As a blockchain software company whose mission is to unlock the collaborative power of communities by making web3 universally easy to use, access, and build on, we understand how much privacy matters. It’s what we’re missing in web2 and one of the great promises of web3 - more privacy, agency, and ownership. 

This is why Consensys is deeply committed to user consent and choice when handling personal information. We are constantly evolving our product suite to be equipped with the functionalities and features that allow users the freedom to choose how their data is used, while preserving privacy and security. 

Today, we’re sharing updates we’ve made to our privacy notice that is applicable to all Consensys products, including MetaMask

How the Consensys privacy notice has been updated

Over the past 18 months, our products have evolved and so has the global regulatory landscape in which Consensys operates. As part of our commitment to being transparent about how personal information is handled when delivering our services, we have updated our privacy notice to: 

  1. Provide increased clarity about which specific elements of the privacy notice are related to MetaMask and what each means for MetaMask users. This includes increased transparency about how IP addresses are processed when using MetaMask.

  2. Include additional context related to Consensys personal information processing activities as a whole.

  3. Clarify the products and services within the scope of the privacy notice, removing Codefi and Quorum, and adding MetaMask Institutional, MetaMask Developer, Linea, Teku, Besu, and Phosphor.  

Consensys strives to be a leader in privacy, while offering ease of use and security to all web3 users. The updated privacy notice demonstrates our commitment to providing users with choice, opportunities to consent, and increased transparency. 

What does this update mean for MetaMask users?

Consensys is committed to a consent-based approach to privacy.  Our privacy notice update provides increased transparency on our data processing activities and in summary, for MetaMask users this means that we: 

  • Do not collect your private keys. 

  • Do not sell your Personal Information. 

  • Do not collect or retain Personal Information unless necessary to provide you the Services and a great user experience. 

  • Do not collect financial payment or banking information, however, when you use our on- or off-ramp features these services may necessitate you submitting this information to third-party providers.

For IP addresses in particular, we may temporarily process your IP address only where required for some of our services - depending on your MetaMask settings - to provide the best possible experience for MetaMask users. This includes, for example, the prevention of DDoS attacks.

The features detailed below demonstrate our progress in ensuring MetaMask offers users the ability to configure their wallets to meet their personal needs, while preserving privacy and protecting security. 

Providing users with more consent and choice in MetaMask 

MetaMask already provides users optionality to manage their privacy by allowing them to select the RPC provider of their choice. In addition, anyone using MetaMask has the ability to limit various instances of data processing that expose personal information to Consensys or third parties. 

We continue to add more settings to provide users with choices related to the privacy of their data during and after onboarding, including turning off basic functionalities. Each setting has been designed to give users a choice over functionalities that expose their IP address to Consensys, especially functionalities that are enabled by default. Learn more about these features of MetaMask in this blog post.

Building bridges to web3 for more privacy and security

We are building the bridges to the next iteration of the web that we believe will be more respectful of user privacy. We believe everyone should be able to own their identity, data, and digital assets without the technical and financial responsibility of running their own node. 

Consensys will continue to build the bridges to this freedom in the form of software and believe we can reinvent how software scales in a more equitable way for users, while preserving privacy. We aren’t there yet, but we get closer everyday. 

Click here to read the updated privacy notice in detail. 

FAQ - Consensys Privacy Notice Update

1. Why have updates been made at this time?

As a company which prides itself on being at the forefront of innovation, our products and services are constantly changing and evolving. The update to our Privacy Notice is about making sure that our users understand how we process their personal information. 

2. Why do IP addresses need to be processed when using Consensys products and services? And how are they processed? 

IP addresses are an essential part of how the internet works.  As a company who provides services over the internet, in certain and limited instances we have to process this information in order to provide our services and products. This is a responsibility Consensys handles with care and respect by processing only the amount of data necessary to provide our services.

We only process and use this information when it is necessary for us to provide users with the best product experiences. We never process information that we do not need and we only keep this information for as long as it is needed. 

3. What personal information is processed in order for MetaMask to deliver its service? 

Personal information that we may process is covered in Section 2 of the Consensys Privacy Notice. This includes information that you may provide to us and information that is collected automatically. For MetaMask users, this includes:

  • Wallet related information, including your wallet address which is temporarily processed as part of API requests (in URL parameters or bodies) when making API calls required to support the user experience.  Please note that this applies where you utilize MetaMask’s default settings and configurations, which you may disable or opt-out of at any time.  

  • Your MetaMask preferences and settings, only as necessary to provide the Service. Generally this information is stored locally on your device. To the extent that we process this information to facilitate cross-device functionality, it is encrypted such that it can only be decrypted by you on your device(s).

  • Feedback and survey responses, where you choose to provide this information. 

  • User event information, where you opt-in to analytics data collection (also known as MetaMetrics), to support continued improvement of the product experience. We store this data pseudonymously and we do not link it to other Personal Information unless you ask us to do so. You may disable this feature at any time.

  • Marketing related information, where you opt-in to share this information (like information from cookies). This helps us to learn how you interact with our marketing communications and personalize what we share with you, such as latest developments and product features. You may disable this feature at any time.

  • Device related information, where you opt-in to receive notifications from your MetaMask wallet. For example, if you opt-in and ask us to provide push notifications to your mobile device, we will retain your device identifier to facilitate such notifications for as long as you remain opted-in. You may disable this feature at any time.

4. How long does Consensys retain data?

We only retain and process personal information for as long as we need to for the purposes that it was processed. Important examples include DDOS protection and complying with certain laws and regulations. 

5. What can users do if they do not want their data processed in this way?

Users can greatly reduce how much their IP addresses are processed by opting-out of features and with the recently added  "Basic Functionality" toggle. Users can switch this toggle off to limit IP addresses being collected by Consensys for basic features like token details and gas settings.

However we don’t recommend this option because it will make many features non-functional and reduces your overall data security. Even so we believe it’s important to offer this level of choice to users to interact with web3 on their own terms.

Users could also consider the use of third party services, which can help them limit the processing of their device information such as virtual private networks or ‘VPNs’. 

6. How does Consensys use cookies?

Please refer to the Cookies Policy here to understand exactly how this information is used in relation to your privacy.