Summary of Our Privacy Policy Welcome to GALXE Passport, Your universal identity for Web3 adventures! We are committed to protecting your privacy and this document describes in detail our data practices, including the types of data we collect and how we use this data. This summary is a short description of our Privacy Policy. Our core Privacy Principles:
  1. Anonymous and Secure
Your identity information will be encrypted with your password. This data is never stored in plain text and will not be accessible by anyone (including GALXE Passport) without your explicit permission.
  1. Owning Access Control
You are in total control of your data. You can choose to share it with third parties or revoke it as you see fit.
  1. Convenient
You only have to verify once to use your GALXE Passport across Web3 applications. You can use it for compliance processes or to simply prove yourself as a verified individual. Information We Collect We collect data require to verify your identity, which includes the following:
  • Full name;
  • Email address;
  • Identity Verification Information, such as a picture of your Driver’s License, State ID, or
  • Passport;
  • Picture of your face; and
  • IP Address.
How We Use Your Information The primary purpose for this data is to verify your identity. We work with a third party service provider, Sumsub, to verify your identity. You will upload your information, including identity verification Information, to Sumsub, who will then conduct the identity verification. Once your identity is verified, Sumsub will send to us a copy of the information you provided to verify your identity. We will pack the identity information into a verifiable credential, send it to you, and ask you to encrypt it with your password. After you send us the encrypted data, we will keep it safely stored on our servers, and delete all information we collected during the process. At this point, only you can use your password to decrypt and access your identity information. You may also decide that you want to share this information with another application. Instead of you taking pictures of your documents and uploading your information separately to a third party of your choosing, you can request the encrypted PII from GALXE, decrypt them locally with your password to get the PII in a verifiable credential format, and send it to the third party you trust. Frequently Asked Questions Q: How will my identity information be stored? A: Your identity information will be encrypted with your password. GALXE Passport never stores identity information in plain text and will not have access to identity information. Q: Who can access my identity information? A: Because GALXE Passport does not store your password, only you can decrypt this data with your password. No one, including GALXE Passport, has access to your identity information without your permission. Q: How can I use my GALXE Passport? A: Partners (eg. IDO or INO platforms) who integrate GALXE ID SDK may ask for your identity information for compliance reasons. By granting them access to your GALXE Passport’s identity information, you do not need to complete the verification process on their sites for additional times. Other partners may use GALXE Passport SBT as a proof-of-human mechanism to prevent sybil attack. Q: If I participate in a campaign on GALXE which requires GALXE Passport credential, am I giving away my identity information? A: No. GALXE Passport credential only looks at your GALXE Passport NFT holding in your wallet. GALXE Passport NFT is minted on BNB Chain with this contract address. Participating in these campaigns will not disclose your identity information. Q: What happens if I lose my GALXE Passport password? A: Because GALXE Passport does NOT store your password, there is no way to recover your password if you lose it. If you lose your password, you can still use your GALXE Passport as a proof-of-human NFT, however, you won’t be able to decrypt your Sumsub data to share with other third parties for compliance purposes. Q: What’s Sumsub’s role in the process? A: Sumsub is the third party vendor that helps run algorithms and check whether your ID is valid. They collect the identity information directly from you because they need to provide the identity verification. Please note that your use of Sumsub’s service is subject to Sumsub’s Privacy Policy, which can be found here: https://sumsub.com/privacy-notice-service/ Sumsub then shares this information with GALXE Passport. However, they do not know which identity belongs to which address. Q: Will I remain anonymous after I mint GALXE Passport? A: Our third party identity verification vendor, Sumsub, only verifies your identity based on the documents and pictures you provide. Neither Sumsub, nor any other third party, has the capability to connect a user’s verification documents to any particular wallet address. Therefore, verifying your information will not allow those third parties to tie any specific wallet address to any identifiable individual and you will remain anonymous. Likewise, minting a GALXE Passport token does not reveal your identity on the chain。 Q: Am I required to mint GALXE Passport in order to use GALXE? A: No. None of the features on GALXE will require you to mint GALXE Passport. GALXE also does not require any of its partners to use GALXE Passport credential in their campaign. GALXE Passport credential is just like any other credential in the network. Campaign creators can choose to include or not include GALXE Passport credential as a requirement in their campaigns. Q: What happens if any government agencies request users’ information from GALXE Passport? A: All user data is encrypted with your password. Therefore, we do not have access to and cannot view or share your information without your permission and password. Without your permission GALXE Passport does not have the password to decrypt the encrypted identity information. PRIVACY POLICY Last Updated: March 1, 2025 This Privacy Policy (“Policy”) describes how Star Frameworks Labs Pte. Ltd., (“GALXE Passport” “we” “us” or “our”) collects, uses, and discloses information related to the users of the GALXE Passport, our website https://galxe.com/passport (“Website”) and any other related and connected platforms and other online and offline interactions (collectively, the “Services”). Additional information on our Personal information practices may be provided at the time of data collection. Your use of our Services is subject to our Terms of Use, available at https://galxe.com/passport, which includes applicable terms governing limitations on liability and the resolution of disputes. By using the Services, you accept and agree to the practices described in this Policy. If you do not agree with this Policy, please do not use the Services or provide us with any Personal Information (as defined below). Personal Information For purposes of this Policy, unless otherwise required by applicable law, “Personal Information” means any information that (directly or indirectly) identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual or household, including any information that is subject to applicable data protection laws. Scope This Policy applies to our collection, use and disclosure of Personal Information related to the users of our Services, and applies to all users of our Services. Collection of Personal Information The Personal Information we collect varies depending upon the nature of the Services provided or used and our interactions with individuals. Categories of Personal Information. While the Personal Information we collect varies depending upon the circumstances and your interactions with the Service, we may collect the following categories of Personal Information (subject to applicable legal requirements and restrictions):
  • Name, contact information and other identifiers: identifiers such as a name, username, account name, blockchain wallet address, mailing address, phone number, country of residence, birth date, email address, and online identifier.
  • Customer records: electronic customer records containing Personal Information.
  • Device information: internet protocol (IP) address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.
  • Protected classifications, characteristics, or special category data: protected classifications or characteristics, or data considered “special category” under applicable law such as race,ethnicity, sex, age, and nationality.
  • Identity documents: the document(s) you upload to our third party identity verification provider, such as driver’s license, identification card, or passport, in addition to the information about those documents such as document type, document number, expiration date, and a picture or copy of those documents.
  • Images and photographic data: photographic images received from or uploaded by you to a third party provider engaged by us to verify your identity.
  • Communications: direct communication, web forms, online polls, or interactions with our blogs and posts. Usage data: internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
  • Location data: location information about a particular individual or device, general location information (for example, your IP address may indicate your more general geographic region).
Sources of Personal Information. We may collect Personal Information about individuals:
  • Directly from you: such as when you create an online account with us (“User Account”), use the Service, participate in a transaction, communicate on the Services, participate in contests and promotions we offer, register to receive marketing and other communications from us, or contact us for customer support purposes.
  • From our partners and service providers: when you use our services to verify your identity, we will work with our partner who is a third party service provider to collect your information and verify your identity; depending on your settings and the features you use, our partners may share that information with us.
  • From third parties: such as affiliate and other third parties, public records, third-party providers of services to us (e.g., fraud detection and security), consumer data resellers, social networks, joint marketing partners and affiliate companies.
  • Related to your use of our Services: including information we collect automatically when you use our Website or interact with us, or information we derive about you and your preferences or interests based on the Personal Information we collect and our interactions with you.
Information We Collect From You. We may collect Personal Information from you related to:
  • Registration, accounts and profiles: if you choose to use our identity verification service, we collect and process information, including sensitive Personal information, necessary to comply with “Know Your Customer” or similar legal obligations under applicable laws in order to verify your identity. This includes your name, identity documents (such as driver’s license or passport), and a picture of your face; we may also collect additional information such as your preferences and payment details.
  • Your communications and requests: when you email us, call us, or otherwise send us communications, we collect and maintain a record of your contact details, communications and our responses.
Information We Collect from Third Parties. We may collect Personal Information about you from third-party sources (which may be combined with other Personal Information we have collected about you), such as:
  • Identity Verification Service: We may collect information about you from third party entities when we seek to verify your identity as part of “Know Your Customer” requirements, including sensitive Personal information. We collect information from third party entities engaged by us to provide information about your identity, including identity documents (as described above), photographic data, and confirmation of your identity. Please note that use of this third-party service is optional but certain features of the Service may not be available to you unless you provide additional information.
  • Third-party accounts: if you connect your third party accounts to your User Account (such as Twitter, Discord, or GitHub), we will collect certain Personal information about you from those third parties.
  • Other: we may obtain Personal Information, such as demographic information or updated contact details, from third parties; we may also collect information from public records.
Information We Collect or Derive About You Automatically. We may collect or derive Personal Information about your use of our Services, or other interactions with us.
  • Website and App: We and our third-party providers may use cookies, pixels, tags, log-files, and other technologies to collect information about a user from their browser or device, including, without limitation, your browser type, device type, operating system, software version, phone model, phone operating system, platform-dependent information, requested document, referring URL, date and time of your visit, clickstream data (e.g., about the pages you view, links you click and date and time stamps for your activities on our Website), and the IP address associated with your transactions in the system. The information that we collect automatically may be linked with other Personal Information we have collected.
Use of Personal Information We will only process your Personal Information where we have legal grounds to do so. We may use Personal Information for a variety of purposes, including, without limitation:
  • Providing support and services: including to provide our Services, operate our Website, and online services, and interact with you on our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes. Our lawful basis is to fulfill any contractual terms with you.
  • Analyzing and improving our business: including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new features, offerings, and services; to conduct surveys and other evaluations (such as customer satisfaction surveys); to monitor consumer interest in our products and Services; to troubleshoot problems that may arise on the Services; to improve the accuracy of our customer database; to increase our understanding of our customers; and for other research and analytical purposes. Our lawful basis is our legitimate business interests in understanding and improving our Services.
  • Personalizing content and experiences: including to tailor content we send or display on our Website and other Services and to otherwise Personalize your experiences. Our lawful basis is our legitimate business interests in offering a more Personalized service.
  • Advertising and marketing and promotional purposes: including to reach you with more relevant ads and send you newsletters, offers or other information we think may interest you. However, we will not use any Identity Information (such as your passport information) for marketing or promotional purposes. We may use your name and email address to provide you with marketing or promotional communications, and you can always unsubscribe from marketing communications. Our lawful basis is your consent to choose to subscribe to any newsletter or marketing (and you can unsubscribe at any time).
  • Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third-party, or other unauthorized activities or misconduct. Our lawful basis is our legitimate business interests in protecting our business and services.
  • Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties. Our lawful basis is our legitimate business interests in protecting our business or our need to defend ourselves legally.
  • Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business. Our lawful basis is our legal obligations under relevant legislation such as tax reporting and our legitimate interests in running our governance programs.
  • Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests. Our lawful basis is compliance with applicable law.
  • For our legitimate business interests: including our business interest in conducting and managing our business and enabling us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. Our lawful basis is this legitimate business interest.
Aggregate and De-identified Data. We may de-identify information and create anonymous and aggregated data sets and reports to assess, improve and develop our business, products and Services, prepare benchmarking reports on our industry and for other research, marketing and analytics purposes. De-identified information is not Personal Information and we may use de- identified information as allowed under applicable data protection laws. We may combine information from different sources. For example, we may combine information that we have collected offline with information we collect online, or we may combine information we get from a third-party with information we already have. If you submit any Personal Information relating to other people to us, you represent that you have the authority to do so and have informed that other person about the contents of this Policy. Disclosure of Personal Information We may share or disclose the Personal Information we collect as follows:
  • Service providers: We may disclose Personal Information to third-party service providers who use this information to perform services for us, such as third-party identity verification services, hosting providers, auditors, advisors, consultants, customer service and/or support providers.
  • Third Party Platforms: At your request and only with your authorization, we will disclose your identity token and/or identity verification information you have provided to us, to third- party crypto exchanges, asset management platforms, web3 platforms and applications, defi platforms or other services where a KYC token may be required.
  • Subsidiaries, affiliates, and business partners: We may share your Personal Information with our affiliated companies (i.e., our parent company and other companies under common ownership, control or management with us); they may use such Personal Information for the purposes set out in this Policy.
  • Legal compliance: We may be required to share Personal Information in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful. In addition, we may share certain Personal Information when we believe that doing so is reasonably necessary to protect the rights, property and safety of our company and/or others.
  • Business transfers: We may disclose and/or transfer Personal Information as part of any actual or contemplated merger, sale, transfer of assets, acquisition, financing and/or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
  • Protect our rights: We may disclose Personal Information where we believe it necessary to respond to claims asserted against us, to enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and/or to protect the rights, property or safety of Galaxy or our affiliates, partners, clients, customers and/or others.
Aggregated and De-identified Data. We may share aggregate or de-identified information with third parties for research, marketing, advertising, analytics and/or other purposes. What happens if you do not provide us with the Personal Information we request or ask that we stop processing your Personal Information? If you do not provide the Personal Information we request, or if you withdraw your consent to the processing of your Personal Information, then you may be unable to use the Services. Cookies and Analytics We use cookies, pixels, tags, and other technologies, which may be provided by third parties, on our Services to enable certain functionality and for security and fraud detection and prevention, as well as to collect usage information about our Website and the emails that we send and to Personalize content and provide more relevant ads and information. We may combine the information we collect via these technologies with other information, including Personal Information. Cookies. Cookies are alphanumeric identifiers that are transferred to your computer through your web browser for record-keeping purposes. Some cookies enable you to log-in to our Services or save certain settings and preferences, while others allow us to track usage and activities on our Services Personalize content, or deliver more relevant ads. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The “Help” tab on the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you block cookies, however, certain features on our Website may not be available or function properly. Third parties may use cookies and other similar technologies to collect or receive information from our Site and elsewhere on the Internet and use that information to provide you with targeted ads. If you would like to opt-out of such advertising practices on the particular device on which you are accessing this Privacy Policy, please go to http://optout.aboutads.info/. The Network Advertising Initiative also offers a means to opt-out of a number of advertising cookies. Please visit http://www.networkadvertising.org to learn more. Note that opting-out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted-out will no longer deliver ads tailored to your preferences and usage patterns. Pixel tags and embedded script (aka clear GIFs and web beacons). Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, pixel tags are embedded invisibly on web pages. We may use these, in connection with our Website to, among other things, track the activities of the users of our Services, improve ads, personalize and manage content, and gather usage information about our Website. We may also use these in HTML emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded. Third-Party Analytics Tools. Our Website uses automated devices and applications operated by third parties, such as Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Website and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and you can opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. Children’s Privacy Our Services are restricted for users at least 18 years old (or of legal age in their jurisdiction) and children under the age of 18 are not allowed to use our Services. Galaxy does not knowingly collect or maintain Personal Information from children we actually know at the time of collection are under the legal age. Should we discover that we have collected Personal Information online from a child who is under the legal age, we will promptly delete thatPersonal Information. Although our Services are not directed to children, if your child uses our Services and you wish to review or delete your child’s Personal Information, you may so request by contacting us at the location or email address set forth below under ‘Contact Us.’ Security The security of your Personal Information is important to us. We have put in place safeguards to protect the Personal Information we collect from unauthorized access, use and disclosure, and we take steps to ensure that all of our employees, agents, contractors and other third parties have similar adequate measures in place. We also have procedures to deal with any suspected Personal Information breach, and we will notify you and any applicable regulator when we are legally required to do so. However, we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your Sumsub Information safe, such as choosing a strong password and logging out of your User Account and closing your web browser when finished using the Services. Opt-Out of Communications With Us E-mail Contact. You may opt-out of receiving promotional e-mail communication from us by sending us an e-mail at Support@galxe.com, or by clicking the “unsubscribe” button at the bottom of our emails that we send to you. Please note that you will not be able to opt-out of transactional e-mail communication, such as communication related to your user account activities. Push Notification. You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Services. Transfers outside the UK/Europe For users in the UK and European Economic Area (“EEA”). We may sometimes transfer your Personal Information to countries outside the UK and EEA, for example if we are using a supplier based elsewhere or you want to transfer your data to a third-party based in another country. The privacy laws in countries outside the UK and EEA may be different from those in your home country. Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we will always have security measures and approved European or UK model clauses (available on the European Union’s legal website at eur-lex.europa.eu and the UK ones at the ICO website www.ico.gov.uk) or other adequate safeguards in place to protect your Personal Information. Please contact us if you would like more details about our safeguards for data transfers outside of the UK/EEA. For other users. If we transfer your Personal Information to countries outside of your home country, we will take steps to comply with the requirements for such transfer in your home country as required by relevant law. Links to Third-party Websites The Services provide links to various websites operated by third parties including, but not limited to, third-party sites that may display our trademarks. This Policy does not apply to third-party websites that are accessible through the Services, unless such website directs users or visitors to this Policy. When you click on one of these links, you will be transferred out of the Services and connected to the website of the organization or company that maintains that website. Even if an affiliation exists between us and a third-party website, we exercise no control over linked websites. Each of these linked websites maintains its own independent privacy and data collection policies and procedures. We encourage you to read the privacy policies of those other websites to learn how they collect, use, share, and secure your information before providing any Personal Information. Retention Except to the extent prohibited by law, and subject to this Policy, we will retain and use your Personal Information for as long as it is needed to provide you with any services, communications, information you have requested, or access to the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. As soon as it is reasonable to assume your Personal Information is no longer needed or required, we will cease to retain your Personal Information, or remove the means by which the data can be associated with you. You should inform us of any changes to your Personal Information so that we can keep it up to date. If you wish to find out further information on how long we retain your Personal Information for you can contact us using the details below. Your Data Access Rights Depending on where you live, you may have a number of rights when it comes to your Personal Information. Further information and advice about your rights can be obtained from the data protection regulator in your country, and many countries provide a right to lodge a complaint with the regulator. The rights that may be available to you include rights such as: European Union/EEA and United Kingdom The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Information and your rights. This is why we are providing you with the information in this Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, please contact us. The right of access. You have the right to obtain access to your Personal Information (if we are processing it), and certain other information (similar to that provided in this Policy). This is so you are aware and can check that we’re using your Personal Information in accordance with data protection law. The right to rectification. This is also known as the ‘right to be forgotten’ and enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions. The right to restrict processing. You have rights to ‘block’ or suppress further use of your Personal Information. When processing is restricted, we can still store your Personal Information, but we may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. The right to data portability. You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing. The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your Personal Information with your national data protection regulator. In the UK, this is the Information Commissioner, and details of how to contact the ICO can be found on their website at ico.org.uk. The right to withdraw consent. If you have given your consent to anything we do with your Personal Information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal data for marketing purposes. We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request in some circumstances. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know. United States California Shine the Light. Where applicable, California Civil Code Section 1798.83 allows California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request please contact us using the information provided in the Contact Us section below. Nevada Residents. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at Support@galxe.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Sumsub Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below. Contact Us If you have any concern about our privacy practices, please contact us by email at Support@galxe.com.