HOLIDAY OFFER: Get the gift of up to $70 of Bitcoin. While supplies last!

Shop now

Ledger Recover Privacy policy

Last update: October 2023

At Ledger, we are committed to developing and supporting services to help you safely navigate the crypto ecosystem, including a website (“Ledger Website”), a login feature (“Ledger Trust Services Login”) which will enable you to access to an online platform (“Ledger Trust Services Platform”) to manage the services you subscribe to and services provided by third-parties such as the secret recovery phrase backup service provided by Coincover (“Ledger Recover”) (the “Services”).

The Privacy Policy has been translated and made available into different languages. Notwithstanding its translation, you acknowledge that, in the event of a dispute arising out of or relating to this Privacy Policy, only the English version of this Privacy Policy shall be referred to and prevail.

Please note: We can collect personal data about you when you interact with us and/or use the Services.

What is personal data?

Personal data (“Data”) is information that makes it possible to identify you:

  • directly, such as your name or email address;
  • or indirectly, such as your date and place of birth.

What do we do with your Data?

How we use your data depends on how you interact with us.

You want to know more about our Services

Data usage Data collected Legal basis Retention period
Browsing Ledger Website: bug-fixing, preventing fraud, personalizing your experience, displaying adverts on third-party websites, analytics
Please note: Ledger collects your data using various technologies such as cookies. For more information, please visit our Cookie Policy.		 IP address, operating system, browser, devices used, date and time of visit, URLs of clickstream to, through and from our website, products viewed and searched, download errors, duration of visit on certain pages, interaction between pages Legitimate interest for strictly necessary cookies Consent for functional, performance and targeting cookies The time needed to fulfill the purpose of the cookies saved (for example, one session for session cookies)
Marketing emails: sending emails on latest developments and promotions Email address, logs Consent 3 years from the last contact

You create a Ledger Trust Services Login

Data usage Data collected Legal basis Retention period
Login creation: checking if Ledger Trust Services Platform is available where you live, enabling you to access the Ledger Trust Services Platform.
Please note: If you do not subscribe to or activate Ledger Recover, your information are deleted after 90 days.		 Country Performance of the contract you agreed to upon creating a Ledger Trust Services Login and accessing to the Ledger Trust Services Platform Until you activate Ledger Recover
Email address, password Performance of the contract you agreed to upon creating a Ledger Trust Services Login and accessing to the Ledger Trust Services Platform As long as your subscription to Ledger Recover remains live and up to 6 months from the unsubscribe date (+ archived for 7 years after termination of the subscription for litigation purposes)
Using Ledger Trust Services Login and the Ledger Trust Services Platform: bug-fixing, preventing fraud, analytics Logs Legitimate interest 1 year (+ archived for 7 years after termination of the subscription to Ledger Recover for litigation purposes)
Subscription to the waiting list: informing you when Ledger Recover is available for a country Email address, country, date of subscription Consent 3 years from the subscription date

You contact our customer service or interact with us on social media

Data usage Data collected Legal basis Retention period
Request received through Ledger Website: processing the request, preventing fraud, quality control, analytics Name, email and postal addresses, content of our exchanges, identification document (if necessary) Legitimate interest 1 year following the request
Interactions on social media: processing the request, preventing fraud, quality control, analytics, better understanding Ledger’s community and identifying potential brand ambassadors Email and postal addresses, identification document (if necessary), social media data (including name or username, country, followers count), content of the messages and/or exchanges Legitimate interest 2 years from last interaction

You use Ledger Recover by Coincover

Data usage Data collected Legal basis Retention period
Subscription: processing orders, invoicing, payment, preventing fraud, managing complaints, sending notifications, analytics
Please note: Your credit card details are collected directly by our payment providers. Ledger only has access to a truncated version for fraud prevention purposes.
If we are not able to charge you your monthly payment, Ledger may keep the Data related to your Ledger Trust Services Login, Ledger Recover subscription (including the portion of your secret recovery phrase that we store) and identity verification for 1 year from the first non-payment date (+ 7 years in archive for litigation purposes). 		Name, billing address, payment method, order amount, currency Performance of the contract you agreed to upon subscribing to Ledger Recover 3 months from completion of the order (+ archived for 10 years to comply with our legal obligations)
Activation: securing backup for your secret recovery phrase.
Please note: Both Ledger and Coincover store a portion of your secret recovery phrase for security purposes. For more information on Coincover’s practices, please refer to Coincover’s privacy policy.		 A portion of your secret recovery phrase, user ID Performance of the contract you agreed to upon subscribing to Ledger Recover As long as your subscription remains live and up to 6 months from the unsubscribe date
Identity verification: confirming your identity before transmission and recovery of the secret recovery phrase.
Please note: Ledger may share your information to enable Coincover to provide the Ledger Recover service to you. For more information on Coicover’s practices, please refer to Coincover’s privacy policy.		 Data extracted from your identity document (name, last name, date and place of birth), selfie (extracted from the video capture), photo of your identity document (only upon recovery request) and, if applicable, any additional identity documents collected by Coincover in case of claims investigation Consent As long as your subscription remains live (+ archived for 7 years after the last identity verification for litigation purposes)
Using Ledger Recover: bug-fixing, preventing fraud, analytics Logs Legitimate interest 1 year (+ archived for 7 years after termination of the subscription for litigation purposes)

Who do we share your Data with?

We never sell your Data to third parties but we may share your Data with:

  • Our technical service providers who help provide the Services (e.g. online payments providers, identity verification providers).
  • Our subsidiaries, when they help provide the Services.
  • Our advertising partners, who use your Data to offer you personalized ads (e.g. social networks). The list of these partners can be found in our Cookie Policy. We never share your Data without your consent.
  • Companies to which we could sell or assign all or part of our activities.
  • Administrative or legal authorities, or any other authorized third party where required by the applicable law or necessary to exercise, establish or defend our rights.
  • Professional advisers, including lawyers, auditors and insurers.

Where do we store your Data?

By default, we store your Data in the European Economic Area (“EEA”). However, in some cases, we might have to transfer it to countries located outside the EEA, for instance, when our technical providers are based in those countries. In that case, we ensure that the transfer is performed in accordance with the applicable laws and within the framework of safeguards that assure the protection of your Data, such as the European Commission’s standard contractual clauses.  

How do we keep your Data secure?

We implement all technical and organizational measures we deem necessary to safeguard and secure the information we hold about you. To assess the level of appropriate security, we take into account, among other things, the nature of the Data and the risks its processing presents.  Those measures aim in particular at securing the Data we hold from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

Although we strive to ensure an optimal protection of your Data, please remember that:

  • You are responsible for the password you use to log in to your Ledger Trust Services Login: keep it secret and safe!
  • Your secret recovery phrase is unique and allows you to access, under all circumstances, the private keys giving access to your crypto assets: never enter your 24 words anywhere other than on your Ledger device! Ledger will never ask you for this information, not even when you subscribe, activate or use Ledger Recover.

What are your rights over your Data?

Under data protection laws, you have rights in relation to your Data. If you wish to exercise any of the rights set out below, please contact us here

You have the right, under certain conditions, to:

  • Access a copy of the information we hold about you or, when technically feasible, request that we transmit it to a third party in a structured, commonly used and machine-readable format.
  • Make us correct inaccurate or incomplete personal data about you. Please note that you can rectify your first name, last name, postal address and payment card details directly in the Ledger Trust Services Platform.
  • Request the deletion of your Data by clicking the relevant button in the Ledger Trust Services Platform. Note that we may keep a portion of your information if required by law (such as accounting obligations) or for litigation purposes. 
  • Object to the processing of your Data when we are relying on a legitimate interest. In some cases, we may demonstrate that we have compelling legitimate grounds to keep processing  your information.
  • Withdraw your consent upon:
    • storing cookies on your device (you can do it directly from our Cookie Policy),
    • receiving marketing emails (you can unsubscribe by clicking on the link available in the footer of the emails you receive),
    • collecting your biometric data (note that you may not be able to use Ledger Recover anymore).
  • Restrict the processing of your Data (in particular, if you do not want us to delete it in application of the retention periods listed above).

Upon receiving a request, we may need to ask you for an identity document or similar information to confirm your identity. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If, after contacting us, you believe that your rights have not been respected, you can make a complaint to the supervisory authority in your country.

Modifications to our Confidentiality Policy

We can modify our Privacy Policy if we deem it necessary or if the law requires it, and you accept these modifications in continuing to use our Services. Any updates or changes we make will be posted on this page.

Contact

If you have any questions, do not hesitate to contact our Data Protection Officer (DPO) by making a request here.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.