This Privacy Policy describes the privacy practices of the Cozy Finance, Inc. (“Cozy”), including the Cozy platform and website (collectively, the “Services”). We also provide a supplementary privacy notice for data subjects in the EEA, Switzerland and the UK (collectively, “Europe”).

About Cozy

Cozy is a decentralized, non-custodial, automated risk management protocol that will operate on the Ethereum blockchain and support integration with various decentralized finance protocols.

Personal Information We Collect

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications and other online services, such as:

• Device data, such as device IP address (and derived location), device name and operating system, browser type and settings, telecommunications provider, operating system, the date and time of Services use, and interactions with the Services.
• Online activity data, such as information about your use of and actions on the Services, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, frequency, and length of access. This information may be collected on our Services using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, third-party software development kits (“SDKs”) and similar technologies described below.

Cookies and similar technologies. Our website may use the following technologies:

• Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Public sources. We may collect information about you from public blockchains or from interactions with our page, forums, or channels on social media platforms, such as Twitter and Discord.

Information Relating to Log-In. We may collect information about you in connection with your log-in and/or submission of information regarding status as an “eligible contract participant,” as that term is defined in Section 1a(18) of the Commodity Exchange Act.

How We Use Personal Information

We use personal information for the following purposes or as otherwise described at the time of collection:

Services delivery, including to:

• Operate the Services and our business;
• Verify your status as an “eligible contract participant”;
• Maintain and improve the Services and the Services’ features;
• Facilitate user connections on our Services;
• Communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
• Provide support for the Services, and respond to your requests, questions and feedback.

Research and development. We may create and use de-identified information for our business purposes, including to analyze the effectiveness of our Services, to improve and add features to our Services, and to analyze the general behavior and characteristics of users of our Services. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

Support and maintenance. We use third party analytics services to automatically log certain information about your mobile device and how you interact with the Services. The information collected is used to troubleshoot and prevent errors, perform data analysis, and develop new features.

Compliance and protection. We may use personal information to:

• Protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims);
• Enforce the Terms of Service that govern the Services;
• Audit our internal processes for compliance with legal and contractual requirements and internal policies;
• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
• Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

How We Share Personal Information

We may share personal information with:

Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, analytics, customer support, email and SMS delivery, payment services, and identity verification services).

Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties as we believe necessary to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, Cozy or our affiliates (including, in connection with a bankruptcy or similar proceedings).

How You Share Information Using Cozy

Public. When you complete a transaction using the Services, you make certain information publicly-available on the Ethereum blockchain. This information may include your blockchain address, digital wallet information, and other information related to the transaction.

Your Choices

Online tracking opt out. There are a number of ways to limit online tracking, which we have summarized below:

• Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
• Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest- based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit www.allaboutdnt.com .

Other Sites and Apps

The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Processing of Personal Information in the U.S.

We are headquartered in the United States and may have service providers that operate in the United States or other countries. Your personal information may therefore be processed in the United States or transferred to other locations.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

Children

The Services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at support@cozy.finance or at the following address:

Cozy Finance 
113 Cherry St PMB 70688 
Seattle WA 98104 United States

Notice to European Data Subjects

The information provided in this “Notice to European Users” section applies only to individuals in Europe.

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. Cozy is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. Cozy is not the controller of information that is stored on public blockchains.

EU representative. We have appointed VeraSafe as our representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. To contact VeraSafe, please visit https://www.verasafe.com/privacy-services/contact-article-27-representative. Alternatively, you may call VeraSafe at +420 228 881 031, or write to VeraSafe Ireland Ltd., Unit 3D North Point House North Point Business Park New Mallow Road, Cork T23AT2P, Ireland.

Legal basis for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the website or otherwise to us.

Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cross-border Data Transfer. If we transfer your personal information from Europe to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

Your rights. European data protection laws may give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

• Access. Provide you with information about our processing of your personal information and give you access to your personal information.
• Correct. Update or correct inaccuracies in your personal information.
• Delete. Delete your personal information.
• Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
• Restrict. Restrict the processing of your personal information.
• Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to support@cozy.finance or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.