Privacy Policy


Sky Mavis Pte. Ltd. (“Sky Mavis,” “we,” “us,” or “our”) is a software development company that builds virtual worlds and the infrastructure that makes them possible.

This Privacy Policy (“Privacy Policy”) is designed to inform you about how we collect, use, process, and share your Personal Data (as defined below) in connection with use of any of our products, services, or applications (collectively the “Services”); and visit or use of our website (“Site”) to the extent related to the Services. By using our Services, you agree to the collection and use of your Personal Data in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, any terms used in this Privacy Policy will have the same meanings as set forth in our Terms of Use.

Please note that our Services and Site are not intended for minors below 18 years of age, and we do not knowingly collect data relating to minors.


1.1. Data Handler. Sky Mavis Pte. Ltd., a company incorporated in Singapore, is responsible for handling your Personal Data related to the use of our Services.

1.2. Changes to your Personal Data. It is important that the Personal Data we hold about you is accurate and up-to-date, so please keep us informed if your Personal Data changes during your relationship with us.

1.3. Third-Party Links. Our Site, app, and any applicable browser or browser extension required to access the Services may include links to third-party websites, plug-ins, and applications (“Third-Party Sites”). If you click on those links or enable those connections, you may allow third parties to collect or share data about you. We do not control these ThirdParty Sites and therefore are not responsible for their privacy statements or policies. When you leave our Site, you should read the privacy policy or statement of every Third-Party Site you visit or use.


2.1. General. The categories of Personal Data we collect depend on how you interact with us, our Services, and the requirements of applicable laws. We collect information that you provide to us, information we automatically obtain when you use our Services, and information from other sources such as third-party services and organizations, as described below.

2.2. Definition of Personal Data. Personal Data, or personal information, means any information, whether true or not, that relates to an identified or identifiable individual (collectively, all “Personal Data” as described in this section). This is a broad definition which includes the specific pieces of personal data which we describe in further detail below. However, Personal Data does not include data which cannot be used to identify an individual person, such as a company registration number.

Different pieces of information, if collected together, may also lead to the identification of a particular person, and therefore also is Personal Data. However, Personal Data does not include data where the identity has been removed (anonymous data). For more information about Personal Data, please refer to the PDPA’s definition here.

2.3. Kinds of Personal Data We May Collect. Below are different kinds of Personal Data about you that we may collect, use, store, and transfer:

Type of UserKinds of Personal Data We May Collect
Individual user
  • Email address
  • Full legal name (including former names and names in local languages)
  • Nationality
  • Passport number or any government issued ID number
  • Date of birth
  • Proof of identity (e.g. passport, government-issued ID)
  • Proof of residency
  • Additional Personal Data or information at our discretion
Corporate User
  • Corporate legal name (including the legal name in local languages)
  • Incorporation/registration information
  • Full legal name of all beneficial owners, directors, and legal representatives
  • Address (principal place of business and/or other physical locations)
  • Proof of legal existence
  • Proof of identity (e.g. passport, government-issued ID)
  • Description of business
  • Percentage of ownership for individual/corporate owners
  • Contact information of owners, principals, and executive management (as applicable)
  • Proof of identity (e.g. passport, government-issued ID) for significant individual beneficial owner(s) of institutional user entities
  • Personal Data for each entity’s significant beneficial owner(s) of the institutional user entities (please refer to the above section on what Personal Data we collect for individual users)
  • Source of funds

2.4. Refusal to Provide Personal Data. If you refuse to provide Personal Data where we need to collect Personal Data by law, or under the terms of an agreement we have with you, we may not be able to perform the agreement we have or are trying to enter into with you (e.g. to provide you the Services). In this case, we may cancel a product or Service you have with us.


3.1. General. The forementioned types of Personal Data we collect depend on how you interact with us, our Services, and applicable law requirements. We collect data and information that you provide to us, information we obtain through automated technologies or interactions when you use our Services, and information from third parties or other sources, as described below.

3.2. Methods of Collecting Data. Sky Mavis uses different methods to collect information from and about you, including through:
(a) Information you directly provide to us – you may give us your Personal Data when you directly interact with us, including by filling out forms, by email, or any other method or form. This includes Personal Data you provide when you:
(i) Visit our Site;
(ii) Use or apply to use our Services;
(iii) Create an Account;
(iv) Request marketing materials to be sent to you, for example, by subscribing to our newsletters;
(v) Enter a giveaway, sweepstake, or contest, including through social media channels;
(vi) Provide us with Submissions or otherwise contact us.
(b) Information collected from automated technologies or interactions – as you interact with and/or use our Site, we may automatically collect Personal Data about your equipment, browsing patters, actions, and habits. We collect this Personal Data by using server logs, cookies, and similar technologies. We may also collect other Personal Data through your use of our Site. Finally, we may also receive Personal Data about you if you visit other websites using our cookies. On our main Site, you will be informed about how we use cookies through the Cookies Policy.
(c) Information collected from third parties or other sources – we also obtain information about you from third parties or other sources. These sources may include public blockchains or other publicly available information on the Internet (e.g. websites, articles, social media; etc.)


4.1. General. We will only use your Personal Data in accordance with applicable laws. Thus, we must ensure that there is a proper basis for using your Personal Data. Common examples of when we may use your Personal Data include:
(a) Contract performance – we may process your Personal Data when it is necessary for us to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g. this is the basis for the provision of our Services);
(b) Legitimate interests – we may process your Personal Data for our interests, or those of a third party, when we ensure we use this basis as far as your interests and individual rights do not override or are in conflict with those interests;
(c) When you have given consent – we may process your Personal Data where you have freely given your consent, which is based on your informed and clear indication by a statement or clear affirmative action, that indicates your agreement to the processing of your Personal Data; there may be certain circumstances where this consent needs to be explicit, and we will properly request for your consent.

4.2. Change of Purpose. We will only use your Personal Data for the purposes we have collected it for unless we reasonably consider that we will need it for another reason which is also compatible with the original purpose and in accordance with applicable laws. The purposes listed above may continue to apply even in situations where your relationship with us (e.g. pursuant to contract performance) has been terminated or altered in any way, for a reasonable period thereafter (including, as applicable, a period of time to enable us to enforce our rights under any contract with you).

4.3. Marketing. If you have requested information from us and consented to receive marketing communications, you will receive marketing communications from us. We may use certain parts of your Personal Data for our respective activities.

4.4. Third-Party Marketing. Regarding third-party marketing, we will obtain your consent prior to sharing your Personal Data with any third party for marketing purposes.

4.5. Opting Out. You may opt out, or ask us to stop sending you marketing messages, at any time by directly emailing our DPO as indicated below. Please note that opting out of receiving marketing messages will not apply to services messages directly related to the use of our Services (e.g. maintenance or updates, changes in terms of use; etc.).

4.6. Cookies. You may set your browser to allow or refuse all or some browser cookies, or to alert you when websites set or access cookies. If you refuse or disable cookies, some parts of the Services or Site may become inaccessible or not properly function. Please review the Cookies Policy for more information about the types of cookies we may use.


5.1. Transferring Within our Group Companies. We may share your Personal Data within our group companies, which may involve transferring your Personal Data outside of Singapore or the origin of where your Personal Data is collected.

5.2. Transferring to Third Parties. Many of our external third parties are based outside of Singapore. Thus, their processing of your Personal Data may involve a transfer of data outside of Singapore.

5.3. How We Transfer Your Personal Data. In order to facilitate the Services we provide to our users located in Singapore, we request explicit consent for the transfer of Personal Data from Singapore to outside of the area. If you are an individual located in Singapore and you decline to consent to such transfer, you shall not use our Site or Services.


6.1. General. We may share your Personal Data with various third parties, including our third-party service providers, agents, subcontractors, and other associated organizations, our group companies, and affiliates to provide Services to you on our behalf and complete other related tasks. When using third-party service providers, they are required to respect the security of your Personal Data and must treat it in accordance with the law.

6.2. Disclosure of Personal Data. We may disclose your Personal Data to the following third parties:
(a) Companies and other organizations that assist in providing any of the Services you have requested, including verifying, processing, and/or refunding your transactions or orders;
(b) Anyone to whom we may lawfully transfer our rights and duties under the relevant terms and conditions governing the use of any Services; and
(c) Law enforcement and regulatory authorities, whether they are inside or outside of Singapore, under applicable law.


7.1. General. We strive to implement appropriate security measures to prevent your Personal Data from being accidentally lost, used, damaged, altered, disclosed, or accessed in an unauthorized or unlawful way or manner. We also use our best efforts to limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a legitimate business reason. They will only process your Personal Data in accordance with our instructions, and they are subject to a duty of confidentiality.

7.2. Risk of Data Breaches. You understand and accept that there is an inherent risk in any data being shared over the Internet against your wishes, and that there is no security system that is impenetrable. Thus, we cannot guarantee the security or our systems or those of our vendors. If there is any information under our custody and control that is compromised as a result of a breach of our security, we will take steps to investigate and remediate the situation, and in accordance with applicable laws and regulations, may notify the individuals whose Personal Data may have been compromised.

7.3. Your Responsibilities. You are solely responsible for the security of your digital wallet and any Personal Data relating to or arising thereof. We encourage you to take measures to ensure that it remains secure. If at any time you discover an issue related to your wallet, please contact your wallet provider.


8.1. General. We consider a variety of factors in determining the appropriate retention period for your Personal Data. This includes the amount, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorized use or disclosure of your Personal Data; the purposes for which we may process your Personal Data and whether we can achieve those purposes through other means; and any applicable legal, regulatory, tax, accounting, or other requirements.

8.1. General. We consider a variety of factors in determining the appropriate retention period for your Personal Data. This includes the amount, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorized use or disclosure of your Personal Data; the purposes for which we may process your Personal Data and whether we can achieve those purposes through other means; and any applicable legal, regulatory, tax, accounting, or other requirements.
(a) A copy of the records we used in order to comply with any required or applicable customer due diligence obligations;
(b) Supporting evidence and records of transactions with you, and your relationship with us.

We may also keep your Personal Data for a longer period if we cannot delete it for legal, regulatory, or technical reasons.

We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

8.3. Marketing Communications Obligations. If you have opted out of receiving marketing communications from us, we will retain your details on an opt-out list so that we know you do not want to receive these communications.


9.1. General. There are legal rights that are available to you regarding your Personal Data that we process. We have outlined these below. You may request to exercise these rights, subject to any limitations provided for under applicable data protection laws.

9.2. Access, Correction, and Deletion. You may ask us to confirm whether we are processing your Personal Data, and if so, what information we process and to provide you with a copy of that information. You may also request for us to correct your Personal Data by providing us with the information you think is inaccurate or incomplete, and then providing us with the new and updated information. We may need to verify the accuracy of the new data you provide to us. You may ask us to delete your Personal Data. However, we may not be able to comply with your deletion request for specific legal reasons.

9.3. Potential Fees. Usually, you will not have to pay a fee to access your Personal Data or to exercise any of the rights mentioned in this Privacy Policy. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. In this situation, we may also refuse to comply with your request.

9.4. Replying to Legitimate Requests. We will generally strive to reply to a legitimate request within thirty (30) days after receiving the request. However, this period may be extended where necessary and considering the complexity and number of requests, and we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. Please note that we may request that you provide some details necessary to verify your identity when you request to exercise a right regarding your Personal Data. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

9.5. Withdrawal of Consent. Please note that the consent you provide for the collection, use, processing, and disclosure of your Personal Data shall remain valid until such time it is withdrawn by you in writing. You may withdraw your consent and request for us to stop using, processing, and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of your request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of acceding to the same, including any legal consequences which may affect your rights and liabilities to us. Generally, we shall seek to process your request within thirty (30) days upon receipt.

While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be able to continue providing the Services which you have requested, and we shall in such circumstances notify you before completing the processing of your request. If you decide to cancel your withdrawal of consent, please inform us in writing in the manner described herein.

Please note that the withdrawal of your consent does not affect our right to continue to collect, use, process, and/or disclose Personal Data where such collection, use, processing, and/or disclosure without consent is permitted or required by applicable laws.


10.1. General. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing inquiries relating to this Privacy Policy. If you have any inquiries or other feedback or concerns about this Privacy Policy, our privacy practices, or if you wish to make any request pertaining to your rights with respect to your Personal Data, please contact our DPO team in the following manner:
Email: [email protected]
Address: Sky Mavis Pte. Ltd. ATTN: DPO 3 Fraser Street, #05-24, Duo Tower Singapore, 189352


11.1. Privacy When Using Digital Assets and Blockchains. Your use of Digital Assets may be recorded on a public blockchain. Public blockchain are distributed ledgers that are intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis, which can lead to re-identification of the individuals who make transactions as well as the revelation of Personal Data, especially when blockchain data is combined with other data.

Because blockchains are decentralized or are third-party networks that are not controlled or operated by us, we are not able to erase, modify, or alter Personal Data on such networks.

11.2. Minors and Children. Our Services and the Site are not intended for persons under the age of 18, and we do not knowingly collect data relating to minors. If we learn that we have inadvertently processed Personal Data from a minor or child, we will take legally permissible measures to remove that data from our records. We may also require the minor user to close their account and will not allow the use of our Services or Site. If you are a parent or guardian of a minor and you become aware that a minor has provided Personal Data to us, please contact us.

11.3. Effect of Privacy Policy. This Privacy Policy applies in conjunction with any other notices, contractual clauses, and consent clauses that apply relating to the collection, use, disclosure, management, and processing of your Personal Data by us.

11.4. Changes to this Privacy Policy. Please note that we may revise this Privacy Policy at any time and in our sole discretion. If we make changes to this Privacy Policy, we will provide notice of such changes, for example, by sending an email notification (f we have a valid email for you), providing notice through the Services, or updating the “Last Updated” date at the beginning of this Privacy Policy. By continuing to access or use any Services at any point after such update, you confirm your acceptance of the revised Privacy Policy and all the terms incorporated therein by reference.