Privacy Policy

1. Who We Are

Kurncy Solutions Inc. is a Canadian technology company incorporated under the laws of Canada, with operations in Québec. We operate the Kurncy Wallet (iOS and Android), the Partners for MSB program, and the Partners for Business merchant program.

We are the data controller for personal information collected through our website, apps, and partner intake forms.

2. What We Collect

What we collect depends on which part of Kurncy you use.

Website visitors

• Standard server logs including IP address, browser type, pages visited, and referral source
• Cookie data where cookies are active (see Section 6)
• Form submissions including name, email address, and message content when you contact us

Wallet users (app)

• Email address, if provided during onboarding or support contact
• Device information including OS version, device model, and app version for crash reporting and diagnostics
• Anonymized or aggregated usage data to improve product performance
• If you complete fiat on-ramp or off-ramp flows through a third-party partner: identity and payment verification data is collected and processed by that partner under their own privacy policy

MSB partner applicants and operators

• Company name, operating jurisdiction, contact email, and volume information from intake forms
• Identity and compliance documentation where KYC obligations require it (name, government ID, address)
• Operational data generated through the partner API, including transaction metadata required for compliance reporting

Business partner applicants and merchants

• Business name, industry, number of locations, deployment timeline, and contact email from intake forms
• Device and installation data from the Kurncy Partners App to support provisioning and diagnostics
• Transaction records where generated through the merchant integration

3. What We Never Collect

Because Kurncy Wallet is non-custodial, certain data never leaves your device and is never transmitted to Kurncy:

• Your private keys — generated locally on your device, never sent to our servers
• Your seed phrase (recovery phrase) — exists only where you store it; Kurncy has no copy
• Your wallet balance — your balance is on the blockchain, not in our database
• Your transaction history — transactions are recorded on the public blockchain, not in Kurncy's systems (except where transaction metadata is generated through MSB or merchant partner flows subject to compliance obligations)

We will never ask you for your seed phrase. If anyone claiming to be Kurncy support asks for your seed phrase, it is a scam.

4. How We Use Your Information

We use the information we collect to:

• Deliver the Services — operate the wallet, process partner applications, support merchant onboarding
• Comply with legal obligations — fulfill KYC, AML, and reporting requirements where applicable
• Provide customer and partner support — respond to inquiries, troubleshoot issues, and maintain service quality
• Improve our products — analyze anonymized usage patterns to identify issues and prioritize improvements
• Prevent fraud and abuse — detect unauthorized access, suspicious activity, and compliance violations
• Communicate critical updates — notify you of material changes to Terms, Privacy Policy, or service availability

We do not use your data for targeted advertising. We do not build behavioral profiles for sale to third parties.

5. Who We Share Data With

We do not sell personal data. We may share data in the following circumstances:

• Compliance and legal obligations: With FINTRAC, the AMF, or other regulators where required. With law enforcement under a valid legal request.
• Service providers: With third-party providers who support our operations — including cloud infrastructure, analytics, and security services — under data processing agreements that restrict their use of your data.
• Partner integrations: Transaction and identity data may be shared with banking partners, liquidity providers, and fiat rail operators as part of MSB or merchant settlement flows. This sharing is disclosed before you engage with those flows.
• Business transfers: If Kurncy Solutions Inc. is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

6. Cookies and Analytics

Our website uses cookies for the following purposes:

• Functional cookies: Required for basic site operation, including navigation and form submission
• Analytics cookies: Used to understand how visitors interact with the site so we can improve it. Data is aggregated and anonymized where possible.

You can control cookie behavior through your browser settings. Disabling functional cookies may affect how parts of the site work. We do not use cookies for advertising or cross-site tracking.

7. Data Retention

We retain data only as long as necessary for the purpose it was collected or as required by law:

• Contact and inquiry records: Retained for up to 2 years to support follow-up and dispute resolution
• Partner and merchant records: Retained for the duration of the partnership and for a period afterward as required by financial regulations (typically 5–7 years under Canadian AML law)
• KYC and compliance records: Retained per applicable regulatory requirements
• Analytics and technical logs: Retained in aggregated or anonymized form for up to 2 years

When data is no longer needed, it is deleted or anonymized.

8. Security

We take reasonable technical and organizational measures to protect the data we hold:

• Data in transit is encrypted using standard protocols (TLS)
• Access to personal data is restricted to team members who need it to perform their role
• We monitor for unauthorized access and maintain incident response procedures

No system is completely secure. In the event of a data breach affecting your rights, we will notify you in accordance with applicable law. You are responsible for the security of your own device, wallet credentials, and seed phrase — Kurncy cannot protect data that never reaches our systems.

9. Your Privacy Rights

Under Canada's PIPEDA and Québec's Law 25, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Withdraw consent to data collection where processing is consent-based (note: withdrawal may affect your ability to use certain services)
• Request deletion of personal data, subject to legal retention obligations
• File a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec

To exercise any of these rights, contact us at privacy@kurncy.com. We will respond within 30 days.

10. Children's Privacy

The Services are not directed to or intended for use by anyone under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has submitted personal information to us, contact privacy@kurncy.com and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy as our services, legal obligations, or data practices change. Material changes will be communicated via our website or app before taking effect. The "last updated" date at the top of this page reflects when the policy was last revised. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy inquiries, data access requests, or to raise a concern:

• Email: privacy@kurncy.com
• General support: support@kurncy.com
• Mailing address: Kurncy Solutions Inc., Québec, Canada

If you are unsatisfied with our response, you may escalate to:

• Office of the Privacy Commissioner of Canada: www.priv.gc.ca
• Commission d'accès à l'information du Québec: www.cai.gouv.qc.ca