1Inch — Privacy

1Inch Privacy Policy: Information We Collect

When users interact with the 1Inch platform and its associated products, including the 1Inch Wallet, certain categories of information are collected to facilitate service delivery and improve the user experience. Automatically collected data includes IP addresses, browser type, device identifiers, operating system information, and interaction logs such as pages visited, features accessed, and transaction queries submitted. Users who voluntarily create accounts or subscribe to communications may provide personal identifiers such as email addresses. Importantly, because the protocol is non-custodial, the service does not collect private keys, seed phrases, or wallet passwords — that sensitive information resides exclusively on the user's device. Blockchain transaction data, being inherently public on the respective networks, may be associated with wallet addresses that users connect to the interface, though this data is pseudonymous by nature. The collection practices described here are limited to what is necessary to operate the service reliably and to meet applicable legal obligations.

How 1Inch Uses Your Information

Information collected by the platform is used for a defined set of operational, analytical, and communication purposes. Operational uses include processing token swap requests, routing queries through the aggregation engine, displaying accurate price data, and ensuring the technical functionality of the interface and the 1Inch Wallet application. Analytical uses involve aggregating anonymized usage data to understand how features are adopted, identify performance bottlenecks, and prioritize product development roadmaps. Communication uses include sending transactional notifications, security alerts, and, where users have opted in, newsletters or product updates. The service does not sell personal information to third parties for their own marketing purposes. Data may also be used to comply with legal obligations, including responding to lawful requests from regulatory authorities in applicable jurisdictions. All processing activities are conducted in accordance with the principle of data minimization, ensuring that only the information genuinely required for each stated purpose is used.

Cookies and Tracking Technologies

The web interface operated by 1Inch uses cookies and similar tracking technologies, including local storage objects and pixel tags, to support core site functionality and gather aggregate analytics. Strictly necessary cookies are deployed without requiring user consent because they are essential for the interface to function — for example, remembering user preferences such as selected network or slippage tolerance settings. Analytics cookies, which collect anonymized data on page visits, session duration, and feature engagement, are deployed only after users have provided informed consent through the cookie management banner displayed upon first visit. The platform does not deploy advertising or behavioral tracking cookies for the purpose of building user profiles for sale to marketers. Users may withdraw cookie consent at any time through the settings panel available in the site footer, and standard browser controls can be used to delete or block cookies independently. Opting out of analytics cookies does not affect the core functionality of the swap interface.

Third-Party Data Sharing

The platform shares user data with third parties only in narrowly defined circumstances and always under appropriate contractual protections. Service providers who assist with infrastructure, analytics, security monitoring, and customer support may receive limited access to relevant data solely for the purpose of providing those services on the platform's behalf. These providers are bound by data processing agreements that prohibit them from using the information for any purpose beyond the specified service. Price feed and liquidity data providers receive anonymized query data necessary to return accurate routing results but do not receive personally identifiable information. In the event of a merger, acquisition, or sale of assets, user information may be transferred to the successor entity subject to the same privacy commitments described in this policy. Finally, the service will disclose information when required to do so by applicable law, court order, or governmental authority, and will notify affected users to the extent permitted by law.

Data Security Practices

Protecting the data entrusted to the platform is treated as an ongoing engineering and operational responsibility rather than a one-time compliance exercise. Technical safeguards include end-to-end encryption of data in transit using TLS 1.3 or higher, encryption of sensitive data at rest using AES-256, and role-based access controls that limit internal access to personal information to only those team members who require it for specific tasks. The 1Inch Wallet application employs device-level secure enclave storage for cryptographic material and supports biometric authentication as an additional access barrier. Organizational safeguards include regular security training for all personnel, mandatory two-factor authentication on internal systems, and periodic penetration testing conducted by independent third-party security firms. Despite these measures, no system can guarantee absolute security, and users are encouraged to practice good personal security hygiene including using strong passwords and keeping wallet software updated. Any confirmed data breach that poses a significant risk to users will be disclosed in accordance with applicable notification requirements.

Your Rights as a 1Inch User

Users have meaningful rights over the personal information the platform holds about them, and the service is committed to honoring those rights promptly and transparently. Depending on the jurisdiction of residence, applicable rights may include the right to access a copy of personal data held, the right to request correction of inaccurate information, the right to request deletion of personal data subject to legal retention obligations, the right to restrict or object to certain processing activities, and the right to data portability in a machine-readable format. Users in the European Economic Area benefit from rights established under the General Data Protection Regulation, while California residents may exercise rights under the California Consumer Privacy Act. To submit a data rights request, users should contact the privacy team using the contact details provided in the Contact Information section of this policy. The service will respond to verified requests within the timeframes mandated by applicable law, generally within 30 days, and will not discriminate against users who exercise their privacy rights.

Data Retention

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, to maintain accurate business records, or to satisfy applicable legal, regulatory, or contractual obligations. Analytical and usage data in aggregated, anonymized form may be retained indefinitely for product development purposes because it cannot reasonably be linked back to any individual user. Server logs containing IP addresses and session metadata are typically purged on a rolling 90-day cycle unless a specific legal hold or security investigation requires their preservation for a longer period. Email addresses and communication preferences provided by users who subscribe to newsletters are retained until the user unsubscribes, after which they are removed from active mailing lists within 30 days. When data is no longer required and retention obligations have been satisfied, the service employs secure deletion methods, including cryptographic erasure for cloud-stored data, to ensure that discarded information cannot be recovered or reconstructed.

International Data Transfers

As a globally distributed platform serving users across multiple continents, the service may transfer personal data across international borders as part of normal operations. Infrastructure providers and service partners are located in various jurisdictions, and data may be processed in countries that have different data protection standards than the user's country of residence. Where transfers involve moving data from the European Economic Area to countries not recognized as providing an adequate level of protection, the platform relies on the European Commission's Standard Contractual Clauses as the legal mechanism to ensure that transferred data receives equivalent protection. For transfers involving data from the United Kingdom, corresponding transfer mechanisms approved by the UK Information Commissioner's Office are applied. Users may request information about the specific transfer mechanisms in place for their data by contacting the privacy team. The platform continuously monitors regulatory developments in international data transfer law and updates its mechanisms as required to remain compliant.

Children's Privacy

The 1Inch platform and all associated products, including the 1Inch Wallet, are intended exclusively for use by individuals who are at least 18 years of age or the age of majority in their jurisdiction of residence, whichever is higher. The service does not knowingly collect, solicit, or process personal information from children under the age of 13, and in jurisdictions where a higher age threshold applies for digital services targeting minors, that higher threshold governs. If a parent or guardian becomes aware that their child has submitted personal information to the platform without appropriate consent, they are encouraged to contact the privacy team immediately so that the information can be identified and deleted. The service does not design or market its products toward minors, and its terms of service explicitly prohibit use by anyone below the applicable minimum age. Should the service become aware that it has inadvertently collected data from a minor, it will take prompt steps to delete that data from its systems.

Updates to This Privacy Policy

This privacy policy is reviewed periodically and may be updated to reflect changes in the platform's data practices, new product features, evolving legal requirements, or feedback from users and regulators. When material changes are made — that is, changes that meaningfully affect how personal information is collected, used, or shared — the service will provide prominent notice through the website interface and, where email addresses are held, via direct communication to affected users. The date of the most recent revision will always be displayed at the top of the policy document. Users are encouraged to review the policy periodically even when no specific notification has been received, as incremental clarifications or minor updates may be made without triggering formal notification procedures. Continued use of the platform following the publication of an updated policy constitutes acceptance of the revised terms, provided that material changes are communicated in advance as described above.

Contact Information for Privacy Inquiries

Users with questions, concerns, or requests relating to this privacy policy or the handling of their personal data are encouraged to reach out to the privacy team through the official contact channels listed on the 1Inch website at 1inch.io. Data rights requests, including requests to access, correct, delete, or port personal data, should be submitted in writing with sufficient detail to allow the team to verify the requester's identity and locate the relevant records. The service aims to acknowledge all privacy inquiries within five business days and to provide a substantive response within the timeframe required by applicable law. For users in the European Economic Area who are not satisfied with the response received, there is a right to lodge a complaint with the data protection supervisory authority in their country of residence. The platform takes all privacy feedback seriously and uses it as an input to continuously improve its data governance practices.

Consent and Legal Basis for Processing

The platform processes personal information on one or more legal bases depending on the nature of the processing activity and the jurisdiction of the user. For users in the European Economic Area and the United Kingdom, the primary legal bases are: legitimate interests, where processing is necessary for the operation and security of the service and does not unduly override user rights; contract performance, where processing is required to fulfill a service requested by the user; legal obligation, where processing is necessary to comply with applicable law; and consent, which is relied upon for optional activities such as analytics cookies and marketing communications. Users who have provided consent may withdraw it at any time without affecting the lawfulness of processing that occurred prior to withdrawal. For users outside jurisdictions with explicit legal basis requirements, processing is conducted in accordance with applicable local law. A detailed record of processing activities and corresponding legal bases is maintained internally and can be provided to regulatory authorities upon request.