Uniswap · Uniswap Privacy Policy · View original document ↗

GDPR Lawful Basis and EU Data Subject Rights

Medium severity Unique · 0 of 325 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Uniswap recorded 5 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Uniswap Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

For EU users, Uniswap claims multiple legal reasons to process your data — including consent, contractual necessity, legal compliance, and 'legitimate interests' — and you have rights to access, correct, delete, and move your data.

This analysis describes what Uniswap's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Relying on 'legitimate interests' as a catch-all legal basis is frequently challenged by European regulators, and the policy does not specify which basis applies to which processing activity, making it difficult to exercise your rights or challenge processing you disagree with.

Consumer impact (what this means for users)

EU users nominally have rights to access, correct, delete, and port their data, but the policy's vague multi-basis approach and the blockchain deletion impossibility substantially limit the practical exercise of these rights.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Within 30 days
    EU users can email privacy@uniswap.org to exercise GDPR rights including access, rectification, erasure, or portability. Uniswap must respond within 30 days. Include your wallet address and any other identifying information to help locate your records.

How other platforms handle this

Runway Medium

In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...

Waze Medium

If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...

Smartsheet Medium

If you are located in the EEA or UK, you may have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the ...

See all platforms with this clause type →

Monitoring

Uniswap has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We process personal data for the purposes described in the section titled 'How We Use Data' above. Our bases for processing your data include: (i) you have given consent to the process to us or our service provides for one or more specific purposes; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; and/or (iv) processing is necessary for the purposes of the legitimate interested pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

— Excerpt from Uniswap's Uniswap Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: GDPR Arts. 6 (lawful basis), 7 (consent conditions), 12-14 (transparency), 15 (access), 16 (rectification), 17 (erasure), 18 (restriction), 20 (portability), 21 (objection), and 77 (right to lodge complaint with supervisory authority). The policy invokes all four major lawful bases simultaneously without specifying which applies to which processing activity, which may violate GDPR Art. 13/14 transparency requirements. Enforcement: EU national supervisory authorities. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    While EU DPAs are the primary enforcement authority, US State AGs may have jurisdiction over deceptive privacy practices affecting residents in their states.
    File a complaint →

Applicable regulations

Connecticut Data Privacy Act Amendments
US-CT
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Uniswap Privacy Policy
Entity
Uniswap
Document last updated
May 5, 2026
Tracking information
First tracked
May 7, 2026
Last verified
May 7, 2026
Record ID
CA-P-005188
Document ID
CA-D-00304
Evidence Provenance
Source URL
https://uniswap.org/privacy-policy
Wayback Machine
View archived versions →
Content hash (SHA-256)
e541a00f45e32ebb3512002fc0c4f2e51173a9367762ec63f2c47a5aba9906b7
Analysis generated
May 7, 2026 16:56 UTC
Methodology
summarize_document-v7
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Uniswap
Document: Uniswap Privacy Policy
Record ID: CA-P-005188
Captured: 2026-05-07 16:56:29 UTC
SHA-256: e541a00f45e32ebb…
URL: https://conductatlas.com/platform/uniswap/uniswap-privacy-policy/gdpr-lawful-basis-and-eu-data-subject-rights/
Accessed: May 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories
Privacy rights

Other risks in this policy

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Uniswap's GDPR Lawful Basis and EU Data Subject Rights clause do?

Relying on 'legitimate interests' as a catch-all legal basis is frequently challenged by European regulators, and the policy does not specify which basis applies to which processing activity, making it difficult to exercise your rights or challenge processing you disagree with.

How does this clause affect you?

EU users nominally have rights to access, correct, delete, and port their data, but the policy's vague multi-basis approach and the blockchain deletion impossibility substantially limit the practical exercise of these rights.

Is ConductAtlas affiliated with Uniswap?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uniswap.