Privacy Policy

1. Introduction

Nuri Brand Assets GmbH ("we", "our", or "Nuri") is committed to protecting and respecting your privacy. This Privacy Policy explains why and how we process personal data collected through your use of the Nuri Bitcoin wallet application and website (collectively the "App") and the rights you have with regard to your personal data.

Nuri Brand Assets GmbH is the controller of your personal data collected through the App. When you give any personal data to us we must collect the information fairly and explain to you how we will use it.

It is important that you read this Privacy Policy so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and legal documents including the Nuri Terms of Service and is not intended to override or replace them.

By downloading our App, you agree to this Privacy Policy. If, for any reason, you do not agree to the terms of this Privacy Policy, please stop using the App.

We reserve the right to revise or amend this Privacy Policy at any time to reflect changes to our business or changes in the law. It is your responsibility to check this Privacy Policy before each use of the App.

The App is not intended for anyone under the age of 18 and we do not knowingly collect data relating to children. If you believe we have collected personal information about your child, you may contact us at privacy@nuri.com and request that we remove information about them.

2. What is Personal Data

Where this Privacy Policy refers to 'personal data' it is referring to data about you from which you could be identified – such as your name, your date of birth, email address, and even your IP address.

3. Information Collection and Use

How and what types of data we collect from you

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to:

• Name, email, phone number
• Nationality, country of residence, home address
• Date of birth, place of birth
• Identification and KYC documents (including ID proof and proof of address)
• Wallet address information
• Transaction data and financial information
• Device information and IP address

The information that we request will be retained by us and used as described in this privacy policy.

We may also collect information about you when you visit and interact with the App through the use of technologies such as cookies. The following are examples of information we may collect:

• Information about your device, browser, operating system, or partner apps you have installed
• Time zone setting and IP address
• Information about interactions you have with the App (such as scrolling and clicks)
• Information about the way you use and the actions you take within the App
• Mobile advertising identifier and install/referral metadata used for attribution analytics
• Length of time on the App and time spent within certain sections
• Response times and errors or issues with the app

Updating your information

If you want to update the information you have previously given to us, you can contact us at privacy@nuri.com.

Card Services through Gnosis Pay

For users who opt to use the Nuri Card services, we partner with Gnosis Pay (operated by Gnosis P. Tech, Unipessoal Lda in the EEA and Gnosis Pay Co Ltd outside the EEA) to provide card functionality. When you apply for or use a Nuri Card:

• KYC Verification: You will need to complete Know Your Customer (KYC) checks through Gnosis Pay's service providers (currently SumSub or Fractal ID) to meet regulatory requirements
• Biometric Data: Photo verification may be required for identity verification purposes
• Card Manufacturing and Shipping: Your contact information will be shared with card manufacturing and shipping providers
• Transaction Processing: Card transaction data will be processed through Gnosis Pay's regulated partners
• Compliance: Your data will be used to comply with anti-money laundering (AML), counter-terrorism financing (CTF), and other regulatory requirements

Gnosis Pay's full privacy policy is available at gnosispay.com/privacy. Their KYC providers' privacy policies are available at:

• SumSub: sumsub.com/privacy-policy
• Fractal ID: fractal.id/privacy-policy

4. Lawful Basis for Processing Your Information

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

• Consent: Where you have asked us to do so, or consented to us doing so (e.g., marketing communications)
• Contract Performance: Where we need to do so in order to perform a contract we have entered into with you (e.g., providing wallet services)
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests (e.g., fraud prevention, service improvement)
• Legal Compliance: Where we need to comply with the law or regulation (e.g., KYC requirements for card services)

5. How We Use and Share Your Information

Marketing Communications

You may receive marketing messages from us if you have given us your consent to do so or if you have provided feedback on our App and have not opted out of receiving marketing messages.

To unsubscribe from marketing emails, please click on the unsubscribe link at the bottom of any marketing email at any time or contact us at privacy@nuri.com.

Sharing Your Information

Depending on how and why you provide us with your personal data, we may share it in the following ways:

• With selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you
• With analytics providers that assist us in the improvement and optimization of the App
• With Gnosis Pay and their partners for card services (as detailed above)

We may also disclose your personal information to third parties in the following events:

• If we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets
• If Nuri Brand Assets GmbH or substantially all of its assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets
• If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service
• To protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction

6. Third Party Services

The app uses third party services that may collect information used to identify you. Our service providers provide us with a variety of administrative, statistical, and technical services. We will try not to share personal data with our service providers and if they need it to fulfill their services only the minimum amount of needed data will be shared.

Link to privacy policy of third party service providers used by the app:

• Google Play Services
• Firebase Analytics
• Gnosis Pay (for card services)
• KYC Providers (SumSub or Fractal ID for card users)

App Store Provider Use of Data

During your use of the App, your app store provider may also collect personal information about you regarding your use of the App such as your identity, your usage and location. These third parties shall act as separate and independent controllers of that personal data and shall process it in accordance with their own privacy policy.

7. Log Data

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol ("IP") address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

8. Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This Service does not use these "cookies" explicitly. However, the app may use third party code and libraries that use "cookies" to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

9. Service Providers

We may employ third-party companies and individuals due to the following reasons:

• To facilitate our Service;
• To provide the Service on our behalf;
• To perform Service-related services; or
• To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Key Service Providers Include:

• Gnosis Pay: Card issuance and transaction processing
• KYC Providers: Identity verification and compliance checks
• Card Manufacturers: Physical card production and delivery
• Analytics Providers: Service improvement and monitoring

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained while your account is active and for up to 8 years after closure to comply with legal and regulatory requirements
• Transaction Data: May be retained indefinitely due to the nature of blockchain and payment systems
• KYC/Compliance Data: Retained for up to 8 years after account closure to meet regulatory obligations
• Marketing Data: Retained until you opt-out or our relationship ends

11. Security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Data shared with Gnosis Pay for card services is protected according to their security standards and regulatory requirements.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions where applicable
• Other legally approved transfer mechanisms

13. Your Rights

Below, we have described the various rights that you have as well as how you can exercise them.

Right of Access

You may, at any time, request access to the personal data that we hold which relates to you to check that it is correct and to ensure that we are processing that personal data lawfully.

Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate.

You may also ask us to erase personal data that we control if you do not believe that we need to continue retaining it (you may have heard of this right described as the "right to be forgotten"). There may be legal requirements to keep certain personal data or technical limitations to the data we can delete. For example, we are not able to erase records on the blockchain like your transaction history and your account balance.

There may also be legitimate interests in keeping certain data including, amongst others, if the data is required for the App to function. If this is the case we will continue to process this data.

Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

Your Right to Portability

You may write to us and ask us to provide to you personal data we hold about you in a commonly used machine-readable format.

Your Right to Object to Processing

You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.

Your Right to Stop Receiving Communications

You may ask us to stop sending you various kinds of communications by using the unsubscribe link in emails or contacting us directly.

Your Right to Object to Automated Decision Making and Profiling

You can ask us about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the effects that such processing has on you.

Withdrawal of Consent

Where we are relying on consent to process your personal data you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Exercising Your Rights

When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).

14. Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

15. Children's Privacy

These Services do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at privacy@nuri.com so that we will be able to do necessary actions.

16. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

17. Contact Details

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please contact us by emailing privacy@nuri.com.

You also have the right to lodge a complaint to the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), the German supervisory authority for data protection issues. You can find more information at www.bfdi.bund.de.

We would appreciate the chance to deal with your concerns before you approach the BfDI, so please contact us in the first instance.

Data Safety Information

Nuri: Bitcoin Lightning Wallet

Data Safety

Here's more information about how this app collects, shares and handles your data. Data practices may vary based on your app version, use, region and age.

Data collected

Data that this app may collect:

• Device or other IDs: Device identification information
• App info and performance: Crash logs
• Personal info: Email address, name, address, date of birth (for card services)
• Financial info: Transaction data, wallet addresses (for card services)
• Biometric info: Photo (for KYC verification for card services only)

Security practices

• Data is encrypted in transit: Your data is transferred over a secure connection
• You can request that data be deleted: The developer provides a way for you to request that your data be deleted
• Regulatory compliance: Card services comply with EEA financial regulations through Gnosis Pay

For more information about collected and shared data, see the developer's privacy policy.