Roam Privacy Policy

This Privacy Policy describes the privacy practices of Sendto Ltd, doing business as “Roam” (“we”, “us”, or “our”) and how we handle personal information that we collect through the website located at sendto.xyz, our mobile web browser, non-custodial digital wallet software, and our front-end interface that facilitates user-controlled transactions on public blockchains (collectively, the “Service” or “Services”).

Personal Information We Collect

Information you provide us may include:

• Account information, such as the username, password, email address, cryptocurrency address and/or ENS name that you use to access our Services.
• Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
• Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit to us, and information you provide when you use any interactive features of the Services.
• Marketing data such as your preferences for receiving our marketing communications and details about your engagement with them.
• Transaction Information. When you engage in transactions via our Services, we collect transaction-related information such as amount sent, date, and information about the payment instrument used to complete your transaction.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection

We and our service providers may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the Services, online resources, and our communications, such as:

• Device data such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers, language settings. and general location information such as city, state, or geographic area.
• Metrics and performance data such as information about your activity (such as how you use our Services and how you interact with others using our Services), and diagnostic, crash, website, and performance logs and reports.

We use the following tools for automatic data collection:

• Cookies, which are text files stored and accessed on a visitor’s device to uniquely identify the visitor’s device, or to store information or settings in the device. This allows us to distinguish you from other users of our Services for the purpose of remembering your preferences, enabling or enhancing functionality and helping us understand activity and patterns.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device.
• SDKs, which are blocks of code provided by our partners that may be installed in our mobile applications. SDKs help us understand how you interact with our Services and collect certain information about the device and network you use to access the Services.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Information we obtain from other sources:

• Third-party accounts. When you log into the Services through a third party account, such as Google, we may collect certain information from your account (e.g., name, email address, user name), depending on the privacy permissions you have configured within that account.
• Other sources. We may obtain personal information from other third parties, such as marketing partners, publicly-available sources, and data providers.

How We Use Personal Information

We use personal information for the following purposes or as otherwise described at the time of collection:

• Provide our Services. We use personal information to operate, maintain, and provide you with our Services. In particular, we use personal information to perform our contractual obligations under our terms of service.
• Communicate with you about our Services. It is in our legitimate business interests to use personal information to respond to your requests, provide user support, and communicate with you about our Services, including by sending announcements, updates, security alerts and support and administrative messages.
• Improve, monitor, personalize, and protect our Services. It is in our legitimate business interests to improve and keep our Services safe for our users, which includes:
• Understanding your needs and interests, and personalize your experience with the Services and our communications.
• Troubleshooting, testing and research and to keep the Services secure.
• Investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.
• Research and development. We may use personal information for research and development purposes in our legitimate business interests, including to analyze and improve the Services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
• Direct marketing. We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the “Opt-out of marketing communications” section below. Except where consent is required, we undertake such marketing on the basis of our legitimate business interests.
• Compliance and protection. We may use personal information to comply with legal obligations, and to defend us against legal claims or disputes, including to:
• Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).
• Audit our internal processes for compliance with legal and contractual requirements and internal policies.
• Enforce the terms and conditions that govern the Services.
• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
• Comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

How We Disclose Personal Information

We may disclose personal information to:

• Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery and analytics services).
• Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
• Authorities and others. Law enforcement, government authorities and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
• Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Roam (including, in connection with a bankruptcy or similar proceedings).
• Other parties, as permitted by law, including to fulfill your transactions as otherwise permitted by GLBA.

If you use your account to engage in a transaction with another user, that user will have access to your transaction information. Users with whom you interact with may store or re-share your information with others, on or off of our Services.

Privacy Rights and Choices

Opt-out of marketing communications

You may opt out of marketing-related emails and other communications by following the opt-out or unsubscribe instructions in the communications you receive from us or by contacting us as provided in the “How to Contact Us” section below. You can also manage your preferences within your Roam account. You may continue to receive Services-related and other non-marketing emails.

Online tracking opt-out

There are a number of ways to limit online tracking, which we have summarized below:

• Blocking cookies on your device. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Use the following links to learn more about how to control cookies and online tracking:
• Firefox; Chrome; Microsoft Edge; Safari (Mac); Safari (Mobile/iOS).
• Using privacy plug-ins or browsers. You can block our websites from setting cookies by using a browser with privacy features, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

Personal information requests

We offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our Services, you may request the following in relation to personal information:

• Information about how we have collected and used personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
• Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
• Correction of personal information that is inaccurate or out of date.
• Deletion of personal information that we no longer need to provide the Services or for other lawful purposes.
• Additional rights, such as to object to and request that we restrict our use of personal information, and where applicable, you may withdraw your consent.

To make a request, please email us or write to us as provided in the “How to Contact Us” section below. We may ask for specific information from you to help us confirm your identity.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below. Depending on where you reside, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. This Privacy Policy does not apply to such third-party sites or services.

Security

We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.

GLBA Disclosure

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to provide the customer the ability to opt out of certain disclosures of their personal information. In addition, the GLBA prescribes certain safeguards for sensitive data held by financial institutions. You can review our GLBA Privacy Notice at www.sendto.xyz/GLBA.

Children’s Privacy

Our Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

International Data Transfers

You will provide personal information directly to our Services in the United States. We may also transfer personal information to our service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country. For more information about how we transfer personal information internationally, please contact us as set out in the “How to Contact Us” section below.

Retention of Personal Information

Where required under applicable laws, we retain personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

Designated Countries Privacy Rights

This Section only applies to Users and Customers of the Services that are located in the European Economic Area, United Kingdom and/or Switzerland (collectively, the “Designated Countries”) at the time of data collection. At the time their personal data is collected, we rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”). We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect Roam’s or your, property, rights, or safety, or where we have obtained your consent to do so. We may ask you to identify which country you are located in when you use some of the Services, or we may rely on your IP address to identify which country you are located in. Where we rely only on your IP address, we cannot apply the terms of this Section to any User or Customer that masks or otherwise obfuscates their location information so as not to appear located in the Designated Countries. If any terms in this Section conflict with other terms contained in this Policy, the terms in this Section shall apply to Users and Customers in the Designated Countries.

Our Relationship to You

Roam is a data controller with regard to any personal information collected from Customers or Users of its Services. A “data controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Any third parties that act as our service providers are “data processors” that handle your personal information in accordance with our instructions.

Lawful Basis for Processing Your Personal Information

We describe our lawful bases for processing in Section 6 (“How Is Collected Information Used”) and Section 7 (“Information We Share”) under headings entitled “Designated Countries.” The lawful bases on which we rely to process your personal information include: your consent to the processing; satisfaction of our legal obligations; to protect your vital interests; to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you; in the public interest; or for our legitimate interests as described in those sections.

Marketing Activities

Direct marketing includes any communications we send to you that are only based on advertising or promoting products and services. Transactional communications about your account or our Services are not considered “direct marketing” communications. We will only contact Users or Customers by electronic means based on our legitimate interest or their consent. When we rely on legitimate interest, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal information in this way, please click an unsubscribe link in your emails, or contact us at support@sendto.xyz. You can object to direct marketing at any time and free of charge.

Individual Rights

We provide you with the rights described below when you use our Services. Please contact us at support@sendto.xyz if you would like to exercise your rights under applicable law. When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on other's privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome.

Right to withdraw consent

If we rely on consent to process your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our processing or the processing of any third parties based on consent before your withdrawal.

Right of access and rectification

If you request a copy of your personal information that we hold, we will provide you with a copy without undue delay and free of charge, except where we are permitted by law to charge a fee. We may limit your access if such access would adversely affect the rights and freedoms of other individuals. You may request to correct or update any of your personal information held by us, unless you can already do so directly via the Services.

Right to erasure (the “Right to be Forgotten”)

You may request us to erase any of your personal information held by us that: is no longer necessary in relation to the purposes for which it was collected or otherwise processed; was collected in relation to processing that you previously consented to, but later withdrew such consent; or was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing.

Right to restriction

You have the right to restrict our processing your personal information where one of the following applies:

• You contest the accuracy of your personal information that we processed. We will restrict the processing of your personal information, which may result in an interruption of some or all of the Services, during the period necessary for us to verify the accuracy of your personal information.
• The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.
• We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.
• You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights.

We will only process your restricted personal information with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if or when the restriction is lifted.

Right to object to processing

You may object to our processing at any time and as permitted by applicable law if we process your personal information on the legal basis of consent, contract or legitimate interests. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

Right to data portability

If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.

Right to notification to third-parties

If we share your personal information with third parties, we will notify them of any requests for rectification, erasure or restriction of your personal information, unless this proves impossible or involves disproportionate effort. Upon your request, we will identify such third parties.

Right to automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, unless an exception applies under applicable law.

Right to Lodge a Complaint

If you believe we have infringed or violated your privacy rights, please contact us at support@sendto.xyz so that we can work to resolve your concerns. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website, or as otherwise required by law.

How to Contact Us

Sendto Ltd is the entity responsible for the processing of personal information under this Privacy Policy.

Please direct any questions or comments about this Policy or our privacy practices to Sendto Ltd, support@sendto.xyz, 390 NE 191st St #8024 Miami, FL 33179.