Trinity Wallet App - Privacy Policy

General Information

This privacy policy ( "App Privacy Policy" ) describes how IOTA Foundation ( ''IOTA Foundation " , ''we'' , ''us'' , ''our'' ) collects, and process your Personal Data in connection with the usage of the "Trinity Wallet App".

This App Privacy Policy is dedicated to users of the Trinity Wallet App. If you would like to know more about how IOTA Foundation processes Personal Data (as defined below) collected and processed in connection with other services and activities of IOTA Foundation, please see IOTA Foundation's general Privacy Policy.

Please read our App Privacy Policy carefully to get a clear understanding of how we handle your Personal Data when collected through the Trinity Wallet App.

What is Personal Data

" Personal Data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

How we collect Personal Data

If you install and use the Trinity Wallet App on your phone, the IOTA Foundation may collect and process Personal Data required for the operation of the App and management and fulfilment of the App services.

Further, the IOTA Foundation may collect and process Personal Data like your email address or phone number when:

  • you provide such Personal Data to IOTA Foundation to enable email notifications or
  • you contact IOTA Foundation, or request that IOTA Foundation contacts you, for any reason, or
  • you submit your Personal Data to IOTA Foundation for any reason.

If you enable email notifications, IOTA Foundation could store your email address on its servers.

Which Personal Data do we collect

It is crucial to note that private keys of the users are never transmitted to the IOTA Foundation, so it is not possible for the IOTA Foundation to access a user's crypto assets in any case.

The IOTA Foundation keeps access logs to our servers, which may contain IP address, time and access details.

We may collect information relating to the general use of the Trinity Wallet App such as errors, log information concerning any errors encountered in the Trinity Wallet App and other related information relevant to IOTA Foundation's provision of the services, for the purpose of administration and error analysis to help IOTA Foundation improve its services.

Purpose of processing of Personal Data

We process the Personal Data in order to enable the operation and use of the Trinity Wallet App as well as for the administration and management of the Trinity Wallet App and the services offered via it.

Lawful basis for processing of Personal Data

In processing your Personal Data in connection with the purposes set out in this App Privacy Policy, we may rely on one or more of the following legal bases, depending on the circumstances:

  • we have obtained your explicit prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way);
  • the processing is necessary in connection with any contractual relationship that you may enter into with us;
  • the processing is required by applicable law;
  • the processing is necessary to protect the vital interests of any individual; or
  • we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.

Use of cookies

We use cookies to improve your user experience when you access the Trinity Wallet App. The cookies we use do not require your consent, as they are only:

  • user input cookies (session-id) such as first party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases;
  • authentication cookies, to identify the user once he has logged in, for the duration of a session;
  • user centric security cookies, used to detect authentification abuses, for a limited persistent duration;
  • multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session;
  • load balancing cookies, for the duration of a session;
  • user interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer);
  • third party social plug in content sharing cookies, for logged in members of a social network.

You may reject the setting of cookies by adjusting the relevant settings within your browser at any time.

How we protect and store Personal Data

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  • pseudonymisation and encryption of Personal Data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
  • a process for regular testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

How we share and disclose Personal Data

In order to properly operate the Trinity Wallet App and to be able to provide you the services offered via the Trinity Wallet App, we use the following analytics software:

Bugsnag

We use Bugsnag of Bugsnag Inc. 939 Harrison St, San Francisco, CA 94107, USA ("Bugsnag") to collect crash and error logs that occur while a user is using the app. When an error occurs the unique identifier in an anonymized form and information about your settings will be transferred to Bugsnag. Further information you can find under http://docs.bugsnag.com/legal/privacy-policy.

Google SafetyNet Attestation API

We use Google SafetyNet Attestation API of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google SafetyNet"). Google SafetyNet provides device attestation to protect the app. It is used to check if an Android device is rooted, modified, or otherwise compromised. Hardware and software information, such as device and application data and the results of integrity checks are sent to Google where it is matched against a database of devices that have passed the Android Compatibility Test Suite. The data is sent directly to Google. Further information you can find under https://policies.google.com/privacy.

Data Processors

When we are involving data processors into the performance of our services and contractual obligations and such involvement requires the sharing of Personal Data, we have entered with the data processors into data processing agreements according to Art. 28 of the European General Data Protection Regulation 2016/679 ( "GDPR" ) and, as far as required, further appropriate safeguards according to Art. 46-49 GDPR. The list of data processors to which we disclose your Personal Data can be requested by e-mail to privacy@iota.org

Please note that IOTA Foundation may collect your Personal Data directly from the country where you are based and stores it on servers in Europe and the United States of America. For the USA there does not exist an adequacy decision by the European Commission, guaranteeing an adequate data privacy level. Therefore IOTA Foundation has implemented appropriate safeguards to protect your Personal Data in the USA. A copy of the safeguards may be obtained by e-mail to privacy@iota.org

Processing of your sensitive Personal Data

We do not seek to collect or otherwise process your sensitive Personal Data, except where:

  • the processing is required or permitted by applicable law;
  • the processing is necessary for the establishment, exercise or defence of legal rights; or
  • we have, in accordance with applicable law, obtained your explicit consent prior to processing your sensitive Personal Data (as above, this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).

Consequences in case we may not collect your Personal Data

We need your Personal Data to enable your use of the Trinity Wallet App and to provide you with the services offered via the Trinity Wallet App in order to perform our contractual obligations towards you. Without providing such Personal Data, we may not be able to provide you the services you are intending to receive.

Consent and withdrawal

Any consent is provided freely. If you give your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After your withdrawal we will stop processing your Personal Data, including storage, unless further data processing is required and legally permitted. This paragraph is only relevant for processing that is entirely voluntary – it does not apply for processing that is necessary or obligatory in any way, as is for example the case with regard to Personal Data required for the installation and the operation of the Trinity Wallet App.

To withdraw your consent, please send us an e-mail to privacy@iota.orgor a letter to IOTA Foundation, c/o Nextland, Strassburgerstr. 55, 10405 Berlin.

When we erase your Personal Data

We erase your Personal Data automatically when they are no longer required for the purposes listed above. We also erase your Personal Data according to your request and if further storage is neither required nor permitted by applicable laws.

Your rights related to data privacy

You have the right to request access to and rectification or erasure of your Personal Data, or restriction of their processing. Furthermore, you have the right to object to processing as well as to request data portability. If you are in the EU you have the right to file a complaint to the Berlin Data Protection Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

You have the right to obtain from us the information as to whether Personal Data concerning you are being processed, the purpose of the processing and the categories of Personal Data concerned.

A copy of the Personal Data undergoing processing can be requested.

Our contact information, data controller

If you have a direct business relationship with us, we are a data controller according to Art. 4 para. 7 GDPR. For any requests, you can contact us as follows:

IOTA Foundation, c/o Nextland, Strassburgerstr. 55, 10405 Berlin.

privacy@iota.org

You can contact our data privacy officer as follows:

privacy@iota.org

Changes to the App Privacy Policy

This Trinity Wallet App Privacy Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We encourage you to read this Privacy Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Privacy Policy. Your continued use of our services or website constitutes your agreement to be bound by this Privacy Policy, as amended or updated from time to time.

Questions

If you have any questions regarding this Privacy Policy, please contact us at privacy@iota.org.