Inky Privacy Notice

1. Information We Collect

1.1. Information We Collect Automatically

When you interact with our Wallet, we collect certain information about your usage as below. Please note that we utilize Cloudflare for caching and malicious traffic protection.

• Sanctioned Country IP Addresses: We automatically collect Internet Protocol (IP) addresses from users located in sanctioned countries as identified and blocked by Cloudflare for compliance reasons. All other IP addresses are not stored by our Wallet, and the relevant logs are deleted by Cloudflare within 7 days.
• Crypto Addresses: In order to provide balances and transactions we log crypto addresses of all users who use the Wallet.
• Wallet activity: we collect on-chain activity (e.g. swaps, volumes, PnL) to assign points or rewards in-app.
• Referral and Deeplinking Metadata: We collect information on how you share the Wallet with others (e.g. referral links, PnL snapshots), and the resulting engagement, to assess growth and virality.
• IP Address Debugging: We temporarily log IP addresses from all users for app performance monitoring and debugging. These logs are not retained beyond the timeframe necessary to ensure the app's integrity.

1.2 Information You Provide to Us

• Email address: This may be used for transactional messages, or marketing, depending on your preferences.
• Username: This is used for social and gamification features (e.g. leaderboards, referral tracking).

If you reach out to us for support purposes, we will process the information you share to provide you support.

1.3 Third-Party Authentication

If you sign in using Apple, Google, or similar providers, certain device-level data and identifiers may be shared by these providers. We do not store your private keys—your wallet keys are managed by you via our vendor, Dynamic Labs.

1.4 Information We Do Not Collect

As part of our services we do not collect certain sensitive personal data such as biometric identifiers. We also do not collect your real name, government-issued identification, or payment card information.

2. How We Use Your Information

The information we collect is used in the following ways:

• To operate and improve our Wallet: we use our own proprietary Application Programming Interface (API) to power the Wallet for balances, transactions, and broadcasting transactions.
• For compliance: we collect and log IP addresses from sanctioned countries to adhere to global compliance requirements.
• For support: we will process the information you share through our support channels to provide you support.
• For referral and reward functionality: On-chain activity, deeplinks, and shared content (e.g., PnL stats) are used to assess eligibility for rewards, referral benefits, and gamified features.
• For marketing (optional): If you opt in, we may use your email address to send you product updates or promotional content.

Our lawful bases for using your personal data are:

• To provide services to you in accordance the contractual Terms and Conditions of Ink Wallet
• To comply with our legal obligations, in particular our obligations in respect of anti-money laundering, crime and fraud prevention laws
• For our legitimate interests, in particular our legitimate interest in ensuring effective provision of services to users, including support services.

We do not share or sell your personal data with third parties, except and to the extent we do so on a contractual basis for services used to operate your Wallet.

3. How We Protect and Store Your Information

We have implemented suitable technical and organizational measures to protect the security of your information. These measures are continually improved in line with technological advancements to ensure there is no unauthorized access.

4. Disclosure of Your Information

We may disclose your personal data to other Kraken Group entities and third-party service providers where necessary to operate the Wallet, provide support services, or meet our legal obligations. Such disclosures will be handled in accordance with this Privacy Notice and Kraken's Privacy Notice, which sets out our broader data governance practices.

As part of delivering the Wallet service, we may share your personal data with:

• Other members of the Kraken company group for internal administrative, support, or compliance purposes;
• Third-party service providers, including:
  • Dynamic Labs, our wallet infrastructure provider, which facilitates wallet key generation and secure storage. We do not access or store your private keys;
  • Zendesk, which powers our support ticketing system;
  • Cloudflare, for caching and malicious traffic protection.

If we disclose your personal data to third-party service providers or business partners, whether to perform services requested by users or to comply with regulatory obligations, those providers may store your data within their own systems. We require them to protect the confidentiality of your personal data and to comply with applicable privacy and data protection laws.

We may also disclose personal data:

• Where legally compelled to do so, including to government agencies, law enforcement, courts, or regulators in response to valid legal process or binding orders;
• To comply with applicable sanctions regimes (e.g., for IP addresses from sanctioned countries);
• To protect our rights, users, or systems from harm or abuse.

5. Where we store your personal data

Our operations are supported by a network of computers, servers, other infrastructure and information technology, and third-party service providers. We and our third-party service providers and business partners store and process your personal data in the European Union, the United States of America and elsewhere in the world. Courts, law enforcement and security agencies of these jurisdictions may be able to use legal processes to access your personal data.

6. International Transfers of Personal Data

We may transfer your personal data outside your home jurisdiction. Transfers outside of your home jurisdiction are done in accordance with lawful transfer mechanisms.

For example, we may rely on an 'adequacy decision' to transfer personal data to a country which has been found by the European Commission to have an essentially equivalent standard of data protection to the EEA. You can see a list of such countries here. We may also rely on additional international transfer mechanisms, including your consent, compliance with legal or regulatory obligations, execution of agreements, or Standard Contractual Clauses.

7. Privacy When Using Digital Assets and Blockchains

Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.

As blockchains are decentralized or third-party networks which are not controlled or operated by Kraken, we are not able to erase, modify, or alter personal data on such networks.

8. Changes to This Privacy Notice

We may update our privacy notice from time to time, and recommend that you review this privacy notice periodically for any changes. Updates to this privacy notice are effective when they are posted on this page.

9. Who We Are and How to Contact Us

You are contracting with Payward Wallet LLC, c/o The Corporation Trust Company, 1209 Orange Street, Wilmington, DE 19801

If you have any questions about this privacy notice or our data handling practices, please contact us here.

10. Our products and services are not available to children

Our products and services are not directed to persons under the age of 18 (herein, "Children", "Child") and we do not knowingly collect personal data from children.

If we learn that we have inadvertently processed personal data from a child, we will take legally permissible measures to remove that data from our records. We will require the child user to close his or her account and will not allow the use of our products and services. If you are a parent or guardian of a child, and you become aware that a child has provided personal data to us, please contact us here.

11. Your Rights Regarding Your Information

Depending on where you are located, you may be able exercise data subject rights in relation to your personal data. These rights include, access, rectification, erasure, restriction of processing, objection, automated decision-making and profiling, and withdrawal of consent.

If you would like to exercise any rights available to you, please contact us here.

You also have the right to complain to a competent data protection authority - see below. We ask that you first contact us here to give us an opportunity to address any concerns.

12. Data Protection Authorities

If you are not satisfied with our response to your complaint, you have the right to submit a complaint to a competent data protection authority. Examples of data protection authorities include but are not limited to: