Masca Mobile Privacy Policy

Overview

By accessing and using the Masca mobile application (the "App"), you agree to this Privacy Policy, to our Terms of Use, and to any other written agreements that apply to your use of the App. You also agree to our collection and use of personal data as described in this Privacy Policy, as well as to the inherent characteristics of public/permissionless blockchain technology.

This Privacy Policy (the "Privacy Policy") provides a comprehensive description of how Masca ("we", "our", or "us") collects, uses, and shares information about you in connection with your use of the Masca mobile App, as well as your rights and choices regarding such information.

By accessing or using the App, you accept and assume certain inherent features related to engaging in recording data on blockchains. Interactions with Masca can, but do not necessarily, rely on smart contracts stored on a publicly available blockchain, cryptographic tokens generated by smart contracts, and other software, applications, cryptographic methods, and systems that interact with blockchain-based networks. One of the defining features of blockchain technology is that its entries are immutable, which means, as a technical matter, they generally cannot be deleted or modified by anyone. If you are not comfortable assuming the inherently immutable and public nature of all entries on relevant blockchains, you should not use the App.

Information Collection

We may collect the following information about you when you use the App:

Information you provide. This includes information you choose to provide to us, such as feedback, questions, and issue reports. For such information, you can contact us at [email protected]. You may choose to voluntarily provide other information to us that we have not specifically requested, and in such instances, you are solely responsible for such information.

Verifiable Credentials and related data. The App is designed to work with verifiable credentials (VCs). Depending on how you use the App and the services integrated with it, we may process and temporarily store certain data derived from verifiable credentials in our systems (for example, to enable issuance, management, or verification flows). When you choose to send verifiable credentials or verifiable presentations (VPs) to other Masca Mobile Wallet users, related data may be temporarily stored on our servers to enable secure delivery to the intended recipient. Such VC- and VP-related data may be stored in our databases for no longer than 90 days, after which it is deleted or irreversibly anonymised, unless a longer retention period is required by applicable law or is necessary to establish, exercise, or defend legal claims. You may also request earlier deletion of such data by submitting a request via this deletion request form.

We may also use tracking or logging technologies within the App and its backend services to automatically collect information, including the following:

• Log data. We may collect log data related to your use of the App, such as device type, operating system, language preferences, timestamps, performance and diagnostic information, and error or crash logs. This information helps us operate, secure, and improve the App.
• Local storage and similar technologies. The App may use strictly necessary local storage mechanisms (for example, secure storage provided by the mobile operating system) that are required for the App to function, such as storing configuration data, session information, or cryptographic material needed for the App to operate securely. These mechanisms are not used for advertising or cross-service tracking.
• Public information on blockchains. We may process data from activity that is publicly visible and/or accessible on blockchains. This may include blockchain addresses and other identifiers associated with wallets and transactions, as well as publicly accessible metadata linked to those addresses.

Use of Information

We may use your information for the following purposes:

• To operate, provide, and maintain the App and related services.
• To provide user support and respond to your inquiries.
• To monitor, analyse, and improve the App’s performance and functionality.
• To ensure the security and integrity of the App, including detecting, preventing, and responding to security incidents and abuse.
• To comply with applicable laws, regulations, and legal obligations.
• To enforce our terms, conditions, and policies.

Third Parties

This Privacy Policy does not apply to websites, apps, products, or services that we do not own or control. For example, your interactions with:

• Wallet providers and other identity or credential wallets,
• Public blockchain networks and nodes,
• Mobile operating system providers, app stores, and network providers,

are governed by the applicable privacy policies of those third-party services.

Masca mobile does not use Google Drive or Ceramic Network for storing or processing your data. If, in the future, we integrate additional third-party services, we will update this Privacy Policy or otherwise inform you, as required by applicable law.

Analytics

At present, the Masca mobile App does not use third-party analytics services for in-app behaviour tracking for advertising purposes.

We may, however, use aggregated and de-identified technical information and logs (for example, crash reports or high-level usage metrics) to understand how the App is performing and to improve its reliability, security, and user experience. If we introduce third-party analytics providers in the future, we will update this Privacy Policy or otherwise inform you, as required by applicable law, and such providers’ privacy policies will also apply to their processing of data.

Your Rights and Choices

Depending on your jurisdiction, you may have certain rights with respect to your personal data, such as the right to access, correct, delete, or restrict the processing of your personal data, as well as the right to object to certain processing and to data portability. To exercise these rights, you can contact us at [email protected]. We will consider and respond to your request in accordance with applicable laws.

Because of the nature of public/permissionless blockchains, not all information recorded on-chain can be altered or removed. Where we act as a controller of personal data off-chain (for example, in our databases or logs), we will comply with applicable data protection obligations, taking into account the technical and legal limitations of blockchain technology.

With respect to local storage and similar technologies used by the App, you may be able to control or limit certain permissions via your device or operating system settings. However, some features of the App may not function properly without the necessary storage or permissions.

Data Security

We implement and maintain reasonable administrative, physical, and technical security safeguards designed to help protect information about you from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction. Nevertheless, transmission via the internet and storage of information cannot be guaranteed to be completely secure, and we cannot ensure or warrant the security of information about you.

Children

The App is intended for general audiences and is not directed at children. To use the App, you must be legally able to enter into the applicable agreement. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child in violation of applicable law, we will take steps to delete such information.

Changes to this Privacy Policy

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised Privacy Policy within the App or making it otherwise available. For the avoidance of doubt, your continued use of the App after any such changes indicates your consent to the revised Privacy Policy then in effect.

Contact

If you have any questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us at [email protected].