LEMX Privacy Policy

Who we are. This Privacy Policy (the “Policy”) explains how LEMX, LLC (“LEMX,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our websites, apps, application programming interfaces (APIs), tokenization engines, registries, marketplaces, dashboards, and related services (collectively, the “Services”). You can contact us at info@lemx.exchange.

Plain-language summary: LEMX operates a private, permissioned blockchain registry where lifecycle and provenance data about commodities, energy, products and related attributes are securely tokenized and managed. Unlike public blockchains, nothing users do within the platform can be viewed or accessed by the public. Access is limited to authorized participants, subject to strict identity, contractual, and confidentiality controls.

Scope & Applicability

This Policy applies to information we process about:

Visitors to our websites and marketing properties.
Users who create accounts, connect wallets, publish data, mint tokens, trade/retire tokens, or consume registry data within our private blockchain environment.
Partners and suppliers who integrate with our APIs or submit data to be tokenized.

This Policy does not apply to third‑party services we do not control, including analytics platforms, cloud hosts, or your employer’s/organization’s systems. Their privacy policies govern their practices.

Key Terms

Personal Data / Personal Information (PI): Information that identifies or reasonably relates to an individual.
Sensitive Personal Data: Categories such as government IDs, precise location, financial account numbers, etc., as defined by applicable law (e.g., CPRA/GDPR).
Private Blockchain Data: Information recorded to the LEMX private blockchain network, accessible only to permissioned nodes under contractual and security controls.
Off‑Chain Data: Data stored in databases or cloud environments managed by LEMX and its service providers.
Tokenization: Converting attributes, measurements, or provenance data into digital tokens or registry entries for secure use within the LEMX private network.
De‑identified Data: Data that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual.

Information We Collect

We collect information in the following categories (exact data may vary by product and jurisdiction):

You provide directly

Account details: Name, business email, phone, organization, job title, password hash, role.
Wallet & identity: Wallet address(es), digital signatures, allow‑list/deny‑list status, and verification outcomes from KYC/AML providers.
Business profile: Operator type, assets, facilities, measurement methodologies, attestations, contacts for compliance.
Transactional inputs: Registry submissions, declarations, meter/measurement files, batch uploads, API payloads, and attachments.
Support & communications: Helpdesk tickets, chat transcripts, feedback forms, marketing preferences.

Collected automatically

Device/usage: IP address, user‑agent, device IDs, timestamps, referring URLs, clickstream, feature usage, error logs.
Cookies/SDKs: Session cookies, analytics cookies, and similar technologies. See Section 9 (Cookies & Tracking).
Telemetry for API and node calls: Rate limits, latency metrics, request/response metadata, and system health.

From third parties

Compliance vendors: KYC/AML sanctions screening (e.g., watchlists, PEP status), identity document checks.
Commercial partners: Data contributors and verification/assurance providers.
Public sources: Corporate registries, regulatory filings, and public websites.

How We Use Information

We use information for:

Operating the Services: Account creation, authentication, registry publication, token minting, transfers, retirements, and data verification inside the LEMX private network.
Compliance & risk: KYC/AML checks, sanctions screening, fraud prevention, incident response, and audits.
Integrity & verification: Correlating data inputs with measurement and assurance records; maintaining provenance and data integrity.
Improvement & analytics: Debugging, performance tuning, and product development.
Business operations: Billing, invoicing, accounting, and vendor management.
Communications: Service notices, product updates, and—subject to your consent—marketing messages.
Research & reporting: Aggregated and de‑identified insights shared with market participants.

We may de‑identify or aggregate data so that it no longer reasonably identifies an individual and use it for any lawful business purpose.

Private Blockchain-Specific Disclosures

Permissioned access: The LEMX blockchain is private and access‑controlled. Only authorized nodes operated by approved participants under legal agreements can view or write data.
Data visibility: Unlike public chains, no transaction, token, or metadata is visible to the public or external parties.
Mutability & audit: Entries are append‑only to preserve integrity, but corrective or updated records can be appended through governance processes. LEMX may annotate off‑chain mirrors to reflect changes.
No public addresses: Wallets and identities inside the platform are tied to verified entities and are not exposed publicly.
Your responsibility: Avoid including unnecessary personal information in token or registry metadata.

Automated Decision‑Making & Profiling

Certain features may use automated scoring (e.g., fraud, sanctions risk, or data‑quality flags). Where required by law, we will provide information about the logic involved and allow you to contest such decisions.

Sharing & Disclosures

We may share information with:

Service providers: Cloud hosting, analytics, security, customer support, and KYC/AML vendors.
Integration partners: Verification/assurance providers and enterprise customers who receive data within the permissioned network.
Corporate transactions: Mergers, acquisitions, financings, or asset transfers.
Legal & compliance: To comply with law, enforce agreements, or respond to lawful requests.

We do not sell or publicly disclose personal information.Integration partners: Verification/assurance providers and enterprise customers who receive data within the permissioned network.

Data Retention

We retain information as needed for the purposes described, including:

Account & transactional records: For as long as you maintain an account and as legally required.
KYC/AML records: As required by law (typically 5–10 years).
Private blockchain data: Retained indefinitely for integrity, subject to internal governance for corrections.
De‑identified data: May be retained without time limits.

Cookies & Tracking

We use cookies and similar technologies to maintain sessions, improve security, and analyze usage. The only cookies used are first party. We do not use any third party cookies on our platform.

Security

We use encryption, access controls, network isolation, and incident response procedures to protect data. The private blockchain runs on secured infrastructure, and all nodes are authenticated and monitored.

You Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your data, and to object to certain processing. Some data (e.g., blockchain records) may be retained as required by governance or law.

Requests can be submitted to info@lemx.exchange.

Privacy Policy