Privacy Policy
Privacy Policy for Sherlock
Effective Date: 25 June 2025
This Privacy Policy (βPolicyβ) describes how DeFi Risk Management Foundation (βwe,β βus,β βour,β or βSherlockβ) collects, uses, processes, and discloses your personal data when you access or use the website located at https://www.sherlock.xyz/ (the βWebsiteβ) and any related platforms, products, services, or applications we provide (collectively, the βServicesβ).
1. Data Controller Information
The entity responsible for determining the purposes and means of processing your personal data is as follows: DeFi Risk Management Foundation, registration number 24045786, registered at Dresdner Tower, 11th Floor, 50th St. and 55th East Street, Panama City, Panama 00000. Where applicable, certain personal data processing activities may also be conducted by or on behalf of Sherlockβs identity verification partner.
2. Information We Collect
We collect information from you when you interact with our Services. This includes:
Personal information voluntarily provided by you during registration, specifically username associated with your profile.
Information linked to social media accounts or public profiles, including the provided GitHub, Discord, Telegram, and X username.
Content you upload or submit, including materials in code repositories.
3. KYC and Identity Verification
To comply with regulatory obligations and for security purposes, Sherlock may require you to undergo Know Your Customer (βKYCβ) procedures. These are conducted through a third-party provider, currently Sumsub, whose privacy practices are available at https://incode.com/privacy-policy/. As part of this process, you may be required to submit personally identifiable information, including but not limited to scans of government-issued identification, proof of address, and biometric verification. All such data is collected, processed, and stored by the KYC provider in accordance with its own terms and policies.
4. Use of Your Information
Your information may be used for the following purposes:
To enable your access to and use of the Services.
To provide support, fulfill requests, and respond to inquiries.
To perform due diligence, conduct identity verification (KYC), and comply with anti-money laundering (AML), counter-terrorism, and other legal obligations.
To improve, personalize, maintain, and secure the Services.
To analyze user behavior for internal research, analytics, and reporting.
To prevent, detect, and respond to fraudulent, unauthorized, or illegal activities.
To enforce our legal agreements.
With your consent, for any other purpose disclosed at the time of data collection.
5. Data Access and Disclosure
Sherlock will not sell your personal data. Access to your data is strictly limited to the aforementioned usernames and may occur under the following circumstances:
To authorized Sherlock staff, contractors, or service providers acting on our behalf.
In response to lawful requests by public authorities, including to meet national security or law enforcement requirements, subpoenas, court orders, or other legal processes.
When reasonably necessary in cases of substantiated ethical violations or fraud investigations.
With your explicit consent, such as when you authorize data sharing with a third-party application or service.
6. User Termination.
If you wish to discontinue your use of the Services, you may do so at any time by simply ceasing to access or make use of the platform. If you would like to delete the KYC data from Sumsub, please contact us at [email protected].
7. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this page and, where appropriate, by additional notice through the Services. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
Last updated