Controller: Universal Scent Technology Pte. Ltd. (137 Telok Ayer Street, #05-07, Singapore (068602))
Contact: cs@scenttoken.com
1. Introduction
This Privacy Policy describes how Universal Scent Technology Pte. Ltd. ("UST", "we", "us", or "our") collects, uses, shares, and protects personal data in connection with your access to and use of the SCENT DEX interface at https://dex.scenttoken.com and any related applications, APIs, and services (collectively, the "Services"). This Privacy Policy supplements, and is incorporated by reference into, the SCENT DEX Terms of Service (the "Terms"). Capitalized terms used but not defined here have the meanings given in the Terms.
This Privacy Policy is intended to provide meaningful disclosure under data-protection laws that may apply to UST or to you, including the Singapore Personal Data Protection Act 2012 (the "PDPA"), the EU General Data Protection Regulation 2016/679 (the "GDPR"), the United Kingdom Data Protection Act 2018, and other similar laws to the extent applicable.
2. Scope
This Privacy Policy applies to personal data we collect through the Services. It does not apply to: (a) the public blockchain, the Protocol's smart contracts, or any data recorded on a public ledger — such data is publicly accessible and outside our control; (b) third-party Wallets or Wallet-connection providers — those are governed by their own privacy notices; or (c) third-party websites linked from the Interface.
3. Personal Data We Collect
The Services are non-custodial. We do not require an account, identification documents, or KYC. The categories of personal data we collect are:
3.1 Wallet and interaction data
- Public Wallet addresses you connect to the Interface
- Blockchain network(s) selected
- Transaction parameters you compose and resulting on-chain transaction hashes
3.2 Technical data
- IP addresses
- Device identifiers and fingerprints
- Browser type, version, language, time zone
- Operating system and platform
- Referring URL and pages accessed
- Approximate geographic location derived from IP (country/region level)
3.3 Cookies and session identifiers (see Section 4)
3.4 Communication data
- If you contact us, the email address, subject, content, and any attachments
3.5 Information we do NOT collect through the Interface
Names, government identification numbers, bank account details, residential addresses, telephone numbers, biometric data, or precise GPS location.
4. Cookies and Similar Technologies
We use:
- Strictly necessary cookies — required for the Interface to function
- Functional cookies — remember your preferences
- Analytics cookies — aggregated usage understanding
You may control cookies through your browser settings. Disabling them may limit Interface functionality.
5. Purposes of Processing
(a) Operating the Services — making the Interface available, enabling Wallet connection and transaction composition. (b) Security and abuse prevention — detecting fraud, unauthorized access, attacks, market manipulation, Protocol exploitation. (c) Compliance — complying with Applicable Law and responding to lawful requests. (d) Analytics and improvement — aggregated usage statistics and improving the Services. (e) Communication — responding to inquiries and providing support. (f) Risk management — screening Wallet addresses against publicly available risk indicators.
6. Legal Bases for Processing
Under the GDPR or similar laws:
- Contract (Art. 6(1)(b))
- Legitimate interests (Art. 6(1)(f))
- Legal obligation (Art. 6(1)(c))
- Consent (Art. 6(1)(a)) — for non-essential cookies and optional communications
Under the PDPA, we process personal data on the basis of deemed consent through your use of the Services or other PDPA-permitted bases.
7. How We Share Personal Data
We do not sell your personal data. We share personal data only as described below.
7.1 Service providers
Hosting, content delivery, error monitoring, analytics, customer support tooling — all under contractual confidentiality and data-protection obligations.
7.2 Blockchain analytics and screening providers
We share Wallet addresses and related on-chain data to assess risk, detect illicit activity, and operate the Services securely.
7.3 Law enforcement, regulators, legal process
Where we believe disclosure is required or permitted by Applicable Law.
7.4 Corporate transactions
Merger, acquisition, reorganization, sale of assets, financing, or insolvency.
7.5 With your consent
Where you have asked us to or given consent.
7.6 Aggregated and de-identified data
For research, reporting, and product development.
8. International Data Transfers
UST is incorporated in Singapore. Service providers may be located outside Singapore, the EEA, the UK, or your country of residence. Where Applicable Law requires a transfer mechanism, we rely on:
- European Commission's Standard Contractual Clauses (SCCs) for EEA transfers
- UK International Data Transfer Agreement / UK SCC Addendum for UK transfers
- Equivalent or analogous mechanisms (including PDPA's transfer requirements)
Contact cs@scenttoken.com for further information.
9. Data Retention
| Category | Retention |
|---|---|
| Technical data (IP, device, server logs) | Up to 12 months |
| Cookies and session identifiers | Per cookie lifespan (session-only to 12 months) |
| Communication data | Up to 24 months from last interaction |
| Off-chain Wallet/interaction records held by UST | Up to 60 months (or longer if AML/CFT recordkeeping requires) |
| Aggregated and de-identified analytics | Indefinitely |
When retention expires, we delete, anonymize, or aggregate the data subject to legal holds.
10. On-Chain Data Limitations
The Protocol's smart contracts operate on a public blockchain. Once a transaction is broadcast and confirmed, the transaction record is recorded on a public ledger that UST cannot delete, modify, or restrict access to. Your rights of erasure, restriction, or objection (Section 12) do not apply to on-chain data. Consider this irreversible-publication characteristic before initiating any on-chain transaction.
11. Security Measures
We implement technical and organizational measures: access controls, encryption in transit, logging and monitoring, vulnerability management, personnel training. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for safeguarding your Wallet, private keys, and credentials.
12. Your Rights
Subject to Applicable Law, you may have rights to:
- Access — copy of personal data we hold
- Correction / rectification
- Deletion / erasure — off-chain data only
- Restriction
- Objection
- Portability
- Withdraw consent
- Lodge a complaint with your local supervisory authority
Important: on-chain data is excluded from deletion, restriction, and objection rights as explained in Section 10.
Contact cs@scenttoken.com. We may verify your identity and the Wallet address(es) associated with your request. We respond within the time required by Applicable Law (typically 30 days under GDPR; up to 30 days under PDPA, extendable).
13. Children's Privacy
The Services are not directed to children under 18 (or the higher age of majority in your jurisdiction). We do not knowingly collect personal data from children. Contact cs@scenttoken.com if you believe a child has provided personal data.
14. Changes to this Privacy Policy
We may update from time to time. We revise the "Last Updated" date and, for material adverse changes, provide reasonable advance notice via the Interface and email (if provided). Continued use after the effective date constitutes acknowledgement of the update.
15. Contact and Supervisory Authority
15.1 Contact us
Universal Scent Technology Pte. Ltd.
137 Telok Ayer Street, #05-07, Singapore (068602)
cs@scenttoken.com
15.2 Supervisory authority
- Singapore: Personal Data Protection Commission (PDPC) — https://www.pdpc.gov.sg
- EEA: data-protection authority in your member state
- UK: Information Commissioner's Office (ICO) — https://ico.org.uk
16. Governing Law
Governed by the laws of the Republic of Singapore, subject to any mandatory data-protection law that applies to you and cannot be overridden by contract.