Skip to content

cheqd Privacy
Policy

We care about your privacy. This Privacy Policy will be updated regularly to ensure that it is kept up to date with the latest developments and best practices.

LAST UPDATED: 22ND MAY 2023

Who are we?

cheqd is a software company with a mission to create the go-to incentivised decentralised identity network for digital credentials, which reward all parties in the ecosystem, whether institutional or individual.

cheqd is a trading name for the Cheqd Foundation.

cheqd is a Data Controller for personal data and personally identifiable information collected and processed by cheqd’s services. This means that cheqd stores and manages personal data on behalf of individuals, Data subjects.

cheqd can be found at:

Cheqd Foundation Limited

1 Irving Place #08-11
The Commerze @ Irving
Singapore 369546

General questions: [email protected]

Legal questions, or questions relating to this Privacy Policy: [email protected]

What data do we collect?

We collect your personal information in order to provide and continually improve our products and services.

Here are the types of personal information we collect:

  1. Information you give us: We receive and store any information you provide in relation to cheqd’s services. This information may comprise of:
    1. Your name,
    2. Your email address,
    3. Your IP address,
    4. Relevant metadata relating to your time on cheqd’s website,
    5. Conversation history with cheqd.

  2. Automatic information: We automatically collect and store certain types of information about your use of cheqd’s website, including your interaction with content hosted on our website. However, we do not use cookies; instead, we collect data in a privacy preserving way using Plausible as described below in the section on Third Party processors.

  3. Information provided to us by a third party: In the course of business with cheqd, it is reasonably foreseeable that we may receive personal data from an external source or third party.

How will we use your data?

Processing, collecting and disclosing our users/customers’ personal data in compliance with GDPR is important to cheqd, and as such, it is important to lay out exactly how we use your data.

  1. To carry out business activities: cheqd processes personal data that we receive from you enables us to carry out our digital identity services that we offer to you;

  2. To facilitate effective use of our identity services: cheqd may process and record personal data that we receive in providing data hosting and back-up services on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services;

  3. To communicate effectively with you: cheqd collects your data so that it can follow up any business activities with accuracy, drawing on interactions you have had with cheqd in the past;

  4. To conduct analytics: cheqd uses analytics on aggregated anonymized data so we can continually improve our website and keep it secure;

  5. To market our services: If consented to, cheqd will communicate and market its services to you through mediums such as a newsletter, educational emails or sharing articles. If you have opted in, you can always choose to opt-out later;

  6. To act on a business change: If cheqd become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, re-organisation, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure;

  7. To act on a request for necessary disclosure: cheqd may disclose information about you to third parties if deemed necessary by law, for example, to (i) comply with a law, regulation, or mandatory request such as a warrant or court order, to (ii) Protect the any person from death or serious bodily injury, to (iii) Protect the Site or cheqd from unlawful abuse or attacks.

Third party service providers:

cheqd uses some third parties to perform functions on our behalf. Examples include analysing data, providing marketing assistance, transmitting content, storing personal data in secure ways. These third-party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Policy and as permitted by applicable data protection laws. If processors in a third country (not within the EU) perform the data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seq. GDPR).

The third parties cheqd uses to process personal data are as follows:

  1. Pipedrive

    To process and respond to messages, demo requests, newsletter, mail, and feedback from existing and prospective partners / customers as quickly as possible, we use the CRM system, Pipedrive, which assumes the role of a data processor.
    Pipedrive is a private limited company established under the laws of the Republic of Estonia, with the address Paldiski mnt 80, Tallinn, 10617, Estonia. The company is registered in the Estonian Commercial Register under reference number 11958539, and a subsidiary of Pipedrive US. For this purpose, we have entered into a contract with Pipedrive using so-called standard contractual clauses, in which Pipedrive undertakes to process User Data only following our instructions and to comply with the EU level of data protection. You can access Pipedrive’s privacy policy here: https://www.pipedrive.com/en/privacy.

     

    Your data will be deleted from the Pipedrive CRM tool once we have processed your request and the purpose for storing it has ceased to exist, and there are no other legal exceptions to the contrary. You can get information about the data stored concerning your person upon request.

    During use, the following data in particular is processed via Pipedrive servers: name, address, communication data (such as telephone number, mobile phone number), customer number and e-mail address of the contact persons.

    Other information:

    Customer terms of service | Legal | Pipedrive

    Privacy notice | Legal | Pipedrive

    Pipedrive and GDPR | Legal | Pipedrive

    Data Processing Addendum | Legal | Pipedrive

  2. Cloudflare

    We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).


    Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyse data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

    The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

    As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.

    Other information:

    Privacy Policy | Legal | Cloudflare

    Standard terms of Use | Legal | Cloudflare

    Data Processing Addendum | Legal | Cloudflare

  3. Plausible

    We use Plausible analytics to collect information about how visitors use our website, which we use to help improve it – while respecting the privacy of our visitors. Plausible records information in aggregate in a privacy-friendly manner without the use of cookies. No personal data or personally identifiable information (PII) is stored.

    This service allows us to see the number of visitors to the site, where visitors have come to the site from and the pages they visited. You can learn more about Plausible Analytics here.

    Plausible may be found at Plausible Insights OÜ Västriku tn 2, 50403, Tartu, Estonia. Registration number 14709274.

    Other information:

    Data Policy | Legal | Plausible

    Privacy Policy | Legal | Plausible

    Data Processing Agreement | Legal | Plausible

  4. Kinsta

    We have chosen Kinsta as our trusted data processor to host our website. Kinsta specialises in website hosting and infrastructure solutions and operates in accordance with a data processing agreement that ensures compliance with data protection laws.

    Kinsta collects and processes limited personal information, such as IP addresses and browsing details, solely for the purpose of hosting and maintaining our website, while implementing rigorous security measures to protect this data. Kinsta may transfer and process personal information internationally with appropriate safeguards in place.

    We use Kinsta’s hosting facilities via their London data centre, meaning there is no cross-border data transfer outside of the UK/EU.

    Other information:

    Privacy Policy | Legal | Kinsta

    Data Processing Addendum | Legal | Kinsta

    Terms of Service | Legal | Kinsta

  5. Mailchimp

    Our sign-up service allows visitors to learn more about our company, schedule a product demo, receive newsletters and provide their contact information.

    This information is stored on servers operated by Mailchimp, acting as a data processor. We may use it to contact visitors to our website and determine which services or offers are of interest. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing.

    Mailchimp and its affiliates own and operate servers in world-class data centers located in the United States. In addition, they leverage third-party vendors who process personal information on our behalf. Their processing facilities are located in the United States and in other international locations to provide services to Mailchimp.

    You can view the full list of sub-processors they use to process their members’ data, along with details of their location.

    As there is a transfer of personal data to the USA, different protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider following Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data following the protection level in Europe. If this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

    Other information:

    Standard Terms of Use | Legal | Mailchimp

    Privacy Statement | Legal | Mailchimp

    Data Processing Addendum | Legal | Mailchimp

  6. Typeform

    We may use Typeform, a service provided by TYPEFORM S.L., c/ Pallars 108 (Aticco – Typeform), 08018 – Barcelona, Spain (“Typeform”) for our contact forms or for surveys.

    Typeform processes the data you provide via the contact form on our behalf. In addition, information about your terminal device (IP address, device information, operating system, browser settings) as well as usage data such as date and time when you used the contact form are collected with the help of cookies. Typeform needs this data to ensure the presentation of the contact form and its functionality. You can find more information on data processing by Typeform at: https://www.typeform.com/help/a/what-is-gdpr-360029580771/

    Other information:

    Terms of Use | Legal | Typeform

  7.  GitBook

    We use GitBook, Inc. (“GitBook”) to host our technical, product and governance documentation. When you access our docs at docs.cheqd.io, docs.cheqd.io/node, product.cheqd.io or docs.cheqd.io/governance GitBook may collect information about how you use its services and your actions on the services, including your IP address.

    You can find GitBook at GitBook INC. 440 N Barranca Ave #7171, Covina, CA 91723, USA. EIN: 320502699.

    More information:

    Standard Terms of Use | Legal | GitBook

    Privacy Statement | Legal | GitBook

    Cookie Policy | Legal | GitBook

Legal basis for processing personal data

The GDPR requires a legal basis for our use of personal data. Our legal basis varies depending on the specific purpose for which we use personal information. We may potentially use:

  • Performance of a contract when we provide you with products or services, or communicate with you about them under the terms of an agreement or contract we have with you.

  • Our legitimate business interests in (among other things) delivering our Services, conducting commercial research, improving and maintaining our Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of our Services;

  • Your explicit and freely given consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.

  • Compliance with a legal obligation when we use your personal information to comply with laws, a court order, a warrant or other relevant legal instrument.

Given our commitment to compliance as a company, it is unlikely that cheqd will rely on the grounds of legitimate interests, owing to loopholes and grey areas arising out of this ground which do not lend well to the protection of personal data for a data subject.

Third-country transfers of personal data

These consist of transfers out of the European Economic Area. Whenever we transfer personal information to countries outside of the European Economic Area, we ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection. We rely on European Commission adequacy decisions or use contracts with standard safeguards published by the European Commission. This is for example, how we use Mailchimp in a compliant way, as explained above.

What are your data rights?

If you have personal data processed by cheqd, you are a ‘data subject’. As a data subject, you have a number of rights which we, cheqd, as the data controller for your data, must uphold.

Right to information (Art. 15 GDPR)
Data subjects have the right to obtain information about whether and, if so, what information is stored about them and for what purposes, at no added cost.

Right to rectification (Article 16 of the GDPR)
The data subject has the right to demand that the controller rectify any inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure (Art. 17 GDPR)
The data subject has the right to request from the controller that personal data concerning him or her be erased without undue delay and the controller is obliged to erase personal data without undue delay.

Right to restriction of processing (Art. 18 GDPR)
The data subject has the right to request the controller to restrict the processing of his/her data.

Right to data portability (Art. 20 GDPR)
The data subject has the right, provided that the conditions are met, to receive the personal data concerned that he or she has provided to a controller in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.

Right to object (Art. 21 GDPR)
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f). This can be done both in automated and electronic form.

If you want to act on one of these rights, you can make a request. Upon receiving a request, we have one month to act on your request. If you would like to make a request, please contact us at:

Contact email: [email protected]

How long do we keep your data for?

cheqd will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.

For further information, visit: allaboutcookies.org

How do we use cookies?

cheqd does not use any third-party cookies. This was a conscious decision to best up-hold the privacy of our customers and visitors. You can check this for yourself by searching for our website here.

Children​

cheqd’s services are not directed to children and/or persons under the age of majority in their respective jurisdictions. cheqd do not knowingly collect personal data from individuals under eighteen (18) years of age. Any data found to be collected from a person under the age of eighteen will be expressly removed, unless we receive explicit permission from a parent or legal guardian.

Changes to our privacy policy

cheqd keeps its privacy policy under regular review and will place any updates on this web page. This privacy policy was last updated on 22nd May 2023.

How to contact us

If you have any questions about cheqd’s Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at:

General questions: [email protected]
Legal questions, or questions relating to this Privacy Policy: [email protected]

Mail address:

Cheqd Foundation Limited
1 Irving Place #08-11
The Commerze @ Irving
Singapore 369546

Revisions

This Privacy Policy will be updated regularly to ensure that it is kept up to date with the latest developments and best practices.

Competent supervisory authority

Should you wish to report a complaint or if you feel like cheqd has not addressed your concern in a satisfactory or timely manner, you may contact the relevant competent supervisory authority.

The supervisory authority responsible for our company is:

The Personal Data Protection Commission (PDPC)
10 Pasir Panjang Road,
#03-01 Mapletree Business City
Singapore 117438
https://www.pdpc.gov.sg/Contact-Us

Get in touch

Partner with cheqd

If your an SSI Vendor, Consultancy, Enterprise, Government agency, or web3 company please contact us for a discovery call so we can learn about your use-case, problem statements, and get you set up with cheqd.

questions