Privacy Policy
Effective Date:
September 1, 2025
Scope & Applicability
This Policy applies to information we process about:- Visitors to our websites and marketing properties.
- Users who create accounts, connect wallets, publish data, mint tokens, trade/retire tokens, or consume registry data within our private blockchain environment.
- Partners and suppliers who integrate with our APIs or submit data to be tokenized.
Key Terms
- Personal Data / Personal Information (PI): Information that identifies or reasonably relates to an individual.
- Sensitive Personal Data: Categories such as government IDs, precise location, financial account numbers, etc., as defined by applicable law (e.g., CPRA/GDPR).
- Private Blockchain Data: Information recorded to the LEMX private blockchain network, accessible only to permissioned nodes under contractual and security controls.
- Off‑Chain Data: Data stored in databases or cloud environments managed by LEMX and its service providers.
- Tokenization: Converting attributes, measurements, or provenance data into digital tokens or registry entries for secure use within the LEMX private network.
- De‑identified Data: Data that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual.
Information We Collect
We collect information in the following categories (exact data may vary by product and jurisdiction):You provide directly
- Account details: Name, business email, phone, organization, job title, password hash, role.
- Wallet & identity: Wallet address(es), digital signatures, allow‑list/deny‑list status, and verification outcomes from KYC/AML providers.
- Business profile: Operator type, assets, facilities, measurement methodologies, attestations, contacts for compliance.
- Transactional inputs: Registry submissions, declarations, meter/measurement files, batch uploads, API payloads, and attachments.
- Support & communications: Helpdesk tickets, chat transcripts, feedback forms, marketing preferences.
Collected automatically
- Device/usage: IP address, user‑agent, device IDs, timestamps, referring URLs, clickstream, feature usage, error logs.
- Cookies/SDKs: Session cookies, analytics cookies, and similar technologies. See Section 9 (Cookies & Tracking).
- Telemetry for API and node calls: Rate limits, latency metrics, request/response metadata, and system health.
From third parties
- Compliance vendors: KYC/AML sanctions screening (e.g., watchlists, PEP status), identity document checks.
- Commercial partners: Data contributors and verification/assurance providers.
- Public sources: Corporate registries, regulatory filings, and public websites.
How We Use Information
We use information for:- Operating the Services: Account creation, authentication, registry publication, token minting, transfers, retirements, and data verification inside the LEMX private network.
- Compliance & risk: KYC/AML checks, sanctions screening, fraud prevention, incident response, and audits.
- Integrity & verification: Correlating data inputs with measurement and assurance records; maintaining provenance and data integrity.
- Improvement & analytics: Debugging, performance tuning, and product development.
- Business operations: Billing, invoicing, accounting, and vendor management.
- Communications: Service notices, product updates, and—subject to your consent—marketing messages.
- Research & reporting: Aggregated and de‑identified insights shared with market participants.
Private Blockchain-Specific Disclosures
- Permissioned access: The LEMX blockchain is private and access‑controlled. Only authorized nodes operated by approved participants under legal agreements can view or write data.
- Data visibility: Unlike public chains, no transaction, token, or metadata is visible to the public or external parties.
- Mutability & audit: Entries are append‑only to preserve integrity, but corrective or updated records can be appended through governance processes. LEMX may annotate off‑chain mirrors to reflect changes.
- No public addresses: Wallets and identities inside the platform are tied to verified entities and are not exposed publicly.
- Your responsibility: Avoid including unnecessary personal information in token or registry metadata.
Automated Decision‑Making & Profiling
Certain features may use automated scoring (e.g., fraud, sanctions risk, or data‑quality flags). Where required by law, we will provide information about the logic involved and allow you to contest such decisions.Sharing & Disclosures
We may share information with:- Service providers: Cloud hosting, analytics, security, customer support, and KYC/AML vendors.
- Integration partners: Verification/assurance providers and enterprise customers who receive data within the permissioned network.
- Corporate transactions: Mergers, acquisitions, financings, or asset transfers.
- Legal & compliance: To comply with law, enforce agreements, or respond to lawful requests.
Data Retention
We retain information as needed for the purposes described, including:- Account & transactional records: For as long as you maintain an account and as legally required.
- KYC/AML records: As required by law (typically 5–10 years).
- Private blockchain data: Retained indefinitely for integrity, subject to internal governance for corrections.
- De‑identified data: May be retained without time limits.