Max APY logo

Privacy Policy

This is a description of how your personal data is collected, used, and deleted while you visit our website and any other online location that links to this Privacy Policy, and using software (protocol developed by Unlockd OÜ). By using the website and interface, you also agree to our collection, use, and disclosure practices, as well as any other activities described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you should immediately discontinue the use of the software and refrain from accessing the website. Unlockd OÜ is designated by the maxAPY community as a developer of the blockchain. None of the obligations or functions of Unlockd OÜ grant it ultimate control over the maxAPY protocol. Unlockd OÜ is not a party to any transaction made by users on the maxAPY protocol. maxAPY has no access to your private keys, and you are solely responsible for ensuring access to your assets. We are not an intermediary, agent, advisor, or custodian in relation to any transaction made via the maxAPY protocol. Unlockd OÜ does not hold any information of any users, users’ identities, or services beyond what is available or obtainable publicly via the blockchain, except as described in this Privacy Policy. The Controller of your personal data described in this Privacy Policy is the legal entity Unlockd OÜ, registered number 16501715, and registered address at Estonia, Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917 (“Unlockd OÜ”, “we”, “us”).

How we receive the personal information?
The personal information we process is provided to us directly by you to use the software. The data you provide to us is mainly required to provide the software to you and to communicate with you if necessary. Additionally, we may collect your personal data indirectly. When visiting our website, we and our service providers may collect certain data using tracking technologies like cookies, web beacons, and similar technologies. The use of web cookies is described on our website’s cookie banner. Indirectly collected data may fall under the terms of third-party privacy policies while they act as independent data controllers. Please read those separately.

What kind of data is processed and why?
User e-mail address for Marketing purposes (Legal basis: Consent). IP address of the device, Device screen size, Device type (unique device identifiers), Browser information, Geographic location (country only), to provide website and software functionalities (Legal basis: Performance of Contract). Online identifiers (including cookie identifiers and IP addresses) to analyze the website and software statistics (Legal basis: Consent).

Sharing your personal data
Any data you provide will not be publicly displayed or shared with other Users. Our employees and business partners have access to personal data only to the extent necessary for the performance of their work duties. Public authorities may request us to provide information that we process to provide the software. If such request is legally binding, we may disclose requested data to authorities. Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. We also use third-party processors to help us provide our website. Category of recipient: service providers Reason for sharing: These companies include those we have hired to operate the technical infrastructure that we need to provide software and assist in protecting and securing our systems. Category of recipient: Advertising partners Reason for sharing: We work with advertising partners to enable us to customize the advertising content you may receive (by e-mail or through social media). These partners help us deliver more relevant ads and promotional messages to you, which may include interest-based advertising (also known as online behavioral advertising), contextual advertising, and generic advertising (Google Ads).

Use of service providers

International transfers

Please be aware that information processed by us may be transferred to, processed, stored, and used in the European Economic Area, the United Kingdom, and other jurisdictions. Data protection laws in the EEA and other jurisdictions may be different from those of your country of residence. Your use of the software or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the EEA and other jurisdictions as set out in this Privacy Policy. We do our best to ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place.

Ensuring the security of personal data
We have taken necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, or alteration and against the unauthorized disclosure, abuse, or other processing in violation of applicable law. Nevertheless, transmission via the internet is not completely secure, and we cannot guarantee the full security of information about you.

Retention and deletion of personal data
The storage period of personal data depends on the purpose of processing the data. - User e-mail address (purpose: marketing): Until withdrawal of consent - IP address of the device, Device screen size, Device type (unique device identifiers), Browser information, Geographic location (country only) (purpose: Providing the website and software functionalities): Provided in Cookie banner - Online identifiers (including cookie identifiers and IP addresses) (purpose: Analyzing the website and software statistics): Provided in Cookie banner

Your rights and preferences
Under data protection law, you have rights, including: Right to be informed and to access. You may get information regarding your personal data processed by us. Right to data portability. You have the right to receive your personal data from us in a structured, commonly used, and machine-readable format and to independently transmit those data to a third party. Right to erasure. You have the right to have personal data we process about you erased from our systems if the personal data is no longer necessary for the related purposes. Right to object and restrict. You have the right to object to the processing of your personal data and restrict it in certain cases. Right to rectification. You have the right to make corrections to your personal data. Right to withdraw consent. When you have provided us consent to process your personal data, you may withdraw said consent at any time. To exercise any of the aforementioned rights, please contact [email protected]. We will respond to your requests within 30 days.

Other important information
Newsletter and direct marketing campaigns With your explicit consent, we may send you our newsletter and marketing offers. You may opt-out of these messages. Please note that email marketing messages include an opt-out mechanism within the message itself (e.g., an unsubscribe link in the emails we send to you). Clicking on the link in an email will opt you out of further messages. You may also opt-out in your account settings if this option is available. We may also use social media tools for marketing. As social media and web analytics providers act as joint processors, there might be consent or opt-out requirements on their side. Dispute resolution If you have questions or concerns about our use of your personal information, please feel free to contact us at [email protected]. You may also lodge a complaint with the supervisory authority, the Estonian Data Protection Inspectorate, [email protected].

Additional Disclosures for California Residents.
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete, and opt-out, and requires businesses collecting or disclosing personal information to provide notices and the means to exercise consumer rights.

A. Notice of Collection.

We collect the following categories of personal information: Internet activity – including information on visitors to the website and their interactions with Unlockd OÜ. Geolocation data of website visitors. E-mail address and phone number of software users. For further details on the information we may collect, including the sources from which we receive information, review section 3 above. We may collect and use these categories of personal information for the business purposes described in section 3 above, including to manage the software. We do not “sell” personal information as defined under the CCPA. Please review section 4 above for further details about the categories of parties with whom we may share information.

B. Right to Know and Delete.

You have the right to know certain details about our data practices within the past twelve (12) months. In particular, you may request the following from us: The categories of personal information we have collected about you. The categories of sources from which the personal information was collected. The categories of personal information about you we disclosed for a business purpose. The categories of third parties to whom the personal information was disclosed for a business purpose. The business or commercial purpose for collecting or selling the personal information. The specific pieces of personal information we have collected about you. In addition, you have the right to delete the personal information we have collected from you. To exercise any of these rights, please submit a request by emailing us at [email protected]. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within ten (10) days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

C. Authorized Agent.

You may designate an authorized agent to submit requests on your behalf; however, we may require written proof of the agent’s permission to act on your behalf and verify your identity directly.

D. Right of Non-Discrimination.

You have a right of non-discrimination for the exercise of any of your privacy rights guaranteed by law, such as the right to access, delete, or opt-out of the sale of your personal information.

Shine the Light.

Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please send us an email and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once per calendar year.