Last updated: 19 October 2022

Thank you for using Bitkit (the " App "). The App is made available by Synonym Software Ltd., registered in the British Virgin Islands under company number 2056692 and having its registered office at Trinity Chambers, PO Box 4301, Road Town, Tortola VG1110, British Virgin Islands, (" Synonym ", " we ", " our ", or " us ").

We at Synonym respect and protect the privacy of App users. This privacy notice (" Privacy Policy ") sets out the basis on which Personal Information about you (" you ", " your ", or " customer ") is processed by us. " Personal Information " is typically data that identifies an individual or relates to an identifiable individual and includes any information which, either alone or in combination with other data, enables you to be directly or indirectly identified, for example your name, email address, username, contact details or any unique identifier such as an IP address, device ID or other online identifier. Personal information includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties. The exact definition of Personal Information depends on the applicable law based on your physical location. Only the definition that applies to your physical location will apply to you under this Privacy Policy.

Synonym acts as data controller for your Personal Information and has appointed Rickert Rechtsanwaltsgesellschaft mbH, whose registered office is Colmantstraße 15, 53115, Bonn, Germany, as its EU/UK representative.

Please read the following carefully to understand what Personal Information we collect, how that Personal Information is used and the ways it can be shared by us. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of the App and any related services.

1. Our Processing of Your Personal information.

Please note that when you download the App via a third-party platform (e.g., via the Apple App Store or the Google Play Store), certain information required for the download (such as your username, e-mail address, user account number, time of download, and individual device identification number) may be transferred to the platform together with additional information which the platform may collect. We have no influence on and are in no way responsible for any data collection or processing activities carried out by such third-party platforms.

1.1. Information we learn from you when you use the App.

To establish and maintain our relationship with you and to support your use of the App, we may learn from you certain information about yourself. This information is either required by law, necessary for us to be able to enable you to use certain features of the App (e.g., if you utilise the ‘Pay to contacts’ feature, we may learn your Bitcoin wallet address), or is relevant for certain specified purposes, described in greater detail below. As we add new features and services, you may be asked to provide, or we may learn, additional information.

We may collect the following types of information from you:

• Personal Identification Information such as name, username, address, email address, nationality, or phone number (if you decide to input this data into the ‘public profile’ feature);
• Technical Identification Information such as your IP address or your Lightning Network node ID;
• Financial Information such as your Bitcoin address, invoices or unspent transaction output (i.e. token balance);
• Transaction Information such as invoices that you generate within the ‘Pay to Contacts’ feature or onchain balances of the originating payment addresses;
• Correspondence such as communication with our customer support team, messages sent to other users of the App or survey responses; and
• Audio, electronic, visual, or similar information such as QR-code scans.

1.2. Information we collect about you automatically.

To the extent permitted under applicable law, we may also obtain Personal Information automatically, such as whenever you interact with the App and use our services. This information helps us, for example, to address customer support issues, improve the performance of the App, provide you with a streamlined and personalized experience, and restrict access by persons prohibited from utilizing the App. Personal Information collected automatically includes:

• Online Identifiers, such as geolocation, internal device ID, model, operating system, IP address, language, browser fingerprint/name and/or version, time zone setting or browser plug-in types and versions.

1.3. Information we receive about you from other sources.

From time to time, we may obtain information about you from our affiliates or third-party sources as required or permitted by applicable law through your use of the App and/or your use of third-party services, such as other wallet providers or node operators, and/or through publicly available sources. These sources may include:

• Blockchain and Lightning Network Data : We may analyze blockchain and lightning network data to ensure that users of the App and services are not engaged in illegal or prohibited activities, and to analyze transaction trends for research and development purposes; and
• Marketing Partners: Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found the App, so that we can better understand which of our services may be of interest to you.

2. Aggregated Data.

We may anonymize or aggregate Personal Information and other data captured by us so that it cannot be associated with a specific individual (" Aggregated Data "). Aggregated data may cover patterns of usage or information and data that you provide to us, and we reserve the right to use this aggregated information for the purposes of improving and enhancing our services, generating insights, for use in marketing to other users and current and potential partners and otherwise for the purposes of our business. Except for this section, none of the other provisions of this Privacy Policy applies to Aggregated Data.

3. How your Personal Information is used.

Our primary purpose in collecting Personal Information is to provide you with a secure, smooth, efficient, and customized experience. We generally use Personal Information to create, develop, operate, deliver, and improve the App. This being said, we may use your Personal Information in the following ways:

3.1 Compliance with legal and regulatory obligations

Certain of our core services may be subject to laws and regulations requiring us to collect, use, and store your Personal Information in certain ways. This includes legal obligations imposed by relevant laws to which we are subject, as well as specific statutory requirements e.g., financial services laws, corporation laws, privacy laws and tax laws. There are also various supervisory authorities whose laws and regulations apply to us.

These obligations may apply at various times, including client registration, wallet transaction, and systemic checks for risk management.

3.2 To ensure network and information security

We process your Personal Information to enhance security, monitor and verify identity or service access, combat malware or security risks and to comply with applicable security laws and regulations.

3.3 To enforce our terms of use and other agreements

We handle sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted terms of use or agreements for other services. In addition, we may need to collect fees based on your use of our services made available through the App. We collect information about your wallet usage and closely monitor your interactions with our services. We may use any of your Personal Information collected for these purposes.

3.4 To enable us providing the App to you

We process your Personal Information to allow you to use the App and its features, for example, by seeding or hosting redundant data that you control within the App.

We also process your Personal Information when you contact us to resolve any questions, disputes or to troubleshoot problems. Without processing your Personal Information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of our services and/or the App. If and to the extent necessary, we send administrative or wallet-related information to you to keep you updated about our services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your wallet and/or the App that may affect how you can use the App. You may not opt-out of receiving critical service communications, sent for legal or security purposes.

3.5 To ensure quality control

We process your Personal Information for quality control and staff training to make sure we continue to provide you with accurate service and information. If we do not process Personal Information for quality control purposes, you may experience issues on the App and services such as inaccurate transaction records or other interruptions.

3.6 For the purpose of safeguarding legitimate interests

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. It is, for example, in the interest of our organization to conduct and manage our business; this includes protecting our interests and enforcing agreements with others, as well as comply with industry best practices. We might have legitimate interest to process Personal Information in other contexts. We ensure that we balance any potential impact on you and your rights before we process your Personal Information on that basis. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. Please also consult the section "Your rights" below.

We process your Personal Information in this context

1. to better understand the way you use and interact with the App. In addition, we use such information to customize, measure, and improve our services and the content and layout of the App, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of the App and services made available through the App;
2. to provide a personalized experience, and implement the preferences you request. For example, you may choose to provide us with access to certain Personal Information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of the App and services made available through the App;
3. to facilitate corporate acquisitions, mergers, or transactions. We may, in particular, process any information regarding your wallet and use of the App and services made available through the App as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.

3.7 For any purpose that you provide your consent.

We will not use your Personal Information for purposes other than those purposes we have disclosed to you, without your permission. From time to time, and as required under applicable law, we may request your permission to allow us to share your Personal Information with third parties. In such instances, you may opt out of having your Personal Information shared with third parties, or allowing us to use your Personal Information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your Personal Information, certain features or the App may not be available to you.

4 Legal Basis for processing your Personal Information

For individuals who are located in the European Economic Area, the United Kingdom or Switzerland (collectively " EEA Residents ") at the time their Personal Information is collected, our legal bases for processing your information under the EU General Data Protection Regulation (" GDPR ") will depend on the Personal Information at issue, the specific context in the which the Personal Information is collected and the purposes for which it is used.

Generally, we process Personal Information, including data pertaining to EEA Residents, as described in Section3 of this Privacy Policy, based on the following corresponding legal bases:

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the "How to contact us" heading below.

5 Security and confidentiality of your Personal Information.

We are committed to protecting your privacy. The App's systems and data are reviewed periodically to ensure that you are getting a quality service and that leading security features are in place. We have put in place appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the Personal Information you entrust to us, as well as procedures to deal with any actual or suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

For example, we use computer safeguards such as firewalls and data encryption and we authorize access to Personal Information only for those contractors or employees who require it to fulfill their job responsibilities.

Unfortunately, the transmission of information via digital networks such as the Bitcoin blockchain, Lightning Network, and Hyperswarm network is never completely secure. While we do our utmost to protect your Personal Information, we cannot guarantee the security of your data transmitted to us through the App; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorized access.

6 Transfers.

We take care to allow your Personal Information to be accessed only by those who require access to perform their tasks and duties, and to share your Personal Information only with third parties who have a legitimate purpose for accessing it. We will never sell or rent your Personal Information to third parties without your explicit consent. As necessary, we will share your Personal Information with:

• Any member of our group, including any of our associates or affiliates or any of their representatives;
• Our service providers, to the extent they process your data on our behalf. Our data processing agreements require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share Personal Information with (other than those mentioned above) include:

• Network infrastructure, cloud storage, document repository services, and other Internet / IT related providers necessary to run and provide the App and services made available through the App;
• Transaction monitoring, and other services provided in connection with the App;
• Service providers specializing in security issues or customer support;

• Selected third parties, including analytics and search engine providers that assist us in the improvement and optimization of the App and services;
• Authorities and law enforcement agencies worldwide either when ordered to do so or on a voluntary basis if this appears reasonable and necessary to us;
• Companies or other entities that we plan to merge with or be acquired by, in which case Personal Information held by it about its customers will be one of the transferred assets;
• Our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations;
• Any other third party, if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our terms of and other agreements; or to protect the rights, property, or safety of us, our clients, or others, including to defend ourselves from legal claims.

7 International Transfers.

Your Personal Information may be processed and stored in a foreign country or countries and the governments, courts, law enforcement or regulatory agencies of that country or those countries may be able to obtain access to your Personal Information through foreign laws. You need to be aware that the privacy standards of those countries may be lower than those of the jurisdiction in which you reside.

We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy. All data you provide to us is stored on our secure servers. Where we transfer Personal Information pertaining to EEA Residents outside of the EEA, we ensure that adequate safeguards are in place. That includes, where necessary, taking steps to evaluate the risks raised by the transfers in countries that do not offer an adequate level of protection. We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of EEA Residents' Personal Information, to the extent the recipients of the European Personal Information are located in a country that the EU Commission considers to not provide an adequate level of data protection. We may also rely on an adequacy decision of the European Commission confirming an adequate level of data protection in the jurisdiction of the party receiving the information, or derogations in specific situations.

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA.

8 Data Retention

We have data retention and deletion policies designed to retain Personal Information for no longer than necessary for the purposes set out herein or as otherwise required to meet legal or business needs. Because of those retention requirements, we might not be able to honor erasure requests.

If we no longer process your Personal Information for the described purposes, we will remove it from our systems and records or make it completely anonymous so that you can no longer be identified from it. Your data will not be erased or made completely anonymous if and as long as we have to store your data in order to fulfil legal or regulatory obligations, e.g., legal retention requirements, which may arise from applicable national legislation.

9 Your Rights

9.1 General provisions

Depending on applicable law where you reside, you may be able to assert certain rights related to your Personal Information identified below. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, Synonym has absolute discretion in providing you with those rights.

Your rights to Personal Information are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

9.2 Special provisions for EEA Residents

If you are an EEA resident you have a number of rights in relation to how we process your Personal Information:

1. Access and portability. You may request that we provide you with a copy of your Personal Information held by us. This information will be provided without undue delay, unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your Personal Information in a structured, commonly used and machine-readable format, and to have us transfer your Personal Information directly to another data controller.
2. Rectification of incomplete or inaccurate Personal Information . You may request us to rectify or update any of your Personal Information held by us that is inaccurate.
3. Erasure . You may have your Personal Information erased in certain circumstances, for example, where it is no longer necessary for us to process your Personal Information to fulfill our processing purposes; or where you have exercised your right to object to the processing.
4. Restrict the processing of your Personal Information . You have this right where, for example, the information is inaccurate or it is no longer necessary for us to process such information or where you have exercised your right to object to our processing. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
5. Object to the processing of your Personal Information . This right may be exercised in certain circumstances under applicable law, for example, where we are processing your Personal Information for direct marketing purposes, or where your own legitimate interests outweigh ours.
6. Data portability. You have the right to have your Personal Information transferred to a new service provider if you no longer wish to use the App and services made available through the App. You may exercise this right by contacting us.
7. Withdraw consent. When we rely on your consent to process Personal Information, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our previous processing based on consent before your withdrawal.
8. Automated individual decision-making, including profiling. We rely on automated tools to help determine whether a transaction or a wallet user presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your Personal Information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

10 Third-Party records

Please be aware that your transactions may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.

Because blockchains are decentralized or third-party networks which are not controlled or operated by Synonym, we are not able to erase, modify, or alter Personal Information from such networks.

11 Changes to this Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where material, notified to you. Please check back frequently to see any updates or changes to our Privacy Policy.

12 Contact

Questions, comments and requests regarding this Privacy Policy shoulListd be addressed to info@synonym.to.

If you are an EEA Resident and you have any concerns about how we handle your Personal Information, please contact us in the first instance by email at info@synonym.to. You can also contact our EU/UK representative [ insert email address ]. We will do our best to resolve your concern. You can also submit a complaint to the national supervisory authority within your jurisdiction, details of which can be found here.