Abstract

Data Privacy Risk refers to the potential for user personally identifiable information (PII) to be shared non-compliantly with external parties, as well as the process for allowing users to request that their data be deleted. Given that blockchain transactions cannot be altered or changed after the fact, it is crucial to ensure that PII does not make its way onchain in any form. Data Privacy Risk exists both on and off of the blockchain, as securing access to any repositories of this data is paramount.

Policy

Endaoment believes in safeguarding user data and upholding individuals’ rights to data privacy, including the right to request data deletion. We believe in secure data management practices and comply with applicable privacy regulations to mitigate this risk and protect our users’ information.

Scope and Applicability

This policy applied to all Endaoment employees, contractors, board members, and those acting on behalf of Endaoment in any capacity. Non-compliance with this policy may lead to disciplinary action up to and including termination/removal. Should there be a conflict of law, the more stringent of either this policy or the applicable law will be applied.

Operational Controls + Testing

Internal controls will be monitored and/or tested on a periodic basis determined by risk. Monitoring and testing outcomes will be used to inform the continuous improvement of internal controls in order to appropriately mitigate risk.

Training

All Endaoment employees will receive training on Legal Compliance + Regulatory Risk to ensure policy continuity and application. New hires will be trained within their first 60 days, and mandatory incumbent trainings will be conducted bi-annually with all current employees.

Governance

This policy will be reviewed by the executive team and updated semi-annually to ensure it remains up-to-date. Escalation of any questions, concerns, or requests for exceptions regarding this policy must be made to the Endaoment executive team and approved unanimously.