Privacy Policy

Version 1.0
Last Updated: January 02, 2026

‍

1. Introduction

The Billions Network App is operated by ZK ID Labs A.G., a company registered with VAT Number: CHE-182.634.424MWST at Baarerstrasse 98, 6300 Zug, Switzerland.

This Privacy Policy applies to the use of the Billions mobile application, the Billions web wallet (wallet.billions.network) and the Registration Portal (collectively, the “Platform”). This Policy describes how we collect, use, and disclose information about you in connection with your use of the Platform. By using the Platform, you agree to the collection and use of information as described in this Privacy Policy.

This Privacy Policy also applies to Premium voucher purchases made through our Voucher Store and any embedded, non-custodial crypto checkout used to complete such purchases.

‍

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account via social login (Google or Apple), we collect your email address, name, timezone and avatar. In order to prevent automated use of our application, we use a humanity verification system provided by one or more third-party service providers, an external provider that employs biometric technology. This service may collect and process biometric data such as facial images, and government issued identity documents, such as passports, to verify whether you are a real person.
• Referral Data: If you use our referral system, we track referred users and associated rewards.
• Ethereum Wallet Data: If you connect an Ethereum wallet, we collect verification-related information, including balance and ENS domain registration.

During identity verification via third-party providers, you may be asked to submit identity documents such as passports or Aadhaar numbers, and biometric data such as facial images. This data is collected solely to verify your humanity and eligibility for specific features or rewards."

2.2 Information Collected Automatically

• Device and Usage Data: We may collect device type, browser version, operating system, and IP address to enhance security and improve our services.
• Social Login: This cookie is used to authenticate login and manage sessions. 
• Session Cookies: Used to maintain login state and track user interactions.
• Analytics Data: We collect aggregate usage data through tools like Google Analytics.We use analytics solely in aggregate form to improve features and measure engagement. No advertising cookies are used, and non-essential analytics run only with your consent via the cookie banner.
• Referral Tracking: If a user clicks a referral link but does not create an account immediately, we store the referral code in local storage to remember it if they return later.
• reCAPTCHA: Helps protect our app from spam and abuse by analyzing user behavior.

For more information on how we use and apply cookies, please refer to our Cookies Policy. 

2.3 Voucher Purchases and Crypto Checkout Data

Voucher Purchases and Crypto Checkout Data. If you purchase Premium vouchers through the Platform, we may process information related to the purchase and voucher issuance, such as: (i) the voucher product selected (e.g., 1-year or 6-year), pricing tier (promo or regular), and any referral/discount code applied; (ii) wallet address used for payment; (iii) blockchain network and asset selected (e.g., Polygon PoS; USDT/USDC); (iv) transaction identifiers (e.g., transaction hash), payment status (pending/succeeded/failed), timestamps, and related metadata; and (v) voucher issuance and redemption data (voucher code, expiry date, status such as unused/redeemed/expired).

Billions does not collect or store your private keys or wallet credentials and does not directly process or hold user funds. Payments are executed through an embedded third-party payment provider and/or smart contracts.

‍

3. On which legal basis do we process your information

3.1

We process the data mentioned in art  2.1 on the following legal basis: 

• The information you provide: we collect the information you provide on the basis of your express consent, granted by voluntarily logging in the application, email or other means that we make available to you for this purpose.
• Essential cookies: we collect information via essential cookies on the basis of our legitimate interest, so that you can authenticate when logging in the application. 
• Non essential cookies: we can collect information via non essential cookies on the basis of your express consent you gave via the cookies pop-up, after having read our Cookies Policy. 

3.2 Legal bases for our processing.
We rely on different legal bases depending on the purpose of processing:

• Performance of a contract (Art. 6(1)(b)) — processing necessary to perform our contract with you, e.g., processing voucher purchases, issuing vouchers, activating Premium, and managing redemptions.
  
  
• Consent (Art. 6(1)(a) and Art. 9(2)(a)) — for processing special categories of data such as biometric data for identity/human verification; such processing is carried out only with your explicit consent.
  
  
• Legal obligation (Art. 6(1)(c)) — to comply with sanctions, AML/KYC or other legal obligations.
  
  
• Legitimate interests (Art. 6(1)(f)) — for fraud prevention, Platform security, abuse detection and enforcing our Terms, where such interests are not overridden by your rights.
  
  
• Performance of tasks carried out in the public interest or in the exercise of official authority (where applicable).
  We set out the legal basis relevant to each processing purpose in this policy and at the point of collection.

‍

4. Why we use your information 

We use the information collected to:

• Enable and manage user accounts.
• Send you marketing information, including your progress information.
• Track referral progress and rewards distribution.
• Improve our services and analyze user engagement.
• Enforce security measures and prevent fraud.
• Comply with legal obligations.
• Perform a contract. 
• We process transaction and purchase-related information for the purpose of fulfilling payments, issuing vouchers, handling refund requests, and complying with applicable consumer protection and financial regulations.
• Creation and Maintenance of Official Profiles: We process certain identification, verification and account data to create and maintain your Official Profile, which enables other users or third parties to confirm the authenticity of your identity within the Billions ecosystem. This processing supports fraud prevention, user safety, and trust features of the Platform, and is carried out in accordance with your chosen verification methods and as described in this Privacy Policy.
• Official Profile data and verifiable credentials are managed to enable user rights: personal data that must be retained for integrity/audit may be stored off-chain or pseudonymised; where on-chain references exist, we rely on off-chain revocation, key destruction, or similar mechanisms to enable deletion or revocation to the extent technically possible.
• To process Premium voucher purchases and issue vouchers, including enforcing purchase limits, validating payment status via third-party providers, issuing and managing voucher codes, enabling redemption and Premium activation, and providing customer support.
• To prevent fraud and enforce sanctions and compliance obligations, including monitoring abuse, enforcing spend limits, investigating suspicious activity, and maintaining records necessary for security and audit.

‍

5. How We Share Your Information

We may share your information in the following cases:

• Third-Party IT Services: We use Google and Apple for authentication and may integrate social media platforms for referrals. We store data in AWS. 
• Affiliates and Business Partners: We may share aggregated data with investors or partners to demonstrate user engagement.
• Legal Compliance: If required by law, we may disclose your information to regulatory authorities.
• With Your Consent: We may share data with third parties when explicitly authorized by you.
• Email Service Provider (Amazon SES). We use Amazon Simple Email Service (SES) to deliver transactional and, where you have provided prior consent, promotional communications. For promotional emails, the legal basis is your consent, which you may withdraw at any time via the unsubscribe link or by contacting hello@billions.network. Transactional emails (e.g., security alerts, verification updates) are sent on the basis of performance of a contract and legitimate interests (security and service continuity). SES may process data outside the EEA under Standard Contractual Clauses and the EU-U.S. Data Privacy Framework as applicable. 

Processor details: Amazon Web Services EMEA SARL (hosting region: EU-West-1) and its affiliates as sub-processors.

• Embedded Crypto Checkout Provider. If you purchase Premium vouchers, your payment is processed through an embedded third-party provider and/or smart contracts. This provider may receive your wallet address, transaction details, and related information necessary to authorize and settle the on-chain stablecoin payment. These payment-related data are processed on the basis of performance of the contract (Art. 6(1)(b)) and, where applicable, to comply with legal obligations (e.g., sanctions/AML). We engage embedded payment providers under written data processing agreements and apply appropriate transfer safeguards (for example, Standard Contractual Clauses) when personal data are transferred outside the EEA. You can request the identity of our payment provider(s) and the safeguards in place at hello@billions.network. Billions does not have access to your private keys, does not custody funds, and does not process payment credentials.

Billions does not have access to your private keys, does not custody funds, and does not process payment credentials.

‍

6. International data transfer

To provide our services and ensure the proper functioning of the Application, we use services of third-party technology providers that host and store your personal data from countries located outside the European Economic Area, such as Amazon Web Services, whose privacy policy can be found here: https://aws.amazon.com/privacy/?nc1=h_ls. The services of these providers, therefore, imply the existence of an international transfer of your personal data, which could imply a lower level of protection than that provided for in the European regulations. However, your data are located in the EU-West-1 zone and in this case, the corresponding measures are applied, as well as the formalization of the standard contractual clauses approved by the European Commission. You can request an updated list of these recipients by sending an email to hello@billions.network.

‍

7. Data Storage and Security

7.1

• We store your data in secure environments and take reasonable measures to protect it against unauthorized access.
• Your account information is only retained as long as necessary for the purposes outlined in this policy.
• If you delete your account, your data will be purged within 30 days.
• User credentials and personal data will be retained for 5 years after the last login or unless earlier deletion is requested prior.
• Voucher and Transaction Records. We may retain records related to voucher purchases and redemption (including transaction identifiers, voucher codes, and status history) for as long as necessary to provide the service, resolve disputes, prevent fraud, comply with legal obligations (including sanctions compliance), and maintain audit trails.

Retention periods — summary.

• Account metadata & session data: retained while active and purged within 30 days after deletion requests, unless otherwise required.
• Verification data (identity documents, biometrics): retained only as necessary for verification and to meet legal obligations; biometric data are deleted on withdrawal of explicit consent except where retention is required by law or for fraud prevention.
• Voucher & transaction records (transaction hashes, voucher codes, redemption history): retained to fulfil contracts, resolve disputes, comply with legal obligations and support audits (commonly up to 5 years, or as required by law).
• Enforcement evidence: retained for limited periods (e.g., up to 24 months) or longer if legally required.

7.2 Data Protection Impact Assessments (DPIAs)

We screen all high-risk processing activities to determine whether a Data Protection Impact Assessment (DPIA) is required. For processing operations that are likely to result in a high risk — for example, biometric verification, the issuance of “Uniqueness” credentials, or large-scale automated profiling — we will carry out a DPIA and implement appropriate technical and organizational measures to mitigate the risks identified.

Where a DPIA indicates that a high risk remains that cannot be mitigated, we will consult the competent supervisory authority in accordance with Article 36 of the GDPR. If you would like more information about our DPIA process or wish to request a copy of a DPIA where one applies, please contact privacy@billions.network.

‍

8. Automated decisions & appeals

Fraud Prevention and Enforcement. We process certain account, device, referral and activity data to detect, investigate and respond to suspected abuse or violations of our Terms & Conditions, adjust or remove improperly obtained rewards, and manage appeals. The legal basis is our legitimate interests in preserving Platform integrity, proportionality, and fairness, as detailed in our Terms & Conditions. Evidence supporting enforcement actions may be retained for up to 24 months (or longer where legally required) for audit and support purposes.

Automated decisions. Some determinations (e.g., bot/human checks or eligibility pass/fail) may involve automated processing. Where such processing produces legal or similarly significant effects, you have the right to obtain human review, to express your point of view and to contest the decision by contacting hello@billions.network

Appeals. If an enforcement action materially affects your account (e.g., Power removal, suspension), we will notify you in-app and/or by email and provide an appeal channel.

Where automated decision-making produces legal or similarly significant effects, you have the right to obtain human intervention, to express your point of view and to contest the decision. To request review or appeal, contact hello@billions.network. We will provide meaningful information about the logic used, the significance and the envisaged consequences.

‍

9. GDPR & CCPA Compliance

If you are in the European Economic Area (EEA) or California, you have additional rights, including:

• The right to access, correct, or delete your personal data.
• The right to restrict or object to data processing.
• The right to data portability.
• The right to file a complaint with a data protection authority.

Please contact to hello@billions.network if you have any questions on this. 

‍

10. Consequence of the removal of your consent

When accessing the Application, you are informed of how and which data we process. In the case of not agreeing with our Privacy Policy, you won't be able to use our Application as its use requires your consent. 

You may withdraw your consent for the processing of biometric and identification data at any time by contacting hello@billions.network. Withdrawal of consent will result in the deletion of your biometric data, but may restrict access to certain features of the Platform.

‍

11. Cookies and Tracking Technologies

• We do not use advertising cookies.
• We use cookies for authentication (Google & Apple), referral tracking, and session management.
• You may manage your cookie preferences via your browser settings; if users decide to delete all cookies, they can do so via their browser.
• Third-party identity verification providers (e.g., idOS) may use their own cookies or similar tracking technologies during the verification process. These are governed by their own privacy and cookie policies. 

‍

12. Children’s Privacy

Our services are intended for users aged 18 or older (or the age of majority in your jurisdiction). We do not knowingly collect data from children under that age.

We are not responsible for external links, nor for the content, products, or services offered on such websites. The inclusion of links on our Platform does not imply an endorsement or guarantee of the security or accuracy of the information provided by third parties. Accessing and using any linked external site is at your own risk, and we recommend reviewing their terms and conditions before engaging with them.

If we become aware that personal data from a user under the age of 18 has been collected without verified parental consent, we will delete such data promptly.

‍

13. Use of Firebase Crashlytics

Billions.Network uses Firebase Crashlytics, a service provided by Google LLC, to collect technical information related to errors and crashes in the mobile application. The purpose of this processing is to improve the app’s stability and functionality by diagnosing technical issues.

 13.1 Data Processed
Firebase Crashlytics may collect the following data:

• Technical information about the device: operating system, device model, application state at the time of the crash.
  
• Crash logs: stack traces, error codes.
  
• Persistent technical identifiers, such as the Firebase Installation ID.
  
• The device’s IP address, which may be used to infer the user’s approximate location.
  

Currently, Firebase Crashlytics has not been configured to anonymize IP addresses or to exclude the collection of persistent identifiers. Therefore, this data may be considered personal data under the General Data Protection Regulation (GDPR). 

13.2 Legal Basis for Processing
The data processing performed through Firebase Crashlytics may be based on one of two alternative legal grounds, depending on how the application is configured: 

a) Legitimate Interest (Art. 6.1.f GDPR)
When data collection occurs automatically upon installation or use of the application, processing is based on Billions.Network’s legitimate interest in ensuring the app’s stability, security, and functionality. This interest has been evaluated through a balancing test that considers the low impact on user privacy and the technical and organizational measures implemented to mitigate risks.

13.3 International Data Transfers
Firebase Crashlytics involves the transfer of personal data to the United States and other third countries that may not offer a level of data protection equivalent to that of the European Economic Area (EEA). Google LLC has implemented Standard Contractual Clauses (SCCs) approved by the European Commission as a safeguard mechanism for such transfers, and adheres to the EU-U.S. Data Privacy Framework when applicable.

13.4 Relationship with Google/Firebase as Processor
Billions.Network has formalized a data processing agreement with Google LLC pursuant to Article 28 of the GDPR by accepting the “Firebase Data Processing and Security Terms,” available at: https://firebase.google.com/terms/data-processing-terms

Google acts as a data processor and may engage authorized sub-processors, as described at:  https://firebase.google.com/terms/subprocessors

13.5 User Rights
Users may exercise their rights of access, rectification, erasure, objection, and restriction of processing by writing to hello@billions.network, and may also withdraw their consent if the processing is based on that legal basis. Furthermore, users have the right to lodge a complaint with the competent supervisory authority.

This information forms an integral part of our privacy policy and is provided in accordance with Articles 13 and 14 of the GDPR.

‍

14. Use of external verification providers

‍In order to prevent automated use of our application, we use a humanity verification system provided by numerous identity service providers, an external provider that employs biometric technology. These  services may collect and process biometric, such as facial images, and  data government issued identity documents, to verify whether you are a real person.

External Verification Providers. Where you choose to complete identity or humanity checks via external providers (e.g., idOS), those providers may use their own cookies or similar technologies during the verification flow. Such processing is governed by each provider’s privacy and cookies policies (see our support page for an up-to-date list and links). We share with such providers only the data necessary to complete the verification you request, on the basis of your explicit consent.

The processing of this data is based on your explicit consent. Providers can be found in our support page and include companies like idOS, privacy policy here

By accepting the privacy policy, you are providing your explicit consent to such processing.

Data may be transferred outside the European Economic Area.

‍

15. Changes to This Policy

We may update this Privacy Policy periodically. If we make significant changes, we will notify you through our Platform. When we make material changes to this Privacy Policy or our Terms & Conditions, users will be prompted to accept the updated version via a consent modal upon login before further access is granted to the Platform.

‍

16. Contact Us

If you have questions about this Privacy Policy, you can contact us at: hello@billions.network 

Privacy Team