Hoseki Privacy and Data Protection Policy
This Privacy and Data Protection Policy describes the policies and procedures of Hoseki, Inc. (“Hoseki”, “we”, “our” or “us”) regarding our collection, use and disclosure of your information in connection with your access and use of https://hoseki.app/ (the “Site”), and the other services, features, products, content or applications offered by Hoseki (together with the Site, the “Services”). As used in this Privacy and Data Protection Policy, “Personal Data” means any information that can be used to individually identify a person. All defined terms not defined herein shall have the meaning ascribed to them in the Hoseki Terms of Service, of which this Privacy and Data Protection Policy is a part.
We urge you to read this Privacy and Data Protection Policy in full, but wanted to mention a few things upfront:
This policy covers how Hoseki handles Personal Data collected: (a) directly from you when using your account, (b) from your device or browser during interactions with the Services, and (c) from third parties such as partners or service providers.
In this Privacy and Data Protection Policy, we describe the various purposes for which we use your Personal Data, as well as the legal bases supporting those purposes. As you’ll read below, the legal basis on which we rely for a given use of your Personal Data may be contractual necessity (i.e., where we need to use your Personal Data to complete a contract with you), consent (which you must freely give us, and which you can withdraw at any time), and/or certain legitimate business interests of ours or of others, but only where we have determined that those interests are not overridden by your own interests, rights, and freedoms.
The Services are hosted and operated in the United States and elsewhere throughout the world through us and certain of our service providers. By using the Services, you acknowledge that any Personal Data you provide to us will be hosted on United States servers and servers in other countries.
If you are using the Services in the European Economic Area, you may have certain rights regarding the Personal Data we collect from you, under the European Union General Data Protection Regulation (“GDPR”), as outlined below, and for purposes of the GDPR, Hoseki would be a controller of Personal Data collected from you through the Services. If you have any questions about this Privacy and Data Protection Policy, our collection and use of your Personal Data, or whether any of the following applies to you, please contact us directly at support@hoseki.app.
As noted in our Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under the age of 18, you are not allowed to use the Services, so please do not access or use the Site or attempt to send us any Personal Data. If we confirm that we have collected Personal Data from an individual under the age of 16, we will delete that information as quickly as possible.
This policy does not apply to the practices of third parties (including websites, services, or applications we do not own or control). While we try to work only with those who share our privacy values, we cannot be responsible for their content, policies, or actions. Please review their data practices independently.
Hoseki takes the protection of your personal data very seriously. To find out more, go to “How Do We Protect Your Personal Data?”
What Does this Privacy and Data Protection Policy Cover?
This Privacy and Data Protection Policy covers Hoseki’s processing of Personal Data that Hoseki gathers when you are accessing and using the Services. As used in this Privacy and Data Protection Policy, “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.
This Privacy and Data Protection Policy also covers Hoseki’s treatment of any Personal Data that Hoseki’s business partners and service providers share with Hoseki, or that Hoseki shares with its business partners and service providers. This includes limited institutional access to verification data through Hoseki’s Verify product, but only when users have explicitly chosen to share such information via a Statement.
In the context of our Verify product, Hoseki acts as a data processor on behalf of the third-party verifier when a user chooses to share a Statement. The third-party verifier is the data controller for any Personal Data disclosed to them through the Statement. Hoseki does not determine the purposes or means of processing that data and only facilitates the delivery of the Statement as authorized by the user.
In contrast, when Hoseki collects Personal Data directly from users to provide the Services (such as to verify wallet ownership, create Statements, or manage user accounts), Hoseki acts as a data controller.
What Personal Data Does Hoseki Collect from You?
We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
By providing Personal Data of others to Hoseki, you represent that you have authority to do so. We disclaim responsibility for the information of others that you provide to us in the course of your use of the Services.
Information We Collect Directly from You:
We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
Account information, including your email address.
Any Personal Data that you make available on or through the Services, including your date of birth, driver’s license number, or government-issued identification number.
Any Personal Data you provide when you communicate with us or our customer service representatives (so please only provide what is necessary).
Any Personal Data you provide us when purchasing products, including your: first name, last name, email address, and shipping address.
Wallet Ownership Verification: Hoseki does not collect, view, or store your private keys, seed phrases, or any sensitive cryptographic credentials. When verifying wallet ownership, Hoseki relies on cryptographic signatures that you generate using your self-custodied wallet. These signatures are used to prove control over a public address without revealing any private information. Hoseki only stores minimal metadata associated with the verification process — such as the public address, timestamp, and the result of the verification — to support statement generation and auditability.
If applicable, in order to collect payments on your behalf and make payments to you, we, using Stripe as a third-party payment processor, collect payment information from you, your attendees and customers, your vendors, and other parties to whom we provide payments on your behalf and from whom we collect payments on your behalf. Hoseki does not store your full credit card number, CVV, or billing credentials. All sensitive payment data is handled directly by Stripe through secure, PCI-compliant infrastructure. You should review the terms of service and privacy policies of Stripe, available at https://stripe.com/us/privacy.
Information We Automatically Collect When You Use Our Services:
Some Personal Data is automatically collected when you use our Services, such as the following:
Information We Do NOT Collect When You Use Our Services:
Social security number, phone number, or proof of address,
Browsing history outside of the Services, including the pages you visit when you exit the Services,
Publicly available information about your social media profiles, interests or preferences, or page view information, and
Cookies for targeting and marketing purposes.
Please note that when you access or use the Services, we use information from your web browser, including your IP address, and your device’s settings and unique identifiers in order to reliably and accurately provide you with Services and information that applies to you.
Additional Information About Cookies:
The Services use “Cookies” as defined herein to enable our servers to recognize your web browser and tell us how and when you visit and use our Site and Services in order to operate our Services. Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone, or similar device when you use that device to visit our Site.
Cookies can either be “session Cookies” or “persistent Cookies”. Session Cookies are temporary Cookies that are stored on your device while you are visiting our Site or using our Services, whereas “persistent Cookies” are stored on your device for a period of time after you leave our Site or Services. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie. We use persistent Cookies to keep a more accurate account of how often you visit our Services, how often you return, how your use of the Services may vary over time. We do not use persistent Cookies to measure the effectiveness of advertising efforts nor to collect information about your online activity after you leave our Services. Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, and web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. Because we collect browsing and persistent identifier data, the Services do not support Do Not Track requests at this time, which means that we may collect information about your online activity while you are using the Services. We will not collect information about your online activity after you leave our Services.
We do not control third-party Cookies and do not collect or use any information they may store.
We do not use Cookies for marketing, advertising, or tracking you across the web.
We use the following types of Cookies:
We do not use the following types of Cookies:
You can decide whether or not to accept Cookies. One way you can do this is through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some Services and functionalities may not work. To explore what Cookie settings are available to you, look in the “preferences” or “options” portion of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ or http://www.allaboutcookies.org/.
Cookie Consent Management: We use only essential cookies to ensure the functionality of our Services, as described above. Because these cookies are strictly necessary, we do not require a separate consent mechanism, such as a pop-up banner, for their use. If you are in the European Economic Area (EEA) or another region requiring cookie consent, you can manage cookie preferences through your browser settings, as outlined above. If we introduce non-essential cookies in the future, we will implement a cookie consent banner to obtain your explicit consent before placing them. For any questions about cookie management, please contact us at support@hoseki.app
Additional Information About Pixels:
The Services may use pixel tracking technologies (“Pixels”) to gather information about user interactions with our Site and Services. Pixels are small image files or snippets of code embedded on web pages or in emails, enabling us to collect data about your activities without identifying you directly. Pixels are commonly used to understand user behavior, measure the effectiveness of content or features, and improve user experience.
What We Use Pixels For:
To measure how users navigate our Site and Services, including tracking page visits, clicks, and time spent on pages.
To analyze the effectiveness of certain features, content, or emails we provide to improve functionality.
To detect and troubleshoot technical issues within our Services.
What We Do Not Use Pixels For:
We do not use Pixels to collect personal information that can directly identify you (e.g., name or email address) unless explicitly authorized.
We do not use Pixels for targeted advertising or retargeting purposes.
We do not share information collected via Pixels with third parties for marketing purposes.
User Control Over Pixels: You can manage or block Pixels by adjusting your browser settings or using privacy tools that restrict tracking technologies. However, disabling Pixels may impact certain features or the overall functionality of our Services.
How Pixels Differ from Cookies: Unlike Cookies, which are stored on your device, Pixels operate by sending information directly to our servers or third-party analytics tools when triggered by specific user actions. While Cookies remain on your device for a set duration, Pixels are activated only when you engage with specific parts of our Site or Services.
For more information on how we use tracking technologies, including Cookies and Pixels, or to address any concerns, please contact us at support@hoseki.app.
How Do We Use Your Personal Data?
We process Personal Data to operate, maintain and understand our Services. For example, we use Personal Data to:
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
Examples of these legitimate interests include:
Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interest of you or other data subjects, or if it is necessary for a task carried out in the public interest.
How and with Whom Do We Share Your Data?
We share limited Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the purposes described in this Privacy and Data Protection Policy or our Terms of Service. We limit this based on the minimum information required for such vendors, third party service providers, and agents to perform the required services. These parties include:
Hoseki may provide limited access to verification data via the Verify product, but only when you have explicitly shared a Statement through the platform. When you share a Statement, the verifier may be able to view certain attributes (such as asset balance, timestamp, or validity) depending on what you’ve chosen to disclose. Hoseki does not provide verifiers with access to your wallet addresses, account metadata, or any other personal identifiers beyond what is embedded in the Statement.
We also share Personal Data when we believe it is necessary to:
Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
Protect us, our business, or our users (for example, to enforce our Terms of Service, prevent spam or other unwanted communications, and investigate or protect against fraud).
As part of the Services, you will receive from Hoseki email and other communications. You acknowledge and agree that by availing yourself of the Services, you authorize Hoseki to send you relevant communications related to your use of the Services.
We also share information with third parties when you give us your express consent to do so.
Lastly, Hoseki will NOT buy or sell Personal Data to or from a third party under any circumstances, except solely in the event that we, or substantially all of our assets, were acquired, or if we go out of business or enter into bankruptcy, in which case Personal Data would be one of the assets that is transferred to or acquired by the third party that is acquiring our assets. However, you should know that:
You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data only as set forth in this policy.
How Long Do We Retain Your Personal Data?
We retain Personal Data about you for as long as you have an open Account with us or as otherwise necessary to provide you Services. When you delete your Account, we delete or de-identify your Personal Data and disassociate any connected wallet claims from your user profile.
For security and abuse prevention purposes, wallets or addresses previously connected to a deleted account may remain temporarily restricted from being reconnected to a new account for a limited time. This helps preserve the integrity of the verification process and ensures fairness for all users.
In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
How Do We Protect Your Personal Data?
We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity. We employ the following policies to protect the security and privacy of our customers and our employees:
We keep Personal Data tracking at a minimum, and only store that which we need to in order to deliver the Services.
We employ ‘least privilege principles’ when it comes to giving employees access to Personal Data – employees should only be able to access data if it is necessary for them to carry out the duties of their role. We also minimize the use of Third Party Services to only those required to deliver the Services.
For example, we do not use Google Analytics, third party Cookies, or any similar technologies such as web beacons, clear GIFs, or JavaScript although it negatively impacts our ability to track customer activity and trends.
We understand the importance of the security of the information we collect, but we cannot promise that our security measures will eliminate all security risks or avoid all security breaches. However, Hoseki cannot guarantee the security of any Account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Data Breach Notification: In the event of a data breach that is likely to result in a risk to your Personal Data, we will notify you and, where applicable, relevant supervisory authorities as required by law, within the timeframes mandated by applicable regulations (e.g., within 72 hours under GDPR, where feasible). We will provide details about the nature of the breach, the likely consequences, and the measures we are taking to address it. You can contact us at support@hoseki.app for further information or assistance.
Do We Store the Personal Data of Children?
As noted in the Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at support@hoseki.app.
Your Rights Regarding Personal Data
Rights Regarding Your Personal Data:
By law, users in the European Union, United Kingdom, Lichtenstein, Norway, or Iceland have certain rights with respect to their Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at support@hoseki.app.
Please note that in some circumstances, we may not be able to fully comply with your request, such as where the request (i) is frivolous, (ii) is unduly burdensome or Hoseki’s compliance with the request is impractical, (iii) jeopardizes the rights of others, or (iv) is not required by law. If such a determination is made, we will still respond to notify you of our decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
If you are a user of the Services, you have the following rights:
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your online account.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data by emailing support@hoseki.app.
Erasure: Users always have the right to delete their account and corresponding Personal Data and may do so through the web application.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services. You may withdraw your consent by sending an email to support@hoseki.app.
Portability: You can ask for a copy of certain of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection: You can contact us at support@hoseki.app to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data by contacting us at support@hoseki.app.
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Rights Under U.S. State Privacy Laws
If you are a resident of California or another U.S. state with applicable privacy laws, you may have additional rights regarding your Personal Data. For example, under the California Consumer Privacy Act (CCPA), California residents have the right to request access to, deletion of, or information about the categories and sources of their Personal Data, as well as the right to opt out of any sale of their Personal Data. As noted elsewhere in this Privacy and Data Protection Policy, Hoseki does not sell Personal Data. To exercise your rights under the CCPA or other applicable state laws, please contact us at support@hoseki.app. We will respond to verified requests in accordance with applicable law. For more information about your rights, you may also refer to our Terms of Service or contact us directly.
In accordance with the California Privacy Rights Act (CPRA), if you are a California resident, you may also have the right to limit the use and disclosure of your sensitive personal information, such as government-issued identification numbers or financial data. Hoseki does not use sensitive information for purposes such as inferring characteristics, profiling, or targeted advertising. We only use this data to fulfill your requests and deliver core features of the Services. If you wish to exercise your right to limit such use, please contact us at support@hoseki.app.
Automated Decision-Making and Profiling
We may use automated tools to process Personal Data for specific purposes, such as detecting and preventing fraudulent activity or ensuring the integrity of our verification processes. These tools analyze data like Usage Data or Account Information to identify suspicious patterns without human intervention. Such automated decisions are designed to protect our Services and users and do not produce legal or similarly significant effects on you. We do not engage in behavioral profiling, predictive analytics, or inference-based processing to create user profiles or assumptions about your behavior, preferences, or financial standing. Our automated tools are strictly limited to maintaining platform security, integrity of verification processes, and preventing abuse. If an automated decision impacts you (e.g., restricts access to your Account), you have the right to request human review of the decision by contacting us at support@hoseki.app. We will promptly review your request and provide an explanation of the decision. If we introduce additional automated decision-making processes that significantly affect you, we will update this Privacy and Data Protection Policy and notify you as described in the “Changes to this Privacy and Data Protection Policy” section.
Transfers of Personal Data
The Services are hosted and operated in the United States (“U.S.”) and elsewhere throughout the world through Hoseki and its service providers, where the laws may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Hoseki and will be hosted on U.S. servers and elsewhere throughout the world, and you authorize Hoseki to transfer, store and process your information to and in the U.S. and elsewhere throughout the world as necessary to perform our duties in providing you with the Services. Additionally, you understand that your Personal Data may be processed in countries (including the United States) where laws regarding processing Personal Information may be less stringent than in your country. Please contact us at support@hoseki.app with any questions or concerns.
What if You Have Questions Regarding Your Personal Data?
If you have any questions about this Privacy and Data Protection Policy or our data practices generally, please contact us using the following information:
Hoseki, Inc.
support@hoseki.app
(512) 593-8039
1430 S. Dixie Hwy
Ste 105, #1034
Coral Gables, FL 33146
Changes to this Privacy and Data Protection Policy
Hoseki may amend this Privacy and Data Protection Policy from time to time. Use of information we collect now is subject to the Privacy and Data Protection Policy in effect at the time such information is used. If we make changes in the way we use Personal Data, we will notify you by posting an announcement on our Site or Services or sending you an email. You are bound by changes to this policy once you use the Services after those changes are posted.
Effective Date of Privacy and Data Protection Policy: July 15, 2025.