Sushi — Privacy

1. Information We Collect

When you visit sushi.com or interact with the Sushi interface, certain information is collected automatically to ensure the service functions correctly. This includes your IP address, browser type, device identifiers, and the pages you navigate within the platform. If you connect a Web3 wallet, the public wallet address associated with that connection is recorded solely to facilitate the requested swap or liquidity action. The service does not collect private keys, seed phrases, or any data that would grant access to your funds. Optional features, such as email alerts or governance notifications, may require you to voluntarily submit an email address, which is stored separately and used only for the stated purpose.

2. How We Use Your Data

Data collected through this platform is used primarily to deliver, maintain, and improve the trading experience. Aggregated analytics help the development team understand which features are used most frequently, where performance bottlenecks occur, and how the interface can be simplified. Public wallet addresses may be used to display transaction history within the platform's UI, but they are never sold or linked to personally identifiable information without explicit user consent. The service may also use anonymized data to produce public research reports about DeFi market trends. In every case, data use is limited to purposes that are consistent with why the information was originally collected.

3. Cookies and Tracking Technologies

The platform uses cookies and similar tracking technologies to remember user preferences, maintain session integrity, and measure the effectiveness of interface updates. Strictly necessary cookies are enabled by default because the service cannot function without them. Analytics cookies, which track page views and interaction patterns, are optional and can be disabled through the cookie preference center accessible in the site footer. Advertising or retargeting cookies are not used on sushi.com. Third-party analytics providers that do receive cookie data are contractually restricted from using that data for their own marketing purposes.

4. Third-Party Data Sharing

Sushi does not sell personal data to third parties under any circumstances. Limited data sharing occurs only when necessary to operate the service — for example, sharing anonymized usage statistics with infrastructure providers or passing public wallet addresses to on-chain explorers to display transaction status. Any third party that receives data in connection with the platform is bound by data processing agreements that restrict secondary use. If regulatory authorities submit lawful requests for data, the platform will comply to the extent required by applicable law while notifying affected users whenever legally permitted to do so.

5. Data Security Measures

Protecting the data entrusted to this service is treated as a core operational requirement. Industry-standard encryption protocols secure all data in transit using TLS 1.3 or higher, and sensitive data stored at rest is encrypted using AES-256. Access to backend systems is restricted through multi-factor authentication and role-based permissions, ensuring that only authorized personnel can interact with production infrastructure. Regular penetration tests and vulnerability assessments are conducted by independent security firms. Despite these measures, no online system can guarantee absolute security, and users are encouraged to practice good wallet hygiene, including using hardware wallets for significant holdings.

6. Your Rights as a User

Depending on your jurisdiction, you may have a range of rights regarding the personal data this platform holds about you. These rights can include the right to access a copy of your data, the right to correct inaccurate information, the right to request deletion of your data, and the right to object to certain processing activities. Because blockchain transactions are immutable by design, data recorded on-chain cannot be altered or deleted after confirmation — this limitation is inherent to how distributed ledgers work and is disclosed transparently here. To exercise any of the rights described above for off-chain data, please submit a request to the contact address provided in the Contact Information section of this policy.

7. Data Retention Policy

Off-chain data collected by the platform is retained only for as long as it is needed to fulfill the purpose for which it was collected, plus any additional period required by applicable law. Server logs containing IP addresses are typically purged on a rolling 90-day cycle. Optional account data, such as email addresses for notifications, is retained until you withdraw consent or request deletion. Anonymized and aggregated analytics data, which cannot be traced back to any individual, may be retained indefinitely for product improvement purposes. When data is no longer required, it is deleted using secure erasure methods that prevent recovery.

8. International Data Transfers

As a globally accessible decentralized protocol, the infrastructure supporting sushi.com may involve servers and service providers located in multiple countries. When personal data is transferred across international borders, appropriate safeguards are implemented to ensure the data receives a level of protection equivalent to that required in the user's home jurisdiction. For transfers from the European Economic Area, standard contractual clauses approved by the European Commission are used where no adequacy decision exists. Users located in regions with specific data transfer restrictions should consult the contact address in this policy if they have questions about how their data is handled internationally.

9. Children's Privacy

The Sushi platform is not intended for use by individuals under the age of 18, and the service does not knowingly collect personal data from minors. Users must affirm they meet the minimum age requirement before accessing certain features of the interface. If it comes to the platform's attention that personal data has been collected from a user under 18 without verifiable parental consent, that data will be deleted promptly. Parents or guardians who believe a minor has submitted personal data to this service are encouraged to contact the team immediately using the details provided in the Contact Information section of this policy.

10. Policy Updates

This privacy policy may be updated periodically to reflect changes in the platform's practices, applicable laws, or the features offered by the service. When material changes are made, users will be notified through a prominent notice on the website and, where applicable, via email or in-app notification. The effective date at the top of the policy will always indicate when the most recent revision was made. Continued use of the platform after the effective date of an updated policy constitutes acceptance of the revised terms. Users are encouraged to review this policy regularly to stay informed about how their information is being protected.

11. Contact Information

If you have questions, concerns, or requests related to this privacy policy or the handling of your personal data, you can reach the team responsible for data matters at the official contact channels listed on sushi.com. The platform aims to respond to all privacy-related inquiries within 30 business days. For users in jurisdictions that require a designated data protection officer, contact details for that individual are available upon request. Requests submitted via the official contact form on the website will receive the fastest response, and all communications are handled confidentially.

12. Consent and Your Choices

By accessing and using the Sushi interface, you acknowledge that you have read and understood this privacy policy. Where the processing of personal data is based on your consent, you retain the right to withdraw that consent at any time without affecting the lawfulness of processing that occurred before the withdrawal. You can manage cookie preferences, unsubscribe from optional communications, and request data deletion through the tools provided within the platform or by contacting the team directly. Withdrawing consent for certain data uses may limit the availability of some optional features, but it will never prevent you from executing basic swaps or interacting with the core protocol.