Last Update: April 24, 2023
This section is not part of a legal document, it's us providing context on the below in plain English. Please reach out to us at firstname.lastname@example.org with any questions or feedback.
Privy builds software to enable developers manage user data securely and to empower users to retain control of their data across the web.
The open web will be built with open standards. We want to enable you to run Privy easily but also believe developer and user choice is paramount to data privacy. For that reason, we run hosted infrastructure but also plan to open our systems so you can choose where to run your data systems.
If you pay Privy to run software on your behalf, we do so committing to the highest level of support. If you do not pay, your systems will be able to integrate within the Privy ecosystem as first-class citizens. Interoperability is core to our mission and our paid offering will only be one way to use Privy to safely interact with user data.
We do not deal in user data; we do not see user data, and we will not lock you or your users' data into Privy-run systems.
1. Access to the Services
Subject to Customer’s compliance with the terms and conditions of this Agreement, Privy grants Customer a nonexclusive, limited, personal, nonsublicensable, nontransferable right and license to internally access and use the services made available by Privy to Customer (“Services”) during the applicable Term (as defined below) for the internal business purposes of Customer, only as provided herein and only in accordance with Privy’s applicable official user documentation for such Services (the “Documentation”).
2. Creating an Account or a Wallet
Customer’s end users (“Users”) may create Wallets via the Services. A “Wallet” is a an intangible medium which secures a set of cryptographic keys for a user enabling them to sign arbitrary messages on behalf of third party applications. This includes signature of cryptocurrency transactions enabling the user to control digital assets. Wallets provided by Privy are always self-custodial, meaning signatures can only be generated in the user's presence and with their approval. Wallets can be orchestrated by Privy or a third party service provider of the user's choosing.
When a User creates a wallet, the User generates “user entropy”, which is a user-inputted sequence of characters enabling generation of encryption keys to protect the wallet. Users should safeguard their Secret but can use it to recover their Wallet via a Privy-hosted User flow if they lose access to their Wallet. Please note that Privy never has access to any User’s private key or recovery phrase.
If a Customer using Privy’s embedded Wallet Services becomes (i) subject to insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debts, (ii) dissolves or becomes insolvent, or (iii) ceases to conduct its business, Users can still retrieve their Wallets via a Privy-hosted User flow.
3. Support; Service Levels
Subject to Customer’s payment of all applicable fees, Privy will provide support, maintenance, and uptime for each Service in accordance with Privy’s then-current standard Support and Availability Policy or as otherwise mutually agreed by the parties in writing. From time to time, Privy may also agree to provide certain additional services (“Additional Services”), which shall be agreed in a separate statement of work referencing these Terms and subject to Privy’s standard fees.
4. Open Source Software; Third Party Software
Customer acknowledges and agrees that the Services may operate on, with or using application programming interfaces (APIs) and/or other services and software operated, licensed or provided by third parties, including software that is subject to open source licenses (“Third Party Software”), including without limitation through integrations or connectors to such Third Party Software that are provided by Privy. Privy is not responsible for the operation of any Third Party Software nor the availability or operation of the Services to the extent such availability and operation is dependent upon Third Party Software. Customer is solely responsible for procuring any and all rights necessary for it to access Third Party Software (including any Customer Data or other information relating thereto) and for complying with any applicable terms or conditions thereof. Privy does not make any representations or warranties with respect to Third Party Software or any third party providers. Any exchange of data or other interaction between Customer and a third party provider is solely between Customer and such third party provider and is governed by such third party’s terms and conditions.
5. Proprietary Software
Except with respect to Third Party Software, the Services are proprietary to Privy, and as between the parties, Privy retains all right, title, and interest in and to the Services, and all software, products, works, and other intellectual property rights therein (“Proprietary Software”). No rights or licenses are granted except as expressly and unambiguously set forth in this Agreement.
6. Service Updates; Beta Products
From time to time, Privy may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Privy shall have no obligation under this Agreement or otherwise to provide any such Updates. Customer understands that Privy may make improvements and modifications to the Services at any time in its sole discretion; provided that Privy shall use commercially reasonable efforts to give Customer reasonable prior notice of any major changes. In the event that Privy provides Customer with access to any beta, demonstration, pre-release or similar versions of the Services (as may be indicated on the Services or otherwise by Privy), then (i) Customer acknowledges that such Services are experimental in nature, are provided “AS IS”, and may not be functional on any machine or in any environment, and (ii) Privy’s obligations pursuant to Sections 3 (“Support; Service Levels”) and 12 (“Indemnification”) shall not apply to such services.
7. Fees; Payment
Customer shall pay Privy fees for the Service as set forth on Privy’s pricing policy, as may be updated by Privy from time to time.
Except as expressly set forth in this Agreement, Customer shall not (and shall not allow any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service (except to the extent applicable laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the Service; (iii) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the Service; (iv) use the Service for the benefit of a third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (vi) use the Service to build an application or product that is competitive with any Privy product or service; (vii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (viii) bypass any measures Privy may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); or (ix) make available to Privy any Customer Data (defined below) without full permission to do so. Customer is responsible for all of Customer’s activity in connection with the Service, including but not limited to uploading Customer Data (as defined below) onto the Service. Customer (a) shall use the Service in compliance with all applicable local, state, national and foreign laws, treaties and regulations in connection with Customer’s use of the Service (including those related to data privacy, international communications, export laws and the transmission of technical or personal data laws), and (b) shall not use the Service in a manner that violates any third party intellectual property, contractual or other proprietary rights.
9. Customer Data
For purposes of this Agreement, “Customer Data” shall mean any data, information or other material provided, uploaded, or submitted by Customer to the Service in the course of using the Service. As between Customer and Privy, Customer shall retain all right, title and interest in and to the Customer Data, including all intellectual property rights therein. Customer, not Privy, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data. Customer represents and warrants that it has all rights necessary to provide the Customer Data to Privy as contemplated hereunder, in each case without any infringement, violation or misappropriation of any third party rights (including, without limitation, intellectual property rights and rights of privacy). Privy shall use commercially reasonable efforts to maintain the security and integrity of the Service and the Customer Data. Privy is not responsible to Customer for unauthorized access to Customer Data or the unauthorized use of the Service unless such access is due to Privy’s gross negligence or willful misconduct. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service, even if Customer did not authorize such use. Customer acknowledges that the Services may enable Users to control the use of their data. Customer retains full responsibility for any services it renders to Users, and Privy does not assume any responsibility such services.
10. Responsibility and Risk
Privy operates non-custodial services, which means that Privy does not store or have access to User’s Wallet(s) or any assets that may be contained therein. Privy also does not have access to or store passwords, recovery phrases, private keys, or other credentials associated with a User’s use of the Services and so Privy cannot assist with retrieving any such credentials (“Credentials”). Users are solely responsible for remembering, storing, and keeping User credentials in a secure location.
Customer agrees to comply with and shall ensure that its Users comply with all third party terms associated with Wallet(s) that are linked to the Services. Customers and Users understand and agree that Users are solely responsible for maintaining the security of their Credentials. Any unauthorized access to a User’s Wallet could result in the loss or theft of any asset that may be held in a User’s Wallet, including any linked financial information such as bank accounts and financial accounts.
If Customer or User notices any unauthorized or suspicious activity in Wallet(s) that are related or linked to the Services, please notify Privy immediately at email@example.com. However, Privy shall have no duty or obligation to assist Customer or any User in connection with such activity related to a Wallet or if User is unable to locate their Credentials.
11. Term; Termination
Customer may stop using the Services at any time by contacting Privy at firstname.lastname@example.org. Privy is also free to terminate (or suspend access to) the Customer’s use of the Services or its account for any reason in Privy’s discretion, including Customer’s breach of this Agreement. All provisions of this Agreement which by their nature should survive termination shall survive termination, including, without limitation, accrued payment obligations, ownership provisions, warranty disclaimers, indemnity and limitations of liability. For clarity, any services provided by Privy to Customer, including any assistance in exporting the Customer Data (if applicable), shall be billable at Privy’s standard rates then in effect.
Each party (“Indemnitor”) shall defend, indemnify, and hold harmless the other party, its affiliates and each of its and its affiliates’ employees, contractors, directors, suppliers and representatives (collectively, the “Indemnitee”) from all liabilities, claims, and expenses paid or payable to an unaffiliated third party (including reasonable attorneys’ fees) (“Losses”), that arise from or relate to any third party claim that (i) in the case of Customer as Indemnitor, that the Customer Data or Customer’s use of the Service infringes, violates, or misappropriates any third party intellectual property or proprietary right, including any rights of privacy, or violates any applicable law, or (B) in the case of Privy as Indemnitor, the Proprietary Software, as used by Customer in compliance with this Agreement, infringes, violates, or misappropriates any valid third party intellectual property or proprietary right. Each Indemnitor’s indemnification obligations hereunder shall be conditioned upon the Indemnitee providing the Indemnitor with: (x) prompt written notice of any claim (provided that a failure to provide such notice shall only relieve the Indemnitor of its indemnity obligations if the Indemnitor is materially prejudiced by such failure); (y) the option to assume sole control over the defense and settlement of any claim (provided that the Indemnitee may participate in such defense and settlement at its own expense); and (z) reasonable information and assistance in connection with such defense and settlement (at the Indemnitor’s expense). The foregoing obligations of Privy do not apply with respect to any information, technology, materials or data (or any portions or components of the foregoing) to the extent (a) not created or provided by Privy (including without limitation any Customer Data), (b) made in whole or in part in accordance to Customer specifications, (c) modified after delivery by Privy, (d) combined with other products, processes or materials not provided by Privy (where the alleged Losses arise from or relate to such combination), (e) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (f) Customer’s use not strictly in accordance herewith.
EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND ARE WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. WITHOUT LIMITING THE FOREGOING, ANY USE OF THE SERVICES BY CUSTOMER ON SERVICES OWNED OR OPERATED BY OR ON BEHALF OF CUSTOMER IS PROVIDED “AS IS” and “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND AND SUCH USE IS AT CUSTOMER’S SOLE RISK.
USE OF ANY WALLET RECOVERY SERVICE INCLUDED AS PART OF THE SERVICES IS OFFERED TO CUSTOMER AND ITS USERS AS A CONVENIENCE, SUBJECT TO THE TERMS SET FORTH IN THIS AGREEMENT. CUSTOMER AND ITS USERS ARE SOLELY IN CONTROL OF AND RESPONSIBLE FOR STORING AND SECURING USER’S PRIVATE KEYS AND RECOVERY PHRASES. PRIVY DOES NOT GUARANTEE THAT CUSTOMER OR ANY USER WILL BE ABLE TO RECOVER ANY WALLET AND DOES NOT STORE OR HAVE ACCESS TO ANY PRIVATE KEYS OR RECOVERY PHRASES. IF A USER LOSE THEIR PRIVATE KEY OR RECOVERY PHRASE, THEN THE USER MAY LOSE ACCESS TO ALL ASSETS STORED IN THEIR WALLET. CUSTOMER AND USER SHOULD ALWAYS BACKUP PRIVATE KEYS AND RECOVERY PHRASES VIA SECONDARY MEANS.
PRIVY WILL NOT BE RESPONSIBLE OR LIABLE TO CUSTOMER OR ANY USER FOR ANY LOSS AND TAKES NO RESPONSIBILITY FOR, AND WILL NOT BE LIABLE FOR, ANY USE OF THE SERVICES INCLUDING BUT NOT LIMITED TO ANY LOSSES, DAMAGES OR CLAIMS ARISING FROM: (A) USER ERROR SUCH AS FORGOTTEN CREDENTIALS, INCORRECTLY CONSTRUCTED TRANSACTIONS, OR MISTYPED ADDRESSES; (B) SERVER FAILURE OR DATA LOSS; (C) CORRUPTED WALLET FILES; (D) UNAUTHORIZED ACCESS TO APPLICATIONS; OR (E) ANY UNAUTHORIZED THIRD-PARTY ACTIVITIES, INCLUDING WITHOUT LIMITATION THE USE OF VIRUSES, PHISHING, BRUTE FORCING OR OTHER MEANS OF ATTACK AGAINST THE SITE OR SERVICES.
14. Limitation of Liability
EXCEPT FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS AND FOR CUSTOMER’S BREACH OF SECTION 8, IN NO EVENT SHALL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT (I) FOR ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), (III) THIRD-PARTY SOFTWARE USED WITH THE SERVICES, OR (IV) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) BY CUSTOMER TO PRIVY HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.
This Agreement represents the entire agreement between Customer and Privy with respect to the subject matter hereof, and supersedes all prior or contemporaneous communications and proposals (whether oral, written or electronic) between Customer and Privy with respect thereto. The Agreement shall be governed by and construed in accordance with the laws of the State of New York, excluding its conflicts of law rules, and the parties’ consent to exclusive jurisdiction and venue in the state and federal courts located in New York, New York. Privy reserves the right to change this Agreement upon notice to Customer. If Customer uses the Services in any way after a change to the Agreement is effective, Customer agrees to all of the changes. Privy reserves the right, at its sole discretion, to modify or replace this Agreement, in whole or in part, at any time. Privy will notify you of any material change in advance of the effective date of any such change. Your continued use the Services following notice of change constitutes your acceptance of those changes. Except for changes by Privy as described herein, no other amendment or modification of this Agreement will be effective unless in writing and signed by both parties. Except for payment obligations, neither party shall be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond such party’s reasonable control, including, without limitation, the elements; fire; flood; severe weather; earthquake; vandalism; accidents; sabotage; power failure; denial of service attacks or similar attacks; Internet failure; acts of God and the public enemy; acts of war; acts of terrorism; riots; civil or public disturbances; strikes lock-outs or labor disruptions; any laws, orders, rules, regulations, acts or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts. Customer may not assign, delegate or transfer this Agreement or its rights or obligations hereunder, or the Services account, in any way (by operation of law or otherwise) without Privy’s prior written consent. Privy may transfer, assign, or delegate this Agreement and its rights and obligations without consent. Customer will be responsible for paying, withholding, filing, and reporting all taxes, duties, and other governmental assessments associated with its activity in connection with the Services. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and attorneys’ fees. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. The failure of either party to act with respect to a breach of this Agreement by the other party shall not constitute a waiver and shall not limit such party’s rights with respect to such breach or any subsequent breaches.
14. Data Processing Agreement
Customer understands its obligations under applicable data protection laws and will comply with them. To the extent the parties enter into a separate written data processing agreement (a "DPA"), such DPA is hereby incorporated by reference.