Privacy Policy
Last modified: February 20, 2024
Introduction
Kresus Labs, Inc. (“Kresus” or “We”) respect your privacy and are committed to protecting it. This Privacy Policy (the “Policy”) describes the types of Personal Data we may collect or that you may provide in connection with your access or use the Kresus website, kresus.com (the “Website”), the Kresus SuperApp (the “App”) and any other websites or apps that link to this Policy (jointly, the “Services”) and how we process your Personal Data. This Policy also explains your rights and choices about how we use your Personal Data, including how you can access or update certain information about you. Beyond the Privacy Policy, your use of our Services and Website is also subject to our Terms and Conditions.
In this Policy, “Personal Data” means any information relating to an identified or identifiable individual, such as an individual’s name, address, telephone number, or email address.
Personal Data We Collect
We collect the following Personal Data from or about you or your devices from various sources, for the following purposes and based on the legal basis indicated below.
In some cases, we need to collect your Personal Data to provide you with our Services. In these cases, if you choose not to provide the requested Information, you may not be able to use our Services. We will tell you if providing the Personal Data is required by law or under a contract and what are the consequences of failing to provide it.
1. Information You Provide to Us
Account Information. When you set up an account to use our Services, including when you set up an account in order to act as a guardian or trustee of another user, we may ask you to provide your Personal Data such as your name, company name, email address, telephone number, postal address, Kresus username and PIN code, security questions and answers.
Biometric Authentication Information . When you set up an account to use our Services, we may ask to use your device’s FaceID or TouchID or use a third-party identity verification service. In connection with verifying your identity, our third-party verification partners (i.e.,Verisoul) may collect certain biometric information and biometric identifiers, such as your fingerprints and facial scans, and your government ID picture . When you register to use our premium Services, we may ask you to set up advanced biometric authentication so you can recover or block your account even if you lose your device. Our third-party verification partners will obtain your express consent for the collection, use, and sharing of such information.
Profile Information. When you sign up for our Services, you may indicate how you intend to use the Services (e.g., personal, professional use), and you may choose to include some information in your profile, such as your picture, bio, social media handles or website URL. You may also choose to give us access to your contact list so we can tell you if any of your contacts also has an account with us.
Payment Information. When you register to use our premium Services, purchase Kresus Vault Credits, or otherwise initiate a transaction using our Services, your app store or payment provider may collect your payment details such as your name, email, billing address, credit/debit card or banking information or other financial information.
Transactions. When you conduct a transaction using our Services, we collect information such as your account information, wallet details, balance, transaction ID and information about the asset which you are trading.
Communications. If you contact us directly or express interest in using our services, we collect Personal Data including your name, email address, the contents of a message or attachments that you may send to us, and other information you choose to provide. If you subscribe to our newsletter, then we will collect Personal Data from you, such as your name and email address. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.
2. Personal Data We Collect Automatically
Location Information. When you use our Services, we infer your general location information, for example by using your internet protocol (IP) address.
Usage Details. When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, ogs, and other communication data and information about the content you view, the actions you take or the features with which you interact when you are using the Services.
Device Information. We may collect information about your mobile device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number.
Information from Cookies and Similar Technologies. We and our third-party partners collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters. Where the term “Cookies” is used in this Policy, this includes both cookies and similar technologies. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. The information collected via Cookies may include information such as unique identifiers, system information, your IP address, web browser, device type, and the web pages that you visit just before or just after you use the Services, as well as information about your interactions with the Services, such as the date and time of your visit, and where you have clicked.
- Strictly Necessary Cookies. Some Cookies are strictly necessary to make our Services available to you, for example, to provide login functionality or to identify bots who try to access our website. We cannot provide you with the Services without this type of Cookie.
- We also use Cookies for website and app analytics purposes in order to operate, maintain, and improve our Services. We may use our own analytics Cookies or use third-party analytics providers to collect and process certain analytics data on our behalf. In particular, we use Google Analytics to collect and process certain analytics data on our behalf. Google Analytics helps us understand how you engage with our Services. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/.
- Marketing Cookies. We and our third-party partners use Cookies to help us and our advertisers show you relevant advertising, as well as to present ads to you on sites that are not owned or operated by us to promote our services, articles or events. The cookies are used to make advertising messages more relevant to you and your interests. They also perform functions like preventing the same ad from continuously re-appearing.
3. Personal Data We Receive from Third-Parties
Contact details. When one of our users decides to invite you to use the Kresus app, or appoints you as trustee or guardian, we collect Personal Data about you, such as your name, email address or telephone number.
How We Use Your Personal Data
Depending on the country in which you are located, we will only process your Personal Data based on a valid legal ground. The table below describes the purposes for which we process your Personal Data and the legal grounds.
Purpose | Description | Legal ground (where required under applicable law) |
---|---|---|
Providing the services | We may process your Personal Data to provide our Services to you | The processing is necessary for entering into, or performance of a contract to which you are a party |
Verifying your identity | We may process your Personal Data to authenticate you and verify your identity to keep your account secure | The processing is necessary for entering into, or performance of a contract to which you are a party. Where required by applicable law, we will only collect your government identification information or biometric data if you have provided your consent |
Communicating with you | We may process your Personal Data to communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to your comments and questions, and otherwise provide customer support | The processing is necessary for entering into, or performance of a contract to which you are a party |
Marketing and advertising | We may process your Personal Data for marketing and advertising purposes, such as developing and providing promotional and advertising materials that may be relevant, valuable or otherwise of interest to you | We, or a third party, have a legitimate interest in marketing and advertising our products and services. Where required by applicable law, we will only send you marketing communications with your consent |
Billing and accounting | We may process your Personal Data to handle any payments from you or to you as described in the applicable Terms of Service, including keeping records of payments | The processing is necessary for entering into, or performance of a contract to which you are a party |
Preventing fraud | We may process your Personal Data to protect against and prevent fraud, and protect against malicious, deceptive, fraudulent, or illegal activity, including to prosecute those responsible for such activity | We, or a third party, have a legitimate interest in using your Personal Data for the purpose of protecting against and preventing fraud |
Safety | We may process your Personal Data to safeguard our platform and services, and to ensure security and safety | We, or a third party, have a legitimate interest in using your Personal Data for the purpose of ensuring security and safety |
Providing technical support | We use Personal Data to provide technical support, including diagnosing and resolving any issues you report | The processing is necessary for entering into, or performance of a contract to which you are a party |
Understanding usage | We may process your Personal Data to understand the usage of our Services, to understand trends and preferences, to improve and repair errors in the services, and to develop new products, services, features, and functionalities | We, or a third party, have a legitimate interest in using your Personal Data for the purpose of understanding usage of our Services |
Aggregated Data Generation | We may process your Personal Data to generate anonymized or aggregate data that we may use for any lawful purposes such as to publish reports | We, or a third party, have a legitimate interest in using your Personal Data for the purpose of generating anonymized or aggregate data |
Administrative and legal | We may use your Personal Data to address any administrative or legal issues pertaining to ElevenLabs, including but not limited to intellectual property infringement, defamation, rights of privacy issues, to enforce our Terms of Service, or as necessary to establish, exercise or defend our legal rights | We, or a third party, have a legitimate interest in using your Personal Data for the purpose of addressing administrative and legal issues |
Compliance | We may process your Personal Data for compliance with legal obligations to which we are subject, for instance to comply with accounting and tax rules, or as mandated by a court order, judicial process or governmental agency | We need it to comply with a legal obligation, for instance to comply with a court order |
Other purposes | If we intend to use your Personal Data for other purposes, we will provide specific notice at the time the Personal Data is collected | Please consult the relevant specific notice |
Disclosure of Your Personal Data
We may disclose your Personal Data:
- To our subsidiaries and affiliates, or to any current or future companies which form part of our corporate group.
- To contractors, service providers, and other third parties we use to support our business (including third-parties we rely on to conduct and verify transactions in crypto assets) such as: advertising networks, customer relationship management platforms, digital trading platforms, financial services companies (including Ramp; please note that through our use of Ramp, we may collect, use, and disclose your account balance, transaction history, bank account information, and other data or information that identifies or can be used to identify you), fraud protection providers, web3 wallets (including Magic), messaging applications and automated messaging platforms (including Customer.io), mobile application platforms, payment processors, , technology providers, , and your bank.
- To other users at your request, for instance if you decide to appoint a trustee or guardian.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kresus’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Kresus about our Services’ users is among the assets transferred.
- With your consent.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce our rights arising from any contracts entered into between you and us, including our Terms and Conditions, and for billing and collection.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Kresus, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.
Your Rights and Choices
You can review and change your Personal Data by logging into the App and visiting your account profile page.
You may also send us an email at legal@kresus.com to request access to, correct, or delete any Personal Data that you have provided to us. We cannot delete your Personal Data except by also deleting your user account. Please note that if you delete your account, your account and wallet will be deleted within thirty days.
We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Do Not Track. We do not respond to Do-Not-Track signals at this time; however, we have enabled mechanisms to provide you with the following control over your information:
Tracking Technologies. You can set your browser or device to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies or block the use of other tracking technologies, some parts of the Services may then be inaccessible or not function properly.
Targeted Advertising. Third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads (including ads served using non-cookie technologies) from members of the NAI on the NAI’s website, available at: https://optout.networkadvertising.org/?c=1. You can also visit the Digital Advertising Alliance’s website, available at https://youradchoices.com/, to use its Consumer Choice Tools.
Google Analytics Opt-out. To opt-out from Google’s use of information collected on the Services through Cookies for advertising purposes, you can download the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or via Google’s Ads Settings or Ad Settings for mobile apps. Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: legal@kresus.com. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Your European Privacy Rights
If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”) or Switzerland (jointly, “Europe”), you may have additional rights as described below:
- You may request access to and receive information about the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, restrict or object to the processing of your Personal Data, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Data to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place.
- You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time, and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdraw your consent.
You may exercise these rights by contacting us by email at legal@kresus.com. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that applicable law may provide for exceptions and limitations to each of these rights.
Your Canadian Privacy Rights
Kresus and its data servers are located in the United States.
Sending personal information outside of Canadian borders may increase the risk of disclosure of information because the laws in the destination country dealing with protection of information may not be as strict as in Canada. By agreeing to this Privacy Policy, you consent to allow your personal information to be transferred outside of Canada to Kresus and the parties noted in the Disclosure of Your Information section for processing in the United States in order that we may provide you with the services requested.
Subject to applicable law, you may have the right to access your personal information (including the right to access your personal information in an electronic format and the right to an account of the use that has been made or is being made of the personal information and the third parties to which it has been disclosed), or update or correct your personal information (including, where applicable, the right to obtain deletion of any personal information collected otherwise than according to law), at any time upon request. If you have provided your consent to the processing of your personal information, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
If you have any questions or complaints about this Privacy Policy or the handling of your personal information, if you wish to decline to have your personal information collected, used, or disclosed for the purposes set forth in this Privacy Policy or to withdraw your consent to our use of your personal information, or if you would like to request access to, deletion of, or update to any personal information we have on file, please contact: [insert privacy officer name and contact information]. Where applicable, you may also contact the privacy officer to obtain information about Kresus’ policies and practices with respect to service providers outside Canada.
Subject to applicable law, you may also direct complaints to the privacy commissioner of the jurisdiction in which you reside or other applicable supervisory authority.
Data Security
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your Personal Data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.
International Data Transfers
Our Services are hosted in the United States (“U.S.”). If you choose to use our Services from a different jurisdiction, you are transferring your Personal Data outside of your jurisdiction and into the U.S. for storage and processing. Please note that the data protection laws in your jurisdiction may be different from the laws applicable in the U.S.
If you are located in Europe, we transfer your Personal Data outside of Europe to other countries, including to the U.S. We apply appropriate protections when we transfer your Personal Data to such countries, including by transferring Personal Data to countries which have been found to provide adequate protection by the competent authorities as appropriate (e.g., see the list of countries subject to an adequacy decision by the European Commission here), using contractual protections for the transfer of Personal Data, or transferring to recipients who have adopted binding corporate rules. For more information about how we transfer outside Europe, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us using the contact details indicated in the “Contact Information” section below.
Children
The Services are not intended for children as defined under applicable law, and we do not knowingly collect Personal Data from children. If we learn we have collected or received Personal Data from a child, we will delete that information. If you believe we might have any information from or about a child, please contact us at legal@kresus.com.
Retention
We take measures to delete your Personal Data or keep it in a form that does not permit identifying you when your Personal Data is no longer necessary for the purposes for which we process it unless we are required by law to keep your Personal Data for a longer period. When determining the specific retention period, we consider various factors, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the statute of limitations.
Changes to Our Privacy Policy
We may update our privacy policy from time to time. If we make material changes to how we treat our users’ Personal Data, we will post the new privacy policy on this page with a notice that the privacy policy has been updated and an in-App alert the first time you use the Services after we make the change. (GDPR).
The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting this privacy policy to check for any changes.
Contact Information
Kresus is the controller or entity responsible for processing your Personal Data. To ask questions or comment about this privacy policy and our privacy practices, contact us at:
Kresus Labs, Inc.
4 Funston Ave, San Francisco, California, United States
legal@kresus.com