Privacy Policy

Snapss Inc. ("Company" "we", "us", or "our"), located at 8 The Green, Dover, DE 19901, United States (EIN: 37-2185323), is committed to protecting your privacy, this policy describes our practices regarding Personal Data (as defined below) that we may collect, use, and share in connection with our websites, mobile apps, and other software provided on or in connection with our services, as described in our Terms of Use (collectively, the "Service"). Where this Privacy Policy uses the term "NFT" it means a non-fungible token or similar digital item implemented on a blockchain (such as the Ethereum blockchain), which uses smart contracts to link to or otherwise be associated with certain content or data and where this Privacy Policy uses the term "Digital Pass" it means a digital card integrated into the users Apple and/or Google wallet and subject to the terms of use and privacy policy of the relevant wallet, Apple or Google, as the case may be.

1. Types of Data We Collect

"Personal Data" means data that allows someone to identify you individually, including, for example, your name, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing. "Anonymous Data" means data, including aggregated and de-identified data, from which you cannot be readily identified. We collect Personal Data and Anonymous Data as described below.

a. Information You Provide Us

1. When you use our Service, update your account profile, or contact us, we may collect Personal Data from you, such as email address, first and last name, user name, mobile number and other information you provide. We also collect your blockchain address when you provide it to us as part of configuring your instance of the Services, which may become associated with Personal Data as you use the Services after that point.
2. Our Service lets you store user preferences, for example: how your content is displayed, notification settings, and favorites. We may associate these choices with your ID, browser, or mobile device.
3. If you provide us with feedback or contact us, we will collect your name and contact information, as well as any other content included in the message.
4. We may also collect Personal Data at other points in our Service where you voluntarily provide it or where we state that Personal Data provided in a particular process is being collected.

b. Information Collected via Technology

As you navigate through and interact with our Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including, without limitation, publicly available information from the blockchain and other non-publicly available information:

1. Information Collected by Our Servers: To provide our Service and make it more useful to you, we (or a third party service provider) collect information from you, including, but not limited to, your browser type, operating system, Internet Protocol ("IP") address, mobile device ID, blockchain address, wallet type, and date/time stamps.
2. Log Files: As is true of most websites and applications, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider ("ISP"), referring/exit pages, operating system, date/time stamps, and clickstream data. We use this information to analyze trends, administer the Service, track users' movements around the Service, and better tailor our Services to our users' needs.
3. Cookies: Like many online services, we may use cookies to collect information. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to analyze how users interact with our Service, make improvements to our product quality, and provide users with a more personalized experience.
4. Pixel Tag: In addition, we use "Pixel Tags" (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags allow us to analyze how users find our Service, make the Service more useful to you, and tailor your experience with us to meet your particular interests and needs.
5. Analytics Services: In addition to the tracking technologies we place like Cookies and Pixel Tags, other companies may set their own cookies or similar tools when you visit our Service. This includes third-party analytics services ("Analytics Services") that we engage to help analyze how users use the Service.

c. Information Collected from Third-Party Companies

We may receive Personal and/or Anonymous Data about you from companies that offer their products and/or services for use in conjunction with our Service or whose products and/or services may be linked from our Service.

d. Public Information Observed from Blockchains

We collect data from activity that is publicly visible and/or accessible on blockchain networks with which you may interact as you use the Service. This may include blockchain addresses and information regarding use of Digital Passes, purchases, sales, or transfers of NFTs, which may then be associated with other data you have provided to us.

2. Use of Your Personal Data

a. We process your Personal Data to run our business, provide the Service, personalize your experience on the Service, and improve the Service. Specifically, we use your Personal Data to:

1. facilitate the creation of and secure your account;
2. identify you as a user in our system;
3. provide you with our Service powered by our technology that we brand as Certhis, including, but not limited to, Digital Passes for Google and Apple wallets and related services branded as Snapss;
4. improve the administration of our Service and quality of experience when you interact with our Service;
5. provide customer support and respond to your requests and inquiries;
6. investigate and address conduct that may violate our Terms of Service;
7. detect, prevent, and address fraud, violations of our terms or policies, and/or other harmful or unlawful activity;
8. display your username next to the NFTs currently or previously accessible in your third-party wallet;
9. send you a welcome email to verify ownership of the email address provided when your account was created;
10. send you administrative notifications, such as security, support, and maintenance advisories;
11. send you notifications related to actions on the Service;
12. send you newsletters, promotional materials, and other notices related to our Services or third parties' goods and services;
13. respond to your inquiries related to employment opportunities or other requests;
14. comply with applicable laws, cooperate with investigations by law enforcement or other authorities of suspected violations of law, and/or to pursue or defend against legal threats and/or claims.

b. Anonymous Data

We may create Anonymous Data records from Personal Data. We use this Anonymous Data to analyze request and usage patterns so that we may improve our Services and enhance Service navigation. We reserve the right to use Anonymous Data for any purpose and to disclose Anonymous Data to third parties without restriction.

3. Disclosure of Your Personal Data

We disclose your Personal Data as described below and as described elsewhere in this Privacy Policy.

a. Third Party Service Providers

We may share your Personal Data with third party service providers to: provide technical infrastructure services; conduct quality assurance testing; analyze how our Service is used; prevent, detect, and respond to unauthorized activities; provide technical and customer support; and/or to provide other support to us and to the Service.

b. Affiliates

We may share some or all of your Personal Data with any subsidiaries, joint ventures, or other companies under our common control ("Affiliates"), in which case we will require our Affiliates to honor this Privacy Policy.

c. Corporate Restructuring

We may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition, or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets.

d. Legal Rights

Regardless of any choices you make regarding your Personal Data (as described below), Company may disclose Personal Data if it believes in good faith that such disclosure is necessary: (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas, warrants, or other legal process served on Company; (c) to protect or defend the rights or property of Company or users of the Service; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Service.

e. Other Disclosures

We may also disclose your Personal Data: to fulfill the purpose for which you provide it; for any other purpose disclosed by us when you provide it; or with your consent.

4. Third-Party Websites

Our Service may contain links to third-party websites. When you click on a link to any other website or location, you will leave our Service and go to another site, and another entity may collect Personal Data from you. We have no control over, do not review, and cannot be responsible for these third-party websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these third-party websites or their content, or to any collection of your Personal Data after you click on links to such third-party websites.

5. Third-Party Wallets

To use our Service effectively, depending on the Service you will also need Google or Apple wallets or a digital wallet provided by another third-party which allows you to engage in transactions on public blockchains. Your interactions with any third-party wallet provider, including Google and Apple, will be governed by the applicable terms of service and privacy policy of that third party.

6. Your Choices Regarding Information

a. Email Communications

Where you have subscribed to receive them, we may periodically send you newsletters and/or emails that directly promote the use of our Service or third parties' goods and services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving these communications from us by following the unsubscribe instructions provided in the email you receive.

b. Cookies

If you decide at any time that you no longer wish to accept Cookies from our Service for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. If you do not accept any Cookies, including functionality Cookies which our site uses to operate, then you may not be able to use all portions of the Service or all functionality of the Service.

7. Data Access and Control

You can view, access, edit, or delete your Personal Data for certain aspects of the Service via your Settings page. You may also have certain additional rights:

a. European Economic Area and United Kingdom

If you are a user in the European Economic Area or United Kingdom, you have certain rights under the respective European and UK General Data Protection Regulations ("GDPR"). These include the right to (i) request access and obtain a copy of your personal data; (ii) request rectification or erasure; (iii) object to or restrict the processing of your personal data; and (iv) request portability of your personal data. Additionally, if we have collected and processed your personal data with your consent, you have the right to withdraw your consent at any time.

b. California Residents

If you are a California resident, you have certain rights under the California Consumer Privacy Act ("CCPA"). These include the right to (i) request access to, details regarding, and a copy of the personal information we have collected about you and/or shared with third parties; (ii) request deletion of the personal information that we have collected about you; and (iii) the right to opt-out of sale of your personal information. As the terms are defined under the CCPA, we do not "sell" your "personal information."

c. Exercising Your Rights

If you wish to exercise your rights under the GDPR, CCPA, or other applicable data protection or privacy laws, please contact us at the address provided in Section 13 below, specify your request, and reference the applicable law. We may ask you to verify your identity, or ask for more information about your request.

d. Blockchain Information

Notwithstanding the above, we cannot edit or delete any information that is stored on a blockchain, as we do not have custody or control over any individual blockchain network.

8. Data Retention

We may retain your Personal Data as long as you continue to use the Service, have an account with us, or for as long as is necessary to fulfill the purposes outlined in this Privacy Policy. We may continue to retain your Personal Data even after you deactivate your account and/or cease to use the Service if such retention is reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our Terms or other agreements, and/or protect our legitimate interests.

9. Data Protection

Company implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal data from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. Where appropriate, these safeguards include encryption. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.

10. Minors

We do not intentionally gather Personal Data from visitors who are under the age of 13. Our Terms of Service require all users to be at least 18 years old. If a child under 13 submits Personal Data to Company and we learn that the Personal Data is the information of a child under 13, we will attempt to delete the information as soon as possible.

11. Users Outside of the United Kingdom

If you are a non-UK user of the Service, by visiting the Service and providing us with data, you acknowledge and agree that your Personal Data may be processed for the purposes identified in the Privacy Policy. In addition, your Personal Data may be processed in the country in which it was collected and/or it may be transferred to, stored and processed in other countries, where laws regarding processing of Personal Data may be less stringent than the laws in your country.

12. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy at www.certhis.io and www.snapss.io. The date the Privacy Policy was last revised is identified at the end of this Privacy Policy. You are responsible for periodically visiting our Service and this Privacy Policy to check for any changes.

13. Questions; Contacting; Reporting Violations

If you have any questions or concerns or complaints about our Privacy Policy or our data collection or processing practices, or if you want to report any security violations to us, please contact us at:

contact@snapss.io

Addendum I -- GDPR Privacy Notice to European Residents

If you are a resident of the European Union ("EU"), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the "GDPR") with respect to your Personal Data, as outlined in this GDPR Addendum.

For this GDPR Addendum, we use the terms "Personal Data" and "processing" as they are defined in the GDPR, but "Personal Data" generally means information that can be used to identify a person, and "processing" generally refers to actions that can be performed on data such as its collection, use, storage or disclosure.

The Company will usually be the controller of your Personal Data processed in connection with the Services. Note that we may also process Personal Data of our customers' end users or employees in connection with our provision of certain services to customers, in which case we may be the processor of Personal Data.

1. Types of Personal Data we Collect

We currently collect and otherwise process the kinds of Personal Data listed above in Section 1 of our Privacy Policy.

2. How we Get the Personal Data and why we Have it

We receive the Personal Data in the ways and for the purposes listed above in our Privacy Policy. We will only process your Personal Data if we have a lawful basis for doing so. Under the GDPR, the lawful basis we rely on for processing this information are:

• Your Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data.
• Contractual Obligation: We process certain categories of Personal Data as a matter of "contractual necessity", meaning that we need to process the data to perform under our Terms of Use with you.
• Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties.
• Legal Obligation: We may be required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements.

3. How we Share Your Personal Data

Sections 2-3 of the Privacy Policy explain how we share your Personal Data with third parties.

4. How we Store and Protect Your Personal Data

Section 9 of the Privacy Policy explains how we protect your Personal Data. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us via email at contact@snapss.io

5. Your Data Protection Rights

You have certain rights with respect to your Personal Data, including:

• Right of access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
• Right to rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
• Right to erasure: You can request that we erase some or all of your Personal Data from our systems.
• Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data.
• Right to object to processing: You have the right to object to the processing of your Personal Data in certain circumstances.
• Right to data portability: You can ask for a copy of your Personal Data in a machine-readable format.
• Right to withdraw consent: If we are processing your Personal Data based on your consent, you have the right to withdraw your consent at any time.

6. How to Complain

If you have any concerns about our use of your Personal Data, you can make a complaint to us at contact@snapss.io with the subject line "GDPR Request."

You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred.

7. Corporate Restructuring

In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, the information that we have collected, including Personal Data, may be transferred to the surviving or acquiring entity.

8. Transfers of Personal Data

The Services are hosted and operated in Ireland through Company and its service providers. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Company in Ireland and will be hosted on Ireland servers.

9. Updates to this GDPR Addendum

If, in the future, we intend to process your Personal Data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing.

10. Questions and Requests

Please reach out to contact@snapss.io for any questions, complaints, or requests regarding this GDPR Addendum, and include in the subject line "GDPR Request."