1. Data Controller
This Privacy Policy includes important information about your personal data, and we encourage you to read it carefully.
We provide a universal proving layer for all zero-knowledge computations. Individuals and businesses of all sizes use our technology to generate and verify ZK (Zero-Knowledge) proofs efficiently and securely.
Contact Details:
- Gevulot Oy, Meritullinkatu 1 B, 00170 Helsinki
- Email: admin@gevulot.com
Data Protection Officer (DPO): We have reviewed our data processing activities and determined that we are not required to appoint a Data Protection Officer (DPO) under Article 37 of the General Data Protection Regulation (GDPR). However, we are committed to ensuring the security and privacy of your personal data.
2. Acceptance
By accessing or using ZkCloud and related services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, you must not access or use our services, or our Website.
3. What Data We Collect
Our collection and use of personal data varies based on your role in the ZkCloud or Gevulot ecosystem. Whether you are a Node Operator, a Client buying Credits, or a Visitor to our site, we may collect different types of personal information to serve specific purposes.
Personal and Business Data
– Node Operators: If you are a node operator looking to integrate with the ZkCloud network, we may collect personal and business-related data such as:
- your name, email, role in the organization,
- other personal or company contact information given voluntarily, such as Telegram or Twitter usernames,
- company name, address, and website address,
- company’s country of residence, tax residency information, and tax identification number,
- payment details (processed securely via Stripe, Coinbase Commerce, and Revolut Business), contact information (like email), and details related to your business,
- Information about other people (such as the company’s directors or employees) where we are legally required to ask for such information (for example, as part of Know Your Business (KYB) checks or under anti-money laundering laws to verify your company’s sources of funds),
- Technical data necessary for network participation
– Clients: When using ZkCloud for proof generation, we may collect personal and business-related data such as:
- your name, email, role in the organization,
- other personal or company contact information given voluntarily, such as Telegram or Twitter usernames,
- company name, address, and website address,
- company’s country of residence, tax residency information, and tax identification number,
- payment details (processed securely via Stripe, Coinbase Commerce, and Revolut Business), and transactional data related to your purchase of credits,
- Information about other people (such as the company’s directors or employees) where we are legally required to ask for such information (for example, as part of Know Your Business (KYB) checks or under anti-money laundering laws to verify your company’s sources of funds),
- Additionally, we collect information related to your computational workload related for ZK proof generation, as well as your estimated ZK proof needs (when applying for a free tier of Credits). This data helps us optimize resource allocation, improve service offerings, and ensure that your ZK-proof generation needs are met efficiently.
Usage Data
We collect usage data from your interactions with the infrastructure to monitor performance and security. We collect the following information:
- Device Information: This includes technical data such as IP address, and User Agent header to monitor performance and ensure security.
- Blockchain Data: Any data submitted to the blockchain is permanently stored and cannot be deleted. Users must be aware that optional fields may contain personal information that will remain indefinitely.
- Optional Fields: There are some optional fields for naming and describing objects (such as Node, Task, Pin, etc.). These fields do not require personal information; however, if users choose to enter personal information in these fields, it will also be permanently stored on the blockchain.
Website visit data
If you are simply visiting the www.zkcloud.com website, we may collect standard web analytics data and usage metrics to help us improve site performance and security. This data is collected anonymously where possible.
Payment Data
When purchasing Credits via Stripe payment link through www.gevulot.com, or proceeding with a payment with Coinbase Commerce, or Revolut Business we collect the following types of data:
- Personal Identification Data: Name, email address, and such contact details during the purchase process or when applying for a free tier.
- Payment Information: Payment details (such as card information) are securely processed by Stripe. Gevulot does not store payment details directly in any case.
- Transaction Data: Information about your purchases, amounts, and payment history for records and audit purposes.
In all cases, the data collected is minimized to what is necessary to conclude and perform in our service or other relevant contract(s) with you. We may access, read, preserve, and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities.
4. Where We Collect Your Data
Payment Data
We collect the information you provide when you:
- Fill in any forms, including buying Credits or applying for free Credits to be used in ZkCloud
- Correspond with us
- Interact in ZkCloud to generate a proof request
- Speak or reach out to a member of our social media or customer support (for example, through our social media pages or website)
- Contact us for other reasons
Minors Under 16
Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from minors. If we discover that personal data of a minor has been inadvertently collected, we will take steps to delete the data that can be deleted immediately. However, please note that data written to a blockchain is permanent and cannot be deleted. By using our services, users confirm that they are at least 16 years old.
5. How We Use Your Data
We use your data to:
- Facilitate the purchase of credits through Stripe, Coinbase Commerce, and Revolut Business, and provide access to ZkCloud services.
- Process and manage transactions, including sending receipts and confirming payments.
- Communicate usage updates: We collect your email address to send important information about your usage of the ZkCloud platform, such as updates, changes, or additional services.
- Improve platform performance and monitor usage for security and troubleshooting purposes.
- Ensure compliance with legal obligations, such as maintaining transaction records for financial audits, in line with applicable data protection regulations, including GDPR.
We do not use your personal data for any automated decision-making or profiling that produces legal or similarly significant effects.
6. Purposes of Data Collection
We process your personal information based on the following legal grounds:
- Contractual necessity: We process personal information to fulfill our service delivery or contract with you.
- Legal obligation: Processing is necessary to comply with our legal obligations, such as tax laws or responding to legal requests.
- Legitimate interest: We may process data based on legitimate interests such as improving services, preventing fraud, or ensuring security. We balance this interest against your privacy rights.
- Consent: In cases where you have explicitly provided consent (such as marketing or optional features), we process your data accordingly. You have the right to withdraw consent at any time.
7. Third-Party Payment Services
We share personal data with trusted third-party processors, including Stripe, Coinbase Commerce, and Revolut Business, only as necessary to perform transactions or provide services. These third-party processors are used for all the payments made through www.gevulot.com. These providers are selected based on their robust security measures, including encryption, data minimization, and access control to protect personal information. We ensure all third-party processors adhere to GDPR requirements and maintain strict data protection agreements (DPAs). Additionally, data subject rights related to third-party processing are fully respected. You can exercise your rights, including access, rectification, or deletion, by contacting us or the respective processor.
Stripe, Coinbase Commerce, and Revolut Business handle your payment data securely and in compliance with GDPR.
For more information on how Stripe handles your data, please refer to their Privacy Policy.
For more information on how Coinbase Commerce handles your data, please refer to their Privacy Policy.
For more information on how Revolut Business handles your data, please refer to their Privacy Policy.
ZkCloud or Gevulot do not store your credit card or banking details.
8. Third-Party Data Transfers
- Blockchain Validator Nodes: Our blockchain validator nodes are distributed globally, meaning that blockchain data may also be stored and processed across different regions worldwide.
- RPC Nodes: Our Remote Procedure Call (RPC) nodes are located both in the EU and the USA, which may involve the transfer of data across borders.
- Third-Party Nodes: We cannot control the data collection practices of third-party nodes that interact with our network. These nodes may gather a variety of logs, including IP addresses and other personal data. Third-party nodes can be located anywhere in the world, and their data handling practices may differ from our own.
Due to the global nature of blockchain technology, data may be processed in various jurisdictions, including non-EU countries.
Please note that while we strive to implement safeguards, we cannot ensure that all third parties, including blockchain validator nodes, comply with EU data protection principles. Users should be aware of the potential for differing data protection standards in other jurisdictions that do not offer the same level of data protection as the EU. By using our services, users acknowledge and accept the risks associated with such transfers, especially where it is impossible to guarantee compliance with EU data protection principles.
9. GDPR Compliance for Data Transfers
Safeguards for International Transfers: We take steps to ensure that your personal data is adequately protected when transferred outside the European Economic Area (EEA). In cases where personal data is transferred to countries that do not provide an equivalent level of data protection, we implement appropriate safeguards such as:
- Adequate Protection: If a transfer is made to a country that has been recognized by the European Commission as providing an adequate level of data protection, personal data may be transferred without further safeguards.
- Standard Contractual Clauses (SCCs): We may use SCCs approved by the European Commission for data transfers to non-EU countries, which legally require the recipient to protect your personal data in line with EU standards. However, please note that we cannot guarantee that all third-party nodes will adhere to these clauses or GDPR principles.
- Transparency and Risk Awareness: While we strive to implement safeguards, we cannot guarantee that all third parties, including blockchain validator nodes, adhere to these safeguards or EU data protection principles. Users should be aware of the potential for differing data protection standards in other jurisdictions, and we recommend exercising caution when submitting personal data to blockchain interactions.
10. Retention of Data
We retain your personal data for as long as it is necessary to provide you with services, fulfill contractual obligations, comply with legal requirements, or protect our legitimate interests. Retention periods may vary based on the type of data:
- Transaction data: Retained for at least 6 (six) years for tax and financial record-keeping purposes, following Finnish law.
- Company or personal data: Retained for as long as you continue to utilize our services, such as purchasing credits for generating proofs in ZkCloud, or as required by law. This includes data associated with your purchases, transactions, and use of the ZkCloud services.
- Communication data: Retained until no longer necessary for service support. If you have specific questions about your data retention, please contact us for more information.
Blockchain Data Disclaimer
It is important to note that once data is written to a blockchain, it is permanent and cannot be altered or deleted. This includes any personal information that may be submitted via optional fields (such as naming or describing objects). We strongly advise users not to enter any personal data in fields that are permanently recorded on the blockchain, as this data cannot be removed or modified once recorded.
- Avoiding the use of personal identifiers (such as names, email addresses, or contact details) in fields intended for descriptions or labels.
- Reviewing any data before submission to ensure that no sensitive or personal information is included.
- Utilizing pseudonyms or anonymous identifiers where necessary.
To help prevent unintended disclosure of personal data, we recommend:
Please contact us if you have any questions regarding safe data submission practices to admin@gevulot.com.
Despite our efforts to encourage safe practices, the responsibility for avoiding personal data entry lies with the user. By reading this Privacy Policy prior to submitting any data to the blockchain, users will be informed that any personal data entered into blockchain-related fields will be permanently recorded and cannot be erased or modified. By using our services, users acknowledge and accept that the irreversible nature of such entries before proceeding.
11. Your Privacy Rights
Depending on your jurisdiction, you may be entitled to exercise the following privacy rights related to your personal information:
- Right to Access: You have the right to request information about the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccuracies in your personal information.
- Right to Erasure: In certain circumstances, you have the right to request that we erase your personal information. Please note that data written on the blockchain is permanent and cannot be deleted. Users should be aware that any personal information submitted to optional fields will remain on the blockchain indefinitely.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal information in specific cases.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
- Right to Object: You may have the right to object to our processing of your personal data on grounds related to your particular situation.
- Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Please note that data written on the blockchain is permanent and cannot be deleted.
To exercise any of these rights, please contact us at admin@gevulot.com. We will evaluate your request in accordance with applicable laws and respond within the legally required timeframe. If any of the rights listed are not mandated by law in your jurisdiction, we reserve the discretion to provide such rights.
If you choose to withdraw your consent or do not provide the necessary information required for us to perform the contract or comply with legal obligations, we may be unable to continue providing certain services. In such cases, you will be notified of potential impacts to the specific services provided.
12. Data Breach Notifications
In the event of a personal data breach, we will promptly assess the impact and, where necessary, notify affected individuals and the relevant supervisory authorities, as required by GDPR Article 33. We will provide information about the nature of the breach, its potential consequences, and the steps we are taking to mitigate the damage within 72 hours of becoming aware of the breach when required.
13. Eligibility
You agree to use ZkCloud and related services to only for lawful purposes. To use ZkCloud, you must:
- Age Restriction: You must be at least 16 years old to use ZkCloud. By using the service, you confirm that you meet this age requirement. If we discover that a minor has provided us with personal data, we will take steps to delete any deletable data, though some information (such as blockchain-related data) may be irreversible.
- Legal Compliance: You agree to comply with all applicable local, national, and international laws and regulations when using ZkCloud.
You may not:
- Use ZkCloud or related services to engage in illegal activities, including fraud, money laundering, or any unlawful financial activities.
- Attempt to interfere with or compromise the security of the platform or the accounts of other users.
We reserve the right to suspend or terminate your access to ZkCloud for any violation of these policies.
14. Intellectual Property
- Ownership: ZkCloud and all related intellectual property, including infrastructure, algorithms, trademarks, and other proprietary materials, are owned by Gevulot Oy. This Privacy Policy does not transfer any ownership rights to you.
- License: We grant you a limited, non-exclusive, non-transferable license to use ZkCloud in accordance with this Privacy Policy. You may not copy, modify, distribute, or create derivative works from ZkCloud without our express written consent.
15. Service Modifications and Termination
We may modify or discontinue any part of ZkCloud services at any time, with or without notice. You agree that we will not be liable to you or any third party for any modification, suspension, or termination of the services.