Last updated: February 12, 2026
This Privacy Policy ("Policy") describes the terms and conditions under which Defi Basket Labs ("We," "Us," "Company"), a company incorporated in the British Virgin Islands (BVI), processes information and data in relation to the Picnic platform.
Clause 1. Nature of the Service
Picnic is a decentralized software interface. By using Picnic, you acknowledge that we are solely technology providers facilitating your direct interaction with the blockchain. We do not have custody of your assets nor do we control or intermediate transactions executed on the network.
This Policy must be read together with the Picnic Terms of Use. By accepting this Policy, you consent to the data processing necessary for the technological operation of the interface and acknowledge the automatic acceptance of the privacy policies of our infrastructure partners.
Clause 2. Applicable Data Protection Laws
Given the decentralized nature of Picnic’s software, which resides on blockchain infrastructure rather than centralized servers, the processing of your personal data shall be governed by the data protection laws applicable in the country where you, the user, are located at the time of access.
We commit to observing the principles of the LGPD (Brazil), CCPA (United States), GDPR (European Union), and the BVI Data Protection Act (DPA), as geographically applicable.
Clause 3. Categories of Data Collected
3.1 Data Collected Directly by Picnic
Registration data: email address and telephone number.
On-chain identifiers: public wallet address.
Purpose: basic user identification, support communications, account security, and technical enablement of the interface to read balances and transaction history on the network.
3.2 Data Collected By or For Infrastructure Partners
KYC and compliance data: full name, identification documents (ID card, tax ID, driver’s license or equivalent), proof of address, and facial biometric verification (selfie).
Purpose: compliance with Know Your Customer (KYC), Anti-Money Laundering (AML), and Counter-Terrorism Financing obligations as required by infrastructure partners.
Wallet integration: in certain cases, we share your specific wallet address for technical integration and asset settlement purposes.
3.3 Technical and Browsing Data
Log data: IP address (processed temporarily for geofencing and security), device type, browser version, and operating system.
Purpose: performance optimization, error debugging, and access restriction in sanctioned jurisdictions.
Clause 4. Use of Data
We use collected data to provide services by maintaining, customizing, and improving the interface and software; to ensure security and protection by detecting, investigating, and preventing fraudulent, unlawful, or unauthorized activities; to comply with legal obligations, governmental requests, and AML regulations; and to send communications such as legal notices, terms updates, security alerts, and technical support messages electronically.
Clause 5. Data Sharing with Partners
The user acknowledges and accepts that the sharing of personal and transactional data between Picnic and its partners is strictly necessary to enable selected products, such as payment cards and fiat on/off-ramps.
When using such services, you provide data that will be processed by partners acting as independent data controllers.
Clause 6. Public Nature of Blockchain Data
The user acknowledges that transactions carried out through Picnic are recorded on public blockchains.
By technological design, data recorded on blockchain networks, including wallet addresses and transfer values, are immutable, transparent, and inherently public. The exercise of certain privacy rights, such as deletion or rectification, is technically impossible with respect to on-chain records.
Clause 7. Circumstances for Data Sharing
We may share data under the following circumstances: sharing wallet addresses with infrastructure providers and blockchain analytics services to detect and mitigate financial crime where there is reasonable suspicion involving a specific wallet or user; where strictly necessary to enable the Picnic Card, fiat conversion services, or related operations; to prevent harm to the Company or users, or in response to substantiated requests from regulated partners; and in the event of a merger, acquisition, or asset sale, provided equivalent privacy protections are maintained.
Clause 8. Security Measures
Picnic implements rigorous security protocols to ensure data integrity and confidentiality during communications with external partners.
For most services, communication occurs exclusively between the Picnic backend and partners, meaning the user’s browser or application does not directly interact with such services. All transmissions are protected using standard transport encryption (TLS).
In the case of the authentication provider Magic, the Picnic backend does not access communications between the user’s device and Magic’s servers. This interaction occurs end-to-end via TLS encryption, ensuring authentication credentials and sensitive data remain isolated from our infrastructure. Users may consult Magic’s security documentation for additional information.
Clause 9. User Rights (General)
As a BVI entity, we guarantee users the right to request access to personal data held by the Company.
Subject to applicable law, users have rights to confirmation of processing, correction of data, and, where legally permitted, anonymization or deletion of unnecessary data.
Requests must be submitted to legal@usepicnic.com
.
Clause 10. Information for Data Subjects in Brazil (LGPD – Law No. 13,709/2018)
We process personal data based on the following legal grounds: user consent (for example, marketing communications); performance of a contract or preliminary procedures; compliance with legal obligations such as KYC and AML requirements; and legitimate interests, provided fundamental rights and freedoms are respected.
Under the LGPD, users have the right to confirmation and access, correction, anonymization, blocking or deletion, data portability, and withdrawal of consent.
Blockchain notice: due to blockchain immutability, on-chain data such as transaction history and wallet addresses cannot be deleted, rectified, or modified by the Company.
Clause 11. Information for Data Subjects in the European Union (GDPR)
We process personal data for the purposes described in Clause 4 under the following legal bases: consent, contractual necessity, legal obligation, and legitimate interests not overridden by your fundamental rights.
Under the GDPR, you have the right to request access to your personal data, request rectification or erasure, object to or restrict processing, request data portability, and withdraw consent at any time.
However, we cannot modify or delete information stored on blockchain networks, including transaction data, wallet addresses, or assets associated with such addresses, as these remain outside our control.
To exercise GDPR rights, contact legal@usepicnic.com
.
Clause 12. Information for Users in the United States
For users residing in the United States who utilize fiat conversion services, data processing is conducted in accordance with applicable federal and state laws.
The user acknowledges and accepts that Noah US Inc. acts as the technological and regulatory partner enabling financial operations in the United States. To use these services, users must provide identity verification data directly to Noah for KYC and AML purposes. Processing of such data, including access and deletion rights subject to mandatory legal retention, is governed exclusively by Noah’s Privacy Policy available at https://noah.com/en/privacy-notice
.
Clause 13. Electronic Communications
The user expressly agrees to receive all communications, contracts, and legal notices electronically, including terms updates, security alerts, and support communications.
Clause 14. Corporate Changes and Policy Updates
In the event of a merger or sale of Defi Basket Labs, data may be transferred to the successor entity under the same privacy standards established herein.
This Policy may be updated periodically. Continued use of the platform following updates constitutes acceptance of the revised terms.
Clause 15. Material Changes and Contact
If we make material changes to this Policy, we will notify you through the Services. Continued use of the Services reflects your periodic review of this Policy and constitutes consent to its terms.
If you have any questions regarding this Policy or how we collect, use, or share your information, please contact us at legal@usepicnic.com.