Grav.id Privacy Policy
Last updated: March 29, 2024,
This privacy policy (“Policy”) describes how Snapbrillia, Inc. DBA Grav.id (“Company”, “we”, “our”, or “us”) collects, uses, shares, and stores personal information of users of its websites https://grav.id (the “Sites”). This Policy applies to the Sites, applications, products, and services (collectively, “Services”) on or in which it is posted, linked, or referenced.
By using the Services, you accept the terms of this Policy and our Terms of Use, and consent to our collection, use, disclosure, and retention of your information as described in this Policy. If you have not done so already, please review our terms of use. The terms of use contain provisions that limit our liability to you and require you to resolve any dispute with us individually, not as part of any class or representative action. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.
WHAT WE COLLECT
We get information about you in a range of ways.
Information You Give Us. Information we collect from you may include:
- Identity information, such as your first name, last name, username or similar identifier, title, date of birth and gender;
- Contact information, such as your postal address, email address and telephone number;
- Profile information, such as your username and password, interests, preferences, feedback and survey responses;
- Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us;
- Financial information, such as your credit card or other payment card details;
- Transaction information, such as details about purchases you make through the Service and billing details;
- Usage information, such as information about how you use the Service and interact with us;
- Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them;
- Financial information, such as bank account number and bank routing number, financial assets holdings, and
- Technical information, such as your crypto wallet addresses, application programming interface (API)-key, and transaction network information.
Information We Get From Others. We may get information about you from other third-party sources, and we may add this to the information we get from your use of the Services. Such information may include:
- Registration using Single Sign-On Account: When registering some user accounts (e.g., with the Grav.id Wallet), you also have the option of using a single sign-on account (“SSO”). With an SSO, you can sign up for various services and platforms with a single account. Some of our Sites currently offer you the opportunity to use the SSO services offered by Google, LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google’s Privacy Policy and Terms of Use apply to registering and using the Google SSO service; see https://policies.google.com/privacy/. Please note that the registration for and the use of SSO services are subject to the Google privacy policy and terms of use, which are beyond our control.
Information Automatically Collected. We may automatically record certain information about how you use our Sites (we refer to this information as “Log Data“). Log Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Sites to which a user browsed and the time spent on those pages or features, the frequency with which a user uses the Sites, search terms, the links on our Sites that a user clicked on or used, and other statistics. We use this information to administer the Service and analyze (and may engage third parties to analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users’ needs and preferences.
We may use cookies, local storage, or similar technologies to analyze trends, administer the Sites, track users’ movements around the Sites, and gather demographic information about our user base. Users can control the use of cookies and local storage at the individual browser level. For more information, please see our Cookies Policy.
Information collected by Tatum. https://grav.id/ (“Grav.id Wallet”) is a product offered by the Company, and https://tatum.io/ (“Tatum”) and Tatum is the default Remote Procedure Call (RPC) provider in Grav.id Wallet. When you use Grav.id Wallet, Tatum, as your default RPC provider, may collect your IP address and crypto wallet addresses when you send a transaction.
Further Information You Give Us Relating to Trinsic. Further information we collect from you in relation to https://trinsic.id/ (the “Trinsic”) and other similar Self-Sovereign Identity Services may include:
- Further identity information, such as your country of birth, nationality, social security number, place of birth, employer, and occupation;
- Passport and/or photo ID for identity verification purposes;
- Information required to comply with anti-money laundering (AML) laws and know-your-customer (KYC) requirements (such as nationality and place of birth);
- Information required to comply with Health Insurance Portability and Accountability Act (HIPPA) laws (such as disclosure consent of health and medical records)
Using Trinsic Connect Services:
When registering some user accounts (e.g., with the Grav.id Wallet) or processing your know-your-customer (KYC), you also have the option of using a Trinsic Connect Services account (“TCS”). With TCS, you can sign up for various services and platforms with a single account or process and store your know-your-customer (KYC) while maintaining agency over your data and your self-sovereign identity. Some of our Sites currently offer you the opportunity to use the TCS services offered by Trinsic. Trinsic’s Privacy Policy and Terms of Use apply to registering and using the TCS service; see https://trinsic.id/privacy/. Please note that the registration for and the use of TCS services are subject to the Trinsic privacy policy and terms of use, which are beyond our control.
Tracking Technologies Generally
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers and, in some instances, blocked in the future by selecting certain settings. For more information, please see our Cookies Policy.
Google Analytics
We also may use Google Analytics to help us offer you an optimized user experience. You can find more information about Google Analytics’ use of your personal data here: https://www.google.com/analytics/terms/us.html.
You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout/ and downloading the Google Analytics Opt-out Browser Add-on.
COOKIES
You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Sites may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy.
Information we will never collect. We will never ask you to share your private keys or wallet seed. Never trust anyone or any site that asks you to enter your private keys or wallet seed.
USE OF PERSONAL INFORMATION
To provide our service
We will use your personal information in the following ways:
- To enable you to access and use the Services
- To provide and deliver products and services that you may request.
- To process and complete transactions and send you related information, including purchase confirmations and invoices.
- To send information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
To comply with the law
We use your personal information as we believe necessary or appropriate to comply with applicable laws (including anti-money laundering (AML) laws and know-your-customer (KYC) requirements), lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities.
To communicate with you
We use your personal information to communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
To optimize our platform
In order to optimize your user experience, we may use your personal information to operate, maintain, and improve our Services. We may also use your information to respond to your comments and questions regarding the Services and to provide you and other users with general customer service.
With your consent
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Sites, you instruct us to take a specific action with respect to your personal information, or you opt into third-party marketing communications.
For compliance, fraud prevention, and safety
We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
SHARING OF PERSONAL INFORMATION
We do not share the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We disclose personal information to third parties under the following circumstances:
- Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates (i.e., our family of companies that are related by common ownership or control) for purposes consistent with this Privacy Policy.
- Business Transfers. We may share personal information when we do a business deal or negotiate a business deal involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- Compliance with Laws and Law Enforcement; Protection and Safety. We may share personal information for legal, protection, and safety purposes.
- We may share information to comply with laws, including KYC and AML requirements.
- We may share information to respond to lawful requests and legal processes.
- We may share information to protect the rights and property of the Company, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
- We may share information in an emergency. This includes protecting the safety of our employees and agents, customers, or anyone. - Professional Advisors and Service Providers. We may share information with those who need it to do work for us. These recipients may include third-party companies and individuals to administer and provide the Service on our behalf (such as bill and credit card payment processing, customer support, hosting, email delivery, and database management services) and lawyers, bankers, auditors, and insurers.
- Other. You may permit us to share your personal information with other companies or entities of your choosing. Those uses will be subject to the privacy policies of the recipient entity or entities.
We may also share aggregated and/or anonymized data with others for their own uses.
INTERNATIONAL TRANSFER
The Company has offices outside of the EU and affiliates and service providers in the United States and other countries. Your personal information may be transferred to or from the United States or other locations outside your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
EU users should read the important information provided below about personal information transfer outside the European Economic Area (EEA).
HOW INFORMATION IS SECURED
We retain the information we collect as long as it is necessary and relevant to fulfill the purposes outlined in this privacy policy. In addition, we retain personal information to comply with applicable law where required, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Use, and other actions permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
We employ industry-standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, biometrics, user ID, or other form of authentication involved in obtaining access to password-protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services without notice, pending an investigation, if any security breach is suspected.
INFORMATION CHOICES AND CHANGES
Using, Updating, Correcting, and Deleting your Information
You may access information that you have voluntarily provided through your account on the Services and review, correct, or delete it by sending a request to privacy@grav.id. You can request to change contact choices, opt out of our sharing with others, and update your personal information and preferences.
ELIGIBILITY
If you are under the age of majority in your jurisdiction of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Sites and subsequently, we will delete that information.
MARKETING COMMUNICATIONS AND SHARING
You may instruct us not to use your contact information to contact you regarding services, promotions, surveys, and special events that might appeal to your interests by contacting us using the information below. You can also opt-out by following the instructions at the bottom of any commercial email messages you may receive.
Please note that, regardless of your request, we may still use and share certain information as permitted by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our relationship or transactions with you, or important notifications regarding the Services we provide you, such as service-related announcements (e.g. if our Services are temporarily suspended for maintenance).
Or, if you have downloaded our mobile application and enabled push notifications on your mobile device, we may send you alerts and notifications through push notifications, for example, to communicate status updates on our Services. However, you may choose to disable these notifications (except for the initial notifications intended to verify your identity).
THIRD-PARTY LINKS AND WEBSITES
This Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties, including those that operate websites to which our Sites link. Including a link on our Sites does not imply that we or our affiliates endorse the practices of the linked website.
CO-BRANDED WEBSITES
If our Sites link to other websites that include our branding, this Privacy Notice does not apply to those other websites. Visitors to those websites are advised to read the notices on those individual websites carefully.
CHANGES TO THIS PRIVACY POLICY
We may change this privacy policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. We will change the Last Updated date above if we make any significant changes.
Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementing the changes to the Sites (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites or Services after posting any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
DATA PROTECTION OFFICER
We have appointed a Data Protection Officer based on professional qualities and expert knowledge of data protection law and practices. The Data Protection Officer is tasked with ensuring that we always comply with our responsibilities under applicable data protection legislation.
Contact details of the Data Protection Officer:
Email: dpo@grav.id,
or write to the DPO:
FAO Data Protection Officer
Grav.id
1043 Garland Ave
Unit C #764
San Jose, CA 95126-3159
CONTACT US
We welcome your comments or questions about this Policy, and you may contact us at:
Email: privacy@grav.id
or write to us at:
Grav.id
1043 Garland Ave
Unit C #764
San Jose, CA 95126-3159
NOTICE TO CALIFORNIA RESIDENTS
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
For more details about the personal information we collect from you, please see the “What We Collect” section above. We collect this information for the business and commercial purposes described in the “Use of Personal Information” section above. We share this information with the categories of third parties described in the “Sharing of Personal Information” section above. Company does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt-out). Please refer to our Cookies Policy for more information regarding the types of third-party cookies, if any, that we use.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at legal@grav.id. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification.
NOTICE TO EU DATA SUBJECTS
Personal Information
With respect to EU data subjects, “personal information,” as used in this Privacy Policy, is equivalent to “personal data” as defined in the European Union General Data Protection Regulation (GDPR).
Sensitive Data
Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.
Legal Bases for Processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal bases under which we process your personal information, contact us at privacy@grav.id.
Processing Purpose |
Legal Basis |
To provide our service |
Our processing of your personal information is necessary to perform the contract governing our provision of the Services or to take steps you request before signing up for the Service. |
To communicate with you To optimize our platform For compliance, fraud prevention, and safety To provide our service |
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law). |
To comply with the law |
We use your personal information to comply with applicable laws and our legal obligations, including anti-money laundering (AML) laws and know-your-customer (KYC) requirements. |
With your consent |
Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at privacy@grav.id. |
Use for New Purposes
We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so, and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.
Your Rights
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications that you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to privacy@grav.id. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at privacy@grav.id or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
Please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Privacy Policy by visiting our Sites or using our service.
Whenever we transfer your personal information from the EEA to the U.S. or countries not deemed by the European Commission to provide adequate personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.