Kraken Wallet Privacy Notice

Last Updated: Apr 4, 2024

Welcome to the Kraken Wallet privacy notice! We appreciate your trust and take your privacy seriously. This privacy notice outlines how we collect, use, disclose, and safeguard your information when you use our web3 Wallet. Please read this privacy notice carefully.

1. Information We Collect

1.1. Information We Collect Automatically

When you interact with our Wallet, we collect certain information about your usage as below. Please note that we utilize Cloudflare for caching and malicious traffic protection.

Sanctioned Country IP Addresses: We automatically collect Internet Protocol (IP) addresses from users located in sanctioned countries as identified and blocked by Cloudflare for compliance reasons. All other IP addresses are not stored by our Wallet, and the relevant logs are deleted by Cloudflare within 7 days.

Crypto Addresses: In order to provide balances and transactions we log crypto addresses of all users who use the Wallet. However, we do not link these addresses to any personal data, unless you are located in a sanctioned country as above, in which case we will be able to link your Wallet address with your IP address.

Please note, we will not place any cookies on your devices.

1.2 Information You Provide to Us

When you use our services, we aim to collect the minimum possible amount of personal data from you. Your privacy is our priority.

   

If you reach out to us for support purposes, we will process the information you share to provide you support.

1.3 Information We Do Not Collect

As part of our services we do not collect certain sensitive personal data such as biometric identifiers including but not limited to imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, voice recordings or keystroke patterns.

2. How We Use Your Information

The information we collect is used in the following ways:

  • To operate our Wallet: we use our own proprietary Application Programming Interface (API) to power the Wallet for balances, transactions, and broadcasting transactions.
  • For compliance: we collect and log IP addresses from sanctioned countries to adhere to global compliance requirements.
  • For support: we will process the information you share through our support channels to provide you support.

Our lawful bases for using your personal data are:

  • To comply with our legal obligations, in particular our obligations in respect of anti-money laundering, crime and fraud prevention laws
  • For our legitimate interests, in particular our legitimate interest in ensuring effective provision of services to users, including support services.  

We do not share or sell your personal data with third parties, except and to the extent we do so on a contractual basis for services used to operate your Wallet.

3. How We Protect and Store Your Information

3.1. Protection

We have implemented suitable technical and organizational measures to protect the security of your information. These measures are continually improved in line with technological advancements to ensure there is no unauthorized access.

3.2. Data Retention

We do not retain IP addresses from our users except those from sanctioned countries. IP addresses from users in sanctioned countries are retained for at least 5 years in order to meet Office of Foreign Assets Control (OFAC) data retention requirements.  

4.  Disclosure of Your Information

We have adopted a privacy first approach of collecting the minimum personal data from users.

However, where users in sanctioned countries attempt to access the Wallet, we may be required to disclose this information to the relevant regulatory authorities.

Please note we use Cloudflare as a service provider as described earlier in this notice, and we use Kraken and Zendesk for Kraken Wallet customer support.

6. No Client-Side Tracking

We do not employ any client-side tracking tools or scripts in our Wallet application, ensuring a private and untracked user experience.

7. Your Rights Regarding Your Information

Depending on where you are located, you may be able exercise data subject rights in relation to your personal data. These rights include, access, rectification, erasure, restriction of processing, objection, automated decision-making and profiling, and withdrawal of consent.

If you would like to exercise any rights available to you, please contact us here.

You also have the right to complain to a competent data protection authority - see section 14. We ask that you first contact us here to give us an opportunity to address any concerns.

8. Where We Store Your Information

Your personal data will be stored securely in the European Union.

9. For UK & EEA Users: Transfers of Information Outside the European Economic Area (EEA) and the United Kingdom (UK)

We may transfer your personal data outside the EEA and UK as part of delivering our services.

Transfers outside of the EEA or the UK (as appropriate) shall be in accordance with lawful transfer mechanisms. If personal data is transferred to a country which has been found by the European Commission to have an essentially equivalent standard of data protection to the EEA, then Kraken may rely on an ‘adequacy decision’ to transfer that personal data. See here for a list of countries with adequacy decisions. If personal data is transferred from the EEA or UK to the US, we may rely on standard contractual clauses.

10. Privacy When Using Digital Assets and Blockchains

Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.

As blockchains are decentralized or third-party networks which are not controlled or operated by Kraken, we are not able to erase, modify, or alter personal data on such networks.

11. Changes to This Privacy Notice

We may update our privacy notice from time to time, and recommend that you review this privacy notice periodically for any changes. Updates to this privacy notice are effective when they are posted on this page.

12. Who We Are and How to Contact Us

You are contracting with us as follows:

  • If you reside in the United States, you are contracting with Payward Wallet LLC, c/o The Corporation Trust Company, 1209 Orange Street, Wilmington, DE 19801
  • If you reside outside of the United States, you are contracting with Payward Guardian Pty. Ltd., 30 Cecil Street, #19-08 Prudential Tower, Singapore 049712

If you have any questions about this privacy notice or our data handling practices, please contact us here.

13. Our products and services are not available to children

Our products and services are not directed to persons under the age of 18 (herein, “Children”, “Child”) and we do not knowingly collect personal data from children.

If we learn that we have inadvertently processed personal data from a child, we will take legally permissible measures to remove that data from our records. We will require the child user to close his or her account and will not allow the use of our products and services. If you are a parent or guardian of a child, and you become aware that a child has provided personal data to us, please contact us here.

14. Data Protection Authorities

If you are not satisfied with our response to your complaint, you have the right to submit a complaint to a competent data protection authority. Examples of data protection authorities include but are not limited to:

For residents of Australia:

Office of the Australian Privacy Commissioner
GPO Box 5218,
Sydney, NSW 2001, Australia

For residents of Canada:

Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, QC K1A 1H3, Canada

For residents of the United Kingdom:

The Information Commissioner’s Office
Wycliffe House, Water Ln
Wilmslow SK9 5AF, UK

For residents of the European Economic Area:

You may complain to your local supervisory authority or to our lead supervisory authority the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

For residents of Japan:

Personal Information Protection Commission
Kasumigaseki Common Gate West Tower 32nd Floor,
3-2-1, Kasumigaseki, Chiyoda-ku,
Tokyo, 100-0013, Japan

For residents of Singapore:

Personal Data Protection Commission
10 Pasir Panjang Road,
#03-01 Mapletree Business City Singapore 117438