Privacy Policy

Last Updated:

Introduction

This is the Privacy Policy for Terminal 3 applications (both web and mobile), software development kits, application programming interfaces, and websites.

At Terminal 3 HK Limited ("Terminal 3", "we", "us" or "our"), we are on a mission to build an equitable digital future for users and enterprises. We maximize the value of a decentralized internet by empowering users with ownership of their digital identities and data, and by enabling companies to engage securely with their customers and communities. We believe that user data should be self-sovereign and fully controlled by users, be freely composable in web3 while remaining fully secure and private, never be transmitted or copied from decentralized storage, be stored off-chain and remain mutable, and generate rewards for users when accessed, and we make this possible through our platform (hereinafter the “Platform”).

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy (“Policy”) describes Terminal 3's policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.

Terminal 3 will manage, collect, use and disclose personal data in compliance with the Personal Data (Privacy) Ordinance of Hong Kong ("PDPO" ) and the European Union General Data Protection Regulation (“GDPR”).

Collection of personal information

Terminal 3 may collect and process personally identifiable information about you either directly from you, or by combining information we collect and maintain through other means (such as service providers and partners) or as we may receive from publicly available sources such as social media or other third-party sites.

The personal information we collect may include:

  • personally identifiable information, such as your real name, email address, date of birth, gender, national identification number, or other similar identifiers;
  • information relating to your digital identity and web3 activities, such as your public virtual wallet addresses, DIDs (decentralized identifiers), on-chain transactions, and holdings;
  • preference data, such as targetable demographic information including interests;
  • behavioral data, such as online interactions;
  • any other personal information you provide.


The personal information you provide is cryptographically secured using symmetric key encryption, which means your data is secure even against quantum computing attacks. The moment you input your personal information, that data is encrypted client-side with a symmetric key. You are the only one with access controls to your encrypted data.

We will not collect and process your sensitive personal data unless we have obtained your explicit consent as may be required under applicable law.

Use of personal information

We use your personal information to fulfill the objectives of our Platform and to provide and improve our services to you, including:

  • to deliver the products and services you have requested;
  • to standardize the data and make it interoperable;
  • to enrich the data with additional profile information;
  • to issue, verify, and revoke verifiable credentials;
  • to verify your digital identity;
  • to allow you to manage and share access to your personal data, at your discretion;
  • to allow you to monetize personal data that you have shared access to, at your discretion;
  • to enable you to receive rewards;
  • for marketing and business development purposes in a privacy-preserving manner - to enable you to receive messages, offers, and notifications;
  • for other purposes, with your consent or in accordance with applicable laws.


We may also use them to comply with our legal and regulatory obligations.

Sharing information with third parties

Your personal information is only accessible in a privacy-preserving manner with your permission. With your permission, Terminal 3 can perform queries on your encrypted data using state-of-the-art structured encryption, which means we can run queries without seeing the underlying data. Only the results of those queries can be presented to other parties, such as companies whom you have granted access to, along with zero-knowledge proofs to verify their authenticity. Your underlying private data is never revealed.

As an example, you can provide your email address and grant permission for companies to send you emails. Those companies, however, will never see or store your email address.

Data storage and retention

Terminal 3 uses decentralized storage technology and our operations are supported by a global network of servers, computers, blockchains and other infrastructure and information technologies. User data is fragmented and stored across multiple independent nodes in a global network of computers across jurisdictions.

We will retain personal information only for as long as necessary for the purposes set out in this Policy and to comply with our legal and regulatory obligations. We cannot destroy personal information stored on decentralized networks. Therefore, we are committed to securely encrypting this information, without creating a decryption key, to make it completely inaccessible to anyone.

Use of Website

As is true of most other websites, Terminal 3's website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Terminal 3's website, including a history of the pages you view. We use this information to help us design our site to better suit our users' needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

In addition, Terminal 3's website may collect personal information from you when you visit our website, request assistance from our support team by filling out the 'Contact Us' form, subscribe to newsletters, or request other information from us. Terminal 3 has a legitimate interest in understanding how members, customers and potential customers use its website. This assists

Terminal 3 with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.

Children's data

We do not knowingly attempt to solicit or receive information from children.

Data Subject rights

The European Union's General Data Protection Regulation (GDPR) and other countries' privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right of data portability
  • Right to object
  • Rights related to automated decision making including profiling


This Privacy Policy is intended to provide you with information about what personal data Terminal 3 collects about you and how it is used.

If you wish to confirm that Terminal 3 is processing your personal data, or to have access to the personal data Terminal 3 may have about you, please contact us.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Terminal 3 might have received the data from Terminal 3; what the source of the information was (if you didn't provide it directly to Terminal 3); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Terminal 3 if it is inaccurate. You may request that Terminal 3 erase that data or cease processing it, subject to certain exceptions. You may also request that Terminal 3 cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Terminal 3 processes your personal data. When technically feasible, Terminal 3 will — at your request — provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Terminal 3 will provide you with a date when the information will be provided. If for some reason access is denied, Terminal 3 will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at privacy@terminal3.io. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation's data protection authority.

Data Protection Officer

Terminal 3 is headquartered in Hong Kong. Terminal 3 has appointed an internal data protection officer for you to contact if you have any questions or concerns about Terminal 3's personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Terminal 3's data protection officer by email at privacy@terminal3.io.