Privacy Policy

Kite App Limited

Last Updated: March 03, 2026.

This Privacy Policy explains how Kite App Limited ("Kite," "we," "us," or "our") handles your information when you use the Kite app, website, waitlist forms, and related services (the "Services").

1. Information We Collect

Information You Provide Directly

  • Account details: name, email address, phone number, country/region of residence.

  • Profile information: any additional details you add within the app.

  • Identity verification (KYC): government-issued ID information, selfie/liveness checks, and proof of address, collected during onboarding through our identity verification partner.

  • Support communications: messages, attachments, and other content you send to our support team.

Information We Collect Automatically

  • Device and app information: device type, operating system, app version, language preference, IP address, and device identifiers.

  • Usage information: how you interact with the Services, including features used, screens viewed, and session data.

  • Performance logs: crash reports, diagnostics, and application performance data.

Blockchain and Transaction Data

  • Transaction details: payment and transfer information including amounts, fees, timestamps, recipient details, and transaction status.

  • Blockchain data: wallet addresses, transaction hashes, network identifiers, and on-chain metadata.

Information from Third-Party Sources

We receive information from service providers that support the Services, including identity verification and compliance screening partners, infrastructure providers, and payment or card partners.

Public Blockchain Notice

Kite uses blockchain networks to process certain transactions. Data recorded on public blockchains, including wallet addresses, transaction amounts, and interaction history is permanently and publicly visible. We have no ability to edit, delete, or restrict access to on-chain data. This means that requests to erase blockchain-recorded data cannot be fulfilled, as the data exists outside our control on decentralized networks.

Wallet and Key Management

Kite provides a non-custodial wallet experience. We do not hold, store, or have access to your private keys. Key management is handled through Multi-Party Computation (MPC) infrastructure provided by our wallet infrastructure partner, where control remains with you as the user.

2. How We Use Your Information

We use the information we collect for the following purposes, relying on the legal bases indicated:

  • Operate and improve the Services (contractual necessity) — provide core app functionality, process transactions, maintain infrastructure, and develop new features.

  • Verify identity and manage compliance (legal obligation) — conduct KYC checks, screen against sanctions and watchlists, and meet anti-money laundering (AML) obligations.

  • Process biometric data for identity verification (explicit consent) — collect and process facial geometry from selfie/liveness checks. Consent is obtained before collection and may be withdrawn at any time by contacting help@kiteapp.xyz.

  • Prevent fraud and abuse (legitimate interest) — detect, investigate, and prevent unauthorized access, fraud, and other harmful activity. We have assessed that this interest does not override your rights; Legitimate Interest Assessments are available on request.

  • Provide customer support (contractual necessity) — respond to your inquiries, troubleshoot issues, and resolve disputes.

  • Send service and security communications (contractual necessity / legal obligation) — notify you of important account activity, security alerts, and changes to the Services or this policy.

  • Analytics and service improvement (legitimate interest) — understand how the Services are used to improve functionality and user experience. You may object to this processing by contacting help@kiteapp.xyz.

We do not use your information for unrelated purposes without providing notice and, where required by law, obtaining your consent.

3. Automated Decision-Making

Certain processes within the Services involve automated decision-making, including:

  • KYC and identity verification: automated checks performed by our identity verification partner may result in approval, rejection, or escalation of your application without manual review at the initial stage.

  • Fraud and compliance screening: automated systems monitor transactions and activity patterns to flag or block suspicious behavior.

Where an automated decision significantly affects you (such as denial of account access), you have the right to request a review by a human member of our team. To request a review, contact us at help@kiteapp.xyz.

4. Sharing and Disclosure

We share your information only as necessary to operate the Services. Recipients include:

  • Service providers: hosting, analytics, messaging (email/SMS/push), customer support platforms, and security services.

  • Identity and compliance partners: KYC verification, sanctions screening, and fraud prevention providers.

  • Blockchain infrastructure providers: smart contract wallet infrastructure, paymaster and bundler services, and node/RPC providers that facilitate on-chain transactions. These providers may process wallet addresses, transaction data, and related metadata.

  • Payment and card partners (if applicable): card networks, processors, and merchants for payment processing, reversals/chargebacks, and fraud prevention. This includes support for recurring and tokenized payments, and updating saved credentials after card replacement where supported.

  • Professional advisors: legal, accounting, and audit advisors as needed.

  • Authorities: law enforcement, regulators, or government bodies where required by law or to protect our legal rights.

  • Corporate transactions: parties involved in a merger, acquisition, restructuring, or asset sale, with appropriate protections for your data.

We do not sell your personal data.

Cross-Border Transfers

Your information may be processed or stored outside Hong Kong and outside the country where you reside, for example, by service providers operating in other jurisdictions. When transferring information internationally, we implement appropriate safeguards to ensure your data is handled in accordance with this policy and applicable law, including contractual data protection clauses with third-party recipients, data processing agreements, and selection of providers with recognized security certifications. Details of specific safeguards applied to international transfers are available on request by contacting help@kiteapp.xyz.

5. Direct Marketing

We send marketing communications only where permitted under applicable law and only with your consent where required. You can opt out of marketing at any time using the unsubscribe mechanism in any marketing message or by contacting us at help@kiteapp.xyz. We will process your opt-out request promptly.

Opting out of marketing does not affect service-related communications (such as transaction confirmations and security alerts), which are necessary for the operation of your account.

6. Third-Party Data

If you provide another person's information through the Services (for example, a payment recipient's details), you confirm that you have the authority to share that information and that you have informed the recipient about how their data will be used.

7. Retention

We retain your information for as long as necessary to provide the Services, meet our legal and compliance obligations, prevent fraud, resolve disputes, and enforce our terms. Specific retention periods include:

  • Transaction records and KYC data: retained for a minimum of 7 years after account closure or the date of the last transaction, as required by anti-money laundering regulations.

  • Support communications: retained for 3 years after resolution, unless a longer period is required for legal or compliance purposes.

  • Biometric verification data: deleted within 30 days of successful verification, unless a longer period is required by applicable law.

  • Usage and device data: retained for up to 2 years for analytics and service improvement purposes.

  • Marketing preferences: retained until you withdraw consent or close your account.

When information is no longer needed, we take reasonable steps to delete or anonymize it, unless retention is required or permitted by law.

Blockchain data exception: information recorded on public blockchains is permanent and cannot be deleted or anonymized by Kite. See Section 1 (Public Blockchain Notice) for details.

8. Security

We implement practical safeguards to protect your information, including:

  • Access controls and role-based permissions for internal systems.

  • Encryption of data in transit and at rest.

  • Continuous monitoring and logging of access to sensitive data.

  • Secure development practices including code review and vulnerability testing.

  • Incident response procedures for potential data breaches.

No system is perfectly secure. You are responsible for keeping your account credentials, wallet recovery information, and devices secure. If you believe your account has been compromised, contact us immediately at help@kiteapp.xyz.

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights or interests, we will notify affected users without undue delay and, where required by applicable law, within 72 hours of becoming aware of the breach. We will also notify relevant regulatory authorities in accordance with applicable law. Notification will include a description of the breach, the types of data affected, and the steps we are taking in response.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.

  • Correction: request correction of inaccurate or incomplete data.

  • Deletion: request deletion of your personal data, subject to legal retention requirements and the blockchain data exception described in this policy.

  • Data portability: request a copy of your data in a structured, commonly used format.

  • Withdrawal of consent: withdraw consent for optional processing (such as marketing) at any time.

  • Object to automated decisions: request human review of decisions made solely by automated processing that significantly affect you.

To exercise any of these rights, contact us at help@kiteapp.xyz. We may need to verify your identity before processing your request. We will respond within the timeframes required by applicable law.

Important: withdrawing consent for processing that is necessary to operate core Services (such as identity verification) may result in the restriction or closure of your account. Deletion requests cannot be applied to data recorded on public blockchains.

Hong Kong residents: Under the Personal Data (Privacy) Ordinance (Cap. 486), you have the right to submit Data Access Requests and Data Correction Requests. We will respond to such requests within 40 calendar days. For details, see our Personal Information Collection Statement in the Terms & Conditions (Section 3C).

11. Account Deletion

You may request deletion of your Kite account by contacting help@kiteapp.xyz. Upon receiving and verifying your request, we will:

  • Close your account and disable access to the Services.

  • Delete or anonymize your personal data, except where retention is required by law (see Section 7).

  • Retain blockchain-recorded data, which cannot be deleted (see Section 1).

Please ensure you withdraw any remaining funds before requesting account deletion, as we may not be able to process withdrawals after your account is closed.

12. Children

The Services are not intended for anyone under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will take prompt steps to delete that information. If you believe a child has provided us with personal data, please contact us at help@kiteapp.xyz.

13. Cookies and Similar Technologies

Our website uses cookies and similar technologies for the following purposes:

  • Essential cookies: required for the website to function.

  • Preference cookies: remember your settings and choices.

  • Analytics cookies: help us understand how the website is used, so we can improve it.

  • Marketing cookies (where enabled): used to measure the effectiveness of marketing campaigns and, where you have consented, to deliver relevant advertising.

You can manage cookie preferences through your browser settings or through any cookie consent mechanism provided on our website. Disabling certain cookies may affect website functionality.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version and notify you through the Services or by email. The "Last Updated" date at the top of this policy indicates the most recent revision. We encourage you to review this policy periodically.