Grain

Privacy Policy

Last Updated: 04/8/26

Grain Inc. (“Grain,” “we,” “us,” or “our”) takes your privacy seriously. This Privacy Policy describes our practices for collecting, using, storing, protecting, and sharing (collectively, “processing”) your personal information, as well as the rights and choices you may have regarding your personal information. Please read it carefully.

1. What This Privacy Policy Covers

This Privacy Policy applies when you: (a) visit or interact with our websites, applications, and any other products and services that link to this Privacy Policy (collectively, the “Services”); and (b) otherwise interact with us, including via email, social media, or other channels. In these cases, we act as the data controller for any personal information we collect and process.

As a crypto payment platform, we also provide services to our clients—such as marketplaces, merchants, financial partners, and other organizations. When we process personal information on behalf of our clients, we act as a data processor (or service provider). In those instances, the collection and use of personal information are governed by our clients' privacy policies, not this Privacy Policy.

This Privacy Policy does not apply to personal information collected in the context of employment or recruiting, including information relating to job applicants, employees, or contractors, which is governed by separate policies.

Please note that we may provide additional or alternative privacy policies specific to certain activities, products, services, or locations.

2. Types of Information We Collect and Categories of Sources

The types of personal information we collect about you depend on your interactions with us and our Services. Below are examples of the types of personal information we collect and the categories of sources.

Information You Provide Directly. This includes when you create an account, request a demo, sign up for our emails, request customer support, or otherwise communicate with us. The types of information include:

  • Name and contact information, such as full name, email address, postal address, and phone number.
  • Account information, such as username and password, account settings and preferences, and other similar account-related information.
  • Professional information, such as company name and title/role.
  • Communications and user content, such as information contained in your communications with us (including by phone, email, or otherwise) and any other information you submit to us.
  • Payment-related information, such as payment details and billing address.

Information Collected Automatically. When you visit or interact with our Services, we (and our service providers) may use technologies such as cookies, web beacons, server logs, and other similar tracking technologies (collectively, “tracking technologies”) that automatically or passively collect certain information about your device and usage. This includes:

  • Location information, such as general location inferred from an internet protocol (IP) address.
  • Device and network information, such as device identifiers, IP address, operating system and version, browser type and settings, hardware identifies, and other similar device and network information.
  • Usage information, including details about your interactions with our websites, such as pages viewed and accessed (including those viewed before and after interacting with our websites), length of visits to certain pages, how long you accessed our websites and the date and time of access, and other similar information.

Blockchain and Transaction Data. When blockchain transactions are initiated on our services, we collect and/or log certain information, some of which is collected directly from the blockchain networks we interact with. This includes:

  • Wallet addresses.
  • Transaction Metadata, such as transaction IDs, wallet addresses, timestamps, confirmations, and network fee information.

From Third-Party Partners and Other Sources. We may receive information from third-party service providers and partners, including information shared by our clients in connection with their use of our services. We also collect information about you from other sources, such as social media platforms and other publicly or generally available sources.

We generally collect personal information that is necessary to provide our Services and to fulfill the purposes described in this Privacy Policy. Some personal information may be required to use certain features of our Services and not providing it could limit your access. For example, we need your contact information to respond to inquiries or carry out actions you request before signing up for our Services. If you purchase our Services, we require payment information to process your transaction and complete your purchase. If you do not provide, or do not allow us to collect, the requested information, we may be unable to provide the Services.

3. How We Use Information

We collect and use personal information for the purposes described below. In certain regions, we are required to have a legal basis for processing your personal information. Generally, our legal bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.

  • Providing the Services. This includes operating and supporting our Services, creating and maintaining your account (if required), processing transactions, facilitating payments on our services, and communicating with you (such as to respond to inquiries, provide customer support, send service-related communications, and deliver administrative and transactional messages). Our legal basis for processing personal information for this purpose is to fulfill our contractual obligations to you and/or our clients. We also have a legitimate interest in providing you with products and services and operating our business.
  • Improving the Services. This includes monitoring and analyzing how our Services are accessed and used and evaluating and improving them, understanding our customer base and purchasing trends, and developing new products, services, features, and other offerings. Our legal basis for processing personal information for this purpose is our legitimate interests in improving the Services and providing high-quality products and services to our clients.
  • Personalization. This includes understanding your needs and interests and personalizing your experience with our Services. Our legal basis for processing personal information for this purpose is our legitimate interest in offering more personalized experiences.
  • Marketing. This includes sending you marketing materials, updates about new developments and features, and other promotional content, as well as creating new materials that may be useful or relevant to you. Where required by applicable law, our legal basis for processing personal information for this purpose is your consent. We also have a legitimate interest in promoting our business and providing you with tailored and personalized communications to support and grow our business.
  • Operating and Improving Our Business. This includes conducting internal operations, such as troubleshooting, analytics, testing, and research and development, as well as general business functions like accounting, record-keeping, auditing and other similar functions. Our legal basis for processing personal information for this purpose is our legitimate interest in operating and improving our business. In some cases, we may also have a legal obligation, such as for tax reporting.
  • Managing Our Vendor and Partner Relationships. If you work for one of our vendors or partners, we may use information from your employer to manage our relationship with them and facilitate your role in providing services to or with us. Our legal basis for processing personal information for this purpose is to fulfill our contractual obligations to our vendors and partners. We also have a legitimate interest in maintaining efficient, productive relationships with them.
  • Enforcing Our Agreements and Policies. This includes enforcing the terms and conditions governing our Services, as well as other legal agreements and policies. Our legal basis for processing personal information for this purpose is to fulfill our contractual obligations to you. We also have a legitimate interest in ensuring compliance with our agreements and policies.
  • Safety and Security. This includes protecting and securing our Services, assets, networks, IT resources, and business operations, as well as detecting, preventing, investigating, deterring, and responding to fraudulent, malicious, harmful, unauthorized, unethical, or illegal activities. Our legal basis for processing personal information for this purpose is our legitimate interest in maintaining the security and integrity of our Services and premises, protecting against fraud, abuse, crime, and security risks of all types, and preventing unlawful and fraudulent activities. In some cases, processing may also be necessary to comply with legal obligations.
  • Protection and Legal Compliance. This includes protecting the interests, rights, safety, security, and property of our business, our users, and others, including by making or defending legal claims. Our legal basis for processing personal information for this purpose is our legitimate interest in protecting our business or our need to defend ourselves legally. We may also use information to comply with applicable laws, lawful requests, and legal processes, such as responding to subpoenas, warrants, court orders, litigation disclosure requirements, or lawful requests from regulators, government authorities, or law enforcement. Our legal basis for processing personal information for this purpose is to comply with a legal obligation.
  • Other Purposes. We may process personal information for additional purposes that we notify you about at or before the time of collection, or otherwise with your consent.

4. How We Share Information

We may share your personal information as described below.

  • Affiliates. We may share information with our current and future parents, affiliates, subsidiaries and other companies under common control or ownership.
  • Service Providers. We engage third parties (such as service providers, contractors, and business partners) to provide services for us or on our behalf, and to support our business. This includes hosting, maintenance, network management, data connectivity and infrastructure, cybersecurity, analytics and support. These third parties may receive information about you from us or collect it directly to provide you the Services.
  • Financial and Payment Partners. We may share information with our financial, payment, and bank partners to facilitate payment processing, settlement, and related financial operations necessary for providing our services, as well as financial compliance requirements.
  • Professional Advisors. We may share your information with lawyers, accountants, auditors, bankers, and insurers, in connection with the professional services they provide.
  • Business Transfers. We may disclose your information to a third party in connection with, or during negotiations of, a proposed or actual business transaction, such as a corporate reorganization, merger or acquisition, or other sale or transfer of some or all of our business or assets (including in connection with bankruptcy, liquidation, or similar proceeding).
  • Authorities and Legal Compliance. We may disclose information to law enforcement, government authorities, courts, regulators, or other third parties as may be necessary or appropriate for the Safety and Security and Protection and Legal Compliance purposes described in “How We Use Information” above. In particular, we may be legally required to share transaction or customer information with regulators or authorities who oversee financial activity, such as FinCEN. These legal requirements are designed to prevent illegal activity, such as fraud, money laundering, or violations of sanctions.
  • With Your Consent. We may share your information for any other purpose with your consent or at your direction.

5. Your Privacy Rights and Choices

You have certain rights and choices regarding your personal information.

Marketing Communications

You may opt out of receiving marketing communications from us by following the opt-out or unsubscribe instructions in those communications. Please note that even if you opt out, we may still send you non-promotional communications, such as those about our ongoing business relations.

Your Privacy Rights

In certain regions, you may have additional rights related to your personal information. These rights vary based on the local laws that apply to you, but could include one or more of the following:

  • Access and Portability. You may request confirmation of whether we are processing your personal information. You may also request access to (including a copy of) the personal information we have about you. In certain cases, you may request that we provide you with a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
  • Correction. You may request that we correct inaccuracies in the personal information we maintain about you. Note that we may keep historical information in our backup files as permitted by law.
  • Deletion. You may request that we delete your personal information, subject to certain exceptions under applicable law. If required by law we will grant a request to delete information, but you should note that in certain situations, we may be required or permitted by law to keep your personal information.
  • Restriction of Processing. In certain limited cases, you may request that we restrict our processing of personal information.
  • Objection to Processing. In certain limited cases, you may object to processing of your personal information.
  • Withdraw Consent. If we are processing your personal information based on your consent, you can withdraw your consent at any time.

Important: The privacy rights described above are not absolute and each is subject to certain exceptions or qualifications. Please note that in some circumstances, we may not be able to fully comply with your request.

Submitting a Request to Exercise Your Privacy Rights

You may submit a request to exercise any of the privacy rights described above by:

  • Emailing us at: privacy@grain.inc with the subject line “Data Subject Rights Request”

Before we can process certain requests, we may need to verify your identity, and we reserve the right to confirm your location or residency. To verify your identity, we may ask you to provide us with information we can match against information we may have previously collected from you, such as your mailing address, phone number (if you have provided it), email address that you have used to interact with us, and any other relevant information. If we are unable to verify that the individual submitting the request is the same individual about whom we have collected information, we may not be able to process the request.

6. How We Protect Information

We use commercially reasonable safeguards – such as administrative, physical, and technical measures – designed to protect the personal information we maintain. While we use these precautions, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and therefore, we cannot guarantee absolute security of your personal information. If we are required by law to inform you of a breach affecting your personal information, we may notify you electronically, in writing, or by telephone, as the law permits.

7. How Long We Retain Information

We retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. For instance, we may keep your information to comply with our legal or regulatory obligations, to resolve disputes, to enforce our agreements, to comply with actual or anticipated investigation or litigation, or as otherwise permitted by law. The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria.

8. Cross-Border Data Transfers

We and our service providers may collect, process, and store your personal information in countries outside of your home country, such as in the United States (“U.S.”) and other countries. In such instances, your personal information may be subject to foreign laws and may be accessible to foreign governments, courts, law enforcement and regulatory agencies. The laws in these countries regarding the protection of personal information may be different from the laws of your country. By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the U.S.

If we transfer personal information to a country or territory that has not been deemed to have equivalent privacy and data protection laws to your country, we will transfer such information consistent with applicable data protection laws. In particular, when we transfer personal information outside of the European Economic Area (“EEA”) or the United Kingdom (“UK”), we may (i) rely on adequacy decisions adopted by the European Commission that find the third country to which the information is being transferred offers an adequate level of protection, or (ii) use standard contractual clauses approved by the European Commission or the UK's Information Commissioner's Office. For additional information regarding the steps we take in connection with transfers of your personal information to countries outside of the EEA or the UK, please contact us using the information under “How to Contact Us” below.

9. Other Important Information

Links to Third-Party Websites

Our websites may include links to third-party websites, content, and/or services that we do not own or operate. We are not responsible for the privacy practices of the third parties that operate those websites, content, or services. We encourage you to read the privacy policies of each website or service that you visit.

Children's Privacy

Our websites and services are not intended for anyone under the age of 18. We do not knowingly collect personal information from children/individuals under the age of 18.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, and we will notify you of any such changes by revising the “Last Updated” date and posting the modified version of the Privacy Policy on the Services. In some cases, we may notify you in another way we believe is reasonably likely to reach you, such as by email or through the Services. Any modifications to this Privacy Policy will be effective upon our posting of the modified version (or as otherwise indicated at the time of posting). If changes are material, the policy that was in place when you submitted personal information to us will generally govern that information unless you consent to the new policy. You can check the “Last updated” date at the top of this page to see when this Privacy Policy was last revised.

11. How to Contact Us

If you have any questions, comments or concerns about this Privacy Policy or our privacy practices, please contact us at:

Grain Inc.

Attn: Grain Privacy

Email: privacy@grain.inc

If you are unhappy with how we've handled your personal information and you are in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority.