Privacy Policy

Date of latest revision: 18 October 2024

1. Introduction

Up Only Co, doing business as “Usual Labs” (the “Company”, “Usual Labs”, “we”, “us” or “our”), is a French simplified joint stock company (société par actions simplifiée) organised under the laws of France, having its registered office located at 1 rue de Stockholm, 75008 Paris, France, and registered with the Commercial and Companies Register of Paris under number 919 540 427.

Usual Labs is committed to protecting and respecting your privacy. This Privacy Policy describes how and why we may collect and use your Personal Data when you access or use the websites and user interfaces made available at: https://usual.money/ and https://app.usual.money/ (together, the “Site”), and any related support channels (together with the Site, the “Services”).

For purposes of clarity, Usual Labs (Up Only Co) is the entity responsible for the development and operation of the user interface (“UI”) made available through the Site, and acts in that capacity as mandated by the Usual DAO. This Privacy Policy governs Personal Data processing activities carried out by Usual Labs in connection with the Services described herein.

This Privacy Policy should be read together with any legal notice, disclaimers, documentation, and general terms and conditions made available on or through the Site (as applicable).

2. Scope

This Privacy Policy applies to Personal Data processed by Usual Labs in connection with:

• your access to and use of the Site;

• your interactions with the UI and related features made available through the Site;

• communications with Usual Labs (including by email); and

• cookies and similar technologies implemented on the Site, as described below.

This Privacy Policy does not apply to third-party websites, services, or platforms that may be linked from the Site.

3. Definitions

For the purposes of this Privacy Policy:

• “Personal Data” / “Personal Information” means any information relating to an identified or identifiable natural person, as defined by applicable data protection laws, including the GDPR.

• “Processing” means any operation performed on Personal Data (e.g., collection, storage, use, disclosure, deletion), as defined by the GDPR.

• “GDPR” means Regulation (EU) 2016/679 (General Data Protection Regulation).

• “User(s)”, “you” or “your” means any person who accesses or uses the Site or Services.

• “Usual Protocol” means the set of smart contracts and related infrastructure enabling, among other things, stablecoin generation, transactions using smart contracts, and the lending, leveraging, and staking of cryptographic assets.

4. Eligibility

The Services are not intended for persons under the age of 18. Usual Labs does not knowingly collect, store, or process Personal Data from individuals under 18.

If Personal Data is mistakenly provided by a minor, such data will be deleted promptly upon identification or notification, insofar as Usual Labs is able to do so. Usual Labs also implements reasonable measures intended to deter use by persons who do not meet the minimum age requirement, taking into account the decentralised nature of certain protocol components.

5. Important Notice Regarding Blockchains and On-Chain Data

Blockchains may provide transparency into transactions. Usual Labs does not manage or control public blockchains and is not responsible for preventing, managing, modifying, or deleting information broadcasted, recorded, or stored on a blockchain.

Because the Services may involve interactions with blockchains, certain data (which may include information that could be considered Personal Data in some circumstances) may be processed and stored on-chain. On-chain data is generally immutable and may not be modified or erased for the lifetime of the relevant blockchain.

Accordingly:

• Usual Labs cannot guarantee the deletion, rectification, or restriction of Processing of data stored on public blockchains; and

• any exercise of data subject rights may be limited with respect to data that is strictly required for blockchain operation and is not controlled by Usual Labs.

You are encouraged not to include Personal Data in transaction metadata or other on-chain fields where avoidable.

6. Personal Data We May Process

Depending on how you use the Services, Usual Labs may process the following categories of Personal Data:

1. Contact and communications data

   • Information you provide when contacting us (e.g., email address, the content of your message, and any information you choose to share).

2. Technical and usage data

   • Information automatically transmitted by your device and browser when you access the Site (e.g., IP address, device identifiers, browser type, operating system, referring/exit pages, timestamps, and log data), to the extent such information constitutes Personal Data.

3. Authentication and session data

   • Data used to maintain your session and provide authentication features through cookies or similar technologies, as further described in Section 10.

4. Blockchain-related identifiers (where applicable)

   • Public wallet addresses and transaction identifiers you use in connection with the Services (noting that such identifiers may be recorded on public blockchains outside Usual Labs’ control).

Usual Labs does not undertake to collect any particular category of Personal Data beyond what is necessary for the purposes described in this Privacy Policy and subject to the configuration and features of the Services as made available from time to time.

7. Purposes of Processing and Legal Bases

Usual Labs processes Personal Data only where permitted by applicable law, including the GDPR. The table below describes the principal purposes for which we may process Personal Data and the corresponding legal bases.

Purpose Examples of Personal Data Legal Basis (GDPR) Provide, operate, and maintain the Site and UI Technical and usage data; authentication/session data Performance of a contract (where applicable); legitimate interests (Site security and operation) User authentication and session management Authentication/session data; technical data Consent (where required for cookies); legitimate interests (ensuring secure access) Respond to requests and provide support Contact and communications data Legitimate interests; performance of a contract (where applicable) Ensure security, prevent fraud/abuse, and protect our systems Technical and usage data; communications data Legitimate interests; legal obligation (where applicable) Compliance with legal and regulatory obligations Data relevant to compliance requests (as applicable) Legal obligation Establish, exercise, or defend legal claims Relevant communications and technical data Legitimate interests; legal claims

Where Processing is based on consent, you may withdraw your consent at any time (see Section 9), without affecting the lawfulness of Processing prior to withdrawal.

8. Disclosure of Personal Data

Usual Labs may disclose Personal Data in the following circumstances, to the extent permitted by applicable law:

• Service providers and processors acting on behalf of Usual Labs (e.g., hosting, security, IT, support tooling), subject to appropriate contractual safeguards.

• Corporate partners and third parties acting on behalf of Usual Labs, where necessary to provide the Services or support operations.

• Professional advisers (e.g., legal, audit, accounting) where necessary.

• Regulators, law enforcement, or competent authorities where we are required to do so by law or where disclosure is reasonably necessary to protect rights, safety, and security.

Where Personal Data is disclosed to processors, Usual Labs will require that such processors process Personal Data only on documented instructions and implement appropriate security measures.

9. International Transfers

Personal Data may be processed and stored outside the jurisdiction in which you reside. Where transfers of Personal Data occur outside the European Economic Area (EEA) to a country not subject to an adequacy decision, Usual Labs will implement appropriate safeguards where required under applicable law (such as standard contractual clauses and/or other lawful transfer mechanisms).

You acknowledge that foreign authorities may, under applicable laws, have access to Personal Data processed in their jurisdiction, and that privacy standards in such jurisdictions may differ from those in your country of residence.

10. Cookies and Similar Technologies

10.1 What is a cookie?

A cookie is a small file (often alphanumeric) placed by a web server on your device to store and retrieve information. Cookies can enable, for example, session identifiers, language preferences, and other technical settings.

Cookies may include (non-exhaustively): HTTP cookies, local storage (HTML5), “local shared objects” (Flash cookies), device fingerprinting techniques, operating system identifiers, and hardware identifiers.

Cookies may be:

• Session cookies, which expire when you close your browser; or

• Persistent cookies, which remain until they expire or are deleted.

10.2 Categories of cookies

(A) Strictly necessary / functional cookies (no consent required) These cookies are strictly necessary to enable electronic communication or to provide a service explicitly requested by you. If you disable these cookies via your browser settings, certain parts of the Site may not function properly.

(B) Other cookies (consent generally required) Other cookies (including, where applicable, cookies used for authentication beyond what is strictly necessary, preferences, measurement, or personalisation) are generally subject to your prior consent, which you may withdraw at any time.

10.3 Our cookie practices

The Company implements session cookies for user authentication, and consent may be requested when accessing the Site (where required). Cookies and similar technologies may be installed and/or read on your device during your visit to the Site.

11. Security

Usual Labs takes reasonable steps designed to protect Personal Data from misuse, loss, unauthorised access, modification, or disclosure, including by implementing appropriate technical and organisational security measures. However, no security measure can guarantee absolute security.

You are responsible for taking protective measures appropriate to your use of the Services, including keeping credentials secure and not sharing sensitive information unless you understand the purpose and recipient.

12. Data Retention

Usual Labs retains Personal Data only for as long as necessary for the purposes described in this Privacy Policy and to comply with legal and regulatory requirements.

Unless a longer retention period is required by law or justified by a legitimate need (e.g., disputes), the following retention periods apply:

• Personal Data relating to your account (where applicable) is generally deleted five (5) years after your account is closed.

• Information relating to transactions on your account (where applicable) is generally retained for five (5) years from the date of the transaction.

Notwithstanding the foregoing, on-chain data recorded on public blockchains may persist independently of Usual Labs’ retention practices (see Section 5).

13. Your Rights (GDPR)

Subject to applicable law and the conditions and limits set out in the GDPR, you may have the following rights in relation to your Personal Data:

• Right of access: obtain confirmation as to whether Personal Data concerning you is processed and access such data and related information.

• Right to rectification: request correction of inaccurate or incomplete Personal Data.

• Right to erasure: request deletion of Personal Data in certain cases (e.g., where data is no longer necessary), subject to exceptions (including legal obligations and legal claims).

• Right to restriction of Processing: request the limitation of Processing in certain circumstances.

• Right to data portability: where applicable, receive Personal Data you provided to us in a structured, commonly used, machine-readable format, and/or have it transmitted to a third party where technically feasible (this right applies in specific circumstances).

• Right to withdraw consent: where Processing is based on consent, withdraw consent at any time.

• Right to define post-mortem instructions (where applicable under French law): provide guidance regarding the retention, deletion, and communication of your Personal Data after death.

Important limitation (blockchain): the exercise of these rights may be limited for Personal Data that is required for the operation of blockchains or is stored on public blockchains not controlled by Usual Labs, which may be immutable (see Section 5).

13.1 How to exercise your rights

You may exercise your rights:

• By email: [email protected]

• By post: Up Only Co / Usual Labs, 1 rue de Stockholm, 75008 Paris, France

Usual Labs will aim to respond within fourteen (14) days, subject to the complexity and volume of requests and any applicable legal requirements.

Where Usual Labs has reasonable doubt as to the identity of the requester, we may request additional information necessary to confirm identity and, where appropriate, a copy of an identity document bearing the signature of the holder.

14. Third-Party Links

The Site may contain links to third-party sites and resources. This Privacy Policy applies only to the Site and Services operated by Usual Labs. Usual Labs does not control third-party sites and is not responsible for their content, policies, or practices. You should review the privacy policies and terms of any third-party site you visit.

15. Changes to this Privacy Policy

Usual Labs may revise, modify, update, or supplement this Privacy Policy at any time, at its sole discretion. Where required, we will provide notice through the Site. The revised Privacy Policy will be posted on the Site and will apply from the date of posting.

16. Complaints to the Supervisory Authority

If you consider that we have not responded adequately to your request or questions, you have the right to lodge a complaint with the competent supervisory authority in France, the CNIL:

• Online: https://www.cnil.fr/fr/plaintes

• Postal address: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 – France

17. Reference Texts and Additional Information

• GDPR text (EUR-Lex): https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX:32016R0679

• CNIL – GDPR information: https://www.cnil.fr/fr/reglement-europeen-protection-donnees

• CNIL – Understanding your rights: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles

Additionally, pursuant to Articles L.223-1 et seq. of the French Consumer Code, if you are a consumer, you may object at any time to telephone canvassing by registering free of charge on: www.bloctel.gouv.fr.

18. Contact

If you have any questions, comments, or concerns regarding this Privacy Policy, you may contact us at:

• Email: [email protected]

• Postal address: Up Only Co / Usual Labs, 1 rue de Stockholm, 75008 Paris, France

Up Only Co (Usual Labs) is a French simplified joint stock company (société par actions simplifiée) organised under the laws of France, having its registered office at 1 rue de Stockholm, 75008 Paris, France, and registered with the Commercial and Companies Register of Paris under number 919 540 427.