At Ledger, earning and maintaining our users’ trust is a top priority. That’s why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
This Privacy Policy explains how we collect, use, and protect your personal data when you interact with us in different ways, and why we do so.
Keep in mind that we may update this Privacy Policy whenever needed or if the law requires it. If you keep using our services after updates, you’re agreeing to the new terms.
We last updated the policy in October 2025.
Please note:This Privacy Policy doesn’t apply to Ledger Recover and Ledger Multisig services. If you need to know more about how we collect your data, check the dedicated privacy policies (for Recover / for Multisig).
What is personal data?
It is anything that can identify you, directly (like your name or email address) or indirectly (like your IP address or wallet address).
- What data do we collect?
- You use Ledger Wallet
- We use your data to run and improve our services
- We use your data to enable third-party services within Ledger Wallet
- You visit our website
- You contact our customer service or engage with us on social media
- You are a member of the Ledger affiliate program
- You are an Enterprise customer, a Ledger reseller or a user of our co-branding services
- With whom do we share your data?
- Where do we store your data?
- How do we keep your data safe?
- Your rights
What data do we collect?
The data we collect depends on how you interact with us.
You use Ledger Wallet
When you install Ledger Wallet, we generate an equipment ID to identify you. You have a different ID for each of your devices (mobile or desktop) and we generate a new ID when you reinstall Ledger Wallet.
Please note:
- We do not link your wallet address to your equipment ID or to any data on how you use Ledger Wallet.
- We do not have access to your XPub and cannot link your different wallet addresses together.
- We are not able to link your wallet address to the information you give when you order products on our website.
We use your data to run and improve our services
| Why do we collect your data? | Which data do we collect? | Which legal ground do we rely on? | For how long do we keep your data? | More details |
|---|---|---|---|---|
| To display your accounts, balance and transaction history | We collect: Your wallet address, Onchain data. | We rely on the Terms of Use you accepted when you signed up for Ledger Wallet. | We do not keep this data. | When you connect to Ledger Wallet, we collect logs which include your wallet address. We input your wallet address in our explorers to make your balance and transaction history available to you at any time, but we do not store this information. |
| To manage the referral program (reward redemption, notifications) | We collect: Your equipment ID, your wallet address, the amount of your reward, the date of the payment, the order ID of the user you have referred. | We rely on the Terms & Conditions you accepted when you signed up for the program. | We keep your data for 10 years to comply with our legal obligations. Your data is archived 2 years after the last reward. | We also collect your ETH address for authentication purposes, but we do not store it. |
| To fix bugs | We collect: Your equipment ID, crash logs and reports. | We rely on our legitimate interest. | We keep your data for 90 days. | You can opt out at any time via the settings in Ledger Wallet. |
| To run market analysis | We collect: Your wallet address, Onchain data. | We rely on our legitimate interest. | We keep this data for 5 years after your most recent connection to Ledger Wallet. | We use the wallet addresses included in Ledger Wallet logs to link your wallet address with public onchain data to conduct various analyses. For example: to calculate the global amount of digital assets we secure. We know how much assets in total are held by Ledger Wallet users but we: – Do not know how much assets you have. – We do not have access to your XPub and are not able to link your different wallet addresses together. – We are not able to link your wallet address to any personal identifiable information, including the data you provide when you order a product on our website. |
| To measure the performance of Ledger Wallet and our marketing campaigns, and to personalize your experience through in-app contents and push notifications | We collect: Your equipment ID, your user properties (e.g. type of tokens owned, language), your terminal properties (e.g. type and version of operating system, app version), your wallet properties (e.g. firmware version, hardware wallet model, user personalized wallet), Your clicks and actions your make on the app (e.g. launch of the application, pages viewed), Notifications (push notifications, content cards and in app modals sent and opened). | We rely on your consent (to consent, you can click on a specific button when onboarding in Ledger Wallet). | We keep your data for 5 years after your most recent connection to Ledger Wallet. | If you consent, we can use your data to improve our products and services, and to personalise your experience within Ledger Wallet. This helps us better understand your preferences and tailor the app to your needs, so you see content that is more relevant and engaging. You have the option to accept or decline this use of your data, and you can withdraw your consent at any time in the app settings. The Ledger Wallet app is designed so we don’t link data related to how you use Ledger Wallet with your wallet addresses. |
We use your data to enable third-party services within Ledger Wallet
| Why do we collect your data? | Which data do we collect? | Which legal ground do we rely on? | For how long do we keep your data? | More details |
|---|---|---|---|---|
| Use of Ledger Live | We collect: Your transaction data (e.g. transaction amount, currency, payment method, country and wallet address), your IP address. | We rely on the Terms of Use you accepted when you signed up for Ledger Wallet. | We do not keep this data. | When you want to use Third-Party Services, we share certain transaction data with Third-Party Service providers. These providers use your data to craft pricing quotes that we display to you. We may also use your IP address or share it with Third-Party Service providers to verify what services are available in your country. We do not keep this information. |
| To comply with specific sanctions laws by blocking transactions and filtering IP addresses | We collect: Your wallet address, your IP address. | We rely on our legal obligations. | We do not keep this data. | We must follow all sanctions laws that apply. This means we block any transactions that involve sanctioned wallet addresses and prevent users located in countries subject to comprehensive sanctions from accessing our services. To this end, we do not store any information. |
| To track and report revenue generated through integrated Third-Party Services in Ledger Wallet | We collect your transaction data (e.g. transaction amount, currency, time stamp, status, ID and hash, fee, trade or payment method, country, wallet address and blockchain). | We rely on the Terms of Use you accepted when you signed up for Ledger Wallet. | We keep specific transaction data for 10 years to comply with our legal obligations. | We collect transaction data to report completed transactions. This data either comes from blockchain explorers or directly from Third-Party Service providers. If you use the Buy feature and have agreed to analytics in Ledger Wallet, we can temporarily link the transaction data from Third-Party Service providers to your equipment ID for up to five days. This helps us confirm that your transaction was successful and improve our service quality. After five days, this link is deleted. We do not link this data with the equipment IDs for opted-out users. |
Please note:When you use third-party services through Ledger Wallet (e.g. you buy or sell crypto assets, or create a cash to stablecoin account) (‘Third-Party Services’), you are stepping outside our ecosystem. These services may ask you to provide information such as your name, date of birth and postal address, to meet their legal requirements. We are not responsible for how these providers handle your data.
For more information, check our Terms of Use and make sure to read the Third-Party Service providers’ privacy policy to have full control over your data. They might have different policies including in terms of data retention
You visit our website
| Why do we collect your data? | Which data do we collect? | Which legal ground do we rely on? | For how long do we keep your data? | More details |
|---|---|---|---|---|
| To manage your order (including shipping, invoicing, notifications and analytics) | We collect: Your IP address, your operating system, your browser, the language used, the terminal used, the date and time of your visit, the URLs of clickstream to, through and from our website, the products you viewed and searched, any download errors, the amount of time you stayed on certain pages and the interaction between pages. | We rely on your consent. | We keep your data for up to 25 months. | When you place an order on www.ledger.com, you agree to buy your item from Global-e, which is the official seller, under Global-e’s Terms & Conditions and Privacy Policy. You can click here to learn more about Global-e. Global-e collects your personal data and shares it with Ledger, including the details needed for shipping. If you buy our products from Amazon, we only collect certain information for invoicing: your name, billing and shipping addresses, the type of product, the order amount and your payment method. If you buy our products directly from a reseller, we don’t collect any personal data. |
| To improve our products and services (optional product reviews) | We collect: Your name, your email address, your country, the order ID, the type of product you ordered, the order date, the content of your review. | We rely on our legitimate interest. | We keep your data for 1 month after your purchase. | |
| To measure the performance of our website, fix bugs, improve and personalize your experience through our website and third-party websites | We collect: Your IP address, your operating system, your browser, the language used, the terminal used, the date and time of your visit, the URLs of clickstream to, through and from our website, the products you viewed and searched, any download errors, the amount of time you stayed on certain pages and the interaction between pages. | We rely on your consent. | We keep your data for up to 25 months. | When you visit our website, we use different technologies, like cookies, to collect data. What are cookies? Cookies are small text files that a website asks your browser to save on your device when you visit. They help the website remember things about you, like your preferred language, so your experience is smoother the next time you visit. It also tracks how you use our website and share this information with us. You have control over your data and you can learn more about cookies or withdraw your consent at any time in our Cookie Policy. If you consent to analytics cookies when you visit www.Ledger.com, we review your interactions on our website in a manner that allows us to analyse user sessions. This includes things like clicks, mouse movements, and scrolling. We anonymize any keystrokes and the content of the pages you visit. These reports help us fix bugs and improve the user experience. To follow sanctions laws, we also check users’ IP addresses to make sure they aren’t located in co |
| To send generic or personalised marketing emails on our latest developments and promotions (including Ledger newsletter) | We collect: Your email address, your language, logs (email sent/opened, timestamp) | We rely on your consent. | We keep your data for 25 months from the last contact. | Users can unsubscribe at any time by clicking the ‘Unsubscribe’ link in the footer of any email you receive. |
Please note:When you order products on our website, we are legally required to keep some of that information for 10 years to meet accounting rules. Don’t worry, this data is securely archived with very limited access.
You contact our customer service or engage with us on social media
| Why do we collect your data? | Which data do we collect? | Which legal ground do we rely on? | For how long do we keep your data? | More details |
|---|---|---|---|---|
| To respond to your customer support requests (including answering questions and handling product replacements) | We collect: Your name, your email and postal addresses, your telephone number, the content of your message, your ID document (if needed). | We rely on our legitimate interest. | We keep your data for 5 years for litigation purposes. Your data is archived 3 months after the request is closed. | |
| To protect our agents by blocking customers who behave inappropriately during communications | We collect: Your IP address, the content of your message. | We rely on our legitimate interest. | We keep the data up to 6 months for blacklisted customers and 7 days for all other customers. | |
| To improve our services and processes (optional customer satisfaction surveys) | We collect: Your email address, your country, the order ID, the type of product you ordered, the order date, your answers to the survey. | We rely on our legitimate interest. | We keep your data for 7 days. | |
| To interact with you on social media, including to reply to your questions or comments on our social pages (This includes: Facebook, Instagram, X, Reddit, Discord, Linkedin, YouTube and TikTok) or third-party websites | We collect: Your username, your profile picture, your posts. | We rely on our legitimate interest. | We keep your data for 1 year. | To better understand how people see our brand, we also collect data from social media accounts that mention Ledger, this is called social listening. We only collect this data through the official APIs provided by each social media platform. |
You are a member of the Ledger affiliate program
| Why do we collect your data? | Which data do we collect? | Which legal ground do we rely on? | For how long do we keep your data? | More details |
|---|---|---|---|---|
| To manage our business relationship (program management, remuneration and notifications) | We collect: Your name, your email address, your BTC address, your ID document, your company name, your company’s registration document, the intra-community VAT number, your affiliate ID, the proof of residence (where required), the traffic source, the content shared (website, URL). | We rely on the Terms & Conditions you accepted when you signed up for the program. | We keep your data for 10 years to comply with our legal obligations. Your data is archived 2 years after the last reward. | |
| To prevent fraud and measure the performance of the program | We collect: Your affiliate ID, your YouTube page and video title, your channel name and ID. | We rely on the Terms & Conditions you accepted when you signed up for the program. | We keep your data for 6 months. |
You are an Enterprise customer, a Ledger reseller or a user of our co-branding services
| Why do we collect your data? | Which data do we collect? | Which legal ground do we rely on? | For how long do we keep your data? | More details |
|---|---|---|---|---|
| To process your request for information on our website | We collect: Your name, your company name, your title/role, your email address, your telephone number, your country. | We rely on our legitimate interest. | We keep your data for 3 years from the last contact. | |
| To manage your orders (including contract management, invoicing and payments) | We collect: Your name, your company name, your title/role, your email address, your telephone number, your country, your billing information | We rely on the Terms & Conditions you accepted when you bought our products or subscribed to our services. | We keep your data for 10 years to comply with our legal obligations. Your data is archived 12 months after the end of the Enterprise contract, or after the order date for resellers and co-branding services. |
With whom do we share your data?
We share your data with third-parties in specific situations:
- When it is necessary for us to deliver our services. In that case, we can share your data with:
-
- Technical service providers when they help with the delivery of our services (for example, shipping, emailing and data hosting providers).
- Ledger subsidiaries, only if they assist in providing our services.
- Professional advisers, including legal counsels, auditors, or insurance providers, only if it is important to our business.
- Companies involved in a business transfer: if we are involved in a merger, acquisition, or sale of assets, we can share your data as part of that process.
- When it is necessary for Third-Party Services providers to deliver their services through Ledger Wallet. Some features in Ledger Wallet, like buying, selling or swapping crypto, rely on external providers who need some data to operate.
- When the law requires it. We may share your data to comply with legal obligations or to defend ourselves before public authorities and legal bodies, including law enforcement agencies.
- When you consent to cookies. If you accept cookies on our website, we can share your data with advertising partners to show you personalized content. You can find more details in our Cookie Policy.
Please note:We do not sell your data to anyone. We don’t link the information you provide when ordering a product on our website to your wallet address, let alone to your transaction history. So, if law enforcement asks for details about a specific transaction, we have no information to share.
Where do we store your data?
We usually store your data in France or within the European Economic Area (EEA). However, sometimes we may need to transfer it outside the EEA, for example, if a technical or Third-Party Service provider is based in another country.
When this happens, we make sure your data stays protected. We only transfer it:
- To countries that offer a similar level of protection as the EU,
- Or we require our partners to sign the European Commission’s Standard Contractual Clauses to make sure that they offer a strong level of protection.
How do we keep your data safe?
We take your privacy seriously and do everything we take to keep your data secure. We use a mix of strong technical tools and strict internal processes to protect your information:
- All data is encrypted when it’s sent or stored.
- We run security checks and intrusion tests with independent experts.
- We limit access with role-based permissions and use two-factor authentication for internal teams.
- We run regular audits of companies that host our data.
- We monitor our systems constantly for suspicious activity.
- Our teams go through security training and awareness programs.
- We follow industry standards to assess and maintain the right level of protection.
- We use data back ups and redundancy to stay resilient, even in case of an emergency.
That said, no online system is 100% secure. While we do our best, remember that sending data over the Internet always carries some risks.
Please note:As a provider of non-custodial services, we do not store or have access to your crypto assets, PIN code, private key, or recovery phrase. This means you are solely responsible for keeping that information secure and confidential. Non-custodial means that we do not hold or manage your crypto assets for you. You stay in full control of your private keys and funds at all times.
Your rights
You have rights when it comes to your personal data, and we want you to know what they are so you can exercise them easily.
To exercise your data rights or ask a question about how we handle your data, you can contact our Data Protection Officer here. We will never discriminate against you for exercising your rights.
Under certain conditions, you can:
- Ask for a copy of your data.
- Ask that we correct your data when inaccurate.
- Ask that we delete your data. We will delete all your data, unless we have to retain it to respect our legal obligations (e.g. accounting).
- Object to the processing of your data. We will stop processing your data.
- Ask that we restrict the processing of your data. This includes asking us to stop any automatic deletion of your data.
- Withdraw your consent. Here is how:
- For cookies: click on the button at the bottom of our Cookie Policy.
- For marketing emails: click on the ‘Unsubscribe’ link in the footer of our emails.
- For Ledger Wallet: go to the settings of the application,
- For push notifications: go to the settings of your phone.
We respond to all legitimate requests within one month. If you’re not satisfied with our response, you can complain to your national data protection authority. For instance, in France, it’s the CNIL.