Effective date: February 21, 2023
Thanks for entrusting HASH, Inc. or HASH, Ltd. (the “Block Protocol”, “we”, "us" or "our") with your your projects and personal data. This Privacy Statement explains our practices regarding the collection, use, and disclosure of your data, including any personal data we collect and process in connection with our website and any applications, software, products, and services provided by the Block Protocol, including any Beta Previews (collectively, the “Service(s)”).
All capitalized terms have their definition in the Block Protocol Terms of Service, unless otherwise noted here.
We use your personal information as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, you have the same high standard of privacy protection when using the Block Protocol's services as all our users around the world, regardless of their country of origin or location.
Section | What can you find there? |
---|---|
Who is responsible for the processing of your information | Subject to limited exceptions, HASH, Inc. is the controller and entity responsible for the processing of your personal data in connection with the Website or Service if you are in North America. For individuals outside North America the data controller is HASH, Ltd. |
What information Block Protocol collects | Block Protocol collects information directly from you for your registration, payment, transactions, and user profile. We also automatically collect from you your usage information, cookies, and device information, subject, where necessary, to your consent. Block Protocol may also collect personal data from third parties. We only collect the minimum amount of personal data necessary to provide innovative services and personalized experiences, unless you choose to provide more. |
How Block Protocol uses your information | In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security and compliance purposes, and to improve our Website or Service or develop new features and functionality of our Website or Service. We also describe the legal basis upon which we process your information, where legally required. |
How we share the information we collect | We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not display advertising on the Block Protocol. |
Your choices regarding our processing of your personal data | We provide ways for you to access, alter, or delete your personal information. |
Cookies and tracking technologies | Except for some of the cookies used on our Enterprise Marketing Pages, we only use strictly necessary cookies to provide, secure, and improve our Website or Service or develop new features and functionality of our Website or Service. As described below, we may use non-essential cookies on certain pages of our website to support our enterprise marketing efforts and market our products and services to enterprise customers, for example on hash.ai/resources (collectively “Enterprise Marketing Pages”). We offer a page that makes all uses of cookies very transparent. |
How Block Protocol secures your information | We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal data on the Block Protocol service and to protect the resilience of our servers. |
Communication preferences | We communicate with you by email. You can control the way we contact you in your account settings, or by contacting us. |
Resolving complaints | In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution. |
Changes to our Privacy Statement | We notify you of material changes to this Privacy Statement 30 days before any such changes become effective. You may also track changes in our public blockprotocol Git repository. |
Contacting Block Protocol | Please feel free to contact us if you have questions about our Privacy Statement. |
The data controller of your personal data is HASH, Inc. For individuals outside North America, the data controller is HASH, Ltd.
This privacy statement does not apply to personal data we process as a service provider or data processor on behalf of our enterprise customers. Our data processing activities as service provider or data processor is governed by our Data Protection Agreement. If you are an end-user of one of those organizations, such as an employee or student, you should read that organization’s privacy statement and direct any privacy inquiries to that organization.
In some cases, Block Protocol is acting only on your behalf for the personal data we collect and process in connection with our Service (for example, for personal data added to a block by any of its contributors). In such cases, Block Protocol will only process the data in order to provide, protect, and improve Service. Please note that subject to our Private Information Removal Policy requests to remove personal data generally require notice to and action from the workspace's owner or the information's original creator or uploader.
The personal data we collect depends on how you interact with us, the services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our Service, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.
We collect personal data you provide to us. For example:
We collect information such as your name and contact data, including username and email address, as well as authentication data during account creation.
In some cases, we request that you provide age, gender, and similar demographic details.
If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.
We collect any code, text, photographs, documents, or other files, including videos or recordings, you upload to or create using our Service; and if you send us email messages or other communications, we collect and retain those communications. For example, you may choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. Please note that your profile information may be visible to other Users of our Service.
We collect any feedback or ratings you provide, including through written communications and via surveys.
When you visit or use our Service, we collect some information automatically. For example:
If you have a paid Account or subscription with us, or make a purchase or sale using our Service, we automatically collect certain information about your transactions on the Service, such as your full name, address, region, state, country, postal or ZIP Code, the date, time, and amount charged.
If you're accessing or using our Service, we may automatically collect information about how you use and how your device interacts with the Service, such as the pages you view, the referring site, your IP address and information about your device, session information, the date and time of each request, device type and ID, operation system and application version, information contained in or relating to your contributions to individual workspaces, listings and projects, and telemetry data (i.e., information about how a specific feature or service is performing) regarding your use of other features and functionality of the Service. As further described below, we automatically collect usage information and interaction data using cookies (which may use a cookie ID), depending on your settings or preferences, in connection with our Service.
In connection with certain features and depending on the functionality of the Service, we collect geolocation information such as through IP addresses or the location information you choose to provide in your Account profile.
We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.
Other companies with whom you choose to engage. Block Protocol may collect personal data about you from third parties. For example, this may happen if you sign up for training or to receive information about Block Protocol from one of our vendors, partners, or affiliates.
Service Providers. We may also receive information from processors or service providers who process the data on our behalf, such as our payment processor who process payment and billing information in connection with our Service.
Content you post on our Service. Information you store in, or contribute to, a public Block Protocol Hub listing, provide for use in connection with a Community Feature or make otherwise publicly available through the Service will be collected by Block Protocol as described in this Privacy Statement. Such information may also be available to the Block Protocol user community as well as the general public.
Co-branding/marketing partners. We may receive information from partners with which we offer co-branded services or engage in joint marketing activities.
Publicly available sources. We may also obtain information from publicly available sources as blocks, graphs, types or entities.
When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.
We may use your information to provide, administer, analyze, manage, and operate our Service. For example, we use your information for the following purposes:
We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
We share personal data as described below, including with your consent or as necessary to complete your transactions or provide the services you have requested or authorized. In addition, we may share each of the categories of your personal data described above with the types of third parties described below for the following business purposes:
You may select options available through our Service to publicly display and share your name and/or username and certain other information, such as your profile, demographic data, content and files, or geolocation data.
Please note that if you would like to compile Block Protocol data, you must comply with our Terms of Service regarding information usage and privacy, and you may only use any public-facing information you gather for the purpose for which our user authorized it. For example, where a Block Protocol user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for the purposes of sending unsolicited emails to users or selling personal information, such as to recruiters, headhunters, and job boards, or for commercial advertising. We expect you to reasonably secure information you have gathered from Block Protocol, and to respond promptly to complaints, removal requests, and "do not contact" requests from Block Protocol or Block Protocol users.
We share your personal data with third party applications when you tell us to do so. For example, if you purchase an application listed on our store, we share your username to allow the application developer to provide you with services. You can enable or add third-party applications, known as "Developer Products," to your Account. These Developer Products are not necessary for your use of Block Protocol. We will share your personal data with such third-party applications when you ask us to; however, you are responsible for your use of the third-party Developer Products and for the amount of personal data you choose to share with it.
You may indicate, through your actions on Block Protocol, that you are willing to share your personal data with Organizations, as defined in Block Protocol's Terms of Service, who also use the Services. If you collaborate on or become a member of an Organization, then its Account owners may receive your personal data, for example by having the ability to view your activity in the Organization’s access log.
When you accept an invitation to an Organization, you will be notified of the types of information owners may be able to see. Please contact the Account owners for more information about how they might process your personal data in their Organization and the ways for you to access, update, alter, or delete your personal data stored in the Account.
We share your personal data with service providers who process the information on our behalf to provide or improve our Service. For example, our service providers may perform payment processing, customer support ticketing, network data transmission, web analytics, marketing operations, security, online advertising, and other similar services. Our service providers may process data in your region, in the United States, or in any other country where they operate facilities.
Such processing by service providers and any related cross border data transfers will be in compliance with applicable law.
We enable access to personal data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems, when affiliates provide services on our behalf, or where access is needed to operate and provide the Service.
We will disclose personal data if we believe it is necessary to:
Block Protocol may disclose personal data or other information we collect about you to law enforcement or other governmental agencies if required in response to a valid legal process. For more information about our disclosure in response to legal requests, see our Guidelines for Legal Requests of User Data.
We may share your personal data if we are involved in a merger, sale, or acquisition of corporate entities or business units as described in this Privacy Statement.
Please note that some of the features on our Service include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy statements.
Finally, we may share de-identified information in accordance with applicable law.
We provide choices about the personal data we collect about you. The choices you make will not apply to any personal data associated with an Organization under your Account.
Access, correction, and deletion. If you're a Block Protocol user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting Support. You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, by changing your cookie preferences, or by contacting Support.
We retain and use your information as described in this Privacy Statement, but barring legal requirements, we will delete your full profile within 90 days of your request. After an account has been deleted, certain data, such as forked entities or types, contributions to other Users' entities or types, and comments in others' workspaces, will remain. Where possible we will delete or de-identify your personal data, including your username, from the author field of entities, types, and comments by associating them with a ghost user. However, we may be unable to change or delete data certain aspects of an entity or type's history — as the graph is designed to maintain an immutable record — but we do enable you to control what information you put in that record.
If Block Protocol processes personal data other than your profile information, such as information about you Block Protocol receives from third parties, then you may, subject to applicable law, access, update, alter, delete, object to or restrict the processing of your personal data by contacting Support.
You can adjust the settings on your Account regarding the display of your personal data in private or public graphs or personal data processed in connection with Community Features by modifying your profile settings.
Additionally, if you are unable to access certain personal data we have via the means described above, you can request access by contacting Support.
Data portability is one of our core tenets, which we refer to internally as our "non-negotiable principle". As a Block Protocol User, you can always take your data with you. You can download your data and the information we have about you at any time, and you can use the Block Protocol's open-source code and standards without relying on the Block Protocol's hosted services.
We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we respond to you via email. You have control over how your email address is used and shared with other Users on and through our Service. You may manage your communication preferences from your personal notification settings page.
Depending on these settings, Block Protocol may occasionally send notification emails, for example, about changes to endpoints, blocks or types that you're using, new features, requests for feedback, important policy changes, or to offer customer support. We may also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an “unsubscribe” link located at the bottom of each of the marketing emails we send you.
Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications.
Block Protocol uses cookies to provide, secure and improve our Service or to develop new features and functionality of our Service. For example, we use them to (i) keep you logged in, (ii) remember your preferences, (iii) identify your device for security and fraud purposes, including as needed to maintain the integrity of our Service, (iv) compile statistical reports, and (v) provide information and insight for future development of the Block Protocol. We provide more information about cookies on the Block Protocol that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies.
For Enterprise Marketing Pages, we may also use non-essential cookies to (i) gather information about enterprise users’ interests and online activities to personalize their experiences, including by making the ads, content, recommendations, and marketing seen or received more relevant and (ii) serve and measure the effectiveness of targeted advertising and other marketing efforts. If you disable the non-essential cookies on the Enterprise Marketing Pages, the ads, content, and marketing you see may be less relevant.
Our emails to users may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email communications more effective and to make sure we are not sending you unwanted email.
The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. You may be able to delete cookie data as described here.
We use cookies and similar technologies, such as web beacons, local storage, and mobile analytics, to operate and provide our Services. When visiting Enterprise Marketing Pages, like hash.ai/resources, these and additional cookies, like advertising IDs, may be used for sales and marketing purposes.
Cookies are small text files stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
Web beacons are electronic images (also called “single-pixel” or “clear GIFs”) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content.
Mobile identifiers for analytics can be accessed and used by apps on mobile devices in much the same way that websites access and use cookies. When visiting Enterprise Marketing pages, like hash.ai/resources, on a mobile device these may allow us and our third-party analytics and advertising partners to collect data for sales and marketing purposes.
We may also use so-called “flash cookies” (also known as “Local Shared Objects” or “LSOs”) to collect and store information about your use of our Services. Flash cookies are commonly used for advertisements and videos.
The Block Protocol Services use cookies and similar technologies for a variety of purposes, including to store your preferences and settings, enable you to sign-in, analyze how our Services perform, track your interaction with the Services, develop inferences, combat fraud, and fulfill other legitimate purposes. Some of these cookies and technologies may be provided by third parties, including service providers and advertising partners. For example, our analytics and advertising partners may use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) related to your online activities over time and across Services for various purposes, including targeted advertising. Block Protocol will place non-essential cookies on pages where we market products and services to enterprise customers, for example, on hash.ai/resources.
We and/or our partners also share the information we collect or infer with third parties for these purposes.
The table below provides additional information about how we use different types of cookies:
Purpose | Description |
---|---|
Required Cookies | Block Protocol uses required cookies to perform essential website functions and to provide the services. For example, cookies are used to log you in, save your language preferences, provide a shopping cart experience, improve performance, route traffic between web servers, detect the size of your screen, determine page load times, improve user experience, and for audience measurement. These cookies are necessary for our websites to work. |
Analytics | We allow third parties to use analytics cookies to understand how you use our websites so we can make them better. For example, cookies are used to gather information about the pages you visit and how many clicks you need to accomplish a task. We also use some analytics cookies to provide personalized advertising. |
Social Media | Block Protocol and third parties use social media cookies to show you ads and content based on your social media profiles and activity on Block Protocol’s websites. This ensures that the ads and content you see on our websites and on social media will better reflect your interests. This also enables third parties to develop and improve their products, which they may use on websites that are not owned or operated by Block Protocol. |
Advertising | In addition, Block Protocol and third parties use advertising cookies to show you new ads based on ads you've already seen. Cookies also track which ads you click or purchases you make after clicking an ad. This is done both for payment purposes and to show you ads that are more relevant to you. For example, cookies are used to detect when you click an ad and to show you ads based on your social media interests and website browsing history. |
You have several options to disable non-essential cookies:
Any Block Protocol page that serves non-essential cookies will have a link in the page’s footer to cookie settings. You can express your preferences at any time by clicking on that linking and updating your settings.
Some users will also be able to manage non-essential cookies via a cookie consent banner, including the options to accept, manage, and reject all non-essential cookies.
These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.
We retain personal data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, we may retain your personal data for longer periods, where necessary, subject to applicable law, for security purposes.
Block Protocol takes reasonable measures necessary to protect your personal data from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of your personal data. To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
In addition, if your account contains private or unpublished information, you control the access to that Content. Block Protocol personnel do not access private information except:
Block Protocol personnel access to private information is continuously logged and regularly audited. Block Protocol will provide notice regarding private project and data access unless prohibited from doing so by law, or if in response to a security threat or other risk to security.
Block Protocol may store and process your personal data in your region, in the United States, and in any other country where Block Protocol or its affiliates, subsidiaries, or service providers operate facilities.
We transfer personal data from the European Union, the United Kingdom, and Switzerland to other countries, some of which have not yet been determined by the European Commission to have an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, such as the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914, to help protect your rights and enable these protections to travel with your data. You may request a copy of the Standard Contractual Clauses using the contact details provided below.
If you have a privacy inquiry or concerns about the way the Block Protocol is handling your personal data, please let us know immediately. We want to help. For the fastest response time, you can get in touch with us by filling out our contact form. We will respond promptly.
Our addresses are:
Block Protocol Privacy Team:
HASH, Inc. Attn: Block Protocol Privacy Team 2109 Broadway Unit 1141 New York, NY 10023 United States
Block Protocol Data Protection Officer:
HASH, Ltd. Attn: Block Protocol Data Protection Unit 2, 1 Shelton Street London, WC2H 9JN United Kingdom
In the unlikely event that a dispute arises between you and the Block Protocol regarding our handling of your personal data, please email us directly at [email protected] with the subject line "Privacy Concerns". We will respond promptly and do our best to resolve the dispute.
Additionally, you may have the right to file a complaint with your local data protection or privacy agency or supervisory authority.
Block Protocol may change this Privacy Statement from time to time for a variety of reasons, including to comply with new laws and regulations, to cover new features and functionality, and to increase transparency. We will provide notice of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by displaying to Users a notification modal, posting a notice on our homepage or sending email to the primary email address specified in your Block Protocol account. We will also reflect all changes to this policy under the accessible version history of this page.
Questions regarding Block Protocol's Privacy Statement or information practices should be directed to our privacy team via the Block Protocol contact form.
If you are in the European Economic Area, we process your personal data in accordance with applicable laws, and the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:
To make such requests, please use the contact information provided within this statement. When we are processing data on behalf of another party (i.e., where Block Protocol is acting as a data processor) you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
If you are a U.S. resident, we process your personal data in accordance with applicable U.S. state data privacy laws, including the California Consumer Privacy Act (CCPA). This section of our Privacy Statement contains information required by the CCPA and other U.S. state data privacy laws and supplements our Privacy Statement.
Sale. We do not sell your personal data. So, we do not offer an opt-out to the sale of personal data.
Share. We may “share” your personal data for targeted advertising purposes. You may opt out of sharing data for cross-contextual advertising purposes, and make additional privacy choices on Block Protocol’s Enterprise Marketing pages by selecting or deselecting cookies from our Cookies page. Here are the categories of personal data shared over the past 12 months with additional details.
Categories of Personal Data Shared | Categories of Recipients | Business or commercial purpose for sharing |
---|---|---|
Usage information and Interactions | Advertisers | To support Block Protocol’s enterprise marketing efforts |
Rights. You have the right to request that we (i) disclose what personal data we collect, use, disclose, share, and sell, (ii) delete your personal data, (iii) correct your personal data, and (iv) restrict the use and disclosure of your sensitive data, and (v) opt-out of future “sharing” of personal data for targeted advertising purposes. You may make these requests yourself or through an authorized agent. If you use an authorized agent, we provide your agent with detailed guidance on how to exercise your privacy rights.
Please see Your choices regarding our processing of your personal data section of the Block Protocol Privacy Statement for additional information on how to exercise these rights. You can use the Block Protocol Service to access and download your data at any time.
If you have a Block Protocol account, you must exercise your rights through the tools provided, which requires you to log in to your Block Protocol account. If you have an additional request or questions after logging in, you may contact Block Protocol Support.
If you do not have an account, you may exercise your rights by contacting us as described above. We may ask for additional information to validate your request before honoring the request. To submit a request based on these rights, you can also contact us via our Support form.
You may opt-out of “sharing” information for cross-contextual behavioral advertising purposes, and make additional privacy choices related to Block Protocol’s Enterprise Marketing pages by managing your cookie preferences on our Cookies page. You have a right not to receive discriminatory treatment if you exercise your privacy rights, and we will not discriminate against you if you exercise your privacy rights.
Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by emailing [email protected]. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.
California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To remove content or information you have publicly posted, please submit a Private Information Removal request. Alternatively, to request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed via the Block Protocol Support form. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances. If you have any questions about our privacy practices with respect to California residents, please reach out to us via our contact form.
The table below contains information about the categories of personal information we collect, our purposes of processing, and the categories of third-party recipients with whom we share the personal information. Please read this document in full for more details, including a description of the data included in each category.
Category of Personal Data | Sources of Personal Data | Purposes of Processing | Recipients |
---|---|---|---|
Registration information | Users and customers who use create an account | Provide and personalize our Services; authenticate and provide account access; respond to user and customer questions; help, secure, and troubleshoot; honor users rights; and marketing | Service providers and user-directed entities |
Demographic information | Users and customers, third-party data brokers | Provide and personalize our Services; product improvement and development; help, secure, and troubleshoot; and marketing | Service providers and user-directed entities |
Payment and billing information | Users and customers, financial institutions | Transact commerce; provide our Services; process transactions; fulfill orders; help, secure, and troubleshoot; and detect and prevent fraud | Service providers and user-directed entities |
Content and files | Users and customers | Provide our Services; safety; compliance; and help, secure, and troubleshoot; honor user rights | Service providers and user-directed entities |
Feedback and ratings | Users and customers | Provide our Services; product improvement; product improvement and development; marketing; customer support; and help, secure, and troubleshoot | Service providers and user-directed entities |
Transaction information, subscription and licensing data | Users and customers | Provide, personalize, and activate our Services; customer support; help, secure, and troubleshoot; and marketing | Service providers and user-directed entities |
Usage information and Interactions | Users, customers, website visitors | Provide and personalize our Services; product improvement and development; marketing; and help, secure and troubleshoot | Service providers and user-directed entities |
Geolocation information | Users, customers, website visitors | Provide and personalize our Services; product improvement and development; marketing; and help, secure and troubleshoot | Service providers and user-directed entities |
Categories of Sensitive Data. We may collect, process, or disclose certain personal data that qualifies as “sensitive data” under applicable U.S. state data privacy laws. For example, this data may be collected if you participate in a survey, share it in your account profile, or are engaged in certain community-focused graphs or workspaces. Sensitive data is a subset of personal data. In the list below, we outline the categories of sensitive data we collect, the sources of the sensitive data, our purposes of processing, and the categories of third-party recipients with whom we share the sensitive data. Please see the "What information Block Protocol collects" section for more information about the sensitive data we may collect.
Sensitive Data Type | Purposes of Processing | Recipients |
---|---|---|
Account log-in, financial account, debit or credit card number, and the means to access the account (security or access code, password, credentials, etc.) | Transact commerce; process transactions; fulfill orders; provide our Services; help, secure, and troubleshoot; and detect and prevent fraud | Service providers and user-directed entities |
Racial or ethnic origin, religious or philosophical beliefs, or union membership | Provide and personalize our products; product development; help, secure, and troubleshoot; and marketing | Service providers and user-directed entities |
Medical or mental health, sex life, or sexual orientation | Provide and personalize our products; product development; help, secure, and troubleshoot; and marketing | Service providers and user-directed entities |
Contents of your mail, email, or text messages (where Block Protocol is not the intended recipient of the communication) | Provide our products; safety; compliance; and help, secure, and troubleshoot | Service providers and user-directed entities |
Block Protocol asks your consent to collect and process your sensitive data or does so at your direction. We do not use or disclose your sensitive data for purposes other than the following:
The charts above contain the primary sources, purposes of processing, and recipients for each category of personal data. We use the categories of personal information described above for the purposes listed in the "How Block Protocol uses your information" section of our Privacy Statement, such as meeting our legal obligations, improving our internal operations, and doing research. We also disclose the categories of personal information listed above for business or compliance purposes. Please see the "How we share the information we collect" section of our Privacy Statement for additional details.
Not in a Position to Identify Data. In some situations Block Protocol may process data in a state called Not in a Position to Identify Data (NPI) or de-identified data. Data is in this state when we are not able to link data to an individual to whom such data may relate without taking additional steps. In those instances, and unless allowed under applicable law, we will maintain such information in an NPI state, and will not try to re-identify the individual to whom NPI data relates.
Disclosures of personal data for business or commercial purposes. As indicated in the "How we share the information we collect" section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. We also disclose the categories of personal information listed above for business purposes. Please see the "How we share the information we collect" section of our Privacy Statement for additional details.
Parties that control collection of personal data. In certain situations, we may allow a third party to control the collection of your personal data. For example, on our Enterprise Marketing Pages, advertisers may be the controllers of information they collect through their cookies.
We use the categories of personal information described above for the purposes listed in the "How Block Protocol uses your information" section of our Privacy Statement. We also disclose the categories of personal information listed above for business purposes. Please see the "How we share the information we collect" section of our Privacy Statement for additional details.