Privacy Policy

This Privacy Policy ("Privacy Policy") governs the collection, use, and disclosure of personal data in connection with the websites operated or made available by Divine Research and any related websites, subdomains, or other online properties that display a link to this Privacy Policy (collectively, the "Website"), Divine Research's corresponding mobile applications (each, an "Application"), any protocols operated or made available by Divine Research, and the information on the Website and contained in the Applications, all to the extent made available by Divine Research, Inc., its affiliates or agents ("Divine Research," "we," "us" or "our"). This Privacy Policy applies to all users visiting the Website, using any Application, or using the services enabled through the Website or any Application, in any way (all such information and services, including the Website and Applications, the "Services").

Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in our Terms of Use. This Privacy Policy describes how Divine Research collects, processes, and shares your personal data, and details the rights you may be able to exercise regarding the processing of your personal data. For clarity, this Privacy Policy does not apply to any decentralized aspect of the blockchain that we do not control due to the decentralized nature of blockchain technology.

1. SCOPE

   At the time we collect personal information, we may provide additional or supplemental privacy policies to individuals for specific products or services that we offer. In addition, if you are located in a specific jurisdiction for which we have provided a jurisdictional-specific supplement to this Privacy Policy (i.e., an Appendix), please see the relevant jurisdictional-specific supplement to understand in greater detail how we may process your personal data.

2. WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT SUCH PERSONAL DATA?

   DATA YOU PROVIDE TO US OR THAT WE MAY GENERATE ABOUT YOU

   Personal data you may provide to us through the Services or otherwise or that we may generate about you includes:

   • Contact data, such as your name, phone number, and email address.
   • Demographic data, such as your city, state, country of residence, postal code, and age.
   • Communications data based on our exchanges with you, including when you contact us through the Services, social media, offline, or otherwise, and data generated when we communicate with you via email, push notification, text message (SMS), telephone, and/or messaging applications (such as WhatsApp).
   • Transactional data, such as information relating to or needed to complete your transactions on or through the Service, including loan details and transaction history.
   • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
   • Financial data, such as your bank account numbers, bank account aliases, bank account types, and related financial identifiers.
   • Blockchain activity data, such as information relating to or needed to complete your cryptocurrency transactions on or through the Services on supported blockchain networks (including wallet address, transaction number, transaction sender and recipient, transaction amount, and transaction history), as well as information relating to other onchain activity associated with your account or wallet, such as applications you have interacted with on the blockchain.
   • KYC "Know Your Customer" Information. We use third-party providers to perform identity verification and to facilitate lending and repayment services. That information is shared with the applicable provider. The KYC information we may store includes full name, email address, tax ID number, phone number, address, gender, marital status, activity or occupation, bank account details, photos of ID (front and back), and country. KYC data may also be used as part of our assessment for lending eligibility. In addition, it may also include the collection of the following data: whether you are a politically exposed person ("PEP"), whether you are subject to the Foreign Account Tax Compliance Act ("FATCA"), or whether you appear on any applicable financial intelligence unit watchlist or similar government registry.
   • Voice and audio data. If you participate in a voice-based interview, we may collect audio recordings, interview metadata, and provider-generated outputs or summaries. We may use this information for identity verification, fraud prevention, security review, application assessment, and lending eligibility evaluation, subject to applicable law. Voice recordings may be retained for the duration necessary to complete these processes and to comply with applicable regulatory requirements.
   • Document scanning data. When you submit identity documents (such as a government-issued ID) for KYC verification, images of your documents are processed using optical character recognition (OCR) technology provided by a third-party service provider. This processing extracts structured fields such as names, document number, nationality, sex, date of birth, and other document metadata to verify your identity. We may also store encrypted copies of submitted document images and related verification records for security, audit, compliance, and dispute-resolution purposes.
   • Biometric-adjacent data. Certain data collected during identity verification and assessment processes - such as images of identity documents containing facial photographs and voice recordings from AI-powered interviews - may constitute biometric or sensitive personal data under the laws of certain jurisdictions. We treat such data with heightened safeguards regardless of classification. For additional information about the processing of sensitive data in your jurisdiction, please refer to the applicable Appendix below.
   • User-generated content data, such as comments, questions, messages, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Services, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
   • Survey or usability study information: If you participate in a survey or usability study, we record any biographical information you provide directly (e.g., phone number), your responses, and your interactions with the app.

   AUTOMATIC DATA COLLECTION

   We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications and other online services, such as:

   • Device data, such as your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
   • Online activity data, such as pages or screens you viewed, content you viewed or otherwise engaged with, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
   • Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
   • Diagnostic and session data, such as crash reports, error logs, performance metrics, and session replay data collected by third-party service providers to detect, investigate, and fix bugs, security incidents, and performance issues. We employ technical safeguards designed to limit the collection of sensitive personal data through such diagnostic tools.
   • Information from local storage, cookies, and other tracking technologies: We and our third-party service providers may access and collect information from local storage, mobile device ID, cookies, web beacons, pixel tags, clear GIFs, and other similar technologies to provide and customize the Services. For example, we may use this information to remember whether a user has completed a survey. We may also use this information to learn about user preferences (e.g., language), app usage, and interactions. The information we collect from these technologies may include data such as application version, device type, referring/exit pages, operating system, application or device language, and other information. We analyze these user trajectories collectively to improve the overall experience. For information concerning your choices with respect to the use of tracking technologies, see the Your choices section below.

   THIRD-PARTY SOURCES

   We may combine personal data we receive from you with personal data falling within one of the categories identified above that we obtain from other sources, such as:

   • Public sources, such as government agencies, public records, public blockchains, and other publicly available sources.
   • Private sources, such as data providers, social media platforms and data licensors.
   • Service providers that provide services on our behalf or help us operate the Services or our business.
   • Business transaction partners. We may receive personal data in connection with an actual or prospective business transaction. For example, we may receive your personal data from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.
   • Third-party linked services, such as third-party cryptocurrency platforms or wallets, that you use to log into, or otherwise link to, your Services account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

3. HOW DO WE USE YOUR PERSONAL DATA?

   Personal data collected is processed for the following purposes:

   1. Provision of the service: We use personal data to operate and maintain our application and its functionalities as well as otherwise operate our business (including conducting KYC/AML checks, assessing eligibility for Loans, enabling security features of our Services, and providing support for our Services).
   2. Customer Service: We may process data to provide support and respond to queries and technical issues regarding the Services.
   3. Services personalization: We use personal data to personalize the Services. This includes understanding your needs and interests, personalizing your experience with the Services and our Services-related communications, and remembering your selections and preferences as you navigate webpages.
   4. Services improvement and analytics: We may use your personal data to analyze your usage of the Services, improve the Services, improve the rest of our business, help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our emails, and to develop new products and services. We may use third-party analytics service providers for this purpose.
   5. Security and protection: We may use personal data in an effort to prevent, deter, investigate, and stop fraudulent, unauthorized, or illegal activities, including cyber attacks and identity theft. We use personal data to enforce the terms and conditions that govern the Services (including, without limitation, to identify and otherwise determine if you are a prohibited person who may not use the Services or otherwise determine your identity). We may also use it in an effort to address security risks, fix bugs, enforce our agreements, and otherwise protect our users, our rights, the rights of others, our privacy, safety and property (including by making and defending legal claims).
   6. Marketing: We may send you direct marketing communications and may personalize these messages based on your needs and interests. You may be able to opt-out of our marketing communications as described below.
   7. Legal Compliance: We may use personal data to comply with applicable laws or regulations or requirements from government agencies, regulators, judicial authorities or private parties.
   8. Corporate events: We may share personal data in the context of actual or prospective corporate events or transformations.
   9. To create aggregated, de-identified and/or anonymized data: We may create aggregated, de-identified and/or anonymized data from your personal data and other individuals whose personal data we collect. We make personal data into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
   10. Cookies and similar technologies: We may use the Cookies and similar technologies described above for the following purposes:
       1. Technical operation: To allow the technical operation of the Services, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Services.
       2. Functionality: To enhance the performance and functionality of our services.
       3. Analytics: To help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our emails.
   11. Further uses: In some cases, we may use your personal data for further uses, in which case we will ask for your consent to make use of your personal data for those further purposes if they are not compatible with the initial purpose for which information was collected.
   12. Retention: We generally retain personal data to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal data, we may consider factors such as the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the personal data we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

4. WHO DO WE SHARE YOUR DATA WITH?

   Divine Research may share your personal data with certain third parties. These third parties include but are not limited to those listed below:

   1. Affiliates: Our corporate affiliates.
   2. Service providers: Third parties that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, payment processors, text message providers, customer support, email delivery, marketing, consumer research, website analytics, identity verification, AI-powered voice interviews, and document scanning and OCR processing).
   3. Payment and banking service providers: Any payment or banking information you provide in connection with fiat currency transfers through the Services is collected and processed directly by our third-party payment and banking service providers.
   4. Third parties designated by you: We may share your personal data with third parties where you have instructed us or provided your consent to do so. For example, entities conducting know-your-customer, identity verification or other anti-money laundering checks. We do not necessarily control how these third parties may use your personal data.
   5. Partners: Third parties with whom we partner, including parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
   6. Third-party linked services: If you log into the Services with, or otherwise link your Services account to, an external cryptocurrency platform, wallet, or other third-party service, we may share your personal data with that third-party service. The third party's use of the shared information may be governed by its privacy policy and the settings associated with your account with the third-party service. We do not control how the third-party linked service may use your personal data.
   7. Professional advisors: Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
   8. Authorities and others: Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Legal Compliance purposes described above.
   9. Lending and credit-related disclosures: If you fail to repay a Loan or otherwise default on your obligations under the Services, we may disclose information relating to your delinquency, default, or outstanding balance to service providers, credit reporting agencies, collection agencies, or other third parties as permitted by applicable law.
   10. Business transferees: We may disclose personal data in the context of actual or prospective business transactions (e.g., investments in or financings of Divine Research, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares). For example, we may need to share certain personal data with prospective counterparties and their advisers. We may also disclose your personal data to an acquirer, successor, or assignee of Divine Research as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal data is transferred to one or more third parties as one of our business assets.
   11. Other users and the public: Due to the nature of blockchain technologies, any data posted to or otherwise interacting with public blockchains will be visible to other users of the Services and the public. Information about your interactions and/or transactions will be provided to the applicable blockchain network and may be accessible to third parties due to the blockchain protocol's nature. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information. It may be possible for someone to identify you through your pseudonymous, public wallet address using external information sources, and any transaction you enter or otherwise interact with the blockchain could possibly be used to identify you or information about you.

5. INTERNATIONAL DATA TRANSFERS

   Divine Research is headquartered in the United States of America. Your personal data may be transferred to and processed in the United States or other countries where our service providers operate, which may not offer a level of data protection equivalent to that provided by the laws of your jurisdiction.

   Where we transfer personal data internationally, we implement appropriate safeguards to protect your data, which may include: (a) transferring data to countries that have been recognized as providing an adequate level of data protection by the relevant authority in your jurisdiction; (b) entering into data transfer agreements that incorporate appropriate contractual protections; or (c) relying on other legal mechanisms permitted by applicable law. You may request information about the specific safeguards applied to transfers of your personal data by contacting us at legal@divine.inc.

6. SECURITY MEASURES

   We employ technical, organizational and physical safeguards designed to protect the personal data we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal data.

7. DATA BREACH NOTIFICATION

   In the event of a security breach that compromises your personal data, we will notify you and the applicable regulatory authority as required by law. Notification will be provided without undue delay and will include, where possible, a description of the nature of the breach, the likely consequences, and the measures taken or proposed to address the breach.

8. YOUR CHOICES

   In this section, we describe the rights and choices available to all users. Users who are located in certain jurisdictions can find additional information about their rights below.

   1. Access or update your information: If you have registered for an account with us through the Services, you may review and update certain account information by logging into the account.
   2. Declining to provide information: We need to collect personal data to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
   3. Third-party linked services: If you choose to connect to or otherwise link with the Services through your account on a third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
   4. Opt-out of marketing communications: You may opt out of receiving marketing emails by following the unsubscribe instructions in such communications. You may opt out of push notifications by adjusting your device settings. You may opt out of text message (SMS) communications by replying STOP to any such message. Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications.
   5. Additional Rights: You may have certain rights under applicable privacy laws. For more information, please contact us by email at: legal@divine.inc.
   6. Blockchain data limitations: Due to the immutable nature of blockchain technology, we cannot edit or delete information that is stored on a blockchain. This information may include transaction data (such as loan issuances, repayments, and transfers) related to your blockchain wallet address and any Digital Assets held by your wallet address. Requests for data deletion or erasure under applicable law apply only to personal data stored in our offchain systems and databases, and do not extend to data recorded on public blockchains.

9. AUTOMATED DECISION-MAKING AND PROFILING

   We may use automated processing, including AI-powered tools and algorithmic analysis, to assist in assessing your eligibility for certain Services, including Loans. This may include the automated analysis of your identity verification data, voice interview responses, financial information, and other data collected during the application process. Such automated processing may produce results that affect your access to the Services.

   You may have the right, under applicable law, to challenge decisions based on automated processing of your personal data. To exercise this right, please contact us at legal@divine.inc. For additional information about automated decision-making rights in your jurisdiction, please refer to the applicable Appendix below.

10. OTHER SITES AND SERVICES

    The Website and Application may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

    If you access or download an Application through an app store (such as the Apple App Store or Google Play), the app store operator may independently collect information about you and your device, including device and operating system information, app download and usage data, and analytics. We do not receive your app store credentials or payment details. Any information collected by the app store operator is governed solely by that operator's own privacy policy.

11. CHILDREN

    The Website and Application are not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal data in a manner prohibited by law, please contact us. If we learn that we have collected personal data through the Website or Application from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

12. MODIFICATIONS TO THIS POLICY

    We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Services or other appropriate means. Any modifications to this Privacy Policy will be effective thirty (30) days after posting for existing users of the Services, or immediately for new users, unless we specify otherwise. In all cases, your use of the Services after the effective date of any modified Privacy Policy constitutes your acknowledgment that the modified Privacy Policy applies to your interactions with the Services and our business. Depending on the kind of change we make to this Privacy Policy, we might notify you of the change or request your consent to it.

13. CONTACT

    To make inquiries related to this Privacy Policy or exercise your rights that you may have in relation to your personal data, you can contact us through the following means:

    Email: legal@divine.inc