Privacy policy

At Ledger, we are committed to creating products that provide the highest level of security for your crypto assets but that also allow you to manage them easily. To do this, we provide you with a software application (Ledger Live) and websites (ledgerwallet.com and ledger.com) (our ‘Services’).

We can collect personal data about you when you use these Services. We have created this Confidentiality Policy to explain what we do with it.

Please note: the vault.ledger.com website is not covered by this Confidentiality Policy.

What is personal data?
Personal data (‘Data’) is information that makes it possible to identify you:

  • directly, such as your name or email address;
  • or indirectly, such as your customer number or IP address.

When do we collect your data and why?

We collect your Data when you use our Services. 

We store your Data only for the time needed to carry out the operations for which it was collected, except when we need to assert our legal rights or are legally required to retain it for a different period of time. At the end of these retention periods, your Data is erased or anonymised.

Data collected through our websites

User action Data collected Data usage Reason for processing (legal basis) Retention period
Purchase of a Ledger product Name, email address, delivery and billing address, phone number, company name, intra-community VAT number, product bought, delivery method and payment, order amount, currency Processing orders, invoices and payments, delivery, analytics, preventing fraud, managing complaints and sending notifications Performance of the contract you agreed with Ledger upon buying one of our products Active database: 3 months from delivery of the product Archive: 10 years (tax and accounting obligations)
Request to receive marketing emails (including our newsletter) Email address, campaign number, logs Sending emails on our latest developments, promotions and customer surveys Consent to receive marketing emails 3 years from the request
Request sent to customer services (on the dedicated platform or through social media) Name, email and postal address, telephone number (for product exchanges), Handle used on social media, content of our exchanges, identification document (if verification is necessary) Processing the request, quality control, verifying information is correct and preventing fraud Ledger’s legitimate interest 5 years from the request
Browsing our websites Please note: We collect your Browsing Data using various technologies such as cookies (for more information, please visit our Cookies Policy). Consent or refusal to save cookies on your device Cookies are saved (or not saved) on the device Legitimate interest 6 months from the user’s decision
IP address, operating system, browser, devices used, date and time of visit, URLs of clickstream to, through and from our website, products viewed and searched, download errors, duration of visit on certain pages, interaction between pages Bug-fixing, analytics, combating fraud, personalising your experience, displaying adverts on third-party websites Dependent on the purpose of the cookies saved: - Legitimate interest for technical cookies - Consent for functional, performance and advertising cookies The time needed to fulfil the purpose of the cookies saved (for example, one session for session cookies)
Participation in customer surveys Name, age, email address, family situation, profession, country, product opinion, comments Carrying out marketing studies, improving our products and services Legitimate interest 6 months from the end of the survey
Participating in our referral programme Name, email address and IP address of referrers and referral recipients, password of referrer, purchase amount of referral recipients Managing the programme, sending emails (referral offers, purchase made by referral recipients, attributing rewards) Performance of the contract you agreed with Ledger by participating in the programme For as long as the referrer is a member of the programme, except in the event of prolonged
Request to be re-contacted on the subject of our B2B products Name, company, role, email address, telephone number, country Making contact, sending emails on our latest developments, promotions and customer surveys Legitimate interest 5 years from the request
Signing up to our affiliate programme Name, email address, company, BTC address, identity document, intra-community VAT number and proof of residence (where required). Managing the programme, sending emails on the programme’s latest developments, remuneration Performance of the contract you agreed with Ledger when signing up to the programme For as long as the affiliate is a member of the programme, except in the event of prolonged inactivity
Please note: your payment information is collected directly by our payment providers. Ledger only has access to a truncated version of this information for anti-fraud purposes.

Data collected through our Ledger Live application

User action Data collected Data usage Reason for processing (legal basis) Retention period
Use of Ledger Live Device session identifier, IP address, clicks, actions (e.g. launching the application, use of transactional functionalities, pages viewed), properties (e.g. type, version, language and region recorded for your operating system), currency, time stamp, amount and status of transactions, transaction identifier, identifier used by our partners to identify you (when you use their services) Bug-fixing, analytics to improve our products and services and identify additional services and functionalities you might need, processing requests for assistance, finding and preventing security problems, fraudulent activity and violations, optimising marketing operations (e.g. information on the most-used functionalities) and sending important information (e.g. security notifications). Legitimate interest 5 years from collection
Please note: Ledger Live does not contain directly identifying information that allows us to know your identity. Ledger neither stores nor has access to your crypto assets and private keys. We only provide ‘cold storage’ services.

Data collected by third parties accessible from Ledger Live

Below are several concrete examples:
You use our partners’ services: information (like your name, date of birth, postal address and IP address) can be collected by our partners (or by Ledger on their behalf) to meet their anti-money laundering and customer-identification obligations.
You are a validator for a proof of stake-type service: we display your name/handle, the balances delegated or any information communicated on Ledger Live.

Please note: Ledger is not responsible for the way in which our partners use your Data. If you have any questions on this subject, please consult their confidentiality policy.

Who do we share your Data with?

We share your Data with:

  • Our technical service providers who help provide the Services (e.g. delivery, online payments and combating fraud). 
  • Our subsidiaries, when they help provide the Services. 
  • Our partners who use your Data to offer you:
    • Services accessible from Ledger Live, or
    • Personalised adverts. The list of these partners can be found in our Cookies Policy
  • Other companies to which we could sell or assign all or part of our activities.

The administrative or legal authorities or any other authorised third party where this data sharing is set out in law.

Please note: Ledger never sells your Data to third parties and we prohibit our service providers from re-using it for their own behalf.

Where do we store your Data?

Your Data is stored in France, but we might have to transfer it to countries located outside of the European Economic Area. 

We only transfer your Data to companies:

  • That are established in a country recognised by the European Commission as offering an adequate level of protection, or
  • With which we have signed the European Commission’s standard contractual clauses, or 
  • That commit to apply a code of conduct or a certification mechanism validated by the competent European authorities.

How do we keep your Data secure?

We implement all technical and organisational measures we deem necessary to safeguard your Data at an appropriate level of security, including:

  • Payment information security: your payment information is encrypted using a secure commercial Internet protocol (TLS) and is never stored on our server. 
  • An awareness programme and employee training.
  • Encryption during exchanges and storage.
  • Regular audits of data hosting companies. 
  • Data redundancy for more resilience in the event of catastrophe.
  • Role-based authentication.
  • Two-factor authentication for our authorised contributors.
  • Continuous monitoring of the system.
  • Security assessments in line with industry standards.
  • Security tests and intrusion tests by independent third parties.

To assess the level of appropriate security, we take into account, among other things, the nature of the Data and the risks its processing presents. Although we strive to ensure an optimal protection of your Data, we would remind you that transmitting information on the Internet is not entirely secure.

Please note: Ledger does not have access to your passwords, PIN codes and recovery phrases. You are therefore solely responsible for keeping these confidential.

You can exercise your rights over your Data – this is how to do it!

If you want... All you have to do is...

Withdraw your consent

  • Upon receiving marketing emails (including our newsletter) 
  • Upon the saving of cookies on your device
  • Click on the ‘Unsubscribe’ link in the footer of the emails you receive
  • Consult our Cookies Policy

Obtain a copy of your Data (in a format that can be used by third parties)

Make a request on our customer services website

Modify your Data if it is incorrect or incomplete

Make a request on our customer services website

Delete your Data (in certain cases)

Make a request on our customer services website

Object to the processing of your Data

  • Analytics and bug-fixing when browsing on Ledger Live
  • Other cases

Limit the processing of your Data (particularly if you do not want it to be deleted)

Make a request on our customer services website

Upon receiving a request, we may have to ask you for an identity document if you need to confirm your identity. If, after contacting us, you believe that your rights have not been respected, you have the option of sending a complaint to supervisory authority in your country.
Modifications to our Confidentiality Policy

We can modify our Confidentiality Policy if we deem it necessary or if the law requires it, and you accept these modifications in continuing to use our Services.

Contact

If you have any questions, do not hesitate to contact our Data Protection Officer (DPO) by making a request on our customer services website

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox