PRIVACY POLICY
Last updated as on Jan 24, 2024
PISTACHIO FI INC. (HEREINAFTER REFERRED AS “PISTACHIO”, “WE”, “US”, OR “OUR”) GIVES UTMOST IMPORTANCE TO THE USER’S ("USER", "YOU" OR "YOUR") PRIVACY AND THE PROTECTION OF YOUR PERSONAL DATA. THROUGH THIS PRIVACY POLICY, YOU WILL BE ABLE TO UNDERSTAND WHICH PERSONAL DATA WE COLLECT, HOW AND WHY WE PROCESS PERSONAL DATA AND HOW CAN YOU PRACTICE YOUR RIGHTS PERTAINING TO YOUR PERSONAL DATA.
The Policy is combined into and read with the Terms and Conditions (here)
Personal data
Depending on whether and how you use our Platform, we will collect, use, store and transfer different kinds of personal data about you, which we have grouped in categories as follows:
IDENTITY DATA
1. Name
2. Surname
3. Display Name
4. Social media accounts information
CONTACT DATA
1. email address
2. phone number
FINANCIAL DATA
1. virtual currency accounts
2. digital wallet/blockchain address(es)
3. stored value accounts
4. amounts associated with accounts
5. external account details
TRANSACTIONAL DATA
1. internet connectivity data
2. internet protocol (IP) address
3. login data
4. browser type and version
5. device type, category, and model
6. time zone setting and location data
7. browser plug-in types and versions
8. operating system and platform
9. other technology or information stored on the devices you allow us to access to when you visit or use the Platform
PROFILE DATA
1. your username
2. your identification number as our user
3. requests by you related to products or services
4. your feedback and review
5. your interests, preferences, and feedback
6. other information generated by you when you communicate with us, for example when you address a request to our customer support
USAGE DATA
1. information about how you use the Platform and other offerings made available by us, including:
a) interaction type and time
b) event time, name, and source
MARKETING AND COMMUNICATIONS DATA
1. your preferences in receiving marketing from us or third parties
2. your communication preferences
3. your cookie records
4. your survey responses
Certain types of sensitive personal data are subject to additional protection under the Personal Data Protection Act 2012. They are called “special categories” of personal data. We do not process special categories of personal data (such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs).
Purposes of this processing
General
We process your Personal Data to:
facilitate the creation of and secure your account;
identify you as a user in our system;
provide you with our service, including, but not limited to, helping you view, explore our tools;
improve the administration of our service and quality of experience when you interact with our service, including, but not limited to, by analyzing how you and other users find and interact with our service;
provide customer support and respond to your requests and inquiries;
investigate and address conduct that may violate our Terms of Service;
detect, prevent, and address fraud, violations of our terms or policies, and/or other harmful or unlawful activity;
send you a welcome email to verify ownership of the email address provided when your account was created;
send you administrative notifications, such as security, support, and maintenance advisories;
send you notifications, service messages, e-mails related to actions on our services, your transactions, your account, maintenance and support;
send you newsletters, promotional materials, and other notices related to our services or third parties' goods and services;
address your feedback and review regarding the Platform, publish your publicly available feedback and review on the Platform as reference to other users;
comply with applicable laws, cooperate with investigations by law enforcement or other authorities of suspected violations of law, and/or to pursue or defend against legal threats and/or claims; and
for any other necessary reason, which we may describe explicitly, when you provide us with your personal data.
Feedback and Review
Your name, feedback and review regarding the Platform that you have published on and/or you made publicly available through our Platform or any other platforms or consented to be shared with us may be published and shared with other users on the Platform. You can write to us to remove your feedback or review at any time by contacting the above mentioned contact person.
Transactional Service Messages and Notifications
You will receive administrative notifications, service messages, e-mails related to actions on our services, your transactions, your account, maintenance, and support. You will get a welcome e-mail for verification and e-mails including instructions and support messages on using the Platform once you are registered to the Platform.
Marketing
You will receive marketing communications from us if you have requested information from us and consented to receive marketing communications. We will use your Contact Data and Marketing and Communications Data for our respective activities. We will get your opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
Further, you can let us know directly that you prefer not to receive any marketing messages by emailing to our above mentioned address.
Where you opt out of receiving marketing messages, this will not apply to service messages which are directly related to the use of our services (e.g., maintenance, change in the terms and conditions and so forth).
Lawful Basis
We will only use your personal data when the applicable legislation allows us to. In other words, we ensure that we have a lawful basis for such use.
Most commonly, we will use your personal data in the following circumstances:
performance of a contract: means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; we use this basis for provision of our services;
legitimate interests: means our interests (or those of a third party), where we make sure we use this basis as far as your interests and individual rights do not override those interests;
consent: means freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you; under specific circumstances this consent should be explicit – if this is the case, we will ask for it explicitly.
How we collect your personal data
We mostly collect your personal data directly from you through data collection forms over the Platform if you use our services or contact us. We also automatically collect your data as you access and use our Platform.
We use cookies and other technologies that collect your personal data on our Platform. Browsers often automatically permit the use of cookies. You can change your browser settings to manage the use of cookies. You can disable and delete cookies that are not necessary and change your cookie preferences. Your visits to and use of our Platform will not be hindered if you change your cookie settings and disable optional cookies, however, you may not be able to fully enjoy certain functionalities of the Platform.
We use MixPanel to track user behavior anonymously.
Pistachio shall track at the backend if a User sends an invite to its contacts. The details of the invited contact are as well stored by Pistachio in the form of hash or otherwise. Pistachio shall ask access to the User’s cloud storage to store seed backup, however, Pistachio does not save any information about the cloud of the User.
We may also obtain information about you from third party CRAs, especially for risk assessment purposes.
Third parties whom the personal data is shared with
We may share your personal data with public authorities and institutions if we are required by laws, regulations or other legal obligations to do so. We also share your personal data with our business partners within the context of the above purposes and legal grounds, in order to be able to provide our services over the Platform.
Transfers to third countries or international organizations
Your personal data may be transferred to and stored on servers located in other countries and jurisdictions, especially through our business partners in certain cases. Certain countries have been approved as providing adequate protection and therefore no additional safeguards are required with respect to transfers to these countries. For countries which have not been approved as providing adequate protection, international transfers are carried out through providing suitable safeguards within the framework of Standard Contractual Clauses or derogations.
Retention periods and erasure
We will keep your personal data during the period of your contractual relationship with us, extended by the applicable limitation periods.
In cases where we process personal data in accordance with our legal obligations, we will keep your personal data for the duration of such obligation.
On the expiry of the applicable data retention period, we will erase or irrevocably anonymize your personal data.
You understand that your wallet address and transactions will be kept and may be tracked on blockchain.
Technical and organizational security measures
We give reasonable care to protect your personal data from unauthorized access, use, and disclosure.
Pistacho is committed to utmost confidentiality and security of User data using multi-layered security architecture. Our cloud-based servers reside in data centers that adhere to industry-standard physical security measures, including biometric scanning and 24/7 surveillance. For online protection, we deploy Cloudflare for firewall and load balancing, safeguarding against DDoS attacks and ensuring high availability. Data encryption is achieved through bcrypt for password hashing and AES-256 GCM for encrypting sensitive information. Additionally, all API requests undergo encrypted authentication. To secure data during transmission, SSL encryption is also employed. We continually review and update our protocols in collaboration with cybersecurity experts and legal advisors to ensure the highest level of data protection.
Depending on the nature of the risks presented by the proposed processing of your personal data, we will have in place the following appropriate security measures:
organizational and administrative measures (including but not limited to staff training and policy development);
technical measures (including but not limited to physical protection of data, pseudonymization and encryption); and
securing ongoing availability, integrity, and accessibility (including but not limited to ensuring appropriate back-ups of personal data are held).
We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Your Rights
You can use your below rights by contacting us:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
Changes
We may change this Privacy Policy at any time. The latest version of the Privacy Policy will be published on the Platform in case of any changes. You are responsible for periodically checking the latest version on the Platform.
Back to Home
