Metaplex Foundation Privacy Policy

This Privacy Policy for the Metaplex Foundation (together will all affiliates, the “Foundation”, “we”, “us”, or “our”), describes how and why we might collect, store, use and/or share (“process”) your information when you use our services (“Services”), such as when you:

  • Visit our websites at,, or any of our websites that link to this Privacy Policy.
  • Engage with us in other relates ways, including when you contact us.

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at


We collect personal information that you voluntarily provide to us when you express interest in obtaining information about us and our Services, when you use the Services, when you connect a third-party supported electronic wallet (e.g., Phantom) to use our Services, or otherwise when you contact us.

For example, when you contact our email addresses, we will receive your name, email address, the contents of a message or attachments that you may send to us, and other information you choose to provide. If you subscribe to our newsletter, then we will collect certain information from you, such as your email address. If you submit DAO proposals, then we will collect the information you provide for the purpose of evaluating the proposals. The Foundation only collects information from you if it is necessary to answer your questions or to provide the Services you have requested. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our services.

Personal Information You Provide to Us. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:

  • Names
  • Email addresses
  • Job titles

Sensitive information. We do not process sensitive information.

All personal information that you provide to use must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information We Collect When You Use Our Services. Some information – such as your Internet Protocol (IP) address and/or browser and device characteristics – is collection automatically when you visit our Services. This information does not reveal your identity (like your name or contact information) but may include device and usage information, such as your IP address, browser characteristics, language preferences, country, location, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

  • Blockchain Information. When you take an action on the blockchain using our Services, we may receive public blockchain data related to that action.
  • Location Information. When you use our services, we infer your more general location information (for example, your Internet Protocol (IP) address may indicate your more general geographic region). 
  • Device Information. We receive information about the device and software you use to access our services, including IP address, web browser type, and operating system version.
  • Usage Information. To help us understand how you use our services and to help us improve them, we automatically receive information about your interactions with our services, like the pages or other content you view, and the dates and times of your visits.
  • Third Party Websites and Social Media. This website may contain content and links to third-party websites that are not owned, operated, or controlled by the Foundation. The Foundation is not responsible for the privacy practices of, or the content displayed on such third-party websites.  When engaging with the Foundation’s content on or through a third-party social networking website, plug-in, or application, the Foundation may Process Personal Data associated with your social media account.
  • Information from Cookies and Similar Technologies. We and third-party partners collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics partners, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. Please review Your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.


We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

When process your information for a variety of reasons, depending on how you interact with our Services, including:

  • To provide, maintain, improve, and enhance our services.
  • To communicate with you, provide you with updates and other information relating to our services, provide information that you request, respond to comments and questions, and otherwise provide user support.
  • To find and prevent fraud, and respond to trust and safety issues that may arise.
  • To request feedback.
  • To enable user-to-user communications.
  • To save or protect an individual’s vital interest, such as to prevent hamr.
  • For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
  • For other purposes for which we provide specific notice at the time your information is collected.


We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services, to fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Consent: If you give consent to the processing of your personal information for a specific purpose(s). You can withdraw your consent at any time by contacting us at
  • Contractual necessity: We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request before entering into a contract with you.
  • Legitimate interests: We may process your information when we believe it is reasonably necessary to achieve the legitimate business interests of us or a third party and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
    • Diagnose problems and/or prevent fraudulent activities.
    • Understand how our users use our products and services so we can improve user experience.
    • Processing is necessary for the purposes of the legitimate interests pursued by the Foundation or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child.
  • Legal Obligations. We may process your information when we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information when we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time by contacting us at

In some exceptional cases, we may be legal permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.
  • For investigations and fraud detection and prevention.
  • For business transactions provided certain conditions are met.
  • If it is contained in a witness statement and the collection is necessary to access, process, or settle an insurance claim.
  • For identifying injured, ill, or deceased persons and communicating with next of kin.
  • If we have reasonable grounds to believe an individual has been, is, or may be a victim of financial abuse.
  • If it is reasonable to expect collection and use with consent would compromise the availability or accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or contravention of the laws of Canada or a province.
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records.
  • If it was produced by an individual in the course of their employment, business or profession and the collection is consistent with the purposes for which the information was produced.
  • If the collection is solely for journalistic, artistic, or literary purposes.
  • If the information is publicly available and is specified by the regulations.


We may need to share your personal information in the following scenarios:

  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy.
  • Business Partners. We may share or transfer your information in connection with our business partners to offer you certain products, services, or promotions. We will not share your personal information with any third parties for the purposes of direct marketing.
  • Other Users. When you share personal information (for example, by posting comments, DAO proposals, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. Similarly, other users will be able to view descriptions of your activity and/or view your profile, if applicable.
  • When Legally Obligated. In some circumstances we are legally obligated to share information. For example, under a court order. In any scenario, we will satisfy our obligation to ensure that we have a lawful bases upon which to share the personal information.


We may transfer, store, and process your information in countries other than your own. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and process by us in our facilities and by those third parties with whom we may share your personal information in the United States, and other countries.

If you are a resident in the European Economic Area (EEA), United Kington (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Policy and applicable law.


We keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible, (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.


We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Although we do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.


The Services are not directed to individuals who are under the age of eighteen (18) and we do not solicit nor knowingly collect personal information from children under the age of eighteen (18). If you believe that we have unknowingly collected any personal information from someone under the age of eighteen (18), please contact us immediately at and the information will be deleted.


In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request erasure, (iii) to restrict the processing of your personal information, (iv) if applicable, to data portability, and (v) not to be subject to automated decision-making. In certain circumstances, you may have the right to object to the processing of your personal information. You may make such a request by contacting us at or by using the contact details provided below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have a right to complain to your Member State or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at or by using the contact details provided below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. In certain circumstances, we may need to restrict the above rights to safeguard the public interest (e.g., the prevention or detection of crime) or our business interests (e.g., the maintenance of legal privilege).

If you have any questions or comments about your privacy rights, you may email us at


Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.


We may update this Privacy Policy from time to time. We will post any adjustments to this Policy on this page, and the revised version will be effective when it is posted. The use of the Foundation’s website after any updates constitutes an acknowledgement of having read and understood the Policy. Please periodically review this Policy for the latest on the Foundation’s privacy practices. If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will notify you by directly sending you a notification.


If you have any questions, comments, or concerns about our processing activities, please email us at or contact us by post at:

Metaplex Foundation23 Lime Tree Bay Avenue, P.O. Box 10176Grand Cayman KY1-1002, Cayman Islands

Last updated: September 20, 2023