This policy sets out:
- the information we collect about you when you visit our website, use our products or services, or otherwise interact with us;
- how we use, share, store, and secure the information; and
- how you may access and control the information.
In this policy, “
Zippie”, “
we” or “
us” refers to
DLT Technologies Pte. Ltd or other companies within the same group and “
Platform” means our Decentralized Identity integrated by applications for onboarding, signing and other related features to their users as well as the services provided through our Platform (“Services”). Our website at zippie.com is referred to as our “Sites” and are covered by our
Site Privacy Policy and
Site Terms and Conditions. Please note that use of Decentralized Identity Platform and Services are covered by our
Terms of Services and our
Licensing Policy. Any use of the Platform and Services are subject to acceptance of this Platform Privacy Policy.
In this policy, “
personal information” refers to any data, information, or combination of data and information that is provided by you to us, or through your use of our Platform and Services, that relates to an identifiable or unidentifiable individual.
-
What information we collect about you
-
We may store and collect the following types of information about you:
-
Information stored or processed decentralised in encrypted form which we do not have access to read:
- Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example username or similar identifier data, this may include biometric data for identification (collectively, “Identification Data”); and
- Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example password or similar login data, this may include biometric data for account access (collectively, “Authentication Data”); and
- Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example your email address, telephone numbers(s) or other contact information you provide (collectively, “Contact Data”); and
- Information that you may voluntarily add when you sign up for or during the use of our Platform and Services, for example your name, other personal description, and other information provided as well as public keys stored in your private storage. (collectively, “Account Data”); and
- Based on our remote decryption service we store your private key on our servers and on decentralized node servers in encrypted form. Such private keys are fully encrypted with only you able to access the encryption key after authenticating as the user. We never have access to your private key in non-encrypted form and its never shared with any application (collectively, “Signing Data”).
-
Information collected and/or processed by us:
- We access information about your device or connection, for example your internet protocol (IP) address and location data when you first sign up for our Platform and Services. We do not store this information, and only use this for enabling you to access localized content. You can later change this preference in the settings (collectively, “Technical Data”);
- information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, “Support Data”);
- content you provide through use of our products or services and give us specific consent to access or share (collectively, “User Content”);
- communication, and other preferences that you set when you set up your account or profile, or when you participate in any communication with us (collectively, “Preference Data”); and
- We may collect user numbers and service-related, diagnostic, and performance information (“Metrics and Performance Data”).
-
Information we get from others / communication with others.
- If you use your account to access and application send a message to or engage in a transaction with another user or third party, that user will have access to your message content or transaction information, respectively. We have no control over how users or applications with whom you interact store or use your information, on or off of our Services. We, will never have access to your underlying data or store your transaction information (collectively, “Transaction Data”).
- We collect the above information in anonymized form when you provide it to us or when you use our Services or visit our Platform.
- We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, health, or sexual orientation.
-
How we use information we collect
-
We do not access your information in unencrypted form which limits our use of your information. If you have explicitly agreed to share any Account Information with us in non-encrypted form we only use your personal information where the law allows us to. We use your personal information only where:
- we need to perform the contract we have entered into (or are about to enter into) with you, including to operate our Platform and Services, to provide support and to protect the safety and security of our Platform and Services;
- you've given us consent to do so for a specific purpose and may be rewarded for this, for example when you use our market place or other rewarding services with your explicit permission; or
- we need to comply with a legal or regulatory obligation.
- If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by accessing your account and removing the information, but please note this will not affect any use or sharing of your information that has already taken place.
- We do not share your personal information with any company outside our group for marketing purpose, unless with your express specific consent to do so.
- For users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Bases Table at the end of this policy.
-
How we share information we collect
- We share information in encrypted format with third partie nodes that help us operate, provide, support, and improve our Platform and Services for example third-party service providers who provide, data storage and backup, infrastructure, and other services. Such providers never have access to any information in unencrypted form.
- Applications using our Platform to provide you a service have access to your personal information only for the purpose of performing their services and in compliance with applicable laws and regulations and any information shared in unencrypted format will always have specific and explicit approval from you to share Account Data or Contact Data. We never share Identification Data, Authentication Data or Signing Data to any Application or Third Party in unencrypted or readable format. We require these third-party service providers and applications to maintain confidentiality and security of all information that they process on our behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity, and availability of your information. When giving explicit approval to share your Account Data or Contact data, please familiarize yourself with the privacy policy of the application you are sharing such data with as this data is shared in unencrypted format.
- We take reasonable steps to confirm that all third-party service providers and applications that we share personal information or encrypted data in the manner provide at least the legally required level of protection, but as we do not guarantee this, please familiarize yourself with their privacy policy and practices before allowing any sharing of information in unencrypted form. Where any third-party provider or application is unable to satisfy our requirements, we will require them to notify us immediately and we will take reasonable steps to prevent or stop non-compliant processing.
- Our Platform may contain links to and is used by third-party websites or applications over which we have no control. If you follow a link to any of these websites or approve sharing of any information with applications, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.
- We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, illegal activities, national security requests or investigations of violations of our Terms. As we do not store or process the information in unencrypted format and do not have access to decrypt your information without your approval, the information we share is mainly in encrypted form.
- If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such transaction. We will notify you if such transaction takes place and inform you of any choices you may have regarding your information.
-
How we store and secure information we collect
- We use decentralized and centralized data hosting and cloud storage service providers such as but not limited to IPFS, Ethereum, AWS and a decentralized node network to host the information we collect.
- For all the data you provide us through the Platform and Services stored in encrypted form, only you hold the encryption key and we are not able to access any of this data or your encryption key. This ensures we are not able to access any of your private information or use this for any purposes and only have access to encrypted data for providing you our Service. Interaction with our Services are encrypted end-to-end, so even if we temporarily store them on our servers, neither we nor any third parties can read them. We have access to temporarily decrypt your Contact Data but only to provide you our services for recovery and login. All Account Data and Contact Data is otherwise only shared to us if you explicitly give us permission for example to support you from our customer service or other reasons specifically approved.
-
We have adopted the following measures to protect the security and integrity of your personal information:
- Information transfers are encrypted using TLS/SSL technology;
- We use industry standard data encryption such as ECIES (Elliptic Curve Integrated Encryption Scheme), AES128-CBC or AES256-CBC and for signatures ECDSA (Elliptic Curve Digital Signature Algorithm).
- access to any information is restricted so we do not have access to decrypt information stored in encrypted form and other very limited information processed is limited to personnel or service providers on a strictly need-to-know basis such as Contact Data for performing OTP authentication or initiate recovery, who will only process your information on our instructions and who are subject to a duty of confidentiality and does not store the data; and
- our information collection, storage, and processing practices are reviewed regularly.
- We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure. Most of the information is encrypted already in your browser and therefore only transferred over the internet in encrypted form.
- We only retain personal information for so long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. After such time, we will delete or anonymise your information, or if this is not possible, we will securely store your information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy.
-
How you can access, forget or change your information
- To manage, change or delete your information you can do this under the Settings icon on the Platform or in an application. By doing this your information will be forgotten and will not be possible to recover.
- You can delete your Account at any time from settings which will delete your access to our Services and Platform. Before deleting your account make sure you do not need any funds, information or similar data from your account as you will not be able to recover your account once deleted. We do not store your private key and will not be able to help you recover your funds or information if you delete your Account.
-
How we transfer information internationally
- We collect information globally and primarily store information on servers, in the EU (Germany, Ireland, Poland), Switzerland, Hong Kong, USA and encrypted data is stored and processed by our global decentralized node network. We transfer, process, and store your information outside your country of residence where we or our service providers operate for the purpose of providing our products and Services to you.
- Some of the countries in which our companies or service providers are located may not have the privacy and data protection laws that are equivalent to those in your country of residence. When we share information with these companies or service providers, we make use of contractual clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of informatio
-
Your rights
-
You have the right to:
- be informed of what we do with your information;
- request a copy of any unencrypted information we hold about you;
- request a copy of encrypted information when specifying exact identifier for the encrypted information;
- require us to correct any inaccuracy or error in any unencrypted information we hold about you;
- request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure in cases such as but not limited to information stored on a blockchain that cannot be erased, for such information you have the ability to be forgotten);
- withdraw your consent at any time where we are relying on consent to process your information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent).
- Note that any information stored in encrypted form can only be accessed by you and we are therefore unable to make any changes to such information or provide copies in any human readable form.
- Our Platform enables you to update certain information about yourself, for example if you have created an account you may change your personal information by updating your user profile or changing your user settings.
- Any request under paragraph 7.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive.
- We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.
-
Changes to this policy
- We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform and Services after the changes come into effect, you agree to be bound by the revised policy.
-
Policy towards children
- Our products and services are not directed to individuals under 16. We do not knowingly collect personal information from individuals under 16. If we become aware that an individual under 16 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 16.
-
Contact us
- Please contact us at privacy@zippie.com
- Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.
LEGAL BASES TABLE
Processing purpose |
Type of data processed |
Legal basis |
To register your Account on our Platform |
Account Data, Contact Data, Identification Data, Access Data |
To perform our contract with you |
To enable you to use our Platform and Services |
Account Data, Transaction Data, Support Data, Third Party Data, Technical Data [and User Content] |
To perform our contract with you |
To administer and maintain safety and security of our Platform |
Metrics and Performance Data, Technical Data |
To perform our contract with you |
To study usage of our products or services |
Preference Data, Support Data, Metrics and Performance Data |
Legitimate interest to improve our Platform and Services |
To gather feedback on our products, services, or features |
Support Data |
Legitimate interest to improve our Platform and Services |