PlatyPay Global LLC – Privacy Policy

Last updated on January 14th 2026

1. What is this privacy notice about?

Protecting your privacy, personal data, and digital identity is of the highest importance to us.
This privacy notice explains how PlatyPay Global LLC (“PlatyPay”, “we”, “our”, “us”) collects, stores, uses, and protects personal data in connection with your use of our application, our website, and the associated embedded-wallet and payment services (together, the “Services”).

This privacy notice is not part of a contract, but serves to inform you transparently about our data-processing practices. It may be updated from time to time to reflect legal, technological, or operational changes. Updated versions will be communicated through the app or website.
By continuing to use the Services after publication of an updated version, you acknowledge and accept the revised notice. If you do not agree, you may delete the app and discontinue use of the Services.

Where the EU General Data Protection Regulation (GDPR) applies, this notice fulfils the information duties under Articles 13 and 14 GDPR.
Where our processing is not subject to the GDPR, it is governed by the Swiss Federal Act on Data Protection (FADP) and other applicable laws.

If you have any questions regarding how your data is processed, please contact us using the information provided in Section 2.

2. Who is responsible for processing your data?
   The following entity is the controller, i.e. the party primarily responsible under data-protection law for processing your personal data:

PlatyPay Global LLC
Champ-de-la-Croix 66
1720 Corminboeuf, Switzerland
info@platypay.net
(All references to “we”, “us” or “our” in this document refer to PlatyPay Global LLC.)

If certain processing operations are carried out jointly with other parties—such as Web3Auth Pte. Ltd. (for embedded wallets), Google LLC (Firebase Services), Monerium EMI ehf (for SEPA payment processing), or Aave Labs / Aave Protocol participants (for enabling optional EURe lending and borrowing functionality on the Gnosis Chain)—those parties may act as independent controllers or joint controllers for the relevant data, in accordance with their own privacy policies and on-chain interaction rules.

We have appointed an internal data-protection contact person reachable at the above email address for all inquiries, complaints, and the exercise of your rights.

3. Which data do we process?
   “Personal data” means any information relating to an identified or identifiable natural person.
   “Processing” means any operation performed on personal data, such as collection, storage, transmission, or deletion.

We process personal data primarily in the course of:

• providing and operating our non-custodial wallet interface and payment application;
  
  
• fulfilling our contractual and legal obligations; and
  
  
• improving our products, ensuring security, and maintaining compliance.
  
  

You are generally not obliged to disclose personal data to us. However, some data is required to use core features of our Services (for example, to create an account, establish a wallet connection, complete a payment, or enable optional EURe-lending functionalities). Without such data, certain functionalities would not be available.

Aave Interaction & Yield Data.
When you use the Aave integration, we process information necessary to show you how much yield you earned. This includes:

• the amount of EURe or other assets you deposited into Aave (position size),
  
  
• timestamps of deposits/withdrawals,
  
  
• accrued interest or rewards, and
  
  
• your wallet address used for the Aave position.
  
  

We do not have access to your private keys and cannot control your Aave position.

3.1 Categories of data processed

Category	Examples	Typical Source	Purpose
Identity & Contact Data	Full name, email address, phone number	Provided by you	Account setup, verification, communication
Wallet Data	Blockchain address (public wallet key) from Web3Auth	Provided by Web3Auth API	Identify and link your embedded wallet (non-custodial), enable on-chain operations such as EURe payments and optional EURe lending via the Aave Protocol on Gnosis Chain
Payment Data	IBAN reference for SEPA transactions via Monerium	Provided by Monerium	Processing of payments and AML/CTF compliance
Aave Lending Interaction Data (on-chain)	Transaction hashes, smart-contract interactions, lending position status (on-chain & publicly visible)	Derived from your wallet interactions on Gnosis Chain	Enable optional EURe lending through the Aave Protocol; display and manage lending positions within the interface (non-custodial; no custody of assets)
Contacts	Access to your address book (on consent)	Provided by your device	Enable “Send to Friends” feature for peer-to-peer payments
Merchant Data	Business name, contact person, public profile	Provided by merchant or public sources	Display merchant details to customers
Technical & Usage Data	Device type, OS, IP address, crash logs, session timestamps	Collected via Firebase SDK	Maintain security, analytics, bug fixes, and performance optimization

3.2 Accuracy and third-party data

You must ensure that all data you provide to us is accurate and up to date.
If you provide us with personal data relating to third parties (for example when importing contacts), you confirm that you are authorized to do so and that those individuals have been informed about our processing (e.g., by sharing a link to this privacy notice).

4. How do we process data in connection with our Wallet Interface, Lending Features, and Payment Services?

We provide a non-custodial embedded-wallet interface integrated with Web3Auth, enabling users to access, hold, and transfer euro-denominated stablecoins (e.g., EURe), to make SEPA-connected payments via Monerium, and to optionally interact with Aave Protocol lending pools on the Gnosis Chain (e.g., supplying EURe into the Aave lending market).

We do not store or access private keys or seed phrases; those remain encrypted and under your control.

We process data in this context as follows:

Account creation and authentication

• When you register or log in, we process your name, phone number, email address, and the public wallet key provided by Web3Auth.
  
  
• Authentication information is transmitted securely and stored in encrypted form within Firebase Cloud Storage.
  
  
• We maintain login metadata (timestamps, device IDs) to ensure account integrity and detect unauthorized access.
  
  

Wallet operations, Aave lending interactions, and payment execution

• We process the public wallet address, transaction metadata, and Monerium IBAN references necessary for executing and confirming payments.
  
  
• When you choose to interact with the Aave lending pool (EURe on Gnosis Chain), we process your public wallet address and the on-chain transaction metadata required to:
  
  
  • initiate a lending (supply) transaction,
    
    
  • display lending balances and accrued interest,
    
    
  • show your lending position status (all data taken from publicly visible blockchain information).
    
    
• No private keys, transaction signatures, or on-chain balances are stored by PlatyPay.
  
  
• Transaction information (including Aave lending interactions) may be recorded in anonymized or pseudonymized form for reconciliation, product functionality, dispute resolution, and compliance auditing.
  
  
• Smart-contract interactions take place directly between your wallet and the blockchain; PlatyPay only provides the user interface.
• To calculate and display your Aave yield. We use your Aave position data to show you how much interest you have earned and to provide analytics about the performance of your position.
  
  

Use of Firebase for data storage and analytics

• All user data listed in Section 3 is stored securely in Google Firebase Cloud Services, operated by Google LLC under data-processing agreements and EU Standard Contractual Clauses.
  
  
• Firebase Realtime Database and Firestore are used to maintain user profiles, contact links, transaction history metadata (including metadata of Aave-related interactions), and device logs.
  
  
• Firebase Analytics and Crashlytics collect aggregated statistics to improve app stability and performance.
  
  

Customer support and communication

• When you contact us via email or in-app support, we process the content of your inquiry, your contact details, and relevant account information to respond efficiently.
  
  
• Such correspondence may be archived for documentation, compliance, and quality-assurance purposes.
  
  

Marketing and user notifications

• We may contact you with service-related updates, feature announcements (including new wallets, chains, or lending features), or promotions.
  
  
• Marketing messages are sent only with your consent and can be withdrawn at any time (see Section 10).
  
  

Statistical and product development analysis

• We use aggregated, pseudonymized data to analyze usage patterns (e.g., frequency of transfers, lending-feature usage, geographic distribution of users, performance metrics).
  
  
• These insights help improve functionality, security, and overall user experience.
  
  
• Individual user identities are not revealed in such analyses.
  
  

Legal and compliance processing

• In cooperation with Monerium EMI ehf and relevant authorities, we may process limited identification and transaction data to comply with anti-money-laundering (AML), counter-terrorist-financing (CTF), and know-your-customer (KYC) obligations.
  
  
• EURe lending via Aave does not create additional KYC obligations, as all transactions occur on-chain, but related transaction metadata may be included in audit logs when legally required.
  
  
• This processing is restricted to what is legally necessary and subject to confidentiality.
  
  

We cannot provide or maintain the Wallet Interface, Lending Features, or Payment Services without performing the data-processing activities described above.

 

5. How do we process data in connection with our Payment, Merchant Services, and Optional Aave Lending Integrations?

PlatyPay acts as a digital-euro payments integrator for both private users and registered merchants, facilitating real-time transfers and SEPA-linked transactions through embedded wallets. Our system connects blockchain-based stablecoin payments (for example EURe or other euro-denominated tokens) with regulated fiat payment rails provided by Monerium EMI ehf, while identity and wallet access are managed through Web3Auth.

In addition, users and merchants may optionally interact with the Aave Protocol lending pool for EURe on the Gnosis Chain directly through our interface. These interactions are fully non-custodial and derived exclusively from public on-chain data.

In relation to these payment and merchant services, and in addition to the processing described in Section 4, we process personal and business data as follows:

Merchant Onboarding and Account Administration

• When merchants sign up to accept PlatyPay payments, we collect data on the company, its authorised representatives, and the person responsible for the account (e.g., name, role, business e-mail, phone number, registered address, and business identifier).
  
  
• We may also record correspondence and meeting notes relevant to onboarding, integration, and compliance checks.
  
  
• For settlement and reconciliation purposes, we process the merchant’s bank-account details, wallet addresses, and transaction-flow metadata.
  
  
• If a merchant optionally enables EURe Aave-lending on Gnosis Chain (e.g., to automatically supply incoming EURe revenue), we process the merchant’s public wallet address and the on-chain lending metadata required to display balances, interest accrual, and supply/withdraw interactions.
  
  
• Where required by law or by our regulated partners, we may request additional documentation for anti-money-laundering (AML) or counter-terrorist-financing (CTF) compliance—such as proof of registration, beneficial-ownership statements, or identification of authorised signatories.
  
  

Customer Payments

• When an end-user initiates a payment to a merchant, we process only the information strictly necessary to complete the transaction—such as the sender’s wallet address, recipient merchant name, transaction reference, payment amount, and the Monerium IBAN reference used for fiat settlement.
  
  
• We do not store private keys or complete financial profiles of users.
  
  
• If the merchant’s wallet uses the Aave EURe lending pool, we may process the on-chain metadata necessary to reflect payment-triggered changes in the merchant’s balance or lending position (e.g., showing increased EURe liquidity that may be supplied to Aave).
  
  
• Transaction metadata may be retained in pseudonymised form to resolve disputes, trace errors, or comply with financial-recordkeeping duties.
  
  

Merchant Visibility and Transparency

• To ensure trust and transparency, the merchant’s public or registered business name may be displayed to customers during or after payment execution.
  
  
• No additional merchant personnel data are shared publicly.
  
  
• If a merchant publicly opts to show that incoming EURe payments are automatically supplied to the Aave lending pool (e.g., “Funds deposited into Aave EURe Pool”), such visibility is controlled by the merchant and based entirely on publicly visible blockchain transactions.
  
  

Compliance and Risk Management

• Together with Monerium EMI ehf and other regulated partners, we process limited identity or transaction information when necessary to meet statutory AML, CTF, KYC, or sanctions-screening obligations.
  
  
• Aave-related interactions do not create additional compliance requirements, but related transaction metadata may appear in audit trails when legally necessary because they are part of the user’s or merchant’s on-chain activity.
  
  
• Such processing is confined to our compliance department and to regulated financial institutions; it is never used for marketing or unrelated analytics.
  
  

Statistical and Strategic Analysis

• We evaluate anonymised or aggregated payment data to understand network usage (e.g., regional distribution of transactions, average payment size, time-of-day activity).
  
  
• Aggregated statistics may also include anonymised insights on how many users or merchants interact with Aave lending (e.g., number of EURe supply transactions, average deposit size).
  
  
• These analyses support service improvement, fraud detection, and business-strategy development.
  
  
• Individual users or merchants are not identifiable in these reports.
  
  

Support and Incident Management

• When a payment fails or a refund is requested, we may temporarily process transaction metadata and correspondence between the payer and merchant to assist resolution.
  
  
• If the incident relates to Aave lending interactions (e.g., user supplied EURe before settlement), we may process relevant on-chain metadata to identify the cause.
  
  
• Logs and support tickets are stored securely in Firebase until the issue is closed and applicable retention periods expire.

6. How do we process data in connection with advertising and communication?

We may process limited personal data to promote our Services or to inform you about updates and opportunities that may be relevant to you, including optional features such as EURe lending through the Aave Protocol on the Gnosis Chain.

Service Announcements and Functional Messages

• All users receive essential notices relating to app performance, security, feature availability, or regulatory updates.
  
  
• These operational communications may include important notices about Aave-related functionality (e.g., changes in supported networks, interest-rate display updates, or security improvements).
  
  
• These are considered operational messages and cannot be unsubscribed from while you maintain an active account.
  
  

Newsletters and Promotional Messages

• With your explicit consent, we may send electronic newsletters or in-app notifications containing information about PlatyPay features or partner offers.
  
  
• These may include non-essential updates about new Aave lending tools, incentives, tutorials, or expansions of the EURe lending experience.
  
  
• We use secure e-mail delivery systems (for example, Firebase Cloud Messaging or equivalent providers).
  
  
• For performance measurement, our e-mail provider may record whether messages are opened and which links are clicked, through a small tracking pixel or unique link code.
  
  
• You may withdraw your consent and unsubscribe at any time via the app settings or the unsubscribe link included in each message.
  
  

Market Research and User Feedback

• We may process anonymised data from surveys, in-app feedback forms, or aggregated usage statistics to improve our Services and design new features.
  
  
• These analyses may include aggregated and anonymised insights on Aave feature usage (e.g., number of users who have accessed the lending section, general interest in EURe lending, or average interaction frequency).
  
  
• We may also evaluate public information—such as app-store reviews or social-media feedback—to understand general sentiment and product perception.
  
  
• These activities never include identification of individual users unless you explicitly provide your contact details for follow-up.

 

7. How do we work with service providers?

To operate efficiently and securely, we rely on selected third-party service providers who process data on our behalf under strict contractual safeguards.

Service Type	Typical Provider	Purpose
Cloud hosting & database	Google LLC (Firebase)	Secure storage of user data, crash reports, and analytics
Wallet authentication	Web3Auth (Torus Labs Pte. Ltd.)	User authentication and wallet-key management
Payment settlement	Monerium EMI ehf (Iceland)	SEPA on/off-ramp services and compliance reporting
Communication tools	E-mail and in-app messaging platforms	User support and notifications
Professional advisors	Legal, accounting, or compliance consultants	Fulfilling regulatory and contractual duties
Blockchain protocol integrations (non-custodial; not data processors)	Aave Protocol (EURe lending on Gnosis Chain)	Enables optional decentralized EURe-lending functionality; interactions occur directly on-chain between the user’s wallet and the smart contract. No personal data are processed by Aave, and no DPA applies.

Each provider that does process data on our behalf is bound by a data-processing agreement (DPA) obligating them to handle data only for the purposes we specify and to implement appropriate security measures.

Where providers process data outside Switzerland or the EEA, appropriate transfer safeguards (see Section 8) are applied.

8. Can we disclose data to other parties?

Yes. We disclose personal data only to the extent necessary for the proper functioning of our Services or where required by law.
We never sell or trade your personal data for marketing or commercial gain.

We may share data with:

• Service providers listed in Section 7 (acting as processors);
  
  
• Regulated financial institutions, such as Monerium, when required for payment execution or compliance;
  
  
• Public authorities or regulators, when disclosure is legally mandated (e.g., for AML or tax reporting);
  
  
• Professional advisers, in the context of audits, risk assessments, or legal proceedings; and
  
  
• Successors or acquiring entities, in the event of a corporate reorganisation or merger, subject to equivalent data-protection safeguards.
  
  

Blockchain protocol interactions (Aave EURe lending)

When you use our optional Aave EURe lending feature on the Gnosis Chain, certain data become publicly visible on the blockchain—specifically your public wallet address, transaction hashes, and smart-contract interactions.
These on-chain disclosures:

• are not directed to Aave Labs or any entity,
  
  
• occur as part of the decentralized transaction you initiate,
  
  
• do not involve personal data transfers in the GDPR sense, and
  
  
• are inherently accessible to anyone reading the Gnosis Chain ledger.
  
  

No private keys, authentication data, or off-chain identifiers are ever shared with Aave.

International transfers

Some recipients are located outside Switzerland and the EEA. In particular, Google LLC (Firebase) and Web3Auth Pte. Ltd. may process data in jurisdictions that do not provide an equivalent level of protection.

To maintain compliance, we rely on:

• EU Standard Contractual Clauses (SCCs) issued under Commission Decision (EU) 2021/914;
  
  
• Binding Corporate Rules where applicable; or
  
  
• Your explicit consent where no adequacy decision or other safeguard exists.
  
  

These measures ensure that your personal data remains protected according to Swiss and EU standards even when processed abroad.

Aave-related interactions do not constitute an international transfer, because blockchain transactions are decentralized and not processed by a foreign service provider.

In certain exceptional cases permitted by law, we may transfer data without such contracts—for example, if necessary to perform a contract with you, to establish or defend legal claims, or for overriding public-interest reasons.

9. Do we process data for other purposes?

Yes. Certain internal and operational processes require additional data processing that is not covered in earlier sections. These activities are typical for regulated financial-technology providers and may occur as part of normal business operations, compliance frameworks, or organisational needs.

Such processing may include:

Communication & Identity Verification

When you contact us (e.g., via email, in-app chat, customer support, or social media), we process:

• communication content
  
  
• contact details and timestamps
  
  
• information required to verify your identity (if needed for security or account recovery)
  
  

This ensures we can respond, support you, and protect your account.
This applies equally if your inquiry relates to Aave EURe lending transactions.

Compliance & Regulatory Obligations

We may process and, where legally required, disclose data to:

• financial regulators
  
  
• tax authorities
  
  
• law-enforcement agencies
  
  
• Monerium EMI ehf or other regulated partners
  
  

This includes tasks related to anti-money-laundering (AML), counter-terrorist-financing (CTF), sanctions compliance, fraud monitoring, or transaction reporting.

On-chain Aave EURe lending transactions may be included in compliance review logs
because they form part of your overall blockchain activity.
However, no personal data is shared with Aave or any protocol operator.

Fraud Prevention & Platform Integrity

We process certain technical, wallet, and behavioural data to:

• detect fraudulent activity
  
  
• investigate unauthorised access attempts
  
  
• monitor suspicious blockchain behaviour and payment patterns
  
  
• enforce security measures on our platform
  
  

This may include reviewing abnormal or high-risk Aave lending interactions,
such as unexpected contract calls or patterns indicative of automated abuse.

Legal Proceedings

If we are involved in disputes or proceedings, we may process and share data with:

• courts
  
  
• legal representatives
  
  
• authorities
  
  
• opposing parties where necessary
  
  

This may include Aave transaction metadata, if a dispute involves lending-related funds or contract interactions.

IT Security & Reliability

We process data to maintain and secure our infrastructure, including:

• server monitoring and access logs
  
  
• backups and encrypted storage
  
  
• attack and abuse detection
  
  
• performance and reliability testing
  
  

Security monitoring may also include analysis of interaction flows with Aave smart contracts to detect anomalies or threats.

Business Operations & M&A

If PlatyPay is involved in a corporate restructuring, merger, capital raise, or asset transaction, we may process and share limited data as reasonably required, subject to confidentiality safeguards.

This does not involve sharing any Aave-related personal data with third parties;
only internal metadata may be included in diligence materials.

Internal Administration

We may process data for:

• accounting and audit trails
  
  
• internal compliance controls
  
  
• staff training & quality assurance
  
  
• process evaluation and improvement
  
  

Aave-related usage may appear in audit logs or operational evaluations in pseudonymised form.

Product Development & Analytics

We may use anonymised or pseudonymised data to:

• analyse platform usage trends
  
  
• train internal systems
  
  
• improve UX and functionality
  
  
• validate business assumptions
  
  

This may include aggregated statistics on Aave EURe lending usage
(e.g., how many users interact with the lending interface, average supply size, UI flow performance).

We never use personally identifiable payment or lending data for marketing or profiling without your explicit consent.

10. How long do we keep personal data?

We retain personal data only for as long as necessary, based on:

Category	Typical Retention
User account data	Lifetime of your account
Customer support logs	Up to 24 months, unless legally required longer
Analytics data	Aggregated or anonymised as soon as reasonably possible
Aave-related interaction metadata (UI logs, timestamps, pseudonymised analytics)	Deleted or anonymised once operational and analytical purposes are fulfilled (typically within 12–24 months)

Important:
Your Aave EURe lending transactions on Gnosis Chain remain permanently visible on the public blockchain, as with any decentralized network.
However, PlatyPay does not store your on-chain balances or private keys, and only keeps minimal interaction metadata needed for:

• feature operation,
  
  
• security,
  
  
• dispute resolution, or
  
  
• aggregated analytics.
  
  

If you delete your account, we will:

• Remove personal identifiers from your records
  
  
• Retain only transaction records necessary for regulatory obligations (e.g., AML record-keeping) — this includes Aave interaction metadata only if it formed part of compliance logs
  
  
• Remove contact-list access immediately
  
  
• Delete or anonymise Aave-related local metadata, except where needed for legal or fraud-prevention purposes

11. How do we keep your personal data secure?

We implement technical and organizational security measures to protect your data, including:

• Encrypted storage (Firebase)
  
  
• End-to-end encrypted communication where applicable
  
  
• Secure authentication via Web3Auth
  
  
• Role-based access control and audit policies
  
  
• Encryption of wallet-related data (public key only)
  
  
• Continuous platform monitoring and automated risk alerts
  
  
• Secure data-backup and recovery mechanisms
  
  
• Controlled third-party access under binding contracts
  
  

Aave EURe Lending Interactions

• When you use the optional Aave EURe lending feature on the Gnosis Chain, all interactions occur directly between your wallet and the Aave smart contracts.
  
  
• We never access or store your private keys, and we do not control any Aave transaction.
  
  
• Any Aave-related information we process (such as reading your on-chain lending position or displaying accrued interest) is handled through the same secured infrastructure described above.
  
  
• Interaction metadata (e.g., timestamps or UI logs) is stored securely and separately from any sensitive account data.
  
  

Public Blockchains

• Aave lending interactions are recorded on a public blockchain; therefore, wallet addresses and transaction hashes become publicly visible.
  
  
• This is inherent to decentralized networks and not a result of data transfer to Aave or any other organisation.
  
  

While we take strong safeguards, data transmitted online may be subject to third-party access risks outside our control.
Maintaining security also requires you to protect your device and credentials.

12. Legal basis for processing

Where GDPR applies, we rely on the following legal grounds:

Legal Basis	Purpose
Contract performance	Providing the wallet & payment services; enabling optional Aave EURe lending interactions on Gnosis Chain that the user initiates through our interface. Providing yield calculations and Aave analytics is necessary to deliver the core functionality of the app.
Legitimate interests	Security, fraud prevention, analytics, support, UI performance, and processing pseudonymised metadata related to Aave lending interactions (e.g., timestamps, feature usage patterns). Improving, monitoring and showing you the performance of the Aave integration.
Legal obligation	AML/CTF, financial-compliance, tax duties; may include logging Aave-related on-chain activity if required within compliance reviews
Consent	Access to contacts, newsletters, marketing communications, and non-essential Aave feature announcements or optional enhancements

Where consent is used, you may withdraw it at any time — withdrawal does not affect previous lawful processing.

13. What are your rights?

Under applicable data-protection laws (GDPR, FADP), you may:

• Request a copy of your personal data
  
  
• Request correction of inaccurate information
  
  
• Request deletion where legally permitted
  
  
• Object to or restrict processing in certain cases
  
  
• Withdraw consent for optional features
  
  
• Request your data in machine-readable format (data portability)
  
  
• Opt out of direct marketing at any time
  
  

To exercise your rights, contact us at:
📧 info@platypay.net

We may need to confirm your identity before fulfilling requests to prevent unauthorized access.

If you believe your data rights have been violated, you may lodge a complaint with your local supervisory authority — in Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC), and in the EU, your local data-protection authority.

14. How do we process data in connection with our app, website, and social media channels?

PlatyPay provides a mobile application, a public website, and several official communication channels on third-party platforms.
This section explains how we collect and use technical and analytical information when you interact with any of these digital services, including optional interactions with the Aave EURe lending feature on Gnosis Chain.

14.1 App logs and device information

When you install or use the PlatyPay app, we automatically collect certain technical and usage data that your device transmits to us or to our service providers (mainly Firebase by Google LLC).
This includes:

• Type and model of your device, operating system version, and language settings
  
  
• Device identifiers (such as the Firebase installation ID)
  
  
• Approximate location (city / country only, never precise GPS)
  
  
• Mobile-network operator and time zone
  
  
• App version, build number, crash reports, error logs, and performance data
  
  
• Volume of data uploaded and downloaded, timestamps of access events
  
  

Aave-related addition:
When you interact with the optional Aave EURe lending feature, we may also collect:

• anonymised crash/error logs triggered during interaction with Aave smart contracts
  
  
• performance metrics related to Aave UI components (e.g., loading times, failed contract calls)
  
  
• pseudonymised usage statistics showing how often the lending interface is accessed
  
  

We process this data to:

• Ensure secure operation of the app and detect errors or misuse
  
  
• Analyse stability and performance to improve user experience
  
  
• Deliver updates and security patches
  
  
• Provide aggregated statistics on active installations and usage trends, including Aave feature usage
  
  

These logs are stored within Firebase for limited retention periods and are accessible only to authorised personnel.

14.2 Website access and log files

When you visit https://platypay.net or other official PlatyPay web domains, our hosting servers (for example Squarespace or equivalent infrastructure) automatically record technical data in temporary log files, including: IP address of the requesting device Date, time, and duration of access Browser type and version, operating system, and device type Referring URL (the website you came from) Accessed pages, images, and downloadable content Amount of data transmitted and HTTP status codes We process this information to: Provide and maintain website functionality Ensure system security and prevent unauthorised access Diagnose errors and optimise performance Compile anonymous statistics about traffic and content popularity Log files are generally deleted or anonymised automatically after a short technical retention period (usually 30 days), unless required longer for investigation or security reasons.

14.3 Cookies and similar technologies

Our website uses cookies and other technologies that your browser stores on your device to enable or enhance functionality. These include: Session cookies, which are deleted when you close your browser Persistent cookies, which remain for a predefined period so we can recognise returning visitors Pixel tags / web beacons, invisible graphics that allow aggregate measurement of interactions Local storage / fingerprints, which help distinguish devices while generally not identifying individuals Cookies help us: Keep your session active during navigation Remember preferences (language, region, cookie consent) Secure our website and prevent fraudulent requests Analyse aggregated usage and improve content You can manage or block cookies in your browser settings under “Privacy” or “Security”. If you disable cookies, some functions of our site may no longer operate correctly.

14.4 Third-party cookies and analytics

Some cookies originate from third-party providers that supply analytics or marketing services to us.
These providers may be located outside Switzerland or the EEA (see Section 8 on international transfers).

We currently use, among others:

Google Analytics / Firebase Analytics

Purpose:

• To evaluate aggregated visitor interactions (e.g., number of visits, duration, device type)
  
  
• To compile statistical reports that help us improve our services
  
  

Aave-related addition:
Analytics may also measure aggregated, pseudonymised statistics about usage of the Aave EURe lending component, such as:

• number of users opening the lending interface
  
  
• frequency of supply/withdraw actions attempted (without storing any on-chain identifiers)
  
  
• UI performance during smart-contract calls
  
  

These analytics do not allow identification of individual users.

Other integrated tools (e.g., Firebase Crashlytics, Firebase Performance Monitoring) also rely on cookies or SDK-based identifiers to track technical events within the app.
They do not identify individual users beyond the pseudonymous device ID assigned by Firebase.

14.5 Summary of cookie types

14.5 Summary of cookie types

Secret Category	Purpose	Typical Retention	Example Provider
Essential Secret	Enable core site functions (session handling, security, consent storage)	Session / 1 year	Squarespace
Analytics Secret	Measure site usage and improve performance, including aggregated statistics about interactions with the Aave EURe lending feature	14 months	Google Analytics / Firebase
Preference Secret	Remember language, region, and settings	6–12 months	Squarespace / Firebase
Marketing Secret	Display relevant ads and track effectiveness (only with consent)	Variable (up to 24 months)	Google Ads / Meta Ads

14.6 Social media channels

We maintain official PlatyPay pages on social-media platforms (such as Instagram, LinkedIn, X/Twitter, and TikTok).

When you visit, follow, or interact with our content there, we may receive limited aggregated information (e.g., engagement statistics or message content).
This data is used to:

• Communicate with users and answer messages or comments
  
  
• Publish marketing content and announcements, including updates about Aave EURe lending features
  
  
• Analyse aggregated interaction trends
  
  

Please note that each platform operator also processes your data independently for its own purposes.
Such processing is governed by the platform’s own privacy policy.

Where we and the platform act as joint controllers (for instance with Meta Platforms Ireland Ltd. for Facebook / Instagram Insights), we have entered into the required joint-controller arrangement pursuant to Art. 26 GDPR.
You may contact either party for further details.

15. Contact

For any questions, requests, or complaints related to data protection, please contact:

PlatyPay Global LLC
Champ-de-la-Croix 66
1720 Corminboeuf, Switzerland
Email: info@platypay.net