Privacy Notice

Last updated

Mauve Limited ("Mauve") respects your right to privacy. This Privacy Policy explains who we are, how we collect, share, and use personal data about you and how you can exercise your privacy rights. This Privacy Policy only applies to personal data that we collect directly when you access, use Mauve's service, and that we receive from our compliance and identity management partner, Violet, when we are required to submit suspicious activity reports to the Cayman Islands Monetary Authority.

If you have any questions or concerns about our data protection practices after reading this Notice, then please contact us at: Our physical address is: Mauve Limited, P.O. Box 10008, Willow House, Cricket Square, Grand Cayman, KY1-1001, Cayman Islands.

  1. What does Mauve do?

    • Mauve Limited is an exempted company based in the Cayman Islands that operates and related services. Mauve complies with Cayman Island laws and regulation as well as the EU's General Data Protection Regulation.
    • Mauve operates a noncustodial automated market maker protocol on Ethereum Mainnet. Unlike other decentralized exchanges, Mauve's protocol will not process a transaction unless it receives a valid Ethereum Access Token issued by Violet, demonstrating among other things that a user is in compliance with applicable sanctions, know-your-customer, and anti-money laundering requirements.
    • Mauve does not collect and store personal data, such as first name, last name, street address, date of birth, or email address, in connection with your use of our services. Violet does collect and store such information, and you should review Violet's privacy notice before using Mauve's services.
    • Mauve does collect non-identifiable data, such as limited off-chain data like device type, operating system, browser version, country of access, etc. Mauve may collect public, on-chain data. Any data collected is used to help drive product development, not to track users.
  2. What personal data does Mauve collect and why?

    1. Accessing Mauve and Using Mauve's Services

      Privacy is a core tenet of Mauve, and we endeavor to collect as little personal information about you as possible while satisfying our regulatory obligations and ensuring excellent product development. We are committed to transparency about what little data we do collect. Mauve does not maintain user accounts directly, and we do not directly collect and store personal data, such as your name or IP address. When you interact with Mauve, we may collect the following:

      • Website/App Visitors: We rely on Vercel to provide website analytics related to Mauve. Vercel uses a generated hash to provide a privacy-friendly experience for visitors — we cannot track you between different days or different websites. We collect information like top pages, top referrers, and demographics like country, operating system, and browser information. You can view Vercel's documentation here.
      • Publicly available blockchain data: When you connect your non-custodial blockchain wallet to Mauve, we may collect and log your publicly available blockchain address to learn more about your use of Mauve. Please note that blockchain addresses are publicly available data that are not created or assigned by Mauve and, by themselves, are not personal information.
      • Information you specifically provide us: If you specifically provide us with personal information—such as by communicating with us via email, Discord, or social media—we may use that information for the purposes described when you provided it to us. Mauve will not attempt to link any such information to your wallet address or other information possessed by Mauve.
      • Permissioned Digital Assets: If you meet the required qualifications, you may be able to swap or participate in liquidity pools for certain digital assets that are "permissioned" by the asset issuer due to their regulatory requirements. Where you elect to exchange these permissioned assets, you agree that Mauve may collect your personal information from Violet and provide it to the specific asset issuer. Information provided would include name, date of birth, taxpayer identification number, and address. Mauve does not retain your personal information after fulfilling our contractual reporting obligations.
    2. Suspicious Activity Reporting

      Mauve is a registered virtual asset service provider in the Cayman Islands, subject to regulatory enforcement by the Cayman Islands Monetary Authority. Under the terms of our registration, Mauve is required to submit suspicious activity reports in accordance with Cayman Islands law. When Mauve has reasonable grounds to believe that a suspicious transaction has occurred (e.g., reasonable grounds to suspect the transaction is related to the proceeds of criminal conduct), Mauve is required to submit a report to the relevant Cayman Islands authority. Mauve's strong preference would be to disclose any such report to you, but applicable law demands that Mauve keep all suspicious activity reports strictly confidential.

      Despite the confidentiality requirements, Mauve is transparent about what types of information would be contained in such a report. First, in order to submit a required report, Mauve will obtain personal information directly from Violet, consistent with Violet's privacy notice. Information received will include what's available and required by the regulator, including information like name, date of birth, address, identification number (e.g., passport), and contact information. Mauve retains submitted suspicious activity reports as required by Cayman Islands law, but Mauve does not directly retain the underlying personal information outside of the report document itself.

  3. Who does Mauve share my personal data with?

    Mauve does not collect or share your personal information with anyone as a routine part of your use of our services. If you correspond with us and request us to access or share information with Violet, we will do so with your consent.

    When required by law, Mauve receives user information from Violet to enable the filing of a suspicious activity report, which is then retained for the time period required by law. Mauve does not retain the personal information outside of the report document itself.       

  4. What is the legal basis for processing personal data?

    Mauve processes your information when you have corresponded with us, asked us to do so, and provided your consent. At any time, you have a right to withdraw your consent.

    Mauve also processes your information when required to fulfill our legal obligations.

  5. International data transfer

  6. Mauve is based in the Cayman Islands, and Violet is based in Germany. As a condition of using Mauve, your data may be transferred to and processed outside the EEA in order for Mauve to satisfy its legal obligations. Data transfers outside the EEA are subject to appropriate safeguards including European Commission adequacy decisions, binding corporate rules, standard contractual clauses, and the Trans-Atlantic Data Privacy Framework.

  7. Data retention

    Mauve retains personal data only when it is included in a suspicious activity report, which is retained for the period of time required by law. All other personal data that may come into our possession is destroyed in the ordinary course of business

  8. Your data protection rights

    We respect data protection rights and individual privacy no matter where our users are located. Under the General Data Protection Regulation, all of our users generally have the following data protection rights:

    • If you wish to access your personal data, you can do so at any time by contacting us.
    • If you wish to correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details provided at the beginning of this notice.
    • You have the right to object to processing of your personal data, ask us to restrict processing of your personal data, or request portability of your personal data. You can exercise these rights by contacting us using the contact details provided at the beginning of this notice.
    • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Please know that withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
    • You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
    • We respond to all requests we receive from people wishing to exercise their data protection rights in accordance with applicable data protection laws. We encourage you to contact us with any concerns, as we would be happy to try to resolve it directly.
  9. Jurisdiction-specific disclosures

    We apply the General Data Protection Regulation to all users, but recognize there are many other jurisdiction-specific data protection and privacy requirements. We believe in transparency and maximum user knowledge about their rights, even when we do not believe the jurisdiction-specific rules apply or require us to take a different action than the General Data Protection Regulation. Additional jurisdiction-specific information will be added over time.

  10. Updates to this Privacy Policy

    We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

    You can see when this Privacy Policy was last updated by checking the last updated date displayed at the top of this Privacy Policy.