Effective Date: April 15, 2022

This Privacy Policy (“Liquidity Hub Privacy Policy”) applies to Ripple’s Liquidity Hub product and related applications (collectively, the “Liquidity Hub Services”) used by Ripple customers that have entered into an agreement with us (our “Customers”). This Liquidity Hub Privacy Policy describes how we collect, use, share, and process personal information and how we protect personal information when Customers access, use, or interact with the Liquidity Hub Services.

Introduction

Customers shall read this Liquidity Hub Privacy Policy in conjunction with the Privacy Policy. With respect to the Liquidity Hub Services, this Liquidity Hub Privacy Policy controls to the extent it conflicts with any provision in the main body of the Privacy Policy.

This Liquidity Hub Privacy Policy does not cover:

  • RippleNet Services and Website visitors - To learn more about our privacy practices related to RippleNet Services and Website visitors, please see our Privacy Policy.

About Ripple Liquidity Hub Services

Liquidity Hub enables Customers to buy, sell, and store digital assets with access to flexible capital offerings. Customers can leverage Liquidity Hub’s technology to execute trades and monitor transaction activity and balances. For information about our other products, please visit /.

Ripple as a Service Provider

Ripple provides the Liquidity Hub Services directly to its Customers as a service provider. The information that Ripple collects and processes is under the control of its Customers. Ripple processes information on behalf of Customers under their direction and in accordance with each Customer’s agreement. We have no direct relationship with our Customers’ employees, Customer’s authorized account users, or Customers’ customers (collectively, “End Users”). Our Customers are responsible for providing notice of privacy and data processing activities to their End Users, including information about the (1) purposes for which personal information is collected and used; (2) contact person to whom inquiries or complaints may be directed; (3) types of third parties to whom personal information is disclosed; and (4) choices and means that individuals are offered to limit use and disclosure of their personal information. End Users must direct any requests regarding their personal information to the applicable Customer.

Information We Collect

The information we collect depends on the context of our Customers’ interactions with Liquidity Hub Services and the choices they make (including the privacy settings), the features used, their location, and applicable law. In some cases, we receive information directly from Customers, such as name and email address when creating an account. In other cases, we receive information through our Customers’ use of the Liquidity Hub Services, such as business contact and transaction details and information collected through automated means, such as user IDs.

Information You Provide Directly to Us

We collect the following information when Customers use the Liquidity Hub Services.

  • Due diligence information - To provide the Liquidity Hub Services, we use a third party to conduct “Know Your Customer” (“KYC”) diligence on our Customers’ End Users to ensure that Ripple complies with applicable laws and regulations, including anti-money laundering requirements. Our KYC service provider collects Customer business information (e.g., company name and title).
  • Contact information - We collect contact information when Customers use the Liquidity Hub Services. For example, when a Customer creates a Liquidity Hub account, we collect the business account holder’s full name, address, telephone number, and email address.
  • Identity information - We collect information about the identity of Customers’ beneficial owners, including name, nationality, country of residence, and date of birth on behalf of the Customer.
  • Account information - We collect information about a Customer’s account, such as username, user ID, password, and date of account creation.
  • Communication information - When Customers engage with us, we collect information provided by the Customer, including through form submissions, email communications, or phone calls to inquire about Ripple and the Liquidity Hub Services.
  • Troubleshooting and support information - We collect information about a Customer’s account preferences or data provided when Customers contact Ripple for support (e.g., the solution used, contact or authentication data, the content of chats and other communications with Ripple, and other details that help us provide Customer support).
  • Any information you voluntarily provide to us, such as when Customers submit an inquiry through our support portal (e.g., contents of a message or attachments that Customers send to us).
Information We Collect Automatically

When Customers use or interact with the Liquidity Hub Services, we automatically collect or receive certain information about devices and usage of the Liquidity Hub Services. This information includes:

  • Usage information - We collect information about our Customers’ usage of the Liquidity Hub Services. This information includes browser type and settings, usage details (e.g., timestamps), language preferences, device event information (e.g., system activity and hardware settings, application version, and amount of time spent on the Liquidity Hub Services), and information about how Customers interact with the Liquidity Hub Services (e.g., loading errors and date/time stamps associated with Customer usage).
  • Device information - We collect information about devices automatically when using the Liquidity Hub Services. This information includes web browser and device characteristics, operating system, IP address, location, device type, Internet service provider, mobile network, system configuration information, model, model number, push notification tokens, and unique device identifiers (e.g., username and password).
  • Anonymized Statistical information - We collect additional anonymized statistical or other aggregated, de-identified information about how Customers use the Liquidity Hub Services (e.g., transaction ID, user ID).

Some information collected within the Liquidity Hub Services, whether alone or together with other data, may personally identify individuals. Depending on the Liquidity Hub Services provided, we collect this information on behalf of our Customers and/or requested by the Customer and under the direction of our Customers, such as transaction and account history. In such instances, if you are an End User and would like to understand what information our Customers collect, please contact the entity that you interact with directly.

How We Use Information

Ripple uses collected information in the following ways:

  • Communicate with Customers about the Liquidity Hub Services - We use personal information to communicate with Customers about their access to and usage of the Liquidity Hub Services, which includes sending technical notices, updates, security alerts, and support and administrative messages (e.g., notification of changes to our terms and conditions and notices, invitations to join the service, or requests to contribute to a trust).
  • Provide the Liquidity Hub Services - We use Customer and Customer End Users’ information to provide, operate, monitor, and maintain the Liquidity Hub Services.
  • Provide and improve necessary functionality - We use Customers’ information to provide the necessary functionality required during use of the Liquidity Hub Services. We also analyze how Customers use our products and services to deliver the Liquidity Hub Services, and improve functionality, quality, and user experience.
  • Transactional considerations - If Customers choose to conduct financial transactions using Liquidity Hub Services, we use their information to complete transactions, and send them related information (e.g., purchase confirmations, receipts, invoices, and verification and authorization confirmations).
  • Handle contact and support requests - If Customers contact us for support, we use their information to fulfill their requests and communicate with them. We also process personal information to respond to Customer comments, questions, and requests, and provide customer service and support via email, chat, or phone.
  • Develop and improve our products and services - We use personal information to review and analyze trends, usage, and interactions with the Liquidity Hub Services and to personalize and improve our services. We also use Customer information to provide content and/or features that match Customers’ interests and preferences and their experience with the Liquidity Hub Services.
  • Promote the security of our products and services - We use Customer and their End Users’ information to investigate and prevent fraudulent transactions, unauthorized access to the Liquidity Hub Services, and other malicious, deceptive, fraudulent, or illegal activity.
  • Legal, regulatory, safety and compliance purposes - We use Customer and their End Users’ information to comply with applicable laws or regulations and to review compliance with Ripple usage terms, as well as audits, security, and fraud monitoring and prevention. For example, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.
  • Other purposes - We use Customers’ information for other purposes about which we notify Customers in advance, or for which we provide notice of or receive their consent (such as in the event of a sale, merger, or acquisition).

How We Share Information

We share Customer personal information with third parties as required by law and as needed to deliver the Liquidity Hub Services. Ripple does not sell personal information obtained through the Liquidity Hub Services to third parties for their independent business use (e.g., for their own marketing or advertising purposes). Ripple only shares personal information on a need-to-know basis where appropriate safeguards and contractual arrangements are in place and as described below.
Third-Party Service Providers

We share Customer and their End User's information with third-party service providers that require access to the information to support our operations and delivery of the Liquidity Hub Services. The third parties that Ripple shares Customer and their End Users' information with include:

  • Auditors, consultants, and outside counsel to enhance security, compliance with applicable laws and regulations, fraud monitoring and prevention.
  • Identity verification providers to conduct anti-money laundering and sanctions screening.
  • Cloud hosting providers to provide data storage and processing services.
  • Corporate and information technology services to facilitate business operations and user communications.
  • Analytics companies to perform analysis on the Liquidity Hub Services.

These service providers are authorized to use personal information only as necessary to provide the Liquidity Hub Services to Ripple. We may use and disclose aggregate information that does not identify or otherwise relate to an individual for any purpose unless we are prohibited from doing so under applicable law.

Legal or Public Authorities

We only disclose your personal information when disclosure is:

  • Reasonably necessary to comply with any applicable law or regulation;
  • Required by law to comply with a legal process, or government request;
  • Necessary to enforce our agreements and this Liquidity Hub Privacy Policy;
  • Necessary to protect the security or integrity of the Liquidity Hub Services;
  • Necessary to protect against harm to the rights, property, or safety of Ripple, our Customers, or the public as required or permitted by law;
  • Necessary to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person ; or
  • Otherwise as directed by our Customers.

Where required or permitted by applicable law, we protect personal information by requesting protective orders or confidentiality agreements, redacting personal information from documents prior to production or disclosure, or other legally permissible means.

How We Transfer, Store, Protect, and Retain Information

We use data hosting service providers in the United States to store Customer and their End Users information. To the extent required by applicable law, whenever we transfer Customer or their End Users information, we take the appropriate steps to protect that information. Please see the Ripple Privacy Policy for more information related to the transfer of personal information as well as how we protect and retain personal information.

Third-Party Services, Applications, and Websites

The Liquidity Hub Services may contain links to other websites not operated or controlled by Ripple. Please see the Privacy Policy for more information about certain third-party services, applications, or websites.

Privacy Choices and Rights

Individuals have certain choices and rights when it comes to how we collect and use their personal information. Below is a summary of those choices and rights, and how to exercise them.

  • Account deletion: If a Customer discontinues using the Liquidity Hub Services, we can delete certain information upon request. Please note some latency in deleting this information from our servers and back-up storage may occur if necessary to comply with our legal obligations, resolve disputes, manage security risks, or enforce our agreements.

Depending on where a Customer or their End User is located, certain rights are available in connection with personal information that we obtain. These rights vary depending on jurisdiction. To learn more about these rights, see the:

  • Liquidity Hub CCPA Addendum if the individual is a California resident.
  • Liquidity Hub GDPR Addendum if the individual is located in the EEA or United Kingdom.

Minimum Age Requirements to Use Liquidity Hub Services

Liquidity Hub Services are not directed at children under 16. Please see the Privacy Policy for further information.

Changes to this Liquidity Hub Privacy Policy

We periodically review and update this Liquidity Hub Privacy Policy to describe new Services or changes to our practices. Customers can determine when this Liquidity Hub Privacy Policy was last revised by referring to the “Updated” date at the top of this document. We encourage Customers to review the Liquidity Hub Privacy Policy whenever interacting with us to stay informed about our privacy practices.

If we make significant changes to this Liquidity Hub Privacy Policy, we may provide additional notice through a prominent notice on the Liquidity Hub Services or via email address associated with Customer accounts. We recommend Customers stop using the Liquidity Hub Services if they do not agree with the privacy practices disclosed in the Liquidity Hub Privacy Policy.

Contacting Us

To submit questions regarding this Liquidity Hub Privacy Policy or to update or request changes to personal information, please contact us at [email protected], call us at 1.800.877.4804 or write to us:
Ripple Labs Inc.
Attention: General Counsel
600 Battery Street
San Francisco, CA 94111
U.S.A.

Liquidity Hub California Consumer Privacy Act (“CCPA”) Addendum

Additional provisions applicable to processing personal information of California residents.

Scope and Applicability

This Liquidity Hub CCPA Addendum (“CCPA Addendum”) applies to California residents and outlines individuals rights and choices with respect to the processing of personal information under the California Consumer Privacy Act (“CCPA”). This CCPA Addendum controls to the extent it conflicts with any provision in the main body of the Liquidity Hub Privacy Policy (“Liquidity Hub Privacy Policy”). Capitalized terms not defined in this CCPA Addendum are defined in the Liquidity Hub Privacy Policy.

Data Collection, Use and Sharing

The CCPA requires that we inform individuals whether we collect any categories of personal information as classified under the CCPA, and whether we share this information with selected recipients for specific purposes.

Categories of Information

We collect the following categories of information as classified under CCPA:

  • Personal identifiers - We collect name, phone number, email address, billing addresses, login credentials, and IP address.
  • Personal information - We collect date of birth.
  • Characteristics of protected classifications - We collect date of birth and gender, but do not use this information to infer whether an individual belongs to a protected age group.
  • Commercial information - We collect information about the products requested and records of services purchased.
  • Internet or other network activity information - We collect network, account, and transaction activity history, information collected from cookies and similar technologies, and analytics data.
  • Other inferences drawn from personal information - We draw inferences from the categories of information collected to understand a consumer’s preferences, characteristics, or predispositions.

Please see the “Information We Collect” section in our Liquidity Hub Privacy Policy to see the full description of the information that we collect.

Publicly Available Information: Personal information does not include publicly available information. For purposes of this paragraph, “publicly available” means information that is lawfully made available from federal, state, or local government records.
Sharing Information
We share the information collected with third-party service providers such as suppliers, vendors, business partners (e.g., advertising partners, consultants) to operate our business and provide the Liquidity Hub Services. We do not sell personal information.
Using Information

We collect and use personal information to:

  • Interact with Customers
  • Facilitate transactions
  • Provide the Liquidity Hub Services
  • Conduct internal research and development
  • Improve the quality and safety of our products and services
  • Detect security incidents and prevent fraud.

Please see the “How We Use Information” section in our Liquidity Hub Privacy Policy for a full description of how we use personal information.

Your CCPA Rights

The CCPA grants California consumers certain rights in connection with the personal information we collect. Please see Appendix A of our main Privacy Policy for information about individuals’ rights and how to exercise them.

Contact Us

To submit questions about this CCPA Addendum or to update or request changes to personal information, please contact us at [email protected] or write to us:
Ripple Labs Inc.
Attention: General Counsel
600 Battery Street
San Francisco, CA 94111
U.S.A.

Liquidity Hub General Data Protection Regulation (“GDPR”) Addendum

Additional provisions applicable to the processing personal information of individuals based in the European Economic Area (“EEA”) and the United Kingdom (“UK”).

Scope and Applicability

This Liquidity Hub GDPR Addendum (“GDPR Addendum”) applies to individuals based in the EEA and UK and outlines their rights and choices regarding the processing of their personal information under the General Data Protection Regulation or related regulations (collectively, the “GDPR”). This GDPR Addendum controls to the extent it conflicts with any provision in the main body of the Liquidity Hub Privacy Policy (“Liquidity Hub Privacy Policy”). Capitalized terms not defined in this GDPR Addendum are defined in the Liquidity Hub Privacy Policy.

Data Collection, Use and Sharing

Ripple acts as a data controller for personal information that we collect about individuals while using the Liquidity Hub Services as described in the Liquidity Hub Privacy Policy.

Ripple acts as a data processor on behalf of our Customers for most of the personal information we process through the Liquidity Hub Services. Our Customers primarily control what personal information we collect and process through the Services and how we use it, and we only process information in accordance with their instructions.

Ripple acts as a data controller for certain limited personal information collected from individuals working with Customers as required to provide the Liquidity Hub Services as described above in the Liquidity Hub Privacy Policy.

This GDPR Addendum does not apply to any personal information that we process as a processor, as we only process that information on behalf of the Customer and in accordance with our Agreement with them. A Customer that has entered into an agreement to use the Liquidity Hub Services controls its instance of the Services and any associated data.

We collect and process personal information only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal information under:

  • Customer consent: Where appropriate or legally required, we collect and use personal information subject to our Customers’ consent. For example, we collect email address when signing up for emails and updates on the Liquidity Hub Services.
  • Performance of contract: We collect and use information to contract with Customers or to perform a contract that Customers have with us. For example, we collect name, email, and billing addresses when Customers’ purchase the Liquidity Hub Services and process transactions.
  • Legitimate interests: We collect and use information for our legitimate interests to improve the Liquidity Hub Services, deliver content, optimize Customers’ experience, and market the Liquidity Hub Services. For example, we collect Customers’ IP address and device information when they use the Liquidity Hub Services to prevent malicious activity and fraudulent transactions.
  • Compliance with laws: We may also collect and use information:
    • As required by law, such as to comply with a subpoena or similar legal process;
    • When we believe in good faith that disclosure is necessary to protect our rights or property, protect one’s health and safety or the health and safety of others, investigate fraud, or respond to a government request; or
    • If we participate in a merger, acquisition, or sale of all or a portion of its assets.

Transfer of Personal Information to Other Countries

When you use the Liquidity Hub Services and provide personal information to us, we use data hosting service providers in the U.S. to store that information. When required for the provision of the Liquidity Hub Services, we may transfer and store personal information to locations in or outside the European Economic Area (“EEA”). For more information about data transfers, please see Appendix B of our main Privacy Policy.

Data Subject Rights

Individuals have certain rights related to their personal information when using the Liquidity Hub Services. Some of these rights only apply in certain circumstances, as set out in Appendix B of our main Privacy Policy.

If you are an End User of the Liquidity Hub Services seeking to access, correct, amend, or delete personal information, please contact the Customer (the data controller) that has transferred such data to us for processing. If the Customer receives a data subject request and sends the request to us, we will respond to the Customer’s request within the agreed timeframe outlined in our Customer agreement. The Customer is responsible for responding to its End User data subject requests as determined under the applicable local data protection law.

For more information about how to exercise data subject rights, please review Appendix B of our main Privacy Policy.

Contact Us

To submit questions about this GDPR Addendum or to update or request changes to personal information, please contact us as outlined in Appendix B of the main Privacy Policy.