Privacy Policy

LAST UPDATED August 16, 2023

This Privacy Policy describes how Chainapsis, Inc. (“Company”, “we”, “our”, or “us”) collects, uses, shares, and stores the personal information of users of its products (Keplr Browser Extension (the “Extension”), Keplr Web App available at https://wallet.keplr.app (the “Web App”), and Keplr Mobile Application (the “Mobile App”), and its websites (https://keplr.app, https://help.keplr.app) (the “Sites”). This Policy applies to the Sites, applications, products, and services (collectively, “Services”) on or in which it is posted, linked, or referenced.

By downloading and/or using the Services provided by us, you agree to all relevant terms and conditions outlined in this Policy. You also agree to our collection, use, disclosure, and retention of your information as outlined in this Policy.

IF YOU DO NOT AGREE WITH THIS POLICY OR OUR TERMS OF USE, YOU MAY NOT USE ANY OF THE SERVICES.

Questions or concerns? If you still have any questions or concerns, please contact us at contact@chainapsis.com.

WHAT WE COLLECT

Personal Information You Disclose to Us. We gather personal information that you willingly provide to us, either to express your interest in acquiring details about our company or products and Services, to engage with our Services, or when contacting us through different channels.

The personal information we collect may include the following:

• Public key(s) on a specified blockchain, and data that is openly available and associated with your public key on chain.

• Offline messages signed by your public key(s).

• Technical data, including information on the blockchain network used, referring web application(s), and transaction data.

• When Keplr Infra is used as the default RPC/LCD provider in Keplr wallet, your IP address. (IP addresses collection is triggered only when we identify potential DDoS attacks or malicious behavior from monitoring)

• Anonymized usage information and anonymized identifiers. We also may use Amplitude Analytics and Sentry to help us better understand the usage and error data and provide you with an improved and optimized user experience. Please refer to each service provider’s Terms of Use and Privacy Policy for more information.
  • Amplitude's Terms of Use: https://amplitude.com/terms
  • Amplitude’s Privacy Policy: https://amplitude.com/privacy
  • Sentry’s Terms of Use: https://sentry.io/terms/
  • Sentry’s Privacy Policy: https://sentry.io/privacy/

• Information we get upon your registration using SSO(Single Sign-On) services, such as Google login or Apple ID login. Please note that the registration for and the use of SSO services are subject to the corresponding service provider’s privacy policy and terms of use, which are beyond our control.
  • Google's privacy policy regarding its single sign-on service: https://policies.google.com/privacy?hl=en. 
  • Apple’s privacy policy regarding its Sign in with Apple service: https://www.apple.com/legal/privacy/data/en/sign-in-with-apple/.
  • Web3Auth’s privacy policy: https://web3auth.io/docs/legal/privacy-policy

• Other personal information you provide to us via feedback or customer support, bug report, or otherwise correspond with us.

Sensitive Information. We DO NOT collect or process any sensitive information.

Mobile Application Data. If you use our mobile application(s), we also may collect the following information:

• Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's camera (for QR code scanning), Bluetooth (for Ledger connection), storage, and other features. If you wish to change our access or permissions, you may do so in your device's settings.

• Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, Browser type and version, and Internet Protocol (IP) address. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

HOW WE PROCESS YOUR PERSONAL INFORMATION

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. To specify:

• For analytics. We may process information about how you use our Services to better understand how they are being used so we can improve them.

• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure. These actions can include, but not limited to, restriction from accessing our Services, rate limiting, and permanent blocklisting.

• To respond to user inquiries and request feedback. We may process your information to respond to your inquiries, solve any potential issues you may have, or request feedback. We may contact you about your use of our Services.

• To comply with appropriate law enforcement. We may use your personal information as deemed necessary or fitting to adhere to relevant laws, lawful requests, and legal procedures, including responding to subpoenas or government authority inquiries.

LEGAL BASES WE RELY ON TO PROCESS YOUR INFORMATION

We process your personal information based on valid legal reasons, such as your consent, legal obligations, service provision, contract fulfillment, rights protection, and legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time by contacting us.

• Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

• Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.

• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time by contacting us.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way

• For investigations and fraud detection and prevention

• If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province

• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records

• If the information is publicly available and is specified by the regulations

SHARING OF PERSONAL INFORMATION

We do not share the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We may disclose personal information to third parties under the following circumstances:

• Business Transfers. We may share or transfer your information in connection with or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

• Affiliates. We may share your information with our affiliates for purposes consistent with this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

THIRD-PARTY LINKS AND WEBSITES

The Services may link to or embed third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications.

Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link to a third-party website, service, or application does not imply an endorsement by us. Any data collected by third parties is not covered by this privacy notice. You should review the policies of such third parties and contact them directly to respond to your questions.

HOW INFORMATION IS SECURED

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). 

When we have no ongoing legitimate business need to process your personal information, we will immediately delete such information.

DATA CONTROLLER

1. Chainapsis Inc., a South Korean private company limited by shares, is the controller and responsible for your personal data while using the Services.

2. We have appointed a data privacy manager who is responsible for any questions regarding this Privacy Policy. If you have any questions regarding this Policy, including any inquiries regarding your legal rights, please contact the data privacy manager at the full contact details below.

3. Our full contact details are as follows:

   (a) Full name of legal entity: Chainapsis Inc.

   (b) Name or title of data privacy manager: Yehoon Lee

   (c) E-mail address: contact@chainapsis.com

   (d) Postal address: Chainapsis Inc., SG Art Tower, 2nd Floor, Bongeunsaro-18Gil 71, Seoul, Gangnam, 06128, South Korea

INFORMATION CHOICES AND CHANGES

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by sending a request to contact@chainapsis.com.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Reviewing, correcting, deleting, and updating your information: If you would at any time like to review or change the information in your account or terminate your account, you can send a request to contact@chainapsis.com.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

Addressing questions or comments about your privacy rights: you may email us at contact@chainapsis.com.

INTERNATIONAL TRANSFER

We may transfer, store, and process your information in countries other than your own.

• While using the Web App, your data may be stored in servers located in the Republic of Korea, the United States, the European Union, and Singapore, owned and operated by Amazon Web Services, Inc., a United States corporation.

• Your data also may be transmitted to servers directly owned and operated by Chainapsis Inc., a South Korean limited company, located in the Republic of Korea.

• Companies in contract with Chainapsis Inc. (the Company) to develop, operate and manage the Services on behalf of the Company may be able to access your information for the purpose of developing and operating the Services. Those companies may be based in the Republic of Korea.

• [NOTICE FOR EU DATA SUBJECTS] Data transfers to legal entities in countries outside the European Union (known as third countries) take place as long as:

  (i) it is necessary for the purpose of carrying out your orders (e.g., payment and securities orders);

  (ii) it is required by law (e.g., reporting obligations under financial regulation);

  (iii) or you have granted us your consent.

• [NOTICE FOR EU DATA SUBJECTS] The Company has offices outside of the EU and has affiliates and service providers in the Republic of Korea, and in other countries. Your personal information may be transferred to or from the Republic of Korea, or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

NOTICE TO CALIFORNIA RESIDENTS

If you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us to contact@chainapsis.com

If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request the removal of unwanted data that you publicly post on the Services. Verification of your identity and request is necessary before any action can be taken. This may entail providing government identification as part of the process. As per California law, you can appoint an authorized agent for requests, requiring a valid power of attorney along with government-issued IDs for both the requester and the agent.

CCPA Privacy Notice

California residents can exercise their CCPA rights by reaching out to us at contact@chainapsis.com.

The California Code of Regulations defines a "resident" as:

(1) every individual who is in the State of California for other than a temporary or transitory purpose and

(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as "non-residents."

If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

NOTICE TO VIRGINIA RESIDENTS

If you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified/anonymized data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data. You can exercise your CDPA rights by reaching out to us at contact@chainapsis.com. We may request that you provide additional information reasonably necessary to verify your request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request, and may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

CHANGES TO THIS PRIVACY POLICY

We may update this Policy at any time. The updated version will be indicated by an updated "Last Updated" date and the updated version will be effective as soon as it is accessible. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

CONTACT US

We welcome any inquiries or comments regarding this Privacy Policy, and you may contact us by:

• emailing us to contact@chainspsis.com

• or writing to us at: Chainapsis Inc., SG Art Tower, 2nd Floor, Bongeunsaro-18Gil 71, Seoul, Gangnam, 06128, South Korea