Privacy Policy

Crossmint's Full Guide to Privacy Policy

Last updated: June 26, 2026

Introduction

Crossmint, Inc. ("Crossmint," "we," "us" or "our") provides a platform that enables users to maintain a digital custodial wallet that manages access to digital assets on the blockchain and integrates with decentralized applications provided by third parties.

This Privacy Policy discloses our privacy practices for personal information we collect and use when you access our products, services, features, or content, without limitation, through our website at www.crossmint.io and www.crossmint.com (the "Site"), our services to facilitate the purchase, storage, and transfer of Digital Assets (including NFTs and certain fungible tokens not classified as currency or securities), and software provided on or in connection with those services (collectively, the "Service(s)"), or when you apply or express interest in employment with Crossmint.

By accessing, browsing and/or otherwise using the Site and/or our Service, we collect the personal data of each user (the "User" or, indistinctly, the "Users") in accordance with this Privacy Policy and any other policy that may replace it in the future.

Adherence to EU-US Data Privacy Framework (DPF)

Crossmint complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Crossmint has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Crossmint has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Crossmint is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Crossmint Atlas, Inc., a subsidiary of Crossmint, Inc., is also covered by this certification and has adhered to the DPF Principles.

Acceptance of this Privacy Policy

By accessing, browsing and/or otherwise using the Site and/or our Services, you accept the terms of this Privacy Policy. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should discontinue access or use of our Site and Service.

Data Controller

The data controller responsible for the collection and processing of your personal data is Crossmint Inc., domiciled at 1317 Edgewater Dr #4296, Orlando, FL 32804 (United States of America).

For residents of the European Economic Area ("EEA"), UK and Switzerland, as well as for the purposes of Act 34/2002 of 11 July, on Information Society and Electronic Commerce Services (LSSICE), Crossmint Europe, S.L. will be our representative according to article 27 GDPR. Crossmint Europe, S.L. is a Spanish entity, with tax identification number (CIF) B10806719, domiciled at C/Villalar 7, BJ IZQ, 28001 Madrid (Spain). For residents of the United States accessing the Ramp and Transfer Service, the data controller is Crossmint Horizon Inc., a Wyoming corporation and affiliate of Crossmint Inc. Crossmint Horizon Inc. relies on a U.S. Money Services Business that is registered with FinCEN and licensed in the relevant states to provide these regulated services, and that provider acts as an independent data controller in respect of the regulated activities it performs, including specifically, but not limited to, the performance of their compliance obligations.

Crossmint has a Data Protection Officer (DPO) who is responsible for supervising compliance with data protection regulations. If you have any questions about the processing of your personal data, you can contact our DPO at: privacy@crossmint.com

How We Collect Your Personal Information

Crossmint collects and processes various information from Users. This information may, in many cases, constitute Users' personal data. This information will be considered "personal data" when it can directly identify or allow us to identify a natural person.

The categories of personal information we collect depend on how you interact with our Service and the requirements of applicable law. This personal data may have been directly provided by the User when interacting on the Site or completing any of the available forms, or may have been inferred from the relationship we have with you. Specifically:

A. Information you provide to us

Information you provide us with in web forms — to sell or purchase a Digital Asset, establish an account with a wallet, and access our Service — may include the following types:

User Data:

  • Contact data, such as first and last name, email address, mailing address, and phone number.
  • Personal identification information, such as date of birth, nationality, gender, signature, and photographs.
  • Formal Identification Information, including government-issued identity documents such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
  • Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise regarding the Service.
  • Transaction data relating to or needed to complete your transactions through the Service, such as the wallet address(es), last 4 digits of your credit card, the transaction amount, Digital Asset, and/or timestamp.

Potential users and clients:

  • Marketing data such as your preference for receiving our marketing communications and details about your engagement with them.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Prospective employees:

  • Employment data, such as information submitted in resumes, cover letters, and/or applications.

B. Information we may collect automatically about you

(i) Service Data. To the extent permitted under applicable law, we, our service providers, and our business partners may automatically collect information about you, your computer or mobile device, and your interactions over time with the Service, our communications, and other online services. Information collected automatically includes:

  • Wallet data — to provide the Service, we will create an account with a custodial wallet address and will collect data about your wallet such as the Digital Asset-related attributes on the blockchain and details about transactions you executed.
  • Device data, such as your computer's or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area. We may also collect limited device-level information through third-party security tools to detect fraudulent behavior, device spoofing, or suspicious network activity, for fraud prevention and AML compliance purposes.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

(ii) Cookies and similar technologies. We, as well as third parties that provide content or other functionality on the Service, may use cookies, local storage, and other technologies to automatically collect information through the Service.

  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both "session cookies" that are deleted when a session ends, "persistent cookies" that remain longer, "first party" cookies that we place, and "third party" cookies that our third-party business partners and service providers place.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.

(iii) Analytics. We use website analytics software to help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Fathom Analytics for this purpose.

(iv) Social Sign In. Our Service allows you to sign in with Google or Discord third-party social sign-in services. These features may collect your IP address and which page you are visiting on our Service and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

If required by applicable law, in (i) to (iv) above we will obtain the necessary consents or treat this information always under an appropriate legal basis.

C. Information we receive from third parties

We receive personal data about you from third parties:

  • Due to mergers or acquisitions, when we obtain your data from another company.
  • Public sources, such as government agencies, public records, social media platforms, identification verification partners, credit bureaus, and other publicly available sources.
  • Data providers, such as information services and data licensors that provide demographic and other information.
  • Public blockchain data, such as public addresses and public transaction data.
  • Third-party services, such as Google and Discord social media services, that you use to log into or otherwise link to your Service account. This data may include your username, profile picture, and other information associated with your account on that third-party service that is made available to us based on your account settings on that service. Your interactions with these platforms are governed by the privacy policy of the company providing it.

What We Use Your Personal Information For

Our primary purpose in collecting personal information is to provide, develop, and ultimately improve the provision of the Service, and to provide you with a secure and customized experience. We may use your personal information for the following purposes — or as otherwise described at the time of collection:

A. Delivering our service. When you create your Crossmint account and use our Service, you accept our Terms of Service and thus enter into a contract. In order for us to fulfill our obligations under that agreement, we need to access and process your personal information. Within the framework of this purpose, we may use your personal information to:

  • Fulfill our contract with you and provide the Service.
  • Enforce our terms in our user agreement (Terms of Service) and other agreements.
  • Provide Service communications.
  • Provide customer service in responding to questions, comments, and other requests.
  • Enhance your experience, improve Service, and develop new services.
  • Ensure quality control.
  • For fraud detection and anti-money-laundering (AML) purposes.

Legal basis: this processing is based on our agreement with you, or to take steps at your request prior to entering into an agreement or based on your agreement with one of our clients.

B. Research and development. We may use your personal information to better understand the way you use and interact with our Service, including to analyze and improve the Service and our business and to develop new services.

Legal basis: this processing is based on our legitimate interests in improving the quality of our services.

C. Direct marketing. Based on your communication preferences, we may send you direct marketing communications. You may opt out of our marketing communications in every such communication we send you or as described in the Opt-out of marketing section below.

Legal basis: this processing is based on your consent.

D. To manage our recruiting and process employment applications. We may use personal information, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications.

Legal basis: this processing is based on your consent.

E. With your consent. We will not use your personal information for purposes other than those we have disclosed to you, without your permission. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Legal basis: your consent.

F. Compliance and protection. We may use your personal information to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • Comply with anti-money laundering regulations and help detect, prevent, and mitigate fraud and abuse of our Service.
  • Protect our, your, or others' rights, privacy, safety or property (including by making and defending legal claims).
  • Audit our internal processes for compliance with legal and contractual requirements or our internal policies.
  • Enhance security, monitor and verify identity or service access, combat spam or other malware or security risks, and to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
  • For fraud detection and AML purposes, we may use third-party vendors that collect limited device-level information such as battery usage, device identifiers, device storage, MAC address, and SIM information. These tools may also collect information necessary to determine whether a user's current location is being masked or spoofed through a VPN, proxy, or similar technologies.
  • Comply with payment service provider requirements. When you initiate a payment using a credit or debit card or bank transfer, we may be required by our payment service providers, card processors, and acquiring banks to share transaction-related data to satisfy their technical, security, and compliance obligations. This is a contractual condition of our use of such payment services and is limited to the data strictly necessary for transaction processing and fraud prevention purposes.

Legal basis: compliance with legal and regulatory obligations, legitimate interest in ensuring the security and integrity of our Services, performance of a contract with you, and fulfillment of legal obligations under applicable financial and AML regulations.

G. To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We may use this data for any business purpose, including to better understand customer needs and behaviors, improve our Service, conduct business intelligence and marketing, and detect security threats.

Legal basis: this processing is based on our legitimate interests, as anonymous data generates statistics of interest to Crossmint.

H. Third-party service providers. Third parties may also access and/or collect your personal information when providing you services on our behalf. Crossmint works with carefully selected sub-processors who assist in various operational functions, including cloud hosting, payment processing, identity verification, and security monitoring. We ensure that all third-party service providers comply with strict data protection and security standards by maintaining Data Processing Agreements (DPAs) with each provider. For an updated list of our sub-processors, visit our Trust Page.

Legal basis: this processing is based on our agreement with you, or to take steps at your request prior to entering into an agreement or based on your agreement with one of our clients.

I. Customer Support and AI-Assisted Operations. We may share your personal information with carefully selected sub-processors to facilitate support services and improve our operational efficiency. We may use customer management platforms to centralize and respond to support requests, processing limited personal information such as your name, email address, support ticket content, and related metadata strictly for the purpose of managing and resolving your inquiries.

Additionally, certain internal tasks — such as support ticket classification, draft suggestions, translation of documents, AML and fraud prevention, or knowledge base search — may be supported by AI-powered tools and other compliance service providers. These tools operate under strict internal governance and do not use your personal data to train general-purpose models.

Legal basis: legitimate interest in providing efficient and effective customer support, or as necessary to fulfill our contractual obligations to you or our clients.

How We Share Your Personal Information

The holdings and transactions associated with a wallet address are publicly available on the blockchain. We may share your personal information with the following categories of third parties:

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy. Crossmint will share personal data with Crossmint Europe, S.L. to comply with services and obligations under GDPR, as well as to comply with administrative functions and anti-money laundering and fraud regulations.

Project Creators. We may share your Contact data with the project creator(s) of any Digital Assets you purchase through the Service, strictly to the extent necessary to provide the Service and execute the intended transaction.

Identity verification provider. We use Persona Identities, Inc. ("Persona") to verify the identity of users and, where applicable, the entities they represent. You may be asked to provide government-issued identification, a selfie or other biometric input, and related identity information. Persona processes this information as our processor and as an independent controller for its own purposes including fraud prevention and identity graph services, as described in Persona's privacy policy at https://withpersona.com/legal/privacy-policy. Your biometric information will be stored for no more than three (3) years.

Service providers. We may share your personal information with third-party service providers that provide services on our behalf, including technology support, hosting, payment processing, transaction monitoring, customer service, auditing, analytics, maintenance, security, and other related business purposes.

These services may include transactional analysis and risk solutions used as part of the monitoring and control stack for Crossmint Europe's services regulated under MiCA (Regulation (EU) 2023/1114). Profiling used in these services involves:

  • Categories of data used: identification and contact data, transaction data, device and network data, behavioral signals, and fraud or risk indicators.
  • Purpose: to assess consistency of user information, detect anomalous behavior, identify potential fraud or financial crime patterns, and comply with legal and regulatory obligations.
  • Process: automated risk scoring and rule-based and statistical analysis to identify potentially high-risk users, devices, or transactions. These assessments may result in alerts, enhanced due diligence requirements, or manual review.
  • Safeguard: any materially adverse decision is subject to human review, unless otherwise permitted by applicable law.

Fraud prevention networks and shared risk intelligence. As part of our fraud prevention efforts, we may participate in fraud and risk-intelligence networks. Certain fraud-related signals and risk indicators may be combined with information from other participants to improve fraud detection. Such information is used solely for fraud prevention and security purposes and is processed in accordance with applicable data protection laws.

Authorities and others. We may release your information to law enforcement, government authorities, and private parties as we believe in good faith to be necessary or appropriate for compliance and protection purposes, including investigatory or enforcement actions by the FTC or other regulatory authorities.

Business Transferees. We may release your information to a third party in a merger, acquisition, or sale of all or a portion of our stock or assets. If this occurs, you will be notified of any change to this Privacy Policy and any choices you may have regarding your personal information.

Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service.

Professional advisors. Lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they render to us.

When transferring personal information to a third party, we comply with the Notice and Choice Principles and enter into contracts ensuring such data is processed only for limited and specified purposes consistent with your consent.

International Data Transfers

We are headquartered in the United States and may use service providers that operate in other countries. To facilitate our global operations, we may transfer, store, and process your personal information within our affiliates, third-party partners, and service providers based throughout the world (including outside of the EEA, UK and Switzerland, in what is defined as "third country transfers" under GDPR).

In cases where we intend to transfer personal data to third countries or international organizations outside of the EEA, we put in place suitable technical, organizational, and contractual safeguards (including Standard Contractual Clauses as approved by the European Commission) to ensure such transfers comply with applicable data protection rules. We have also adhered to the DPF Program Principles.

Your Privacy Choices

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by contacting us.

Opt-out of marketing communications. You will receive transaction-related emails regarding the Service you have requested. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you opt out of marketing emails, you may continue to receive service-related and non-marketing emails.

Cookies and similar technologies. You may stop or restrict the placement of cookies and web beacons on your device or remove them by adjusting your browser or device settings.

Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to online services you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more, please visit http://www.allaboutdnt.com.

Linked third-party platforms. If you connect to the Service through your social media account or other third-party platform, you may use your settings in your account with that platform to limit the information we receive from it.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including to provide the Service, satisfy any legal, accounting, or reporting obligations, or resolve disputes.

Retention periods may be longer when necessary to comply with certain legal obligations. In any case, appropriate security measures will be applied to prevent mass access to such data.

Our adherence to the DPF Principles will continue for as long as we retain any personal data collected or processed under the DPF. If we engage in an onward transfer of personal data to third parties, we will remain liable under the DPF Principles if the third party processes such data in a manner inconsistent with the principles.

Information Security

We have technical and administrative safeguards in place to protect the security and confidentiality of your personal information. Unfortunately, no system is 100% secure when transmitting and storing data, and we cannot ensure or warrant the security of any information you provide to us.

By using the Service or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Service. If we learn of a breach, we may attempt to notify you electronically by posting a notice on the Site or by sending you an email.

Third Party Websites or Applications

The Service may contain links to other websites or applications and other websites or applications may reference or link to our Service. We encourage our users to read the privacy policies of each website and application with which they interact. These third-party services are not controlled by us. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Children's Personal Information

The Service is not intended for use by anyone under the age of 18 and we do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, we will require the user to close his or her account and will not allow the user to continue using our Service. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Service.

Changes to our Privacy Policy

We may, in our sole discretion, change this Privacy Policy from time to time by posting a revised version at www.crossmint.com/privacy-policy. If we make any material change to this Privacy Policy, we will notify you by posting a notice on www.crossmint.com/privacy prior to the change becoming effective and may also send you an email notifying you of the policy modifications. Your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

Consent to Privacy Policy and Electronic Communication

By submitting data through the Service, you expressly consent to the processing of your personal data in accordance with this Agreement and the Privacy Policy in effect at that time. By creating an Account, you consent to receive electronic communications from Crossmint (e.g., via email or by posting notices on the Service). You agree that all notices, agreements, disclosures, or other communications we send to you electronically satisfy any legal requirements that such communications be in writing.

We may also send you promotional communications via email, including newsletters, special offers, surveys, and other news and information we think may interest you. You may opt out of receiving these promotional emails at any time by following the unsubscribe instructions provided in the emails.

By registering for an Account, you represent and warrant that:

Accuracy of Personal Information. All information provided to Crossmint and/or its designated third parties, including your address and Social Security Number or Tax Identification Number, is accurate and complete. None of the following persons: (i) you; (ii) any of your affiliates; (iii) any other person with a beneficial interest in you; or (iv) any person for whom you are acting as agent or representative in connection with this Agreement is: (A) a country, territory, entity, or individual listed on any OFAC list or otherwise prohibited under any OFAC programs; (B) a senior foreign political figure, or any immediate family member or close associate of a senior foreign political figure; or (C) a national or resident of any jurisdiction subject to a U.S. or European Union trade embargo.

Independent Investigation and Non-Reliance. You are a sophisticated individual with experience and knowledge in purchasing, selling, or trading Digital Assets, as applicable. You have conducted your own independent investigation of the Service and the matters addressed in this Agreement, and have independently formed your judgment regarding the merits and risks involved. In making the decision to purchase, sell, or trade any Digital Asset or Cryptoasset using the Service, you have relied solely on the results of such independent investigation and your own judgment.

Litigation. There is no pending legal proceeding involving your activities relating to digital assets or blockchain technology.

Compliance. You have not violated or breached any applicable legal requirements related to any blockchain technology, token trading activities, or the purchase and/or sale of digital assets.

You are solely responsible for providing all equipment and software necessary to access the Service and for any fees incurred when accessing the Service, including Internet or mobile connection charges.

Your Privacy Rights

Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information:

  • Access: you have the right to obtain confirmation that your personal information is being processed, as well as the right to obtain a copy of such information.
  • Rectification: you may request the rectification of any personal information held by us that you deem inaccurate. You can also change your personal information directly in your account at any time.
  • Deletion: you can, in some cases, have your personal information deleted. However, even after closing your account we may keep certain account information pursuant to applicable law and to assist law enforcement.
  • Objection: you can object, for reasons relating to your particular situation, to the processing of your personal information. In some jurisdictions, you may also have the right not to be subject to a decision based solely on automated processing.
  • Restriction of processing: you have the right, in certain cases, to temporarily restrict the processing of your personal information by us.
  • Portability: in some cases, you can ask to receive your personal information in a structured, commonly used and machine-readable format, or request that we communicate your personal information directly to another data controller.
  • Withdraw consent: to the extent we are processing your information based on your consent, you have the right to withdraw your consent at any time. This withdrawal does not affect the lawfulness of processing based on consent given before the withdrawal.

Note these rights may be limited where we can demonstrate we have a legal requirement to process your personal data.

You can contact us to exercise any of the above rights at: privacy@crossmint.com

16. Additional Rights for California Residents

This section applies to residents of the State of California. The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"), provides California residents with specific rights regarding their personal information.

A. Rights of California Residents. Subject to applicable law, California residents have the following rights:

(i) Right to Know. You have the right to request that we disclose: (a) the categories of personal information we have collected about you; (b) the categories of sources from which your personal information was collected; (c) the business or commercial purpose for collecting, selling, or sharing your personal information; (d) the categories of third parties to whom we disclose your personal information; and (e) the specific pieces of personal information we have collected about you.

(ii) Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law (including where retention is necessary to complete a transaction, comply with a legal obligation, detect or prevent security incidents, or for other purposes permitted by applicable regulations).

(iii) Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of its processing.

(iv) Right to Opt Out of Sale or Sharing. Crossmint does not sell your personal information for monetary consideration. To the extent that any use of third-party analytics or tracking technologies on our Service constitutes "sharing" of personal information for cross-context behavioral advertising purposes under CPRA, you have the right to opt out of such sharing by contacting us at privacy@crossmint.com or as otherwise indicated on our website.

(v) Right to Limit Use of Sensitive Personal Information. To the extent we collect "sensitive personal information" as defined under CPRA — including government-issued identification numbers, financial account and transaction data, and precise geolocation data — you have the right to request that we limit our use and disclosure of such information to that which is necessary to perform the services you have requested or as otherwise permitted by applicable law.

(vi) Right of Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices or rates, or provide you with a different level or quality of goods or services as a result of your exercise of any privacy right.

B. How to Submit a Request. To exercise any of the rights described above, please submit a verifiable consumer request by: (1) emailing us at privacy@crossmint.com; or (2) completing our online privacy request form at www.crossmint.com/contact. Only you, or a person authorized to act on your behalf, may make a verifiable consumer request. We will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 days. If we require additional time (up to a further 45 days), we will notify you in writing of the reason and the expected response date.

C. Financial Incentives. Crossmint does not offer financial incentives, price differences, or service differences in exchange for the collection, retention, or sharing of your personal information.

D. Shine the Light (Cal. Civ. Code § 1798.83). Crossmint does not disclose personal information to third parties for their own direct marketing purposes without your prior consent.

17. Contact Us

If you have any questions about our privacy practices or this Privacy Policy, or would like to file a complaint, please log a support ticket at https://www.crossmint.com/contact or contact us at:

Crossmint, Inc.1317 Edgewater Dr #4296Orlando, FL 32804privacy@crossmint.com

For residents of the European Economic Area ("EEA"), UK and Switzerland, please contact Crossmint Europe, S.L. at:

Crossmint Europe, S.L.C/Villalar 7, BJ IZQ, 28001 Madrid (Spain)privacy@crossmint.com

For European citizens, for any kind of data protection complaint, you can contact the competent supervisory authority in your country. For detailed information on the authority you can contact in each country, visit: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

Dispute Resolution

At Crossmint, we prioritize your concerns and are committed to resolving any complaints or disputes in a timely and fair manner. If you have a complaint, you may bring it directly to our attention by contacting us at privacy@crossmint.com or logging a support ticket at https://www.crossmint.com/contact.

In compliance with the EU-U.S. DPF, Crossmint, Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

Furthermore, depending on your place of residence, Crossmint commits to cooperate and comply with the advice of the panel established by the EU DPAs, the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

In accordance with DPF Principles, individuals also have the right, under certain conditions, to invoke binding arbitration for complaints regarding our compliance with the DPF that have not been resolved by any of the other DPF mechanisms. Please note that Crossmint is obligated to arbitrate claims and adhere to the terms as detailed in Annex I of the DPF Principles: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

Applicable Law and Jurisdiction

For users located in the European Union, United Kingdom, and Switzerland, Spanish legislation shall apply to the resolution of all disputes or questions related to the Site or the activities carried out therein. The parties expressly submit themselves to the Courts of Madrid, Spain.

For users located outside the European Union, United Kingdom, and Switzerland, the laws of the State of New York, United States, shall govern all matters related to the Site or the activities carried out therein. The parties expressly submit themselves to the Courts of New York City, New York, United States.

Abstract green background
Pastel green abstract shape