 6300 Zug, Switzerland (hereinafter “Epiphyte” or “we” or “us”) is the responsible party for the processing of personal data collected through your use of our website, our web app and all of our other properties, products, and services as per the applicable data protection laws, in particular the Swiss Federal Act on Data Protection (FADP) and – if applicable to your personal data – the European General Data Protection Regulation (GDPR).

Epiphyte takes your privacy very seriously. Please read this Privacy Notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or relevant supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the Federal Act on Data Protection (FADP), which applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in Switzerland. We are responsible as ‘controller’ of that personal information for the purposes of those laws.

By submitting any personally identifiable information to us, you consent and agree that we may collect, use and disclose such personally identifiable information in accordance with this Privacy Policy, and as permitted or required by law, and may disclose the information to a third party, such as business partners, or as otherwise authorised under applicable law.

You are not legally required to provide us with any personal information and may decide to do so (or avoid doing so) at your own free will. If you do not wish to provide us with personal information, or to have it processed by us or any of our third party service providers, please do not visit our Website or use our Services.

By accessing or using the Services and/or accepting our Terms of Service, you confirm that you have read, understood, and agreed to the collection and use of your information as we have outlined in this policy. Capitalized terms used and not otherwise defined herein, shall have the respective meanings ascribed to them under our Terms of Service.

Please note that this policy only covers such information that Epiphyte collects, uses, and shares. It does not explain, nor does it cover, the collection, use and disclosure of information by any other websites, products, or services provided by others.


We may collect and use the following personal data about you:

  • Email address
  • Timestamp
  • IP address
  • Public blockchain data related to your wallet
  • Vercel region
  • User agent information such as browser, browser version, operating system
  • API endpoint
  • API path/param query


We collect most of this personal data directly from you via our Site or Services. In particular, we may collect Personal Information and/or Non-Personal Information (collectively, “Information”) during your access and/or use of the Services, including through your interactions and communications with the Services, in the following ways:

  • Information You Provide. When you access and use the Services, we may get access to Information that is shared through your use of the Services. This may include, for example, your IP address, your wallet address (public keys) or your browsing activities on our Website, your first and last name, email address and other identifiers as relevant.
  • Information Collected Automatically. When you access or use the Services, we may automatically collect Information about you, including:
    • Usage Information in connection with the Services and may collect log information about you when you access and use the Services including your IP address, time of access, browser type and language, Internet Service Provider ("ISP"), information about the applications and features you use, the content you access, and any actions taken in connection with the access and use of your content in the Services.
    • Device Information. When you access the Services from a device, we may collect information about the device, including the hardware model, operating system and version, unique device identifiers, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type).

Your personal information is required to access the Services. If you do not provide the personal information we ask for, it may delay or prevent you from accessing the Services.


Under data protection law, we can only process your personal information if we have a proper reason for doing so, e.g.:

  • to comply with our legal and regulatory obligations;
  • for providing, operating, maintaining, improving, and developing the Services;
  • for sending you transactional messages, technical notices, updates, security alerts and support and administrative messages;
  • for Identifying you, so that we can interact with you, as well as providing and delivering services and features you request, processing and completing transactions, and sending you related information;
  • for responding to your comments, questions, and requests and providing customer service and support;
  • for communicating with you about services, features, surveys, newsletters, offers, promotions, and providing other news or information about us and our partners;
  • for personalizing the Service, deriving inferences, providing content, features, and/or advertisements that match your interests and preferences or otherwise customize the Services.
  • for monitoring and analyzing trends, usage, and activities in connection with the Services for research, marketing or advertising purposes.
  • for linking or combining the Information with other information we receive from third parties to help understand your needs and provide you with better service;
  • for crime and fraud prevention, detection and related purposes;
  • for customer relations, queries, complaints or disputes and Service’s operations;
  • for internal record keeping;
  • for cybersecurity needs, fraud detection and misuse of our website; or
  • where you have given consent such as in the case of specific projects where your data is shared for reporting purposes (e.g. guest lists at events) and for targeted communications. Any special category of personal data is only processed with your explicit consent.

Epiphyte uses your information for the limited purpose of providing the Service and related functionality and services, or as otherwise specifically described in this Privacy Notice and as permitted by applicable Laws, all of which serve the legitimate interests of Epiphyte.

We do not sell or otherwise disclose personal data we collect about you, except as described in this Privacy Notice or as we disclosed to you at the time the personal data is collected. Please contact us for a detailed overview of what we use your personal data for and our reasons for doing so.


We may use your personal data to send you updates (by email, text message, telephone or post) about our Services.

We have a legitimate interest in processing your personal data for promotional and marketing purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never share it with other organisations for marketing purposes.

You have the right to opt-out of receiving promotional communications at any time by:


We routinely share personal information with:

  • third parties we use to help deliver our services to you (such as distribution mailing services, event mailing services);
  • third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
  • our banks in relation to our legal statutory obligations under Swiss law.

We only allow our service providers to handle your personal data to the extent as required to perform services on behalf of Epiphyte for you if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensuring they can only use your personal data for such purposes. We may also disclose and exchange information (a) with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, (b) to exercise our legal rights (for example in court cases), (c) for the prevention, detection, investigation of crime or prosecution of offenders; and (d) for the protection of our employees and customers.


Personal data is held by third-party service providers, representatives and agents.

Some of these third parties may be based outside the European Union. To deliver services to you, it is sometimes necessary for us to share your personal data outside the EU, e.g.:

  • with your and our service providers located outside the EU;
  • if you are based outside the EU;
  • with services providers used to provide services to our members’ legitimate interests

These transfers are subject to appropriate safeguards as outlined in the applicable data protection law.


We will keep your personal data for 6 months. To respond to any questions, complaints or claims made by you or on your behalf;

  • to show that we treated you fairly;
  • to keep records required by law.

We will not retain your personal data for longer than necessary for the purposes set out in this notice.


You have the following rights, which you can exercise free of charge:

Right of Information (Art. 25 FADP)

The right to be provided with a copy of your personal information (the right of access).

Rectification (Art. 32 para 1 FADP)

The right to require us to correct any mistakes in your personal information.

Deletion (Art. 30 & 31 FADP)

The (limited) right to require us to delete your personal information in certain situations.

Data portability (Art. 28 FADP)

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations.

To object processing and to require restricted processing (Art. 32 Abs 2FADP)

The right:

  • To object at any time to your personal information being processed for direct marketing (including profiling);
  • To object in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
  • To require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the data.

For further information on each of those rights, including the circumstances in which they apply, please contact us. If you would like to exercise any of those rights, please: email us at


We have appropriate security measures to prevent personal information from being accidentally lost, used or accessed unlawfully.

Nonetheless, we cannot guarantee a perfect and absolute security of your Information, as no method of transmission over the Internet and or electronic storage is perfectly secure or invulnerable. However, should we become aware of a security breach, we will notify any affected user, so that they can take appropriate protective steps. Such notifications shall be issued by Epiphyte in accordance with the applicable (local) laws and regulations, as well as Epiphyte’s internal policies.


We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


This privacy notice was first published on September 26, 2023 and updated on April 22, 2024. We may make periodic changes to this privacy notice. When we do we will inform you via our website and email (so long as you provide a valid email address), respectively. All changes will be effective from that date. However, in the event that any modifications to this privacy notice materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change and, where required by applicable law or as we otherwise deem appropriate, to obtain your consent.


Our Site has buttons that link to third party providers. The providers of these third-party social widgets may set cookies to collect information regarding our Site users and their interactions with the social widgets. Please review the privacy policies of the social widget providers for more information.


Please contact us by email if you have any questions about this privacy policy or the information we hold about you.

Our contact details: