1. Introduction
Thank you for visiting UKey.com (the "Site") or using the UKey application (the "App").
This Privacy Policy is issued by UKEY LIMITED, with its registered address at 19/F, Hip Shing Hong Centre, 55 Des Voeux Road Central, Central, Hong Kong (hereinafter referred to as "UKey," "UKey Wallet," "we," "us," or "our"). UKEY LIMITED acts as the data controller under this Privacy Policy.
As a data controller, UKey Wallet has established this Privacy Policy statement (the "Privacy Policy") to explain our practices regarding the collection, storage, use, disclosure, and other forms of processing of Personal Data (as defined below).
By visiting or using the Site and related application interfaces or mobile applications, you:
(a) Confirm that you have the right, capacity, and authority to accept this Privacy Policy;
(b) Acknowledge that you have read and understood this Privacy Policy;
(c) Agree to the policies and practices described in this Privacy Policy.
Please read this Privacy Policy carefully to understand our data processing methods.
This Privacy Policy explains: what data we collect, why we collect it, how it is used and stored, how it is shared, your rights, and how to contact us. If you do not agree with the data usage methods described in this Privacy Policy, please do not use the Site or the App.
2. Definitions
Digital Asset: Refers to digital assets based on computer network encryption protocols (also known as "virtual financial assets," "convertible virtual currency," "cryptocurrency," "virtual currency," "digital currency," "digital commodities," or "digital payment tokens"), which can be centralized or decentralized, open-source or closed-source, and can serve as a medium of exchange and/or a store of value.
Personal Data: Refers to any information that can directly or indirectly identify an individual, either alone or in combination with other information, such as name, email address, username, contact information, ID number, location information, IP address, device ID, etc. The scope of application is subject to the relevant laws of your place of residence.
Sensitive Information: Refers to personal data involving race or ethnicity, political opinions, religious beliefs, trade union or professional organization membership, sexual orientation, criminal records, biometric information, or health information.
3. Personal Data We Collect and Hold and Its Sources
UKey Wallet collects, processes, and stores your personal data when you use its services or provide consent. Such personal data may include contact information, copies of identification documents provided by you or information from public databases, your government ID number, and information related to your device or network services (such as IP addresses).
UKey Wallet collects information you provide during the registration or onboarding process on the UKey Wallet website (regardless of whether the process is completed, interrupted, or abandoned). Additionally, we collect your personal data when you contact customer support, subscribe to marketing information, communicate with us via phone, email, or other means, or conduct transactions on the UKey Wallet website.
UKey Wallet may actively or automatically collect, use, store, or transmit your personal data, including but not limited to:
Personal Identity Information: Such as name, email address, phone number, nationality, date of birth, address, and government identification information.
Institutional Information: Such as the legal name of the company, company registration information, government registration number, proof of identity and legal existence, address, business description, and ultimate beneficial owner information.
Commercial Information: Related to transactions conducted on the UKey Wallet website.
Financial Information: Such as credit/debit card numbers and bank account information.
Communication Information: Including records of communication with the customer support team and user survey feedback.
Regulatory Information: Required by national or local licensing agencies and consumer protection agencies.
Other Identifiers: Such as device fingerprint data, IP address, and geographic location information.
UKey Wallet may also obtain your personal data from third parties, such as electronic verification service providers, referrers, marketing agencies, or liquidity providers. In such cases, we take reasonable measures to ensure these third parties comply with applicable privacy laws.
UKey Wallet may use third parties to analyze website traffic, which may involve the use of Cookie technology. Information collected through such analysis is not anonymous.
Unless your consent is obtained or a legal exception applies, UKey Wallet will not collect your sensitive information. These exceptions include situations required or authorized by law, or cases where action must be taken in response to suspected illegal acts or significant misconduct.
If you do not provide the requested personal data, UKey Wallet may not be able to provide you with full services or adequately meet your needs.
4. How We Use Your Personal Information
UKey Wallet may use your information for the following purposes:
To provide UKey Wallet services: We use your personal information to deliver services. For example, when you place an order in the official store, we need your identity, contact, and address information for billing, shipping, data analysis, and service notifications.
To comply with legal and regulatory requirements: UKey Wallet processes your personal information to comply with anti-money laundering and related security laws. When you use UKey Card services, we may work with service providers to verify your identity or address.
Based on our legitimate business interests:
Recruitment and employment management.
Quality control and staff training.
Enhancing security, monitoring, and identity/access verification to prevent spam, malware, or other security risks.
Research and development.
Improving your experience with our services and website.
Facilitating corporate acquisitions, mergers, or other transaction activities.
5. Legal Basis for Processing Personal Information
For individuals located in the European Economic Area (EEA), the UK, or Switzerland at the time of data collection, we process your information based on the legal grounds provided by relevant data protection laws:
To fulfill legal obligations;
To perform a contract with you or take necessary steps before entering a contract at your request;
Based on our legitimate interests in conducting business;
To protect the property rights of UKey Wallet or yours;
With your consent.
6. Data Sharing Recipients
UKey Wallet may disclose your personal information in the following circumstances:
Internal Group Entities: To provide services and conduct business.
Service Providers: Third parties providing hosting, maintenance, cybersecurity, and technical support.
Native Integrations: You may share data with other apps through native integration features.
Legal Requirements: Disclosure to law enforcement or regulatory agencies when required by law or to protect rights and safety.
Strategic Partners: With your consent, for marketing or advertising.
Third-Party Platforms: When you choose to interact with third-party services.
7. Google User Data Processing
This section applies only to Android users.
7.1 Google Account Data Obtained
Basic Google Account information (email, display name, avatar).
OAuth access tokens, used solely to create, read, and delete UKey Wallet backup files in the hidden app data space of your Google account.
7.2 Requested OAuth Scopes
This scope only allows UKey Wallet to access files created by UKey Wallet itself.
7.3 Data Usage
Upload locally end-to-end encrypted wallet data to Google Drive.
Download and decrypt backup for recovery on new devices.
We do NOT use Google data for advertising or model training.
7.4 Data Encryption
All data is encrypted with AES-256 on your local device before transmission.
The encryption key is derived from your PIN.
Neither UKey Wallet nor Google can decrypt the backup.
7.5 Retention and Deletion
You can delete backups or revoke access at any time within the app or via Google Account Permissions.
7.6 Data Sharing
UKey Wallet will not share any data obtained from your Google account with third parties.
7.7 Note for iOS Platform
iOS uses Apple iCloud; it does not use Google Sign-in for backups.
7.8 Compliance with Google API Services User Data Policy
UKey Wallet complies with the Limited Use requirements. We only use data to provide/improve the backup feature and do not use it for advertising or allow human reading without specific consent or legal necessity.
8. Your Rights
Depending on your region, you may have the following rights:
Right to Access/Information: To know why and how your data is processed.
Right to Rectification: To correct inaccurate or incomplete info.
Right to Erasure: To request deletion of data.
Right to Object: To object to processing based on legitimate interests.
Right to Restriction: To stop processing except for storage.
Right to Data Portability: To receive your data in a machine-readable format.
Right to Withdraw Consent: At any time.
Right to Lodge a Complaint: With a regulatory authority.
To exercise these rights, please contact: [email protected].
9. Information Retention
We retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.
10. Security and Storage
We implement reasonable security measures to protect your information. However, no internet transmission is 100% secure. Your data may be stored in the United States.
11. Eligibility
UKey Wallet does not provide services to or collect data from individuals under 18 years of age.
12. Changes to the Privacy Policy
We may update this policy from time to time. Your continued use of the services indicates your acknowledgement of the changes.
13. Language
This policy may be provided in multiple languages. In case of inconsistency, the English version shall prevail.
14. Supplemental Note for EU GDPR
For users in the European region, we comply with the GDPR.
Legal Basis: Fulfillment of legal obligations, contract performance, consent, and legitimate interests.
Automated Decision-Making: We may use automated decision-making for risk control and fraud detection. You have the right to request human intervention and contest such decisions.