Privacy Policy

This Privacy Policy (“Policy”) describes how 3Box Labs, our related products, including but not limited to Ceramic, IDX, and self.ID ( “we”, “our”, or “us”) collects, uses, shares, and stores Personal Information when app developers and other users (“you”) use 3Box Labs, Ceramic, IDX, self.ID, and all related tools, applications, websites, data, software, infrastructure, and other services we provide (the “Products, Services, and Network”).

By accessing or using the Products, Services, and Network you accept this Policy and our Terms and Conditions, and you consent to our collection, use, disclosure, and retention of your Personal Information as described in this Policy. If you do not agree with any part of this Policy or our Terms and Conditions, you must stop accessing the Products, Services, and Network. To exercise any rights you may have over your Personal Information, please see the section on Your Choices below.


Our Products, Services, and Network are blockchain-agnostic and leverage distributed-data-storage systems, so nearly all data is kept directly with you and other users and not on our servers, computers, or other systems and devices. To help you manage your data and content, our Products and Services allow you to create and link an Account or Decentralized ID (“DID”). These features are intended to give you more control over your data and privacy-preserving options to choose how your Personal Information is shared and used by other applications or services. For example, to the extent any data is stored privately on the Products and Services, it is unreadable by other apps and users unless you expressly grant others permission to access your data.

If you shared your data with other users or a third-party app hosted on or linked to the Products, Services, and Network, you should look to the privacy policy and any terms those third parties or dApps. We do not control third-party apps and are not responsible for how they may treat your Personal Information. 


When you visit our Sites or use our Products, Services, and Network, we may collect information that could identify you directly or indirectly (“Personal Information”). Personal Information does not include publicly available information or any data that has been deidentified, aggregated, or otherwise anonymized.

We only collect the minimum information needed to provide the Products, Services, and Network including:

  • Identifying Information. To enable you to use our Products, Services, and Network, control your data, and send and receive information, we may collect your public key or DID to identify you.
  • Account Information. To use certain features of the Products, Services, and Network you must create an Account or DID and provide information such as your Ethereum public key, or other form of authentication. You may also choose to enhance your profile with your name, photo, GitHub account, or other information.
  • User Content. If you share files, content, messages, and other data (“User Content”) on the Products, Services, Networks, or any third-party apps we may have access to User Content.
  • Cookie Log Data. Our Site uses Cookies to collect your Internet Protocol (IP) address, device identifiers, browser type, and browsing activity (“Log Data”). We use this information to improve functionality and customize the Product, Services, and Network. See the section on Cookies below for more information.
  • Signatures. To enable you to use our Products, Services, or Network, we may prompt you to sign messages with your private key or wallet seed as a way to authenticate and prove control over your key and identity. We are not able to see your private key or wallet seed. 

We will never ask you to share your private keys, wallet seed, or other sensitive Personal Information. Trust no one that asks you to enter your private keys or wallet seed.


Cookies, tags, and similar technologies are small pieces of code placed on your browser, device, or hard drive when you visit a website or use an application (“Cookies”). 

  • How We Use Cookies. We may use Cookies for the following reasons:
  • Functionality. To ensure they function properly;
  • Security. To help detect fraud and abuse, including malicious attempts to access data without authorization;
  • Analytics. To gather usage and performance data;
  • Advertising. To collect information about how you interact with our website, and your activity to draw inferences about your preferences. 
  • How to Control Cookies. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. If you block cookies, certain features on the Products, Services, or Network may not work. 
  • You may control Google analytics by visiting Google’s website
  • You may control cookies by visiting the link below to your web browser below:

We are not responsible for the completeness, effectiveness, or accuracy of any of these or other third party opt-out options or programs.

  • Do Not Track Requests. Some web browsers or smartphones can set “Do Not Track” requests to block user activity from being tracked across web pages or devices. We do not recognize “Do Not Track” signals because there is no industry standard way to do so.


We use the Personal Information we collect for:

  • Functionality. To enable you to access the Site and use the Products, Services, and Network and deliver products or perform actions you request, for example enabling you to create an Account, DID, or develop apps.
  • Communications.  To inform you about relevant promotions, upcoming events, and other news about the Products, Services, or Network and our select partners. We may also use your Personal Information to respond to your comments and questions about the Products, Services, and Network and to provide customer service.
  • System Updates or Alerts. To send information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
  • Optimization. To optimize your user experience, we may use your Personal Information to operate, maintain, and improve our Products, Services, and Network. 
  • Compliance with the Law. To comply with applicable laws, regulations, lawful requests, and other legal process, such as to respond to subpoenas or requests from government authorities.  
  • Fraud Prevention and Safety. To protect, investigate, and deter against fraudulent, unauthorized, illegal activity, or unauthorized access to or use of Personal Information, our Products, Services, and Network or related systems.

We may use Personal Information for other limited purposes consistent with the purposes for which we collected that information. We will not use Personal Information for materially different or incompatible purposes without first taking reasonable steps to notifying you and, if necessary, obtain your consent.


We only disclose or share Personal Information with others with your consent or when permitted by applicable law, including under these circumstances:

  • Professional Advisors and Service Providers. We may share information with those who need it to do work for us. These recipients may include third-party companies and individuals to administer and provide the Products, Services, and Network on our behalf (such as customer support, hosting, email delivery and database management), and lawyers, bankers, auditors, and insurers.
  • Affiliates. We may disclose Personal Information to our other brands, subsidiaries, and corporate affiliates for purposes consistent with this Privacy Policy.
  • Third Parties. You may enable settings and features that enable your Personal Information to be available to or shared with other users, companies, or entities of your choosing. We do not control those third parties and we are not responsible for how they may treat your Personal Information. You should look to those third parties’ privacy policy and terms to understand how they treat your Personal Information and what rights you may have.
  • Business Transfers. We may share personal information when we do a business deal or transfer that includes the sale or transfer of all or a part of our business or assets, for example in any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • Compliance with Laws and Law Enforcement; Protection and Safety. We may share Personal Information for legal, protection, and safety purposes, including to:
  • Comply with laws;
  • Respond to lawful requests, court order, and other legal processes;
  • Protect the rights, freedoms, and property of the Company, our agents, customers, and others; or,
  • Respond to an emergency concerning the safety or wellbeing of our employees, agents, our customers, or any other person.


We retain Personal Information only for as long as it is necessary and relevant to fulfill the purposes for which it was collected. We may retain Personal Information longer if we must do so to comply with applicable law. Once we no longer need to retain Personal Information, we permanently delete it or we may anonymize it so the Information can no longer be associated with a specific individual.

We use industry-standard security measures to protect the security and confidentiality of Personal Information. However, the security of information transmitted through or stored on the internet can never be guaranteed. To the fullest extent permitted by law, we are not responsible for any interception, interruption, or loss of data through the internet. You are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password-protected or secure areas of any of our Products, Services, and Network. We may suspend use of any aspect of the Products, Services, and Network without notice if we suspect any breach of security or similar issues.


Our Products, Services, and Network allow you to share information through other third-party applications, including dApps, or websites. These links are provided solely as a convenience to you if you share content. When you visit third-party websites or applications, those third parties may collect your Personal Information along with all content you share. We do not control those websites and applications, and we are not responsible for how they may treat your information. We encourage you to check the privacy policies and terms of those websites and applications to learn more about their practices.


You may review, opt-out of sharing, correct, or delete your Personal Information through your Account at any time or by contacting us at

California Residents

California residents may have additional rights over their Personal Information. 

The Right to Request More Information

You may have the right to request more information about how we treated your Personal Information in the past 12 months, including:

  • The categories of Personal Information we collected about you;
  • The categories of sources from which we collected that information;
  • Our business or commercial purpose for collecting that information;
  • The categories of third parties with whom we shared that information; and/or
  • The specific pieces of Personal Information we collected about you.

The Right to Request Access

You also may have the right to request access to your Personal Information.

The Right to Request Deletion

 Under certain conditions, you may have the right to request that we delete your Personal Information. Simply logging out does not delete your account or the Personal Information we may have collected. 

Third-Party Marketing and Selling

We do not provide your information to third parties for their direct marketing purposes. Neither do we intend to sell your personal information to third parties without providing you notice and an opportunity to opt out.


How to Exercise Your Rights

To submit a request to exercise these rights you may contact us at For all requests, please clearly state that the request is related to “Your California Privacy Rights” and provide your name, Account or DID name, Ethereum public key and an e-mail address or mailing address where you may be reached.

If you make a request, we will acknowledge we have received it within ten days. If you do not receive a response, please ensure your request was submitted and send a follow up email to


Before we can respond to your request, we must verify your identity using Personal Information. If we cannot verify your request, we will contact you for more information. If we cannot verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial. 

Designating an Authorized Agent

You may designate someone to submit requests and act on your behalf (an “Authorized Agent”). To do so, you must provide us with written permission to allow your Authorized Agent to act on your behalf. 

EU Data Subjects

If you are located in the European Economic Area, you may have additional rights over your Personal Information.

Sensitive Data

Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.

Legal Basis for Processing

We only use your Personal Information as permitted by applicable law, including:

  • With your Consent. You may choose to provide or share your Personal Information and consent to our processing of that Information. Where our use of your Personal Information is based upon your consent, you may withdraw consent anytime by adjusting your Account settings, refraining from accessing the Site or using the Products, Services, and Network or contacting us at
  • Legitimate Interests. Where processing is not based on your consent, we rely on our Legitimate Interests to accomplish the uses listed above. We consider and balance any potential impacts on you or your rights before we process your Personal Information for our Legitimate Interests. We do not use your Personal Information for activities where our interests are overridden by any adverse impact to you.
  • Compliance with a Legal Obligation. We may need to process Personal Information to comply with applicable laws, regulations, or other legal requirements.

International Transfers

We operate from the United States. This means your Personal Information may be transferred to or from the United States where privacy laws may not be as protective as those in your jurisdiction.

We transfer Personal Information between the European Economic Area (“EEA”) and the U.S. or other countries based on a data transfer mechanism recognized by the European Commission as adequately protecting personal information.


We will maintain your Personal Information for as long as reasonably necessary to accomplish the purposes for which it was collected, or as otherwise required or permitted by law. 

Data Subject Rights

If you are an individual in the EEA, you have the following additional rights over your Personal Information:

  • Access. You have the right to request copies of your personal information. We may charge you a small fee for this service.
  • Rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete information you believe is incomplete. You may always correct and update your information by logging onto your Account and editing your information. 
  • Erasure. Under certain conditions, you have the right to request that we delete your personal information.
  • Restrict processing. Under certain conditions, you have the right to object to the processing of your personal information.
  • Data portability. Under certain conditions, you have the right to request we transfer personal information we have collected about you either to another organization, or directly to you.

How to Exercise Your Rights

To submit a request to exercise these rights please contact us: 


For all requests, please clearly state that the request is related to “Your EU Privacy Rights” and provide your name, Account or DID name, Ethereum public key and an e-mail address or mailing address where you may be reached.

If you make a request, we have one month to respond to you. We may require you to verify your identity before we may respond to you.

Although we urge you to contact us to find a solution for every concern, you have the right to lodge a complaint with your competent data protection authority.


The Products, Services, and Network are not intended for children under age 13, and we do not knowingly collect Personal Information from children under 13. If we discover we have Personal Information related to a child under 13 we will delete that information. 

If you are under the age of majority in your jurisdiction of residence, you may use the Products, Services, and Network only with the consent of or under the supervision of your parent or legal guardian. 

If you are the parent or legal guardian of a child under 13 or minor and you believe we have collected your child has used our Site or Products and Services without your permission, please contact us at


We may change this Policy. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any material changes, we will take reasonable steps to notify you and, if necessary, obtain your consent. We will take your continued use of the Products, Services, and Network after any new Policy is posted as an indication you accept the modified Privacy Policy.


If you have questions or concerns about this Policy, please contact us at