Legal

Privacy Policy

Last updated: 1 June 2026·Effective: 1 June 2026
i

This Privacy Policy explains how Exodus handles personal data in connection with our website and our white-label crypto infrastructure products. It is written to be clear and comprehensive; defined product terms are set out in our Terms & Conditions.

01 Introduction & scope

Exodus Development LLC ("Exodus", "we", "us" or "our"), a company registered in England and Wales with its registered office at 1309 Coffeen Avenue STE 1200, 11095 Sugarview Dr Ste 100, Sheridan, Wyoming 82801, provides white-label crypto infrastructure — including a wallet application, an exchange engine and hardware-wallet integration — that our business customers ("Partners") brand and offer to their own end users ("End Users").

This policy applies to personal data we process when you:

  • visit our marketing website, request a demo, or contact our sales and support teams;
  • are an employee, contractor or representative of a Partner or prospective Partner;
  • are an End User whose data we process on behalf of a Partner that uses our products.

It does not govern the privacy practices of our Partners. When you use a product that is operated under a Partner's brand, that Partner's own privacy notice describes how they handle your data, and they are responsible for it.

02 Our role: controller & processor

Data-protection laws such as the EU/UK General Data Protection Regulation ("GDPR") distinguish between a "controller" (who decides why and how data is processed) and a "processor" (who processes data on a controller's instructions). Exodus acts in both capacities depending on the context:

As controllerFor our website visitors, demo requests, sales prospects, Partner contacts and our own business operations, we determine the purposes of processing and act as controller.
As processorFor End-User data processed through our products on a Partner's behalf, the Partner is the controller and we act as their processor under a data-processing agreement, following their documented instructions.

Where we act as a processor, this policy is provided for transparency, but your primary point of contact for rights and questions is the relevant Partner.

03 Information we collect

Information you provide directly

  • Contact & identity data — name, work email, company, job title and phone number when you request a demo, contact us or enter into an agreement.
  • Communications — the contents of messages, support tickets, calls and meeting notes you exchange with us.
  • Commercial data — billing details, contractual terms and account administration information for Partners.

Information collected automatically

  • Device & usage data — IP address, browser type, operating system, referring pages, pages viewed and timestamps.
  • Cookies & similar technologies — as described in our Cookie Policy.
  • Diagnostic & security logs — events generated to keep our systems secure, available and performant.

End-User data processed on a Partner's behalf

When a Partner runs our products, we may process End-User data on their instructions. Depending on the Partner's configuration this can include account identifiers, public blockchain addresses, transaction metadata, device and session information, and — where the Partner enables identity verification — KYC/AML information. We do not have access to End Users' private keys or recovery phrases in non-custodial configurations.

!

We never ask for your secret recovery phrase or private keys. No one at Exodus will ever request them. Anyone who does is attempting fraud.

04 How we use information

Where we act as a controller, we use personal data to:

  • respond to demo requests, sales enquiries and support questions;
  • provide, operate, maintain and improve our website and products;
  • manage Partner accounts, contracts, billing and relationship management;
  • monitor, secure and troubleshoot our systems and prevent fraud or abuse;
  • send service, security and administrative communications;
  • send marketing communications where permitted, which you can opt out of at any time;
  • comply with legal, regulatory and contractual obligations; and
  • establish, exercise or defend legal claims.

Where we act as a processor, we use End-User data only to provide the products to the Partner in accordance with their instructions and our agreement with them.

05 Legal bases for processing

Where the GDPR or similar laws apply and we are the controller, we rely on one or more of the following legal bases:

ContractTo take steps at your request before entering into, and to perform, a contract with you or your organisation.
Legitimate interestsTo run, secure, improve and market our business, balanced against your rights and freedoms.
ConsentFor certain marketing and non-essential cookies. You may withdraw consent at any time.
Legal obligationTo comply with laws, regulations and lawful requests from authorities.

06 How we share information

We do not sell personal data. We share it only as needed and with appropriate safeguards:

  • Service providers / sub-processors — cloud hosting, analytics, communications, security and payment providers that process data on our behalf under contract.
  • Partners — where you interact with a Partner-branded product, relevant data is shared with that Partner as controller.
  • Professional advisers — auditors, lawyers, insurers and consultants bound by confidentiality.
  • Corporate transactions — in connection with a merger, acquisition, financing or sale of assets, subject to this policy.
  • Legal & safety — to comply with law, enforce our agreements, or protect the rights, property and safety of Exodus, our Partners and others.

07 International transfers

We operate globally, so your data may be processed in countries other than your own. Where we transfer personal data across borders, we put appropriate safeguards in place — such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or transfers to jurisdictions deemed adequate. You may request a copy of the relevant safeguards using the contact details below.

08 Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to satisfy legal, accounting, regulatory or reporting requirements. Retention periods vary by data type and context — for example, sales-enquiry data is kept for the duration of our discussions and a reasonable follow-up period, while contractual and financial records are kept for the period required by law. When data is no longer needed, we delete or irreversibly anonymise it. Where we act as a processor, retention follows our agreement with, and the instructions of, the relevant Partner.

09 How we protect data

Security is core to everything we build. Our technical and organisational measures include:

  • encryption of data in transit and at rest;
  • MPC-based key management and, in custody contexts, policy-based approvals;
  • strict access controls, least-privilege permissions and audit logging;
  • independent security audits, penetration testing and a SOC 2 Type II control environment;
  • continuous monitoring, alerting and incident-response procedures.

No method of transmission or storage is perfectly secure, but we work continuously to protect your information and to notify affected parties and regulators of qualifying incidents as required by law.

10 Your privacy rights

Depending on where you live, you may have some or all of the following rights regarding personal data for which we are the controller:

  • Access — to obtain a copy of the personal data we hold about you.
  • Rectification — to correct inaccurate or incomplete data.
  • Erasure — to request deletion in certain circumstances.
  • Restriction & objection — to limit or object to certain processing, including direct marketing.
  • Portability — to receive your data in a structured, machine-readable format.
  • Withdraw consent — where processing is based on consent.
  • Complain — to a supervisory authority in your jurisdiction.

To exercise any right, contact us using the details in section 15. We may need to verify your identity. If we process your data as a processor on a Partner's behalf, please direct your request to that Partner; we will support them in responding.

11 Cookies & tracking

We use cookies and similar technologies on our website to make it work, understand usage and improve your experience. You can control non-essential cookies at any time. For full details on the categories we use and how to manage them, see our Cookie Policy.

12 Children's privacy

Our website and products are intended for businesses and adults. We do not knowingly collect personal data from children under the age of 18 (or the age of majority in your jurisdiction). If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

13 Third-party services & links

Our website and products may link to or integrate third-party services — including hardware-wallet manufacturers such as Ledger and Trezor, payment and on-ramp providers, and identity-verification vendors. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices before providing them with personal data.

14 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of our website or products after an update constitutes acceptance of the revised policy.

15 How to contact us

If you have questions about this policy or how we handle personal data, or if you wish to exercise your rights, please contact us:

Privacy teaminfo@exodusfinance.org
General enquiriesVia our contact form
PostalExodus Development LLC, 1309 Coffeen Avenue STE 1200, 11095 Sugarview Dr Ste 100, Sheridan, Wyoming 82801.

This document is a template provided for convenience and does not constitute legal advice. Please have it reviewed by qualified legal counsel for your jurisdiction before publishing.