Legal · Privacy Policy

Privacy Policy

This Privacy Policy explains what information Sury Protocol collects when you visit our website or use our services, how we use it, and what rights you have over it. We try to keep this readable; defined terms are in plain English where possible.

Effective
1 January 2025
Version
1.0
Format
Plain English

1.Who we are

In this Policy, “Sury Protocol,” “we,” “us,” and “our” refer to the entity that operates the website at this domain and the related services. The entity is [Operating Entity, Jurisdiction], registered at the address shown at the end of this Policy.

We act as the “data controller” for the personal information described in this Policy, except where otherwise stated. If you have questions about how your information is handled, the contact details are in section 10.

2.What this Policy covers

This Policy applies to:

  • Visitors to our website and any subdomains we operate.
  • People who interact with us by email, social channels, or other support mechanisms we operate.
  • Counterparties in business transactions (institutional partners, service providers).

This Policy does not cover:

  • On-chain activity. Blockchain data is public and we are not the controller of it. When you connect a wallet to our interface, the wallet address you sign with becomes part of an on-chain record we cannot modify or delete.
  • Third-party sites linked from ours. Those have their own privacy policies and we have no control over them.

3.Information we collect

We collect information in three ways.

Information you give us directly. If you contact us by email, sign up for any communication, or correspond with us about a partnership, you give us your name, email address, and whatever else is in the message. If you complete any form on our site, we receive what you put in that form.

Information we collect automatically. When you visit our website, our hosting infrastructure logs basic technical information for security and operational purposes:

  • IP address (truncated where feasible)
  • Browser type and version, device type, operating system, referring URL
  • Time of access, pages requested, and response codes
  • Cookies and similar technologies, as described in the Cookie Policy

Information from third parties. If you connect a wallet to our interface, the public wallet address is shared with our front-end. We do not custody, store, or transmit private keys. We may use [third-party services such as analytics, wallet-connect providers, fraud-prevention tools] that may collect their own technical information when you use the site. Those vendors are listed in the Cookie Policy.

What we do not collectWe do not collect government-issued identification documents, biometric information, payment card data, or any sensitive categories of personal information unless required by law for a specific business reason, in which case we will tell you in advance.

4.How we use information

We use the information described above for the following purposes, each backed by an appropriate legal basis where applicable law requires one:

PurposeLegal basis
Operating and securing the websiteLegitimate interests
Responding to your messages and inquiriesLegitimate interests / contract
Detecting and preventing fraud or abuseLegitimate interests / legal obligation
Analytics to improve the productConsent (where required)
Compliance with applicable lawsLegal obligation

We do not sell personal information, and we do not use it for automated decision-making with legal or similarly significant effects.

5.Who we share information with

We share information only where it is necessary for one of the purposes above, and only with parties bound by appropriate contractual safeguards.

  • Service providers. Hosting, email delivery, analytics, security, and customer-support vendors process information on our behalf. They are bound by contracts that restrict their use of the information to what we instruct.
  • Professional advisors. Lawyers, auditors, and accountants who need access to specific information for their professional services to us.
  • Authorities, when required. If we are compelled by a valid legal process or where disclosure is necessary to protect rights, property, or safety, we may share information with public authorities or other third parties as required.
  • In a corporate transaction. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will require any successor to honour the terms of this Policy.

A current list of our key processors is available on request to the contact in section 10.

6.International transfers

Our infrastructure and our service providers may be located in countries outside your country of residence. Where we transfer personal information across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other mechanisms recognised under applicable law.

You may request a copy of the safeguards in place for any specific transfer by contacting us at the address in section 10.

7.How long we keep information

We retain information only as long as necessary for the purposes for which it was collected, or as required by law:

  • Email correspondence: typically up to three (3) years from last contact.
  • Server access logs: typically up to thirty (30) days, unless retained longer for security investigation purposes.
  • Records required for legal compliance: for the period required by the applicable law (typically up to seven (7) years for tax and corporate records).

When we no longer need information for any of these purposes, we delete or anonymise it.

8.Your rights

Depending on your location and applicable law (including the EU/UK GDPR, the California Consumer Privacy Act, and similar regimes), you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information about you.
  • Request deletion of information, subject to retention obligations we are required to honour.
  • Object to certain uses or restrict processing.
  • Receive a copy of information you provided to us in a portable, machine-readable format.
  • Withdraw consent where processing is based on consent — without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority. For users in the EEA or UK, that is the data protection authority of your country.

To exercise any of these rights, contact us using the details in section 10. We will respond within the timeframe required by applicable law (usually one month).

9.How we protect information

We use technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, monitoring, and periodic security reviews.

No system is perfectly secure. If we ever become aware of a personal data breach affecting your information, we will notify you and the relevant authorities within the timeframes required by applicable law.

10.How to contact us

For privacy questions, requests, or concerns, contact us at:

Sury Protocol — Privacy
[Registered Address Line 1]
[Registered Address Line 2]

privacy@sury.co.in

If you are in the EU, we will appoint an EU representative as required by Article 27 GDPR; their details will be added here once confirmed.

11.Changes to this Policy

We may update this Policy from time to time. The “Effective date” at the top of this page reflects the current version. Material changes will be communicated through the website or, if we hold your contact details, by email. Continued use of our services after changes take effect indicates your acceptance of the updated Policy.