Octav | Privacy Policy

Last Updated: January 23, 2025

This privacy policy (“Privacy Policy”) describes how Octav Labs Inc. (“our”, “us” or “we”) collects, uses, shares, and stores personal information of clients and users of its website https://octav.fi/, web application, products and services (collectively, the “Services”) on or in which this Privacy Policy is posted, linked, or referenced.

By using the Services, you accept the terms of this Privacy Policy and our Terms of Use, and consent to our collection, use, disclosure, and retention of your information as described in this Privacy Policy. If you have not done so already, please also review our Terms of Use. The Terms of Use contain provisions that limit our liability to you and require you to resolve any dispute with us on an individual basis and not as part of any class or representative action. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.

Please note that this Privacy Policy does not apply to information collected through third-party websites or services that you may access through the Services or that you submit to us through email or other electronic message or offline. We encourage you to carefully review the privacy policies of any third-party website you access.

What we Collect

Information You Give Us. Information we collect from you may include:

Contact information, such as your email address or social media (including Discord);
Profile information, such as your blockchain public key, preferences, feedback and survey responses;
Feedback and correspondence, such as information you provide in your responses to surveys;
Transaction information, such as details about purchases you make through the Services and preferences with respect to blockchain transaction labeling;
Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them; and
Other information not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-Party Sources. We may receive personal information about you from third-party sources. For example, third-party wallet providers provide us with your blockchain public key and certain information you choose to share with those wallet providers. We may add this to the data we have already collected from or about you through our Services.

Automatic Data Collection. We may automatically record certain information about how you use our Services (we refer to this information as “Log Data”). Log Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features available through our Services to which a user browsed and the time spent on those pages or features, the frequency with which the Services are used by a user, search terms, the links made available through the Services that a user clicked on or used, the time zone setting and location, and other statistics. We use this information to improve and enhance the Services by expanding its features and functionality and tailoring it to our users’ needs and preferences.

If you have consented to their uses (to the extent required under applicable laws), we may use cookies, local storage or similar technologies to analyze trends, administer the pages made available through the Services, track users’ movements around the pages made available through the Services, and to gather demographic information about our user base as a whole. Users can control the use of cookies and local storage at the individual browser level.

Information We Will Never Collect. We will never ask you to share your blockchain private keys or wallet seed phrase. Never trust anyone or any site that asks you to enter your blockchain private keys or wallet seed phrase.

Use of Personal Information

We use the collected personal information for various purposes or as otherwise described at the time of collection:

Service Delivery. We use your personal information to:

provide, operate and improve the Services and our business;
register you as a user of Services;
enter into and perform contracts where we fare supplying services to you;
communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
provide support for the Services, and respond to your requests, questions and feedback.

Research and Development. We may use your personal information for research and development purposes, including to analyze and improve the Services and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you.

Compliance and Protection. We may use your personal information to:

comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements and internal policies;
enforce the Terms of Use that govern the Services; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With Your Consent. We may use, share or collect your personal information with your consent, such as when required by law.

Disclosure of Your Data

We may share your data with the following parties and as otherwise described in this Privacy Policy or at the time of collection.

Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates (i.e., our family of companies that are related by common ownership or control) for purposes consistent with this Privacy Policy.

Authorities and Others. We may disclose your personal information for law enforcement purposes, with government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the “Compliance and Protection” purposes described above.

Blockchain. Given that the blockchain is a public record, the transaction records associated with any transaction you make using the Services will be publicly available on the blockchain.

Business Transfers. We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, reorganization, divestiture, or in the event of bankruptcy or dissolution.

Professional Advisors and Service Providers. We may share personal information with those who need it to work for us. These recipients may include our employees as well as third-party companies and individuals to administer and provide the Services on our behalf, as well as lawyers, bankers, auditors, and insurers.

Data Retention

We retain information we collect as long as it is necessary and relevant to fulfill the purposes outlined in this Privacy Policy. In addition, we retain personal information to comply with applicable law where required, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Use, and other actions permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

We employ industry standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the Internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, blockchain private key, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected.

Your Rights

Depending on applicable laws, you may have the following rights with respect to your personal information:

the right to ask us for an overview of your personal information that we process;
the right to ask us to transfer your personal information directly to you or to another entity, including in a structured, commonly used and machine-readable format. This may apply to personal information that we process by automated means and with your consent or on the basis of a contract with you. We will transfer your personal information where it is technically feasible;
the right to have your personal information deleted if we no longer need it for its original purpose, if you object to us processing your personal information for our own legitimate interests or for personalized commercial messages, if you withdraw your consent for processing your personal information, if we unlawfully process your personal information, or if a law requires us to erase your personal information;
the right to object to us using your personal information for our own legitimate interests. We will consider your objection and whether processing your personal information has any undue impact on you that requires us to stop doing so. You cannot object to us processing your personal information if we are legally required to do so (for example if we are obliged to fulfill a contract with you);
we sometimes use systems to make automated decisions based on your personal information if this is necessary to fulfill a contract with you or if you gave us consent to do so. In such cases, you have the right to object to such automated decisions and ask for an actual person to make the decision instead;
if your personal information is incorrect, you have the right to ask us to rectify it. If we shared such data about you with a third party in compliance with this Privacy Policy, it is our obligation to notify this change to the third party;
the right to ask us to restrict using your personal information if in your opinion the information is inaccurate, if we are processing the data unlawfully, or if you have objected to us processing your personal information for our own legitimate interests; and
should you not be satisfied with the way we have responded to your concerns, you have the right to submit a complaint to us using the contact information further up in this Policy. If you are still unhappy with our reaction to your complaint, you can also contact the data protection authority in your country.

Please note that deletion of your personal information may make it impossible for you to use the website or the Services.

Minors

We do not intentionally gather personal information from visitors who are at the age of minority in your country of residence. Our Terms of Use require all users to be at the age of majority in the country of their residence. If a minor submits personal information to us, we will attempt to delete the information as soon as possible. If you believe that we might have any personal information from a minor, please contact us at [email protected].

Third Party Payment Service Provider

The Services provide functionality allowing you to make payments using the payment services provided by the Payment Service Provider. When you use such a service to make a payment to us, your personal information will be collected by such Payment Service Provider and not by us and will be subject to such Payment Service Provider’s privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, the Payment Service Provider’s collection, use, and disclosure of your personal information.

Limitation of Liability

We, and/or our respective officers, directors, shareholders, owners, officials, partners, partnership, principals, employees, affiliates and other related entities, servants, agents, representatives, successors and assigns, will not be held liable for any losses or damages (pecuniary or otherwise) resulting from the misuse of any information collected through the Services not in violation of this Privacy Policy or any applicable laws.

Compliance with Canada Privacy Laws

This Privacy Policy and our practices in general are designed to be in compliance with Canada’s Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) and Québec’s An Act Respecting the Protection of Personal Information in the Private Sector (R.S.Q. c. P-39.1) and any amendments thereof.

International Data Transfers

We have offices outside of the EU and your personal information may be transferred to, and processed in or from, Canada or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

EU users should read the important information provided below about the transfer of personal information outside of the European Economic Area.

Changes to this Privacy Policy

We may change this Privacy Policy at any time. We encourage you to periodically review this page for the latest information about our privacy practices. If we make any changes, we will change the Last Updated date above.

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Services (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

Contact us

If you have any question or comment about this Privacy Policy, please do not hesitate to contact us at [email protected].

Notice to California Residents

Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA”.

For more details about the personal information we collect from you, please see the “What we Collect” section above. We collect this information for the business and commercial purposes described in the “Use of Personal Information” section above. We share this information with the categories of third parties described in the “Disclosures of Your Data” section above. We do not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected]. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requesters’ valid government issued identification, and the authorized agent’s valid government issued identification.

Notice to European Users

The information provided in this notice applies only to individuals in the European Economic Area, Switzerland, and United Kingdom (collectively, “EU”) and “personal information” as used in this Privacy Policy is equivalent to “personal data” as defined in the European Union General Data Protection Regulation (GDPR).

Sensitive Data. Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.

Legal Basis for Processing. We only use your personal information as permitted by law. We are required to inform you of the legal basis of our processing of your personal information, which are described in the table below. If you have any questions about the legal basis under which we process your personal information, contact us at [email protected].

Processing Purpose & Legal Basis

To provide our Service: Our processing of your personal information is necessary to perform the contract governing our provision of the Services or to take steps that you request for the Services.

To communicate with you/To optimize our Services/For compliance, fraud prevention, and safety/For research and development: These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with law: We use your personal information to comply with applicable laws and our legal obligations.

With your consent: Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime by contacting us at [email protected].

Use for New Purposes. We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for a related purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.

Your Rights. Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you service-related and other non-marketing communications.
Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to [email protected]. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected] or submit a complaint to the data protection regulator in your jurisdiction.

Cross-Border Data Transfer. We process personal data in Canada and the United States and data protection laws may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to Canada and the United States as set forth in this Privacy Policy by using our Services.

Whenever we transfer your personal information out of the EU to Canada and the United States or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EU.