Privacy Policy

Last modified: April 14, 2025

This Privacy Policy forms part of Lulo's Terms of Service and applies to the Lulo Wallet app and associated tools, services, and website at lulo.fi (collectively, the "Services"). Lulo Labs Inc., a Delaware corporation, operates the Services.

Blockchain Fundamentals

Blockchains are decentralized and made up of digitally recorded data in a chain of packages called "blocks." Data recorded on-chain becomes immutable. It is difficult or impossible to alter once recorded. This technological constraint may limit your ability to exercise certain privacy rights, such as erasure requests. If you want to ensure your privacy rights are not affected in any way, you should not transact on blockchains.

Age Restrictions

Individuals under 18 cannot use the Services. We do not knowingly collect personal data from minors and will use commercially reasonable efforts to delete such information upon discovery. Data already recorded on-chain cannot be removed.

Data Collection

Information we collect includes:

  • Device name
  • Email address
  • Recovery public key
  • Partner information

The Services use Sentry for device diagnostics, governed by Sentry's own Privacy Policy.

Information stored on-chain includes:

  • Externally owned account addresses
  • Transactions
  • Token balances

How We Use Your Information

Your information supports:

  • Service delivery and personalization
  • Cross-device activity tracking
  • Product research and development
  • Safety, integrity, and security measures
  • Communications with users

The Services do not recognize Do Not Track browser signals.

Data Retention and Deletion

We may retain information we gather about you for an unlimited length of time. You may request deletion of your data by contacting legal@lulo.fi. Data recorded on-chain cannot be removed.

Data Sharing

We do not share any information about you with advertisers, marketing companies, or anyone else, except as necessary to operate the Services.

Security

We implement security measures to protect your data from loss, unauthorized access, or disclosure. Access is limited to employees with legitimate business needs, all bound by confidentiality duties. Suspected breaches trigger notification procedures as legally required.

CCPA Compliance

Under California law, Lulo operates as a "service provider." We do not sell personal information from covered consumers. Information is used only for specified service purposes and limited to necessary and proportionate amounts.

GDPR / EU Compliance

If you are located in the EU, your data subject rights include:

  • Right to information and access
  • Right to rectification
  • Right to erasure (with blockchain limitations)
  • Right to restrict or object to processing
  • Data portability
  • Freedom from automated decision-making
  • Marketing opt-out
  • Withdrawal of consent

Information is stored in the United States, though blockchain data is distributed globally. Users unsatisfied with our response may contact their jurisdiction's data protection authority.

Changes to This Policy

This Privacy Policy may change at any time. Continued use of the Services after changes constitutes acceptance.

Contact

For questions about this Privacy Policy, contact Lulo Labs Inc. at legal@lulo.fi.