Privacy Policy

1. Our Commitment to Privacy

Your privacy is important to us. It is our policy to respect your privacy regarding any information we may collect from you across our app and website. We are committed to transparency about what data we collect and how we use it, in full compliance with the General Data Protection Regulation (GDPR) and German data protection laws.

Our mobile app is designed to provide real-time crypto market updates and notifications with minimal data collection. Our website uses analytics tools to improve user experience, as detailed in section 3.1 below.

2. Data Collection Overview

Mobile App: We do not collect any personally identifiable information (PII) through our mobile app. The app is designed to provide real-time crypto market updates and notifications without tracking, profiling, or advertising.

Website: Our website uses Google Analytics (with your consent) to collect anonymized usage statistics. This helps us understand how visitors use our website and improve the user experience. All data collection is done in compliance with GDPR requirements, including IP anonymization and user consent mechanisms. For detailed information, please see section 3.1 below.

We do not collect the following types of personal data:

• Your name, email address, or phone number (unless you contact us directly)
• Precise location data (GPS coordinates)
• Payment or financial information
• Account credentials or passwords

3. Services We Use for Core Functionality

To provide our services, we use a minimal set of third-party tools that are essential for the app to function. These services are used as follows:

• Firebase Cloud Messaging (FCM): Used to send push notifications. An anonymous device token is generated to deliver messages to your device. This token does not contain any personal identifiers and is not used for tracking.
• Firebase Remote Config: Allows us to dynamically control features in the app (e.g., feature flags). No personal data is transmitted or stored.
• Google Analytics: Used in both our mobile applications and website to collect anonymized usage statistics. This helps us understand how users interact with our services to improve the user experience. For detailed information about Google Analytics, including data collection, processing, and your rights, please see section 3.1 below.

You can review the privacy policies for these services:

• Firebase Privacy Information
• Google Privacy Policy (for Firebase)

3.1. Firebase Analytics (Google Analytics 4) on Our Website and Mobile App

If you have given your consent, our website and mobile applications use Firebase Analytics, which is Google Analytics 4 integrated through the Firebase platform. Firebase Analytics is a web and app analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Unified Analytics: We use Firebase Analytics (Google Analytics 4) in the same manner across both our website and mobile applications. The same privacy protections, data processing agreements, and user rights apply regardless of which platform you use to access our services. Firebase Analytics provides the same functionality as Google Analytics 4, with the added benefit of integration with other Firebase services.

Technical Implementation: Firebase Analytics uses the gtag.js library, which is technically served from Google Tag Manager's infrastructure (googletagmanager.com). This is a technical implementation detail - we are not using Google Tag Manager as a tag management system, but the underlying analytics library is hosted on Google Tag Manager's CDN. This connection to googletagmanager.com is necessary for Firebase Analytics to function and is part of Google's standard infrastructure for delivering analytics services. All data processing and privacy protections described in this section apply regardless of this technical implementation detail.

Nature and Purpose of the Processing

Google Analytics 4 uses cookies (on the website) and similar tracking technologies (in the mobile app) that enable an analysis of your use of our services. The information collected by means of these technologies about your use of our website and app is generally transferred to a Google server in the USA and stored there.

IP Anonymization: Google Analytics 4 has IP anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser or app as part of Google Analytics will not be merged with other Google data.

Purposes of the Data Processing

On behalf of the operator, Google will use this information to evaluate your pseudonymous use of the website and app and to compile reports on website and app activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and app and the success of our marketing campaigns.

Legal Basis

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR and § 25 para. 1 p. 1 TTDSG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz).

Recipients

Recipients of the data are/may be:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third Country Transfer

For the USA, the European Commission adopted a new adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.

We have entered into a Data Processing Agreement (Auftragsverarbeitungsvertrag, AV-Vertrag) with Google Ireland Limited in accordance with Art. 28 GDPR. This agreement has been concluded electronically through our Google Analytics account and ensures that Google processes your personal data only on our behalf and in accordance with our instructions and applicable data protection laws.

Retention Period

The data sent by us and linked to cookies (website) or similar identifiers (app) are automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.

Withdrawal of Consent

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

Website: You can access the cookie settings through our cookie consent tool, which you can find in the footer of our website or through the consent banner.

Mobile App: You can withdraw your consent at any time through the app settings, where you can disable analytics tracking.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by:

• not giving your consent to the setting of the cookie, or
• downloading and installing the browser add-on to deactivate Google Analytics here .

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en .

Cookies and Tracking Technologies Used by Google Analytics

Website: Google Analytics uses the following first-party cookies (only set after your consent):

• _ga: Used to distinguish users. Expires after 2 years.
• _ga_<container-id>: Used to persist session state. Expires after 2 years.
• _gid: Used to distinguish users. Expires after 24 hours.

Mobile App: In our mobile applications, Google Analytics uses similar tracking technologies and identifiers (such as app instance IDs) instead of cookies. These identifiers are used in the same manner as cookies on the website to track user interactions and app usage.

Important: On our website, these cookies are only set after you have given your explicit consent through our cookie consent tool. In our mobile app, tracking only occurs after you have provided consent through the app's consent dialog or if you have enabled analytics in the app settings. These cookies and identifiers are first-party (set by our domain/app) and do not contain any personally identifiable information. If you have not consented to analytics, no tracking data will be collected.

Additional Technical Measures

In addition to the measures described above, we have implemented the following technical safeguards to protect your privacy:

• IP Anonymization on EU Servers: IP addresses are anonymized on EU servers before any data transfer to the United States
• Consent Mode: Our consent tool uses Google's Consent Mode to ensure that no data is collected before consent is given
• Automatic Data Deletion: User and event data is automatically deleted after 14 months
• Data Processing Agreement: We have a legally binding data processing agreement with Google that ensures compliance with GDPR requirements

Note on Server-Side Tracking: While server-side tracking through a proxy server would provide additional privacy protection, this solution is currently not implemented due to technical and economic considerations. We continuously evaluate our privacy measures and may implement server-side tracking in the future.

4. Hosting and Server Location

Our backend infrastructure is hosted by Netcup GmbH in Germany. All data processing is handled within the European Union (EU). No data is shared with third countries outside the EU.

5. External Links

Our website may contain links to third-party platforms such as YouTube. When you click on such a link, you will be redirected to an external website. These third parties may collect personal data such as your IP address or track your activity through cookies—especially if you are logged into their services.

We have no influence over the data processing practices of these external platforms. Please refer to their respective privacy policies for more information:

• YouTube (Google) Privacy Policy

5.1. Affiliate Links

Our website and mobile applications may contain affiliate links. Affiliate links are special links that allow us to earn a commission if you make a purchase or take a specific action after clicking on them. This does not affect the price you pay for any products or services.

Nature and Purpose of Affiliate Links

When you click on an affiliate link, you will be redirected to the website of the affiliate partner (e.g., online stores, service providers). If you make a purchase or complete a specific action on the partner's website, we may receive a commission from the affiliate partner.

Identification of Affiliate Links: We strive to clearly mark affiliate links on our website. Affiliate links may be identified by:

• Explicit disclosure notices (e.g., "Affiliate Link" or "Advertisement")
• Special link parameters that identify the link as an affiliate link
• Disclosure statements in relevant content sections

Data Processing by Affiliate Partners

When you click on an affiliate link, the following may occur:

• Referral Information: The affiliate partner may receive information that you were referred from our website (e.g., through URL parameters or cookies)
• Tracking Technologies: The affiliate partner may set cookies or use similar tracking technologies to track your visit and any subsequent purchase or action
• Personal Data: If you make a purchase or create an account on the partner's website, the partner will process your personal data in accordance with their own privacy policy

Important: We do not have access to or control over the personal data that affiliate partners collect. The affiliate partner is solely responsible for the processing of your personal data once you are redirected to their website.

Legal Basis

The processing of referral information through affiliate links is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in operating our website and generating revenue to support our services. The use of affiliate links is a common practice that helps us maintain and improve our services without charging users directly.

You have the right to object to this processing at any time. However, please note that clicking on affiliate links is entirely voluntary. You are not obligated to use affiliate links, and you can access the same products or services directly through the partner's website without using our affiliate links.

Data Transfer to Third Countries

Some affiliate partners may be located outside the European Economic Area (EEA). When you click on an affiliate link to a partner outside the EEA, your data may be transferred to third countries. The data processing by affiliate partners is governed by their respective privacy policies and applicable data protection laws.

We recommend that you review the privacy policy of any affiliate partner before providing them with personal data or making a purchase.

Your Rights

Regarding data processed by affiliate partners, you have the same rights as described in section 6 (Your Rights Under GDPR). However, since we do not process or control the data collected by affiliate partners, you will need to exercise these rights directly with the respective affiliate partner.

If you have questions about our use of affiliate links or wish to object to the processing of referral information, please contact us at support@kaspa-ai.com .

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data.
• Right to rectification (Art. 16 GDPR): You have the right to have inaccurate personal data corrected.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain circumstances.
• Right to restrict processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object to processing (Art. 21 GDPR): You have the right to object to the processing of your personal data, particularly for direct marketing purposes or based on legitimate interests.
• Right to withdraw consent (Art. 7 GDPR): If processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. In Germany, the competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) .

Exercising Your Rights: To exercise any of these rights, please contact us at support@kaspa-ai.com . We will respond to your request within one month. If you have concerns about data processed by Google Analytics, you can also contact Google directly or use the opt-out tools described in section 3.1.

7. Contact Us

If you have any questions regarding this policy, please contact us:
Email: support@kaspa-ai.com

Marcel Sangals
Am Knill 152
22147 Hamburg