Privacy policy

Last update: November 2023

At Ledger, we are committed to creating products that provide the highest level of security for your crypto assets but that also allow you to manage them easily. To do this, we provide you with a software application (Ledger Live) and websites (ledgerwallet.com and ledger.com) (our ‘Services’).

We can collect personal data about you when you use these Services. We have created this Confidentiality Policy to explain what we do with it.

Please note:the vault.ledger.com website is not covered by this Confidentiality Policy.

What is personal data?
Personal data (‘Data’) is information that makes it possible to identify you:

  • directly, such as your name or email address;
  • or indirectly, such as your customer number or IP address.
  1. When do we collect your data and why?
  2. Data collected through our websites
  3. Data collected through our Ledger Live application
  4. Data collected by third parties accessible from Ledger Live
  5. Who do we share your Data with?
  6. Where do we store your Data?
  7. How do we keep your Data secure?

When do we collect your data and why?

We collect your Data when you use our Services. 

We store your Data only for the time needed to carry out the operations for which it was collected, except when we need to assert our legal rights or are legally required to retain it for a different period of time. At the end of these retention periods, your Data is erased or anonymised. 

Data collected through our websites

User actionData collectedData usageReason for processing (legal basis)Retention period
Purchase of a Ledger productName, email address, delivery and billing address, phone number, company name, intra-community VAT number, product bought, delivery method and payment, order amount, currencyInvoicing, delivery, analytics and sending service notificationsPerformance of the contract you agreed upon buying one of our productsActive database: 3 months from delivery of the product Archive: 10 years (accounting obligations)
Request to receive marketing emails (including our newsletter)Email address, campaign number, logsSending emails on our latest developments, promotions and customer surveysConsent to receive marketing emails3 years from the request
Request sent to customer services (on the dedicated platform or through social media)Name, email and postal address, telephone number (for product exchanges), Handle used on social media, content of our exchanges, identification document (if verification is necessary)Processing the request, quality control, verifying information is correct and preventing fraudLedger’s legitimate interest5 years from the request
Browsing our websites
Please note: We collect your Browsing Data using various technologies such as cookies (for more information, please visit our Cookie Policy).
Consent or refusal to save cookies on your deviceCookies are saved (or not saved) on the deviceLegitimate interest6 months from the user’s decision
IP address, operating system, browser, devices used, date and time of visit, URLs of clickstream to, through and from our website, products viewed and searched, download errors, duration of visit on certain pages, interaction between pagesBug-fixing, analytics, combating fraud, personalising your experience, displaying adverts on third-party websitesDependent on the purpose of the cookies saved: - Legitimate interest for technical cookies - Consent for functional, performance and advertising cookiesThe time needed to fulfil the purpose of the cookies saved (for example, one session for session cookies)
Participation in customer surveysName, age, email address, family situation, profession, country, product opinion, commentsCarrying out marketing studies, improving our products and servicesLegitimate interest6 months from the end of the survey
Request to be re-contacted on the subject of our B2B productsName, company, role, email address, telephone number, countryMaking contact, sending emails on our latest developments, promotions and customer surveysLegitimate interest5 years from the request
Signing up to our affiliate programmeName, email address, company, BTC address, identity document, intra-community VAT number and proof of residence (where required).Managing the programme, sending emails on the programme’s latest developments, remunerationPerformance of the contract you agreed with Ledger when signing up to the programmeFor as long as the affiliate is a member of the programme, except in the event of prolonged inactivity

Please note:your payment information is collected directly by our payment providers. Ledger only has access to a truncated version of this information for anti-fraud purposes.

Data collected through our Ledger Live application

User actionData collectedData usageReason for processing (legal basis)Retention period
Use of Ledger LiveDevice session identifier, IP address*, clicks, actions (e.g. launching the application, use of transactional functionalities, pages viewed), properties (e.g. type, version, language and region recorded for your operating system), currency, time stamp, amount and status of transactions, transaction identifier, identifier used by our partners to identify you (when you use their services)Bug-fixing, analytics to improve our products and services and identify additional services and functionalities you might need, processing requests for assistance, finding and preventing security problems, fraudulent activity and violations, optimising marketing operations (e.g. information on the most-used functionalities) and sending important information (e.g. security notifications).Legitimate interest5 years from collection
Participating in our referral programmeETH address (for authentication purposes only / data not stored), UUID, BTC addressManaging the programme, reward redemptionPerformance of the contract you agreed with Ledger by participating in the programmeActive database; for as long as the referrer is a member of the programme, except in the event of prolonged inactivity
Archive: 10 years (tax and accounting obligations)

Please note:Ledger Live does not contain identifying information that allows us to know your identity.(*Your IP address is only collected to be transmitted to our partners when this information is required to provide their services, and is not stored by Ledger) Ledger neither stores nor has access to your crypto assets and private keys. We only provide ‘cold storage’ services.

Data collected by third parties accessible from Ledger Live

Below are several concrete examples:
You use our partners’ services: information (like your name, date of birth, postal address and IP address) can be collected by our partners (or by Ledger on their behalf) to meet their anti-money laundering and customer-identification obligations.
You are a validator for a proof of stake-type service: we display your name/handle, the balances delegated or any information communicated on Ledger Live.

Please note:Ledger is not responsible for the way in which our partners use your Data. If you have any questions on this subject, please consult their confidentiality policy.

Who do we share your Data with?

We share your Data with:

  • Our technical service providers who help provide the Services (e.g. delivery, online payments and combating fraud). 
  • Our subsidiaries, when they help provide the Services. 
  • Our partners who use your Data to offer you:
    • Services accessible from Ledger Live, or
    • Personalised adverts. The list of these partners can be found in our Cookies Policy. 
  • Other companies to which we could sell or assign all or part of our activities.

The administrative or legal authorities or any other authorised third party where this data sharing is set out in law.

Please note:Ledger never sells your Data to third parties and we prohibit our service providers from re-using it for their own behalf.

Where do we store your Data?

Your Data is stored in France, but we might have to transfer it to countries located outside of the European Economic Area. 

We only transfer your Data to companies:

  • That are established in a country recognised by the European Commission as offering an adequate level of protection, or
  • With which we have signed the European Commission’s standard contractual clauses, or 
  • That commit to apply a code of conduct or a certification mechanism validated by the competent European authorities.

How do we keep your Data secure?

We implement all technical and organisational measures we deem necessary to safeguard your Data at an appropriate level of security, including:

  • Payment information security: your payment information is encrypted using a secure commercial Internet protocol (TLS) and is never stored on our server. 
  • An awareness programme and employee training.
  • Encryption during exchanges and storage.
  • Regular audits of data hosting companies. 
  • Data redundancy for more resilience in the event of catastrophe.
  • Role-based authentication.
  • Two-factor authentication for our authorised contributors.
  • Continuous monitoring of the system.
  • Security assessments in line with industry standards.
  • Security tests and intrusion tests by independent third parties.

To assess the level of appropriate security, we take into account, among other things, the nature of the Data and the risks its processing presents. Although we strive to ensure an optimal protection of your Data, we would remind you that transmitting information on the Internet is not entirely secure.

Please note:Ledger does not have access to your passwords, PIN codes and recovery phrases. You are therefore solely responsible for keeping these confidential.

You can exercise your rights over your Data – this is how to do it!

If you want to ...All you have to do is...
Withdraw your consentUpon receiving marketing emails (including our newsletter) Upon the saving of cookies on your device Click on the ‘Unsubscribe’ link in the footer of the emails you receiveConsult our Cookies Policy
Obtain a copy of your Data (in a format that can be used by third parties)Make a request on our customer services website
Modify your Data if it is incorrect or incompleteMake a request on our customer services website
Delete your Data (in certain cases)Make a request on our customer services website
Object to the processing of your DataAnalytics and bug-fixing when browsing on Ledger LiveOther casesChange the settings in Ledger LiveMake a request on our customer services website
Limit the processing of your Data (particularly if you do not want it to be deleted)Make a request on our customer services website

Upon receiving a request, we may have to ask you for an identity document if you need to confirm your identity. If, after contacting us, you believe that your rights have not been respected, you have the option of sending a complaint to supervisory authority in your country.