‍

Privacy Policy

Version 2-0-0‍

Updated: February 2, 2026

1. Introduction 

This Privacy Policy (“Policy”) describes how Billions Network S.A. (“Billions”, “we”, “us”, or “our”) collects, uses, and discloses personal information in connection with your access to and use of our digital services.

This Policy applies to the Billions mobile application, the Billions web wallet available at wallet.billions.network, the Identity Dashboard, and any other websites, interfaces, applications, or digital services operated or controlled by Billions that link to or reference this Policy (collectively, the “Platform” or the “Services”)..

This Policy describes the types of personal data we collect, the purposes for which we process such data, how we share it, and the rights and choices available to you under applicable data protection laws, including Regulation (EU) 2016/679 (the General Data Protection Regulation – “GDPR”).

This Policy does not apply to third-party websites, applications, services, or platforms that are not operated or controlled by Billions, even if they are accessible through the Platform or referenced in our Services. We encourage you to review the privacy policies of any such third parties before interacting with them.

Depending on the specific feature or service, Billions acts as a data controller, joint controller, or processor, as further described below.

We are committed to processing personal data in compliance with applicable data protection and privacy laws, including Regulation (EU) 2016/679 (the General Data Protection Regulation – GDPR), as well as any other sector-specific or jurisdiction-specific data protection requirements that may apply to our services.

‍

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account via social login (Google or Apple), we collect your email address, name, timezone and avatar. In order to prevent automated use of our application, we use a humanity verification system provided by one or more third-party service providers, an external provider that employs biometric technology. This service may collect and process biometric data such as facial images, and government issued identity documents, such as passports, to verify whether you are a real person.
  
  • Biometric data collected is only used to verify that access to certain features in the Platform are being performed by a natural person, and not by automated systems or scripts, and for the sole purposes of:
    
    • Preventing automated or abusive use of the Platform;
    • Enforcing one-account-per-user rules;
    • Protecting the fairness and integrity of referral and reward mechanisms;
    • Preventing fraud and circumvention of technical standards.‍
    • Referral Data: If you use our referral system, we track referred users and associated rewards.‍
    • Ethereum Wallet Data: If you connect an Ethereum wallet, we collect verification-related information, including balance and ENS domain registration

Humanity and Identity verification: scope limitation.

Depending on the feature you choose to access, verification may involve: 

1. Humanity or liveness checks - intended to confirm that the interaction is performed by a natural person, and not by automated means.
2. Identity verification - may involve verification of government- issued identity documents
3. Eligibility checks - limited to confirming whether a user meets predefined, objective conditions to access certain rewards or features. 

Biometric data is processed exclusively for one-time verification purposes and is not used to:

• Create biometric templates for ongoing verification;
• Perform biometric matching across users;
• Enable continuous tracking;
• Identify you across different services and platforms.

The processing of biometric data and identity documents for verification purposes is based exclusively on your explicit consent, pursuant articles 6 and 9 of GDPR. You may refuse or withdraw such consent at any time. In that case, you will still be able to access the Platform, but certain features that strictly require verification may be unavailable. 

During identity verification via third-party providers, you may be asked to submit identity documents such as passports or Aadhaar numbers, and biometric data such as facial images. This data is collected solely to verify your humanity and eligibility for specific features or rewards.

2.2 Information Collected Automatically

• Device and Usage Data: We may collect device type, browser version, operating system, and IP address to enhance security and improve our services.
• Social Login: This cookie is used to authenticate login and manage sessions. 
• Session Cookies: Used to maintain login state and track user interactions.
• Analytics Data: We collect aggregate usage data through tools like Google Analytics.We use analytics solely in aggregate form to improve features and measure engagement. No advertising cookies are used, and non-essential analytics run only with your consent via the cookie banner.
• Referral Tracking: If a user clicks a referral link but does not create an account immediately, we store the referral code in local storage to remember it if they return later.
• reCAPTCHA: Helps protect our app from spam and abuse by analyzing user behavior.

For more information on how we use and apply cookies, please refer to our Cookies Policy. 

3. On which legal basis do we process your information

3.1 Legal bases for data collection

We process the data mentioned in art  2.1 on the following legal basis: 

• The information you provide: we collect the information you provide on the basis of your express consent, and/or performance of a contract granted by voluntarily logging in the application, email or other means that we make available to you for this purpose.
• Essential cookies: we collect information via essential cookies on the basis of our legitimate interest, so that you can authenticate when logging in the application. 
• Non essential cookies: we can collect information via non essential cookies on the basis of your express consent you gave via the cookies pop-up, after having read our Cookies Policy. 

3.2 Legal bases for our processing.We rely on different legal bases depending on the purpose of processing:

• Performance of a contract (Art. 6(1)(b)) — processing necessary to perform our contract with you, e.g., processing voucher purchases, issuing vouchers, activating Premium, and managing redemptions.
  
  
• Consent (Art. 6(1)(a) and Art. 9(2)(a)) — for processing special categories of data such as biometric data for identity/human verification; such processing is carried out only with your explicit consent.
  
  
• Legal obligation (Art. 6(1)(c)) — to comply with sanctions, AML/KYC or other legal obligations.
  
  
• Legitimate interests (Art. 6(1)(f)) — for fraud prevention, Platform security, abuse detection and enforcing our Terms, where such interests are not overridden by your rights.
  We set out the legal basis relevant to each processing purpose in this policy and at the point of collection.

4. Why we use your information 

We use the information collected to:

• Enable and manage user accounts.
• Service communications:to provide you with information related to your use of the Platform, including account status, verification progress, feature availability, rewards eligibility, and other operational or transactional updates necessary to deliver the Services.
• Marketing communications: to send you promotional or marketing information about Billions’ products, features, or campaigns, where you have provided your consent and subject to your right to withdraw such consent at any time.
• Track referral progress and rewards distribution.
• Improve our services and analyze user engagement.
• Enforce security measures and prevent fraud.
• Comply with legal obligations.
• Perform a contract. 
• We process transaction and purchase-related information for the purpose of fulfilling payments, issuing vouchers, handling refund requests, and complying with applicable consumer protection and financial regulations.
• Creation and Maintenance of digital services: We process certain identification, verification and account data to create and maintain your digital services file, which enables other users or third parties to confirm the authenticity of your identity within the Billions ecosystem. This processing supports fraud prevention, user safety, and trust features of the Platform, and is carried out in accordance with your chosen verification methods and as described in this Privacy Policy.
• Digital services like data and verifiable credentials are managed to enable user rights: personal data that must be retained for integrity/audit may be stored off-chain or pseudonymised; where on-chain references exist, we rely on off-chain revocation, key destruction, or similar mechanisms to enable deletion or revocation to the extent technically possible.
• To process Premium voucher purchases and issue vouchers, including enforcing purchase limits, validating payment status via third-party providers, issuing and managing voucher codes, enabling redemption and Premium activation, and providing customer support.
• To prevent fraud and enforce sanctions and compliance obligations, including monitoring abuse, enforcing spend limits, investigating suspicious activity, and maintaining records necessary for security and audit.

We process personal data in accordance with the principle of data minimisation, meaning that we collect and process only the personal data that are adequate, relevant, and necessary for the specific purposes described in this Policy.

Certain processing activities described in this Policy are further detailed in our Terms & Conditions.

5. How We Share Your Information

We may share your information in the following cases:

• Third-Party IT Services: We use Google and Apple for authentication and may integrate social media platforms for referrals. We store data in AWS. 
• Affiliates and Business Partners: We may share aggregated data with investors or partners to demonstrate user engagement.
• Legal Compliance: If required by law, we may disclose your information to regulatory authorities.
• With Your Consent: We may share data with third parties when explicitly authorized by you.
• Email Service Provider (Amazon SES). We use Amazon Simple Email Service (SES) to deliver transactional and, where you have provided prior consent, promotional communications. For promotional emails, the legal basis is your consent, which you may withdraw at any time via the unsubscribe link or by contacting hello@billions.network. Transactional emails (e.g., security alerts, verification updates) are sent on the basis of performance of a contract and legitimate interests (security and service continuity). SES may process data outside the EEA under Standard Contractual Clauses and the EU-U.S. Data Privacy Framework as applicable. 

Processor details: Amazon Web Services EMEA SARL (hosting region: EU-West-1) and its affiliates as sub-processors.

• Embedded Crypto Checkout Provider. If you purchase Premium vouchers, your payment is processed through an embedded third-party provider and/or smart contracts. This provider may receive your wallet address, transaction details, and related information necessary to authorize and settle the on-chain stablecoin payment. These payment-related data are processed on the basis of performance of the contract (Art. 6(1)(b)) and, where applicable, to comply with legal obligations (e.g., sanctions/AML). We engage embedded payment providers under written data processing agreements and apply appropriate transfer safeguards (for example, Standard Contractual Clauses) when personal data are transferred outside the EEA. You can request the identity of our payment provider(s) and the safeguards in place at hello@billions.network. 

Billions does not have access to your private keys, does not custody funds, and does not process payment credentials.

6. International data transfer

To provide our services and ensure the proper functioning of the Application, we use services of third-party technology providers that host and store your personal data from countries located outside the European Economic Area, such as Amazon Web Services, whose privacy policy can be found here: https://aws.amazon.com/privacy/?nc1=h_ls. The services of these providers, therefore, imply the existence of an international transfer of your personal data, which could imply a lower level of protection than that provided for in the European regulations. However, your data are located in the EU-West-1 zone and in this case, the corresponding measures are applied, as well as the formalization of the standard contractual clauses approved by the European Commission. You can request an updated list of these recipients by sending an email to hello@billions.network.

7. Data Storage, Security and Retention

7.1 Data Security and Storage Principles

We store personal data in secure environments and implement reasonable technical and organizational measures to protect it against unauthorized access, loss, alteration, or disclosure.

Personal data are retained only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by applicable law.

If you delete your account, personal data associated with your account will be deleted or anonymized within 30 days, except where retention is required for legal compliance, security, fraud prevention, or the establishment, exercise, or defence of legal claims.

Where you choose to make certain information public through the use of blockchain or other public distributed ledger technologies, such information becomes publicly accessible and cannot be altered or deleted by Billions. In such cases, Billions does not control the continued availability of that data, and its publication is determined solely by your actions.

7.2 Data Retention Periods (Summary)

• Account metadata & session data: retained while active and purged within 30 days after deletion requests, unless otherwise required.
• Verification data (identity documents, biometrics): retained only as necessary for verification and to meet legal obligations; biometric data are deleted on withdrawal of explicit consent except where retention is required by law or for fraud prevention.
• Biometric data and identity verification materials are retained only for the duration necessary to complete the verification process and to address potential fraud or dispute resolution arising directly from that verification. As a general rule, biometric data are deleted immediately after successful verification or upon withdrawal of consent, unless retention is strictly required by law, for the establishment, exercise or defense of legal claims, or where a trusted verification provider maintains biometric data for a limited period to support fraud‑prevention and deduplication mechanisms.
  
  • Humanity check – (purpose: anti‑bot) immediate deletion by Billions after the check is completed.
  • Identity verification – (purpose: access to features) data retained only for the verification period and any legally required record‑keeping.
  • Rewards eligibility – (purpose: fairness) data retained for a limited time necessary to determine and audit eligibility.
• Service and transaction records (e.g., transaction references, access logs related to paid features, and redemption history where applicable): retained for the purposes of contract performance, dispute resolution, legal compliance, and audit support, for the period required by applicable law and, where no legal period applies, for a reasonable time (typically up to five (5) years).
• Enforcement evidence: retained for limited periods (e.g., up to 24 months) or longer if legally required.

7.3 Data Protection Impact Assessments (DPIAs)

We screen all high-risk processing activities to determine whether a Data Protection Impact Assessment (DPIA) is required. For processing operations that are likely to result in a high risk — for example, biometric verification, the issuance of “Uniqueness” credentials, or large-scale automated profiling — we will carry out a DPIA and implement appropriate technical and organizational measures to mitigate the risks identified.

Where a DPIA indicates that a high risk remains that cannot be mitigated, we will consult the competent supervisory authority in accordance with Article 36 of the GDPR.

If you would like more information about our DPIA process or wish to request a copy of a DPIA where one applies, please contact privacy@billions.network.

8. Automated decisions & appeals

Fraud Prevention and Enforcement. We process certain account, device, referral and activity data to detect, investigate and respond to suspected abuse or violations of our Terms & Conditions, adjust or remove improperly obtained rewards, and manage appeals. The legal basis is our legitimate interests in preserving Platform integrity, proportionality, and fairness, as detailed in our Terms & Conditions. Evidence supporting enforcement actions may be retained for up to 24 months (or longer where legally required) for audit and support purposes.

Automated decisions. Some determinations (e.g., bot/human checks or eligibility pass/fail) may involve automated processing. Where such processing produces legal or similarly significant effects, you have the right to obtain human review, to express your point of view and to contest the decision by contacting hello@billions.network

Appeals. If an enforcement action materially affects your account (e.g., Power removal, suspension), we will notify you in-app and/or by email and provide an appeal channel.

Where automated decision-making produces legal or similarly significant effects, you have the right to obtain human intervention, to express your point of view and to contest the decision. To request review or appeal, contact hello@billions.network. We will provide meaningful information about the logic used, the significance and the envisaged consequences.

This appeals process is without prejudice to any rights you may have under applicable digital services regulations, including the right to seek redress through competent authorities or other mechanisms provided by law.

9. GDPR & CCPA Compliance

If you are in the European Economic Area (EEA) or California, you have additional rights, including:

• The right to access, correct, or delete your personal data.
• The right to restrict or object to data processing.
• The right to data portability.
• The right to file a complaint with a data protection authority.

If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Please contact to hello@billions.network if you have any questions on this. 

10. Consequence of the removal of your consent

When accessing the Application, you are informed of how and which data we process. Certain processing activities (in particular biometric and identity verification) require your explicit consent. If you do not provide or withdraw such consent, you may still use the Platform, but some features that strictly require such processing may be unavailable. You may withdraw your consent for the processing of biometric and identification data at any time by contacting hello@billions.network. Withdrawal of consent will result in the deletion of your biometric data, but may restrict access to certain features of the Platform.

11. Cookies and Tracking Technologies

• We do not use advertising cookies.
• We use cookies for authentication (Google & Apple), referral tracking, and session management.
• You may manage your cookie preferences via your browser settings; if users decide to delete all cookies, they can do so via their browser.
• Third-party identity verification providers (e.g., idOS) may use their own cookies or similar tracking technologies during the verification process. These are governed by their own privacy and cookie policies. 

12. Children’s Privacy

Our services are intended for users aged 18 or older (or the age of majority in your jurisdiction). We do not knowingly collect data from children under that age.

We are not responsible for external links, nor for the content, products, or services offered on such websites. The inclusion of links on our Platform does not imply an endorsement or guarantee of the security or accuracy of the information provided by third parties. Accessing and using any linked external site is at your own risk, and we recommend reviewing their terms and conditions before engaging with them.

If we become aware that personal data from a user under the age of 18 has been collected without verified parental consent, we will delete such data promptly.

13. Use of Firebase Crashlytics

Billions.Network uses Firebase Crashlytics, a service provided by Google LLC, to collect technical information related to errors and crashes in the mobile application. The purpose of this processing is to improve the app’s stability and functionality by diagnosing technical issues.

 13.1 Data Processed
Firebase Crashlytics may collect the following data:

• Technical information about the device: operating system, device model, application state at the time of the crash.
  
  
• Crash logs: stack traces, error codes.
  
  
• Persistent technical identifiers, such as the Firebase Installation ID.
  
  
• The device’s IP address, which may be used to infer the user’s approximate location.
  
  

Currently, Firebase Crashlytics has not been configured to anonymize IP addresses or to exclude the collection of persistent identifiers. Therefore, this data may be considered personal data under the General Data Protection Regulation (GDPR). 

13.2 Legal Basis for Processing
The data processing performed through Firebase Crashlytics may be based on one of two alternative legal grounds, depending on how the application is configured: 

a) Legitimate Interest (Art. 6.1.f GDPR)
When data collection occurs automatically upon installation or use of the application, processing is based on Billions.Network’s legitimate interest in ensuring the app’s stability, security, and functionality. This interest has been evaluated through a balancing test that considers the low impact on user privacy and the technical and organizational measures implemented to mitigate risks.

13.3 International Data Transfers
Firebase Crashlytics involves the transfer of personal data to the United States and other third countries that may not offer a level of data protection equivalent to that of the European Economic Area (EEA). Google LLC has implemented Standard Contractual Clauses (SCCs) approved by the European Commission as a safeguard mechanism for such transfers, and adheres to the EU-U.S. Data Privacy Framework when applicable.

13.4 Relationship with Google/Firebase as Processor
Billions.Network has formalized a data processing agreement with Google LLC pursuant to Article 28 of the GDPR by accepting the “Firebase Data Processing and Security Terms,” available at: https://firebase.google.com/terms/data-processing-terms

Google acts as a data processor and may engage authorized sub-processors, as described at:  https://firebase.google.com/terms/subprocessors

13.5 User Rights
Users may exercise their rights of access, rectification, erasure, objection, and restriction of processing by writing to hello@billions.network, and may also withdraw their consent if the processing is based on that legal basis. Furthermore, users have the right to lodge a complaint with the competent supervisory authority.

This information forms an integral part of our privacy policy and is provided in accordance with Articles 13 and 14 of the GDPR.

14. Use of external verification providers

In order to prevent automated use of our application, we use a humanity verification system provided by numerous identity service providers, an external provider that employs biometric technology. These  services may collect and process biometric, such as facial images, and  data government issued identity documents, to verify whether you are a real person.

External Verification Providers. Where you choose to complete identity or humanity checks via external providers (e.g., idOS), those providers may use their own cookies or similar technologies during the verification flow. Such processing is governed by each provider’s privacy and cookies policies (see our support page for an up-to-date list and links). We share with such providers only the data necessary to complete the verification you request, on the basis of your explicit consent.

The processing of this data is based on your explicit consent. Providers can be found in our support page and include companies like idOS, privacy policy here

By accepting the privacy policy, you are providing your explicit consent to such processing.

Data may be transferred outside the European Economic Area.

15. Changes to This Policy

We may update this Privacy Policy periodically. If we make significant changes, we will notify you through our Platform. When we make material changes to this Privacy Policy or our Terms & Conditions, users will be prompted to accept the updated version via a consent modal upon login before further access is granted to the Platform.

16. Contact Us

If you have questions about this Privacy Policy, you can contact us at: hello@billions.network