Ziwio Privacy Policy

Last Updated: October 2025

1. Introduction

Ziwio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Ziwio mobile application ("App").

IMPORTANT: Ziwio is a self-custodial wallet. We do NOT store your private keys, seed phrases, or wallet passwords. You maintain full control and responsibility for your cryptographic credentials.

2. Information We Collect

2.1 Information You Provide

Account Information:

Username or display name
Email address (optional, for notifications)
Profile picture (optional)

Identity Verification (KYC):

Government-issued ID (when required by regulations)
Proof of address documents
Facial recognition data for verification
This information is collected only when legally required for certain features

User-Generated Content:

NFT images and metadata
Token descriptions
Transaction notes
Real estate documentation for RWA tokenization

2.2 Information Collected Automatically

Device Information:

Device type, model, and operating system
Unique device identifiers
Mobile network information
IP address

Usage Data:

App features accessed
Transaction types (without revealing wallet addresses)
Session duration and frequency
Crash reports and error logs

Biometric Data:

Face ID or Touch ID authentication data (stored locally on your device only)

Location Data:

Approximate location (when permission is granted)
Used for regulatory compliance and fraud prevention

2.3 Information We Do NOT Collect or Store

Private keys or seed phrases
Wallet passwords
Full transaction history on-chain (this is public on blockchain)
Your cryptocurrency balances (these are on-chain)

2.4 Blockchain Data

All blockchain transactions are publicly recorded on their respective networks. This includes:

Wallet addresses
Transaction amounts
Transaction timestamps
Smart contract interactions

We do not control or have access to this public blockchain data.

3. How We Use Your Information

3.1 Essential Services

We use your information to:

Provide wallet and transaction services
Authenticate your identity
Process your requests and transactions
Send important service notifications

3.2 Improvement and Analytics

Analyze App usage to improve features
Debug errors and optimize performance
Develop new features
Conduct research and analytics

3.3 Security and Compliance

Detect and prevent fraud
Comply with legal obligations (AML/KYC)
Enforce our Terms of Service
Protect against security threats

3.4 Communications

Send transaction confirmations
Provide customer support
Send security alerts
Notify about updates or changes (with your consent)

3.5 Marketing (Optional)

With your explicit consent:

Send promotional materials about new features
Provide personalized recommendations
Share news and updates

You can opt out of marketing communications at any time.

4. Third-Party Services and Data Sharing

4.1 Service Providers

We share limited information with trusted third-party providers:

Exchange APIs:

Binance, Coinbase, Kraken, Gemini, Bitfinex
Purpose: Execute trades and access market data
Data shared: API keys (encrypted), trading orders

Stock Trading:

Alpaca Markets
Purpose: Stock trading services
Data shared: Trading orders, account information

Bridge Protocols:

LayerZero, Wormhole
Purpose: Cross-chain transfers
Data shared: Transaction details, wallet addresses

Price Data:

CoinGecko, CoinMarketCap
Purpose: Real-time cryptocurrency prices
Data shared: None (read-only access)

Analytics Services:

App analytics providers
Purpose: Understand app usage and performance
Data shared: Anonymized usage data

Cloud Storage:

For app data backup (excluding sensitive credentials)
Data is encrypted in transit and at rest

4.2 Identity Verification Partners

When KYC is required:

Third-party identity verification services
Government ID verification
Data shared: Personal identification documents

4.3 Legal Requirements

We may disclose information when required by law:

In response to court orders or subpoenas
To comply with regulatory requirements
To protect our rights or safety of others
In connection with fraud investigations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures:

Encryption:

Data encrypted in transit (TLS/SSL)
Data encrypted at rest (AES-256)
API keys stored in iOS Keychain
Biometric authentication support

Access Controls:

Role-based access to internal systems
Multi-factor authentication for staff
Regular security audits

Device Security:

Private keys never leave your device
Seed phrases stored only in secure device storage
Optional biometric authentication

5.2 Your Responsibilities

You are responsible for:

Keeping your device secure
Using strong passwords
Protecting your seed phrase
Enabling biometric authentication
Not sharing your credentials

5.3 No Guarantee

While we implement strong security measures, no system is 100% secure. You acknowledge the inherent risks of digital systems and blockchain technology.

6. Your Privacy Rights

6.1 Access and Correction

You have the right to:

Access your personal information
Correct inaccurate information
Request deletion of your data (subject to legal requirements)

6.2 Data Portability

You can request a copy of your data in a machine-readable format.

6.3 Opt-Out Rights

You can opt out of:

Marketing communications
Non-essential data collection
Analytics tracking (where technically feasible)

6.4 Do Not Track

We respect Do Not Track browser settings where applicable.

6.5 Regional Rights

European Union (GDPR):

Right to be forgotten
Right to data portability
Right to restrict processing
Right to object to processing

California (CCPA):

Right to know what data is collected
Right to delete personal information
Right to opt out of data sales (we do not sell data)
Right to non-discrimination

Other Jurisdictions:

We comply with applicable privacy laws in your region.

7. Data Retention

7.1 Retention Periods

Account Data: Retained while your account is active
Transaction Records: Retained for 7 years (regulatory compliance)
KYC Documents: Retained for 7 years after account closure
Analytics Data: Anonymized and retained indefinitely
Logs: Retained for 90 days

7.2 Deletion Requests

You can request deletion of your data. Note:

Blockchain transactions cannot be deleted (they are permanent)
Some data must be retained for legal/regulatory compliance
Deletion may prevent you from using certain features

8. Children's Privacy

Ziwio is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Standard contractual clauses
Privacy Shield certification (where applicable)
Adequate data protection agreements

10. Cookies and Tracking Technologies

10.1 What We Use

Essential Cookies: Required for app functionality
Analytics Cookies: Understand app usage
Preference Cookies: Remember your settings

10.2 Your Choices

You can control cookie preferences through your device settings.

11. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies.

12. Biometric Data

Face ID / Touch ID:

Biometric data is stored locally on your device only
We never receive or store your biometric templates
Used solely for authentication purposes
Controlled by your device's operating system

13. Push Notifications

We may send push notifications for:

Transaction confirmations
Security alerts
Price alerts (if enabled)
Important updates

You can disable notifications in your device settings.

14. Camera and Photo Library

Camera Access:

Used for QR code scanning (wallet addresses)
Used for document verification (KYC)

Photo Library:

Used for uploading NFT images
Used for saving QR codes

We do not access your photos without permission.

15. Location Data

Location is used for:

Regulatory compliance (restricted jurisdictions)
Fraud prevention
Real estate property verification (RWA)

You can disable location access in device settings. Some features may not work without location permissions.

16. AI and Automated Decision-Making

Ziwio uses AI for:

Trading insights and recommendations
Fraud detection
Price predictions

These are informational only and not investment advice. You maintain full control over all decisions.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted within the App and on our website. Continued use after changes constitutes acceptance.

Material changes will be notified via:

In-app notification
Email (if provided)
Push notification

18. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

Notify you within 72 hours
Describe the breach and affected data
Provide recommended actions
Comply with applicable breach notification laws

19. Contact Us

For privacy-related questions or requests:

Email: arseniospapa@gmail.com Website: www.ziwio.net Data Protection Officer: dpo@ziwio.net

20. Consent

By using Ziwio, you consent to this Privacy Policy. If you do not agree, please do not use the App.

For specific data processing activities, we will request your explicit consent separately.

21. Compliance Certifications

Ziwio is committed to maintaining compliance with:

GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
SOC 2 Type II (in progress)
ISO 27001 (in progress)

---

Last Updated: October 2025 Effective Date: 0ctober 2025