Privacy Policy

This Privacy Policy ("Privacy Policy") explains how Metro ("Metro", "we", "us", or "our") collects, uses, discloses, and protects information in connection with your access to and use of the Metro website located at https://metro.exchange (the "Site"), the Metro web or mobile interfaces, the native Metro wallet, Metro Staking, and all other products, features, tools, and services we provide now or in the future (collectively, the "Services").

Metro is a non‑custodial, cross‑chain decentralized exchange (DEX) aggregator and wallet interface that routes transactions via the SwapKit SDK and API and connects to multiple decentralized liquidity protocols (such as, without limitation, THORChain, Chainflip, Maya Protocol, NEAR Intents, Garden Finance, Harbor, Jupiter, 1inch and others). SwapKit, Inc. maintains its own privacy practices for the limited data it processes as backend routing infrastructure.

By accessing or using the Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Services.

1. Scope and Relationship to Other Policies

This Privacy Policy applies to information we process in connection with your use of the Services, whether as a direct user of the Metro interface or as a visitor to the Site.

It does not apply to:

  • Independent third‑party protocols you interact with via Metro (e.g., THORChain, Chainflip, Maya Protocol, NEAR Intents, Garden Finance, Harbor, Jupiter, 1inch or others), which have their own privacy and data practices.
  • SwapKit, Inc., which operates as an independent backend SDK/API provider and maintains its own privacy policy and data‑minimization practices.
  • Third‑party fiat on‑ramp and off‑ramp providers, payment processors, identity‑verification / KYC providers (such as those presented through aggregators like Onramper), or analytics and security vendors that you may interact with directly.

Your interactions with any third party are governed by that third party’s own privacy policy and terms, not by this Privacy Policy. Metro does not control, and is not responsible for, the privacy practices of any third party.

This Privacy Policy is incorporated into and forms part of our Terms of Service.

2. Information We Collect

Because Metro is a non‑custodial interface, we generally do not collect traditional financial account information, government‑issued identifiers, or detailed personal profiles. We focus on limited technical and usage data necessary to operate and secure the Services, consistent with similar DeFi infrastructure providers.

2.1 Information You Choose to Provide

We may collect information that you voluntarily provide, for example:

  • Contact and correspondence information: If you email us, submit a support request, or otherwise communicate with us, we may receive your name, email address, social handle, blockchain wallet addresses, onchain transaction details or other contact details and the content of your message.
  • Developer / integration information: If you integrate Metro into your product or access developer features, we may collect business contact information, integration details, and configuration choices.
  • Feedback and surveys: If you respond to surveys, beta programs, or provide feedback, we collect any information you choose to submit.

You are solely responsible for any personal information you provide that we do not explicitly request.

2.2 Information Collected Automatically

When you access or use the Services, we and our service providers (including but not limited to Posthog, Google Analytics, Axiom, and Sentry or similar tools) automatically collect certain technical and usage information, such as:

  • Wallet information: Public blockchain wallet addresses you connect to or use through the Services, transaction hashes you submit via the interface, and associated on‑chain metadata (e.g., token balances and activity visible on public blockchains).
  • Device and browser information: Device type, operating system, browser type and version, language settings, screen resolution, and similar technical details.
  • Log and usage data: Pages viewed, features used, buttons clicked, referring/exit URLs, timestamps, error events, performance metrics, and interaction patterns within the interface.
  • IP‑based information: IP address and derived, coarse geolocation (e.g., country or region) sufficient for security, abuse prevention, sanctions screening, and to operate and optimize the Services.

We generally do not seek to collect sensitive categories of data (such as government IDs, precise location, or financial account numbers) through the Metro interface. If you provide such information directly to third‑party providers (for example, a fiat on‑ramp for KYC), it is handled under their privacy policies.

2.3 Information from Cookies and Similar Technologies

We and our analytics providers use cookies, local storage, pixels, and similar technologies to:

  • remember user preferences (such as selected networks or UI settings);
  • understand how users navigate and interact with the interface;
  • monitor performance, reliability, and errors; and
  • help protect against abuse and unauthorized access.

You can typically configure your browser to block or delete cookies, but this may impact the functionality of the Services.

2.4 Information from Third Parties

We may receive limited information about you from third parties, for example:

  • from analytics and security providers used by Metro or SwapKit (e.g., generalized intelligence about risky wallet addresses or IP ranges);
  • from on‑ramp / off‑ramp providers or other partners, on an aggregated or technical basis (e.g., status of a transaction, country‑level statistics, or integration‑level metrics); or
  • from publicly available blockchain data and explorers.

We do not intentionally receive or retain detailed KYC dossiers or full payment‑instrument data from such providers.

3. How We Use Information

We use the information we collect for the following purposes:

  • Provide and operate the Services: To enable routing of swaps and other transactions, display quotes and routes, manage wallet connections, operate the Metro wallet interface and Metro Staking, and maintain core functionality.
  • Security, fraud, and abuse prevention: To monitor for suspicious or abusive behavior, enforce sanctions and restricted‑person policies, prevent spam and attacks, and protect the integrity and availability of the Services.
  • Analytics and improvement: To understand how users interact with the interface, debug issues, optimize UX, and develop new features and products.
  • Compliance and risk management: To comply with applicable laws and regulations (e.g., sanctions, anti‑money‑laundering frameworks, export controls), respond to lawful requests, and manage legal risk.
  • Communications: To respond to your inquiries, send important service‑related notices (e.g., changes to policies or critical updates), and, where permitted, provide product updates or other communications you opt into.
  • Business operations: For internal recordkeeping, audits, and other legitimate business purposes such as planning and reporting.

We may use aggregated or de‑identified information (which does not reasonably identify you) for any lawful purpose.

4. Legal Bases for Processing (Where Applicable)

Depending on your jurisdiction, our processing of personal data may be justified by one or more of the following legal bases, where such concepts apply:

  • Performance of a contract: Processing is necessary to provide the Services under our Terms of Service.
  • Legitimate interests: We have a legitimate interest in operating, improving, and securing the Services, preventing abuse, and responding to your requests, provided these interests are not overridden by your rights.
  • Consent: In some cases, we may rely on your consent (for example, where required lawfully for certain analytics or marketing cookies). You can withdraw consent at any time, but this will not affect processing that has already occurred.
  • Legal obligations: We may process information to comply with applicable laws, regulations, court orders, or other legal processes.

Nothing in this Privacy Policy is intended to “opt in” Metro or Ferdin Incorporated to legal regimes that would not otherwise apply based on their activities and jurisdictional footprint.

5. How We Share Information

We specifically note that Metro does not sell data to third parties to perform marketing or profiling, and does not engage in automated decision-making re customers/users, except via KYT (Know Your Transaction) services provided by SwapKit, Inc and third-party API providers to (i) screen end user wallets against published lists of sanctioned addresses by the U.S. Treasury and similar governmental bodies; and (ii) implementing optional additional risk-based screening of end user wallets.

We may also disclose information to:

  • Service providers and vendors: Third‑party companies that provide services on our behalf, such as:
    • backend routing and aggregation infrastructure (e.g., SwapKit as independent SDK/API provider);
    • analytics and product‑analytics services (e.g., Posthog, Google Analytics, Axiom, Sentry or similar tools);
    • hosting, storage, security, and monitoring providers;
    • customer‑support and communication tools; and
    • development, operational, and professional service providers.
  • On‑ramp / off‑ramp and other financial‑service providers: Where you choose to use third‑party fiat on‑ramp or off‑ramp services or other integrated providers (for example, through Onramper or similar aggregators), limited technical information may be exchanged to enable or reconcile transactions. Those providers independently collect and process your personal and payment information under their own policies.
  • Affiliates: Ferdin Incorporated, THORSwap Foundation, and other affiliated entities involved in operating and supporting the Services, subject to this Privacy Policy.
  • Compliance, legal, and safety: Law‑enforcement agencies, regulators, courts, and professional advisors when we believe disclosure is reasonably necessary to (a) comply with law or legal process; (b) protect the rights, property, or safety of Metro, our users, or the public; or (c) detect, investigate, and prevent fraud, security, or technical issues.
  • Business transfers: In connection with any actual or potential merger, acquisition, financing, sale of assets, reorganization, or similar corporate transaction involving Metro, information may be transferred as part of that transaction, subject to appropriate confidentiality safeguards.
  • With your direction or consent: To any other third party where you explicitly request or consent to such sharing.

Where we share personal information with service providers, we use reasonable contractual and technical measures to limit their use of the data to the purposes of providing services to Metro or to you.

6. Cookies, Analytics, and Tracking Technologies

We use cookies, local storage, and similar technologies, and we integrate third‑party analytics tools such as Posthog, Google Analytics, Axiom, and, in the future, Sentry or similar services to help us understand how the Services are used and to improve their performance and security.

These tools may:

  • set and read cookies or similar identifiers in your browser;
  • collect usage and event data (e.g., page views, button clicks, performance metrics, error traces);
  • receive truncated IP addresses and coarse geolocation; and
  • provide us with aggregated reports and insights.

You can control certain cookies and tracking technologies through your browser settings or privacy tools. If required by law in your jurisdiction, we will request your consent before setting or reading certain non‑essential cookies.

For more granular information about our use of cookies and similar technologies, we may publish a separate Cookie Policy referenced from this Privacy Policy.

7. Data Retention

We retain information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy or as required by law, regulation, or legitimate business needs.

In practice, this generally means:

  • Short‑term retention of raw logs and analytics data for debugging, security, and performance monitoring.
  • Longer‑term retention of aggregated or de‑identified analytics and operational metrics.
  • Retention of certain records (e.g., records relevant to legal or regulatory obligations, disputes, or enforcement of our Terms) for the duration of the applicable limitation periods.

Where we no longer have a legitimate need to retain personal information, we will take reasonable steps to delete, anonymize, or aggregate it.

8. International Data Transfers

Metro, Ferdin Incorporated, and many of our service providers are based in jurisdictions that may have different data‑protection laws than those in your home jurisdiction, and your information may be processed in those jurisdictions (for example, the United States or Singapore).

By accessing or using the Services, you understand and consent to the transfer, processing, and storage of your information in these jurisdictions, which may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we will implement appropriate safeguards for such transfers.

9. Security

We implement reasonable technical and organizational measures designed to protect information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures include access controls, encryption in transit where appropriate, separation of environments, and security monitoring. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the security of your devices, wallets, private keys, seed phrases, and any credentials used to access the Services.

If you believe that the security of your interactions with Metro has been compromised, please contact us immediately at contact@metro.exchange.

10. Your Rights and Choices

Depending on your jurisdiction, and subject to applicable law, you may have certain rights with respect to your personal information, such as:

  • the right to access or receive a copy of personal information we hold about you;
  • the right to request correction of inaccurate or incomplete information;
  • the right to request deletion of certain information, subject to legal or operational retention obligations;
  • the right to object to or restrict certain processing; and
  • the right to withdraw consent where processing is based on consent.

Because Metro generally collects limited categories of information (often in pseudonymous or aggregated form), some of these rights may be limited in practice or may need to be exercised through your wallet, browser, or device settings.

To exercise any rights that may apply to you, please contact us at contact@metro.exchange. We may take reasonable steps to verify your identity before responding.

11. Children’s Privacy

The Services are intended for individuals who are able to enter into legally binding contracts in their jurisdiction. We do not knowingly collect personal information from children. If you believe we have collected personal information from a child, please contact us at contact@metro.exchange and we will take appropriate steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will update the "Last Updated" date at the top of this page and may provide additional notice (such as a banner on the Site or in‑app message). Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you must stop using the Services.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise any rights that may apply to you, please contact us at: contact@metro.exchange.

Depending on your jurisdiction, you may also have the right to lodge a complaint with a supervisory authority or data‑protection regulator where you live or work or where you believe an infringement may have occurred.