Version 2.0 - Last Updated: October 1, 2025
At Everstake Validation Services LLC, one of our main priorities is the privacy of the users of our applications and technology. This privacy notice outlines the information that is collected, processed, and used by Everstake Validation Services LLC, a limited liability company registered in the Cayman Islands, and its affiliates (collectively - “Everstake”, “Company”, “We”, “Us”, or “Our”) regarding the collection, usage, storage and sharing of personal data from users utilising our products and services (the “Services”) and in connection with the Everstake website (the “Site”). This privacy notice should be read together with our Cookie Policy, which provides further details on our use of cookies on the Site.
By accessing or using any of the Services, you (“Authorized User” or “you”) agree to be legally bound by these Terms. Please read them carefully before using the Services. If you do not agree to these Terms, you may not access or use the Services.
Navigate this privacy notice to understand:
01
Who we are and how to contact us
02
The scope of this privacy notice
03
What data we process
04
Third-party services relied on and intended international transfers of your data
05
Presence on Social Media
06
Exercising your rights
If you do not agree with our policies and practices, your choice is not to use the Site and Services. By accessing or using the Site and Services, you acknowledge this privacy notice.
Responsible for your personal data is:
Everstake Validation Services LLC
Fifth Floor, Zephyr House 122 Mary Street, George Town,
Grand Cayman KY1-1206 Cayman Islands
If you have additional questions or require more information about our privacy policy, do not hesitate to contact us directly at [email protected].
As an entity established outside of the European Union, contact details of our European and UK Representative are as follows:
EU Representative
TechGDPR DPC GmbH
Willy-Brandt-Platz 2
12529 Berlin-Schönefeld
Our European Representative can be contacted at: [email protected].
UK Representative
Legal Nodes Ltd
Office 2, Bennet’s House, 21 Leyton Road, Harpenden
England, AL5 2HU
Our UK Representative can be contacted at: [email protected].
This privacy policy APPLIES to the following categories of people:
Visitors to our Site and users of our Services.
Company representatives who reach out to us to request information about our Services or with whom we communicate for the provision of our Services to the company they represent (our lead and clients).
Vendor contact personnel whom we communicate with in the course of their service provision to us (our prospecting and active suppliers).
Partners with whom we have commercial relationships.
Our Site and Services are not directed to, and we do not knowingly collect personal data from, anyone under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information, please contact us. We will delete such information from our files as soon as reasonably practicable. By requesting any Services from us, you agree and acknowledge that you are not under the age of 18.
We may update this privacy notice based upon evolving laws, regulations and industry standards, or as we may make changes to our Site or Services. We will post changes to our privacy notice on this page and encourage you to review our privacy notice when you use our Site to stay informed. If we make changes that materially alter your privacy rights, we will take appropriate measures to inform you, consistent with the significance of the changes. If you disagree with the changes to this privacy notice, you should discontinue your use of the Site and Services.
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Visiting and interacting with the Site | Allows Everstake to provide information via the Site, carry out maintenance and improvements based on user interaction and analytics. | IP addresses, Browser information (device type, operating system, language, timezone, type, version), Location information. | Legitimate Interest (Art. 6.1(f) GDPR) | 1 day to 2 years, depending on the cookie (See our Cookie Policy). | All except right to data portability (see Section 7 below) |
| Marketing and promotion activities | Allows Everstake to target and engage customers and interested parties and analyze campaign effectiveness. | Name, surname, contact information, browsing behavior, marketing preferences, data from social media (see section 5 below). | Legitimate Interest (Art. 6.1(f) GDPR) | 1 year for any data no longer required for operational, legal, or regulatory purposes or otherwise until deletion is requested by the customer. | All except right to data portability (see Section 7 below) |
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Drafting, agreeing and performing the service contract upon request (outside the standard Terms of Use) | Allows Everstake to establish clear and enforceable agreements between parties when requested by users. | Contact information, negotiation records, contract terms, signatures. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| Services through the Site | Allows Everstake to provide its Services through its Site and carry out improvements and maintenance of the Services. | IP address | Performance of a contract (Art.6.1(b)) | 1 day to 2 years, depending on the cookie (See our Cookie Policy). | All except right to opt-out from automated decision making (see Section 7 below) |
| Customer Support | Allows Everstake to handle customer inquiries, resolve issues related to Services, and maintain communication records to ensure a seamless and responsive user experience. | Email address, customer queries, communication records, transaction history. | Performance of a contract (Art.6.1(b)) | 1 year for any data no longer required for operational, legal, or regulatory purposes or otherwise until deletion is requested by the customer. | All except right to opt-out from automated decision making (see Section 7 below) |
| System Monitoring | Allows Everstake to carry out ongoing monitoring and management of IT systems and infrastructure to detect, prevent, and respond to security threats and vulnerabilities, ensuring the integrity, availability, and confidentiality of data. | User Data: IP addresses, system access logs (for security purposes). Operational Data: System performance metrics, security incident reports, vulnerability assessments. | Legitimate Interest (Art. 6.1(f) GDPR) | 6 months to one year | All except right to data portability (see Section 7 below) |
| System improvement | Allows Everstake to enhance user experience by providing personalized Services to increase customer satisfaction and engagement, and to drive product development and marketing strategies based on user behavior. | Customer Data: Preferences, feedback, usage patterns, contact information. Operational Data: Process performance metrics, service usage data. | Legitimate Interest (Art. 6.1(f) GDPR) | 1 year, and any data no longer required for operational, legal, or regulatory purposes will be securely deleted until deletion is requested by the customer. | All except right to data portability (see Section 7 below) |
| a. Activity processing your data | b. Purpose served | c. Data collected / processed | d. Legal base (GDPR Art. 6) | e. Retention period | f. Available data subject rights |
|---|---|---|---|---|---|
| Contracting and negotiation with Partners | Allows Everstake to establish clear and enforceable agreements between parties (with its Partners). | Contact information, negotiation records, contract terms, signatures. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| Financial accounting | Allows Everstake to maintain accurate financial records and ensure proper accounting, to comply with tax and financial reporting regulations, to manage and track transactions and operational costs, to prepare financial statements and reports for stakeholders. | Customer Data: Invoices, payment details, transaction records. Vendor Data: Payment information, contract details. | Legal Obligation (Art.6.1(c)) | Up to 6 years pursuant to legal obligations | All except right to erasure and data portability (see Section 7 below) |
| Technical support for Partners | Allows Everstake to communicate with Partners and the technical team regarding contractual terms, technical issues, and improvement to the Services. | Name and/or username, email address, company name, communication, profile picture (optional), phone number (optional). | Performance of a contract (Art.6.1(b)) | Up to 6 years | All except right to opt-out from automated decision making (see Section 7 below) |
| Development and provision of blockchain software solutions and providing relevant consultancy upon contract | Allows Everstake to develop and enhance blockchain software solutions, ensure secure and efficient operation, and provide consultancy services. | Client Information: Name, surname, contact details, signature, project specifications. Project Data: Source code, technical documentation, blockchain addresses, smart contract data. User Analytics: User behavior data, performance metrics, feedback. | Performance of a contract (Art.6.1(b)) | Up to 6 years pursuant to legal obligations | All except right to opt-out from automated decision making (see Section 7 below) |
| a. third parties / categories of 3rd parties | b. purpose served | c. International transfers of data |
|---|---|---|
| User behaviour analytics tools / Cookie providers | Collecting and analyzing Site visitor analytics. | United Kingdom (adequate country). United States (DPA with Standard Contractual Clauses) |
| a. third parties / categories of 3rd parties | b. purpose served | c. International transfers of data |
|---|---|---|
| User behaviour analytics tools / Cookie providers | Collecting and analyzing Site visitor analytics. | United Kingdom (adequate country). United States (DPA with Standard Contractual Clauses) |
| CRM(s) | Customer engagement, Sales outreach | United States (DPA with Standard Contractual Clauses) |
| Cloud service provider | Communication, Collaboration, Cloud Storage | United States (DPA with Standard Contractual Clauses) |
| Software Development Platform | Code Repository, Version Control | United States (DPA with Standard Contractual Clauses) |
| Internal Workplace Communication Platform | Communication, including that related to customer inquiries | United States (DPA with Standard Contractual Clauses) |
| a. third parties / categories of 3rd parties | b. purpose served | c. International transfers of data |
|---|---|---|
| Cloud service provider | Communication, Collaboration, Cloud Storage | United States (DPA with Standard Contractual Clauses) |
| CRM(s) | Customer engagement, Sales outreach | United States (DPA with Standard Contractual Clauses) |
| Internal Workplace Communication Platform | Communication, including that related to customer inquiries | United States (DPA with Standard Contractual Clauses) |
Only data relevant to the functionality of these Services is shared with these partners. Everstake Validation Services LLC only transfers data to the above third-party service providers if this is necessary for the aforementioned purposes and permitted by law.
In addition to the categories of providers listed above, Everstake Validations Services LLC shares data within its organization to its two other entities: Everstake UK Ltd (considered a processor in accordance with GDPR Art.28) and Everstake Inc (considered a controller). Transfers of data within the organisations are covered by an intracompany data processing agreement (DPA) and data sharing agreement (DSA) respectively. Everstake Validations Services LLC also engages independent contractors for the provision of its services. When these contractors are located outside of the European Union and/or United Kingdom, a relevant Data Processing Agreement is concluded with each contractor to ensure the safe transfer of personal data.
We are committed to protecting the security and confidentiality of your personal information through comprehensive measures designed to prevent unauthorized access, disclosure, or misuse. Our security protocols adhere to industry standards and are continuously evaluated to ensure their effectiveness. For a detailed overview of the security measures, policies and procedures we have implemented, please visit https://security.everstake.one/..
The Site may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your Personal Data. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
Depending on where you reside, you may be entitled to specific rights under data protection laws such as the General Data Protection Regulation (GDPR), the UK GDPR, PIPEDA (Canada), or various U.S. state privacy laws. These rights are designed to give you greater control over how your personal data is collected, used, and shared.
The tables below provide an overview of the rights available to residents of the European Union, United Kingdom, Canada, and applicable U.S. states. If you are a resident of a country whose laws are not covered by this notice, please refer to the section on Data Subject Rights for the European EEA and UK residents.
If you wish to make a request or have questions about your privacy rights, please reach out to us at [email protected].
You are not required to pay any fee to exercise your data protection rights.
You have the following rights with respect to us regarding the data relating to you:
| Your Right | Description |
|---|---|
| Right to Access | You have the right to request your stored personal data, its origin and possible recipients and the purpose of the data processing (Art. 15 GDPR). |
| Right to Rectification | You can ask us to correct any inaccurate Personal Data or complete data you believe is incomplete (Art. 16 GDPR). |
| Right to Erasure | You can request the deletion of all your Personal Data unless processed to fulfill a legal obligation or public interest (Art. 17 GDPR). |
| Right to Restrict Processing | You can ask us to limit the processing of your Personal Data in certain circumstances (Art.18 GDPR). |
| Right to Object to Processing | You can object to the processing of your Personal Data in certain situations. |
| Right to Data Portability | You can request that we transfer the Personal Data you provided to another organization, or directly to you, in certain cases. |
| Right to Withdraw Consent | You can withdraw your consent at any time. |
| Right to File a Complaint | If your request was not satisfied, you may file a complaint to the regulatory body. |
You can also exercise your rights by contacting us at [email protected].
EEA Residents: If you are in the EU and have not received a response from us or are not satisfied with our response, you have the right to lodge a complaint with the data protection authority where you reside.
UK Residents: UK Residents: You may lodge a complaint with the ICO at 0303 123 1113 or via www.ico.org.uk/concerns.
You have the right to data portability, but only where your data is processed on the basis of your consent or for the performance of a contract (Article 20 GDPR). You also have the right to withdraw your consent at any time. This means we will no longer process your data on that basis going forward. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
If we process your data based on our legitimate interests, you have the right to object to this processing at any time for reasons relating to your particular situation. If your objection concerns the processing of data for direct marketing purposes, you have a general right to object, which we will respect without requiring any justification.
To exercise your right to withdraw consent or object to processing, it is sufficient to send an informal message to the contact details provided above. You can also contact us by email. When you submit your request via email, you will receive a copy at the address you provide. We will aim to respond as quickly as possible, and no later than within one month of receiving your request.
8.2. United States Residents
If you are a resident of a U.S. state with active privacy legislation — including but not limited to California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia — you may be entitled to specific rights regarding the collection, use, and sharing of your personal information.These rights vary by state but generally include the ability to access your personal data, request its deletion or correction, limit how it is used, or opt out of certain types of data processing.
| Your Right | Description | State |
|---|---|---|
| Right to Access | You may request information about how your personal data is being processed and obtain a copy of the personal data we hold about you. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to Rectification | You may request that we correct any inaccurate Personal Data we hold about you. | CA, CO, CT, DE, IN, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, VA |
| Right to Deletion | You can request that we delete the Personal Data we have collected about you. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to opt out of certain purposes | The right to opt out of processing for profiling/targeted advertising purposes. | CA, CO, CT, DE, IN, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to opt out of sales | You can request to opt out of the sale of your Personal Data to third parties. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to Portability | You can request that we transfer the Personal Data you provided to another organization, or directly to you, in certain cases. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to access information on automated decision-making | If automated decision-making is used, you may request details and, in certain states, opt out of such processing. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
| Right to access information on automated decision-making | If we deny your request, you may appeal by contacting [email protected]. We will review and respond to your appeal within 45 days. | CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA |
You can also exercise your rights by contacting us at [email protected].
Please note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law.
If, upon exercising your Right to Appeal, you remain dissatisfied with the outcome, you have the right to contact the privacy authority in your state, such as your State Attorney General’s Office, to file a formal complaint or inquiry.
| Your Right | Description |
|---|---|
| Do Not Sell My Personal Information | Under the California Consumer Privacy Act, residents of California have the right to opt out of the “sale” of their personal information by businesses that are subject to the CCPA. |
| Right to Opt Out of the Processing of Sensitive Personal Information | You have the right to opt out of the processing of your sensitive personal information, which may include information such as your precise geolocation, racial or ethnic origin, health data, or biometric information, where applicable. |
| Do-not-track Request | California law also permits residents to request that companies do not track their online browsing activity over time and across different websites or online services. These requests are typically communicated through browser settings or other technologies that signal a preference not to be tracked. |
| Private Right to Action | California law provides a private right of action, allowing individuals to seek civil damages if certain statutory rights related to personal information are violated — particularly in the case of data breaches resulting from a company’s failure to implement reasonable security measures. |
You have the following rights concerning the data we hold about you:
| Your Right | Description |
|---|---|
| Right to Access | You may request information about how your personal data is being processed and obtain a copy of the personal data we hold about you. |
| Right to Rectification | You may request that we correct any inaccurate Personal Data we hold about you. |
| Right to Deletion | You can request that we delete the Personal Data we have collected about you. |
| Right to Data Portability | You can request that we transfer the Personal Data you provided to another organization, or directly to you, in certain cases. |
| Right to Object / Opt Out | You may object to or request that we limit the processing of your personal data in certain circumstances. |
| Right to Withdraw Consent | You may withdraw your consent to data processing at any time, without affecting the lawfulness of processing carried out before the withdrawal. |
| Right Not to Be Subject to Automated Decision-Making | You may object to being subject to decisions based solely on automated processing, including profiling, where such decisions produce legal or similarly significant effects. |
| Right to File a Complaint | If you are not satisfied with our response to your request, you may file a complaint with the Office of the Privacy Commissioner of Canada. |
You can also exercise your rights by contacting us at [email protected].
By submitting this form, you are acknowledging that you have read and agree to our Privacy Notice, which details how we collect and use your information.
SECURITY
RESOURCES
Everstake Validation Services LLC
Hermes Corporate Services Ltd., Fifth Floor, Zephyr House
122 Mary Street, George Town, P.O. Box 31493
Grand Cayman KY1-1206, Cayman Islands
Everstake, Inc. or any of its affiliates is a software platform that provides infrastructure tools and resources for users, but does not offer investment advice or investment opportunities, manage funds, facilitate collective investment schemes, provide financial services, or take custody of, or otherwise hold or manage, customer assets. Everstake, Inc. or any of its affiliates does not conduct any independent diligence on or substantive review of any blockchain asset, digital currency, cryptocurrency, or associated funds. Everstake, Inc., or any of its affiliates, providing technology services that allow a user to stake digital assets, does not endorse or recommend any digital assets. Users are fully and solely responsible for evaluating whether to stake digital assets. All metrics displayed on the website, including without limitations value of staked assets, total number of active users, rewards rates, and networks supported, are historical figures and may not represent the actual real-time data.
Copyright © 2026 Everstake