Privacy Policy

Last Updated November 21, 2023

This Privacy Policy describes the data protection practices of Storj Labs Inc. and its affiliate, Storj Labs International SEZC (together referred to as “Company,” “Storj” “we,” “us,” or “our”). This Privacy Policy applies to all websites owned and operated by us that link to this Privacy Policy (the “Sites”), Storj’s online storage services and applications, and related online and offline services (collectively, the “Service” or “Services”).

The Services enable those seeking to store data (“Customers”) with those providing space for decentralized cloud storage (“Node Operators”) (the “Storage Services”). Customers’ data is stored on third-party devices that have installed an open source, distributed storage software (“Software”). Data submitted by Customers to the Services for storage with Node Operators (“Storage Materials”) is encrypted, which prevents Storj and Node Operators from accessing the content of the Storage Materials.

Storj acts as a service provider/processor of Storage Materials on behalf of its Customers. Individuals whose data may be included in Storage Materials ultimately are subject to the privacy policies and practices of the Customer utilizing Storj for Storage Services. Accordingly, for the purposes of the European Union (“EU”) General Data Protection Regulation (“GDPR”), Customers act as the data controller with respect to the processing of the Storage Materials. Storj is not responsible for the privacy practices of Customers. Storj acts as the data controller and not a processor/service provider when, for example, Customers, Node Operators, and other Site visitors provide Storj with information, such as contact, account, and registration information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. By using the Services, you expressly and voluntarily are accepting the terms and conditions of this Privacy Policy and our Terms of Use (and other applicable agreements, such as the Terms of Service, and Node Operator Terms and Conditions) (collectively, “Agreements”) that allow us to process information about you.

This Privacy Policy contains the following sections:
‍

‍

Collection of Information
Use of Information
Legal Bases for Use of Information
Sharing of Information
Cookies and Online Analytics
Aggregate/De-Identified Information
International Customers
Additional Information for California Residents
Additional Information for Nevada Residents
Data Retention
How We Protect Your Data and Our Services
Third-Party Links and Features
Children's Privacy
Changes to our Privacy Policy
Contact Information
‍

1. Collection of Information
‍

Information You Provide to Us

We collect information you provide directly to us. For example, we collect information you provide when you create an account, subscribe to our updates, respond to a survey, fill out a form, post on a forum, request customer support, or communicate with us. Types of information we may collect include, but are not limited to, telemetry data, your digital wallet address, email address, username and password, survey responses, and any other information you choose to provide.

If you are a Customer or otherwise use our Storage Services, a third-party service provider may collect your payment method information for use in connection with your payments for storage.

If you are a Storage Node Operator, we may require you to submit a tax form in connection with your receipt of payments from us. The tax form may require you to provide certain information, including your name, business name, address, and tax identification number (e.g., SSN or EIN). We will use this tax form information solely to submit relevant tax filings.

Information We Collect Automatically

When you use our Services, we may collect automatically information from your devices. For example, we may collect:

Log Information: We collect log information when you use our Services, including access times, pages viewed, IP address, and the web page that referred you to our website.
Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, your web browser, and device identifiers (including a network ID used to communicate with other nodes on the network).
Location information: We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
Telemetry Information: If you use the Software, we may collect the amount of free and used storage space on your device, bandwidth upload and download speeds, and other statistics about your device and network connection.
Performance Information: If you are a Customer, we may collect the amount of data transferred via our Services, the contract associated with the transferred data, and a log of the outcome (success or failure) of audits performed on your node.
Usage Information: If you use our Storage Services, we may collect metadata about your usage and the file shards that are distributed via the Storage Services (including shard size, number of shards, and frequency of access), and we may record instances in which you have used your private key to authenticate communications.

Information Collected by Cookies and Other Tracking Technologies via Our Services: We and our service providers use various technologies to collect information when you interact with our websites and mobile apps, including cookies and web beacons. Cookies are small data files that are stored on your device when you visit a website, which enable us to collect information about your device identifiers, web browsers used to access the Services, pages or features viewed, time spent on pages, mobile app performance and links clicked. Web beacons (or pixel tags) are electronic images that may be used in our web services or emails to help deliver cookies, count website visits, understand usage and determine the effectiveness of our email marketing campaigns. (Please see “5. Cookies and Online Analytics” below).
‍

2. Use of Information

We may use information about you for various purposes, including to:

Provide, maintain, deliver, and improve our Services;
Develop new products and services;
Personalize your experience;
Respond to your requests for information;
Send you technical notices as well as support and administrative messages;
Subject to applicable legal obligations, communicate with you about products, services, promotions, events, and other news and information we think will be of interest to you;
Monitor and analyze trends, usage, and activities in connection with our Services;
Detect, investigate, and prevent suspected fraudulent transactions and other illegal activities, and protect the rights and property of Storj and others;
Investigate good-faith, alleged violations of our Agreements;
Secure our Services and Customers;
Link or combine information we collect from or about you;
Carry out any other purpose for which the information was collected; and,
Fulfill other purposes with your consent or at your direction.

For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy.
‍

3. Legal Bases for Use of Information

If you are located in the European Economic Area (“EEA”), please note that the legal bases under the GDPR for using the information we collect through your use of the Services are as follows:

Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the Agreements which you accept by using the Services);
Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Services; operate our Services; prevent fraud; analyze use of and improve our Services; and for similar purposes);
Where use of your information is necessary to comply with a legal obligation; and,
Where we have your consent to process data in a certain way.

‍

4. Sharing of Information

With service providers that perform work for us so that they can perform such work;
When you use interactive areas of our Services, like our blog or other online forums, certain information you choose to share may be displayed publicly, such as your username, actions you take, and any content you post;
In response to a request for information if we believe disclosure is in accordance with, or required by, an applicable law, regulation, or legal process;
If we believe your actions are inconsistent with our Agreements or policies, or to protect the rights, property, and safety of Storj or others;
In connection with, or during negotiations of, any merger, sale of Company assets, financing or acquisition of all or a portion of our business by another company;
Between and among Storj and any current and future parents, affiliates, subsidiaries and other companies under common control and ownership; or,
With your consent or at your direction.
‍

Notice About Use of our Public Forums and Features

Certain features of our Services make it possible for you to share comments publicly with others, such as through our public forums, blogs, and message boards. You should be aware that any information you provide or post in these ways may be read, collected, and used by others who access them. We encourage you to be cautious about the information you submit (e.g., choose a username that does not disclose your personal identity). Whenever you post something publicly, it may be impossible to remove all instances of the posted information, for example, if someone has taken a screenshot of your posting.
‍

Social Sharing Features

Our Services may offer social sharing features and other integrated tools. Your use of such features enables the sharing of information with your contacts or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
‍

5. Cookies and Online Analytics

We use first and third-party analytics tools to process the use of our site and products. If a person is accessing our site from an IP address outside the US, first- and third-party session cookies are applied only when a customer clicks to accept them. Visitors accessing our site from IP addresses within the US will be presented with the opportunity to opt out of having first- and third-party session cookies applied. Session cookies on our site provide for better business analysis and helpful insights for how the site is performing.

In addition, we use industry standard methods to understand website referral sources, visits per page, and page-to-page referrals on our site. Data collected using these methods is aggregated and is not attributed to individual site visitors.

When a website visitor accepts a session cookie, we place our cookie in the browsing session to gain a better understanding as to how visitors navigate through our site. When a user who accepts a session cookie creates an account, we then gain insights around product behavior in association to the referral source of this customer, enabling insights for marketing initiatives that will help grow our business.

Third-party tools are in use in our documentation to understand what pages are being used the most. We also use third-party email marketing tools for non-essential emails. These have analytics functionality that provide insights as to when emails are opened and what links are accessed. We do not sell or share this information with anyone else. The types of tracking and analytics tools we and our service providers use for these purposes are:

“Cookies” are small data files stored on your computer or device to collect information about your use of the Services. Cookies may enable us to recognize you as the same user who used our Services in the past, and relate your use of the Services to other information we have about you. Cookies also may be used to allow us to serve retargeted advertisements for Storj to visitors to the Storj site when they are on other sites, which the visitor may choose to close. Most browsers can be set to detect cookies and give you an opportunity to reject them, but refusing cookies may, in some cases, limit your use of our Services or features. To learn more about the use of cookies, including how to manage or delete them, click here. Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.
“Local shared objects,” or “flash cookies,” may be stored on your computer or device using a media player or other software. Local shared objects operate much like cookies, but cannot be managed in the same way. Depending on how local shared objects are enabled on your computer or device, you may be able to manage them using software settings. For information on managing flash cookies, for example, click here.
A “pixel tag” (also known as a “clear GIF” or “web beacon”) is a tiny image – typically just one pixel – that can be placed on a web page or in our electronic communications to you in order to help us measure the effectiveness of our content by, for example, counting the number of individuals who visit us online or verifying whether you’ve opened one of our emails or seen one of our web pages.

Do Not Track. Do Not Track (“DNT”) is a privacy preference that Customers can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for online advertising and analytics purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track.
‍

6. Aggregate/De-Identified Information

We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with third parties, including advertisers, promotional partners, and sponsors, at our discretion.

7. Your Choices and Rights

You have certain rights with respect to your information as further described in this Section, in addition to rights discussed elsewhere in this Privacy Policy. Please note your rights and choices vary depending upon your location.

Marketing Communications. You can instruct us not to use your information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that may appeal to your interests as described in this Privacy Policy. You may do so in commercial email messages by following the instructions located at the bottom of such emails. Removing your name from the email list may take a reasonable amount of time. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our relationship or transactions with you.

Account information. We encourage you to periodically review and update your settings and profile information by logging into your account.

Telemetry Information. Users of the Software can opt out of our collection of Telemetry Information. Please refer to the settings area of the Software to opt out of this collection.

8. International Customers

Personal Data Transfers Outside of the EEA

Storj may transfer some of your personal information outside of the EEA. Storj may transmit some of your personal information to a country where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction, including the United States. As required by applicable law, Storj will provide an adequate level of protection for your personal data using various means, including, where appropriate:

relying on a formal decision by the European Commission that a certain country ensures an adequate level of protection for personal data (a full list of such decisions may be accessed online here).
entering into appropriate data transfer agreements based on language approved by the European Commission, such as the Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC), which are available upon request at legal@storj.io (please note that this email address does not process requests related to “Data Subject Rights” below);
implementing appropriate physical, technical, and organizational security measures to protect personal information against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against unlawful forms of processing; and,
taking other measures to provide an adequate level of data protection in accordance with applicable law.

Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.

Data Subject Rights

If you are an EEA resident, you may have a right to request from Storj access to and rectification or erasure of your personal data or restriction of processing concerning you, as well as the right to data portability under the GDPR. You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us, and we can be required to no longer process your personal data. In general, you have the right to object to our processing of your personal data for direct marketing purposes. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You can exercise such rights by accessing the information in your account or by filling out the GDPR Data Subject Rights Webform.

Please also note that Storage Materials are encrypted, which prevents Storj and Node Operators from accessing the information. Those who wish to access or delete any personal information within Storage Materials must direct their queries to the relevant Customer.

If you have provided consent for cookies that are not strictly necessary, direct marketing emails or other data processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing or other activity based on consent before you withdraw it. You have the right to lodge a complaint with a supervisory authority.
‍

9. Additional Information for California Residents

The California Consumer Privacy Act (“CCPA”) applies to certain companies based on thresholds set in the law. The CCPA applies to companies that meet at least one of the following: minimum annual gross revenue of $25M; collects the personal information of at least 50,000 “consumers” (as defined under the law), households, or devices; or, derives at least 50% of its revenue from the sale of consumers’ personal information. None of these currently apply to Storj. Companies that are subject to the CCPA, however, must provide California residents with some additional information regarding the collection, use, and sharing of “personal information” as defined in the CCPA. Although Storj currently is not subject to the CCPA, we voluntarily are providing certain additional information below for informational purposes only:
‍

How We Source, Use, and Disclose Information for Business Purposes

The following chart describes the categories of personal information we collect, the sources of such personal information, and how we use and share such information for business purposes.

Categories of Personal Information That May be Collected	Sources of Personal Information	Purposes for Use of Personal Information (see “How We Use the Data We Collect” for more information)	Disclosures of Personal Information for Business Purposes
Contact information (e.g., name, email address, postal address, phone number)	You	Provide the Services and customer service Communicate with you (such as providing transactional updates and contacting you regarding Storj and third party products and services) Analyze use of and personalize the Services Improve the Services Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Communicate with you (such as providing transactional updates and contacting you regarding Storj and third party products and services) Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof); or, separately, With your consent
Login information (e.g., your account name and password)	You	Provide the Services and customer service Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent
Financial and transactional information (e.g., billing information, credit or debit card number, verification number, and expiration date, bank account information, digital wallet information, authorization tokens, information for tax reporting, and information about your transactions with us, Customers, and Node Operators)	You Third party payment processors who collect this information on our behalf and who may also have an independent relationship with you	Provide the Services and customer service Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent
User-generated content (e.g., information you submit in a public Storj forum or message board and feedback or testimonials you provide about our Services)	You Other individuals who provide information about you in connection with their communications	Provide the Services and customer service Communicate with you Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent
Employment information (e.g., employer, position, contact information)	You	Provide the Services and customer service Communicate with you Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent
Research, survey, or sweepstakes information (e.g., if you participate in a survey or sweepstakes, we collect information needed for you to participate, such as contact information, and grant your prize)	You Survey or sweepstakes partners	Provide the Services and customer service Communicate with you Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent
Device and online identifier information (e.g., IP address, device identifiers, authorization tokens, browser type, operating system, general location inferred from IP address, and similar information) and Service usage information (e.g., the dates and times you use the Services, how you use the Services, telemetry data, and the content you interact with on the Services)	You through your device Analytics providers	Provide the Services and customer service Analyze use of and personalize the Services Improve the Services Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent
Service usage information (e.g., the dates and times you use the Services, how you use the Services, telemetry data, and the content you interact with on the Services)	You through your device Analytics providers	Provide the Services and customer service Analyze use of and personalize the Services Improve the Services Provide security, prevent fraud, and for de-bugging Comply with legal requirements and compliance practices	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction (or contemplation thereof) With your consent

Your California Privacy Rights

If the CCPA were applicable to Storj, the CCPA would require us to provide certain information to California residents upon request. Specifically, the CCPA would allow California residents to request us to:

Inform them about the categories of personal information we collect or disclose about them; the categories of sources of such information; the business or commercial purpose for collecting their personal information; and, the categories of third parties with whom we share/disclose personal information.
Provide access to and/or a copy of certain personal information we hold about them.
Delete certain personal information we have about them.
Provide them with information about the financial incentives that we offer to them, if any.

The CCPA exempts certain information from some requests including, for example, a company may need certain information to provide the requested services or to comply with a legal obligation. In some circumstances if the consumer still asks for their information to be deleted, they may no longer be able to access or use the services offered. Notwithstanding, the CCPA protects a person making a request under the law to be free from discrimination for exercising their rights.

Companies subject to the CCPA should take reasonable steps to verify the consumer’s identity before responding to a request, including by asking for verification information to match at least two verification points with information already on file. If the consumer can’t be verified this way, a company has the right, but not the obligation, to request additional information from the consumer. The CCPA also permits consumers to designate an authorized agent to submit certain requests on their behalf. The authorized agent must have signed, written permission to make such requests or a power of attorney, and may be subject to additional verification before the authorized agent’s request is processed.

As noted above, Storage Materials are encrypted, which prevents Storj and Node Operators from accessing the encrypted data. If the CCPA applies, any person who wishes to access or delete personal information within Storage Materials must send their queries to the relevant Customer.
‍

California “Shine the Light” Disclosure

The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the sharing of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. Storj’s policy and practice is to never share personal information with third parties for their direct marketing purposes. Accordingly, there is no need for Storj consumers to opt out.
‍

10. Additional Information for Nevada Residents

Under Nevada law, certain Nevada residents may opt out of the “sale” of “covered information” (as those terms are defined under Nevada law) where the sale allows the person buying it to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, phone number, social security number, or an identifier that allows a specific person to be contacted either physically or online.

Storj does not sell consumer information as defined under Nevada law. Notwithstanding, if you are a Nevada resident who has purchased or leased goods or services from us, Nevada law permits you to submit a request to opt out of the sale of your covered information. To do so, you may email your request to nevadarequest@storj.io. Please note we will take reasonable steps to verify your identity and the authenticity of the request.
‍

11. Data Retention

Storj keeps personal data as long as required to provide the Services you requested and as needed to comply with applicable laws and compliance practices.
‍

12. How We Protect Your Data and Our Services

We take measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, and access. However, no method of transmission over the internet, and no means of electronic or physical storage, is absolutely secure. By using our Services, you acknowledge and accept that we cannot guarantee the security of your information and that use of our Services is at your own risk.

When you sign up for an account, you may be required to establish a username and password. If you create an account with us, you are responsible for maintaining the confidentiality of your account password and for any activity that occurs under your account. We are not responsible for any loss or damage arising from your failure to maintain the confidentiality of your password.
‍

13. Third-Party Links and Features

The Services may contain links to third-party services, and you may also integrate our Services with third-party services. Our provision of such links does not signify our endorsement of such other websites, services, locations, or contents. If you choose to use these third-party services or features, you may disclose your information not just to those third parties but also to their users and customers and the public more generally, depending on how their services function. Storj is not responsible for the content or practices of such third-party services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party services. We urge you to read the privacy and security policies of third parties.
‍

14. Children's Privacy

The Services are not intended for children under 13 years of age and we do not knowingly collect, maintain, or use personal information from children under 13 years of age. We will take reasonable steps to delete personal information (as defined by the United States Children’s Online Privacy Protection Act) as soon as reasonably possible if we learn that we have inadvertently collected it from children under the age of 13 without parental consent.

If you learn that your child has provided us with personal information without your consent, you may alert us at legal@storj.io. If we learn that we have collected any personal information from children under 13, we will take steps promptly to delete such information and terminate the child’s account.
‍

15. Changes to our Privacy Policy

We reserve the right to amend this Privacy Policy at any time. We will make the revised Privacy Policy accessible through the Services, so you should review it periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Effective Date” at the beginning of this Privacy Policy. If we make a material change to this Privacy Policy, we will provide you with notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.
‍

16. Contact Information

If you wish to contact us or have any questions about, or complaints in relation to, this Privacy Policy, please email us at legal@storj.io. Please note that your communications with us may not necessarily be secure. Therefore, please do not include credit card information and/or other sensitive information in your communications with us. Please do not use the aforementioned email address for GDPR-related matters. EEA residents wishing to exercise their rights under GDPR are instructed to fill out the GDPR Data Subject Rights Webform.

Privacy policy.

1. Collection of Information‍