1. Introduction
This Privacy Policy Supplement ("Crypto Policy") applies specifically to your participation in the YAP Crypto Rewards Program, where you may earn digital assets (e.g., USDC, USDT) via the MiniPay wallet integration.
This Crypto Policy supplements the general YAP Privacy Policy. In the event of a conflict between this document and our general policy regarding financial data or cryptocurrency, this Crypto Policy controls. By connecting a wallet or earning crypto rewards, you consent to the sensitive data practices described below.
2. Information We Collect
To comply with financial regulations and facilitate blockchain transactions, we must collect sensitive personal information that we do not collect from standard users.
A. Identity Verification Data (KYC) If your earnings exceed certain thresholds or trigger risk alerts, we are legally required to verify your identity. We (or our third-party verification partners) may collect:
Government ID: A scan of your passport, driver’s license, or national ID card.
Biometric Data: A facial scan or "liveness" selfie to match against your ID.
Proof of Address: Utility bills or bank statements to verify residency.
Sanctions Screening: We screen your name and wallet against global watchlists (e.g., OFAC, UN Sanctions).
B. Wallet and Blockchain Data When you link MiniPay to YAP, we collect:
Public Wallet Address: The alphanumeric string identifying your wallet on the blockchain.
Transaction History: Publicly available data regarding payouts sent from YAP to your wallet.
Balance Information: We may read your public token balance to verify eligibility for certain features. (Note: YAP does not handle withdrawal functionality directly; all withdrawal actions are managed within the MiniPay environment. Consequently, we do not collect device fingerprints associated with withdrawal execution.)
C. Tax Information For high-volume earners (e.g., users earning over $600 USD/year in the US), we may collect your Tax Identification Number (TIN) or Social Security Number (SSN) to file required tax forms (e.g., IRS Form 1099).
3. How We Use This Information
We use your crypto-related data for strict legal and operational purposes:
Processing Payouts: Using your public wallet address to execute blockchain transactions.
Legal Compliance (AML/CTF): Verifying you are not on a terrorist financing or money laundering watchlist.
Fraud Prevention: Analyzing blockchain history to detect "sybil attacks" (one user operating multiple accounts to farm rewards).
Tax Reporting: Filing necessary reports with tax authorities (e.g., IRS, HMRC) where required by law.
4. Blockchain Transparency (No Opt-Out)
Important: You acknowledge that blockchain transactions are public, immutable, and permanent.
Public Visibility: When YAP sends crypto to your MiniPay wallet, the transaction (including your wallet address and the amount) becomes part of the public ledger. Anyone can view this information on a block explorer (e.g., Etherscan, Celo Explorer).
No Erasure: We cannot delete, hide, or edit data once it is written to the blockchain. This data exists independently of YAP’s servers.
5. Information Sharing
We share crypto-specific data with different categories of third parties than our standard app:
A. Identity Verification Partners We share your ID documents and selfies with specialized verification providers (e.g., SumSub, Persona, Onfido) to perform authenticity checks. These providers are contractually bound to protect your data but may retain it for legal periods.
B. Wallet Providers (MiniPay) YAP is a separate entity from Opera MiniPay (Blueboard). When you link MiniPay, we interact with their API to confirm your address. We do not have access to, and do not collect, your Private Keys or Seed Phrases. Your use of MiniPay is governed by MiniPay's Privacy Policy.
C. Regulatory Authorities We may disclose your user ID, wallet address, and transaction history to law enforcement, tax authorities, or regulators if:
Compelled by a subpoena or court order.
Required to report suspicious activity (Suspicious Activity Reports - SARs).
6. Data Retention and Deletion Rights
Strict Limitation on Deletion Rights: Unlike standard app data, we cannot grant requests to delete your financial transaction data.
Regulatory Retention: Anti-Money Laundering laws typically require us to retain KYC documents and transaction logs for five (5) to seven (7) years after your account is closed.
Immutable Ledger: We cannot delete data from the blockchain.
If you request account deletion, we will anonymize your learning profile, but we will retain your identity verification records and transaction history in a secure, offline archive until the statutory retention period expires.
7. Security of Crypto Data
We use enterprise-grade security for financial data:
Encryption: KYC documents are encrypted at rest using AES-256 standards.
Access Control: Only authorized compliance staff have access to sensitive ID documents; support staff cannot view them.
Cold Storage: YAP’s treasury funds are held in multi-signature wallets to prevent theft.
8. International Data Transfers
Crypto is global. Your personal information, including KYC data, may be transferred to and processed in the United States or other jurisdictions where our verification partners operate. By participating in Crypto Rewards, you explicitly consent to this cross-border transfer of sensitive financial data.
9. Contact Us
For privacy questions specific to crypto transactions, contact our Data Protection Officer:
YAP Technologies Inc.
Email: privacy@goyap.ai
Subject Line: Crypto Privacy Inquiry
