Privacy Policy

Last Updated: December 12, 2023

This Privacy Policy explains how Sunship, Inc. and any subsidiaries and affiliated companies (“Vibrant”, “we” or “us”) collects, uses, and discloses information about you (“you” or “your”). This Privacy Policy applies when you use the Vibrant mobile wallet application (“Application”) for interacting with the Stellar Network (as defined below), the Vibrant website located at https://vibrantapp.com/ or successor site, and other online products and services that link to this Privacy Policy (collectively, our “Services”), contact our customer service team, engage with us on social media, or otherwise interact with us.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.


‍1 CONTENTS

The Stellar Network
Collection of Information
Use of Information
Sharing of Information
Advertising and Analytics
Transfer of Information to the United States and Other Countries
Your Choices
Additional Disclosures for Individuals in Europe
Contact Us


2 THE STELLAR NETWORK

‍2.1 The Services allow you to generate, authorize, submit and broadcast transactions on the “Stellar Network,” a distributed ledger network powered by an open-source protocol, the reference implementation for which is found here: https://github.com/stellar/. This Privacy Policy does not apply to any information transmitted to the Stellar Network through the Services.

2.2 Information we may transmit to the Stellar Network includes, but is not limited to, your public sending address, the public key information of the receiver, the amount of digital currency sent or exchanged, the time and date of the transaction, and any other data you may choose to include. Due to the inherent nature of blockchain technology, information stored on the Stellar Network is public and permanent and cannot be hidden, amended, or deleted. You should be aware that any information posted to the Stellar Network will be made permanently available to the public. Your transactions and addresses may reveal information about you and those with whom you are transacting. Such information can potentially be correlated with you and others now, or in the future, by any party who chooses to do so, including law enforcement.


3 COLLECTION OF INFORMATION
‍The information we collect about you depends on how you interact with us or use our Services. In this section, we describe the categories of information we collect and the sources of this information.

3.1 Information You Provide to Us
‍We collect information you provide directly to us. For example, you share information directly with us when you create an account, fill out a form, request customer support, or otherwise communicate with us. The types of personal information we may collect include your first and last name, email address, phone number, username, personal photograph, phone number address book (if you choose to sync contacts to the Application), and any other information you choose to provide.

‍3.2 Information We Collect Automatically When You Interact with Us
‍When you access or use our Services, or otherwise transact business with us, we automatically collect certain information, including:

i. Registration Information:
We collect information about you when you register for an account for the Services, such as IP address, public key information, device information and information used for key recovery services.

ii. Transactional Information: When you submit transactions to the Stellar Network, we collect information about the transaction, including a list of all deposits, withdrawals, transfers, and exchanges; sender; recipient; asset type; amount; time stamp; and date.

a. We also collect information about transactions generated by Anchors (as defined below) that are shared with us for the purpose of facilitating your transactions. An “Anchor” is a participant on the Stellar Network that: (i) issues digital assets on the Stellar Network that are tied to the value of a real currency or other asset (e.g., a dollar-denominated token); and (ii) offers eligible persons the ability to convert between a real currency and its correlated digital asset.

b. We also collect information about public recovery keys generated by Key Recovery Service Providers (each a “KRSP”) that are shared with us for the purpose of enabling key and account recovery upon your request.

iii. Device and Usage Information:
We collect information about how you access our Services, including data about the device you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our website, such as browser type, operating system, device type, access times, pages viewed, links clicked, and the page you visited before navigating to our Services.

iv. Information Collected by Cookies and Similar Tracking Technologies:
We (and our service providers) use tracking technologies, such as cookies and web beacons, to collect information about you. Cookies are small data files stored on your hard drive, or in device memory, that help us improve our Services and your experience, identify which areas and features of our Services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our Services and in our emails to help deliver cookies, count visits, and understand usage. For more information about cookies and how to disable them, see the Your Choices section below.

‍3.3 Information We Collect from Other Sources
‍We may supplement the information we collect from you with information we collect from third parties. For example, we may obtain information about you from Anchors, data analytics providers, list brokers, and other third parties. As one specific example, when we act as a KRSP for a third-party wallet application provider, we may collect information such as your phone number and/or email address from that third-party wallet application provider to create your KRSP account and to execute your account recovery operation.

3.4 Information We Derive
‍We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your location (at the city, state, or region level) based on your IP address.


‍4 USE OF INFORMATION

‍We use the information we collect to administer your account and provide you the Services. We also use the information we collect to:

i. Provide, maintain, and improve our products and services;

ii. Participate in the provision of account recovery services and verify your identity;

iii. Send you technical notices, security alerts, and support and administrative messages;
iv. Communicate with you about products, services, contests, promotions, and other information offered by Vibrant and others that we think will interest you, unless you have opted out of such communications;

v. Target advertisements to you on third-party platforms and websites unless you have opted out;


vi. Respond to your comments and questions and provide customer service;

vii. Monitor and analyze trends, usage, and activities in connection with our Services;

viii. Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity, and protect the rights and property of Vibrant and others;

ix. Debug to identify and repair errors in our Services;
x. Facilitate the distribution of aid in partnership with various aid organizations;
xi. Comply with our legal and financial obligations; and

xii. Carry out any other purpose described to you at the time the information was collected.


‍5 SHARING OF INFORMATION

‍We share your information in the following circumstances or as otherwise described in this policy:

i. In connection with your use of the Services, we share information with the Stellar Network, including publicly and permanently, as described in The Stellar Network above.

ii. We share your first and last name, phone number, and username with other users via the search function in the Application.

iii. We share information with third party entities or organizations with whom you choose to interact through the Application (like Anchors and aid organizations) that need access to your information in order to provide services to you in connection with the Application, such as allowing you to convert between real currency and digital assets denominated in real currency and disbursing aid from organizations to eligible users.

iv. When you authorize the creation of a separate recovery account with a KRSP, or request an account recovery operation from a KRSP, we will share with the KRSP information required by the KRSP to create your account with them or to execute your account recovery operation, such as your phone number or email address. Your recovery account with, and recovery instructions sent to, the KRSP are separate from and independent of your account with us and account recovery instructions sent to us. 

v. When we act as a KRSP for a third-party wallet application provider, we share information with them about public recovery keys generated by us as a KRSP for the purpose of enabling key and account recovery upon the request of a user of the third-party wallet application provider.

vi. We share information with vendors, service providers, and consultants that need access to your information in order to perform services for us, such as companies that assist us with analytics, providing compliance functions, fraud prevention, and customer service.

vii. We may disclose your information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.

viii. We may share information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Vibrant, our users, the public, or others.

ix. We share information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.

x. We may share information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.We share information with your consent or at your direction.

xi. We also share aggregated or de-identified information that cannot reasonably be used to identify you.


‍6 ADVERTISING AND ANALYTICS

‍6.1 We allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile apps. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and transaction information. This information may be used by Vibrant and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity.

6.2 For example, we use Google Analytics to improve the performance of the Services and for analytics purposes. For more information about how Google Analytics collects and uses information when you use our website, visit https://www.google.com/policies/privacy/partners/, and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

6.3 For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices, or, if you are in Europe, http://www.youronlinechoices.eu/. Your device may also include a feature that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes.

6.4 We also work with third parties to serve ads to you as part of customized campaigns on third-party platforms (such as Facebook and Instagram). As part of these ad campaigns, we or the third-party platforms may convert information about you, such as your email address and phone number, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.


‍7 TRANSFER OF INFORMATION TO THE UNITED STATES AND OTHER COUNTRIES

‍Vibrant is headquartered in the United States and we have operations and service providers and third-party partners in the United States, Argentina, Belarus, Brazil, Mexico, and other countries. Therefore, we and our service providers and third-party partners may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission’s adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by contacting us at [email protected]


‍8 YOUR CHOICES

8.1 Account Information
‍You may update and correct certain account information at any time by logging into your account and editing your information in your settings in the Application.

‍8.2 Cookies
‍Our website uses cookies to collect information. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. We use the following cookies on our website:

i. Strictly necessary cookies:
These cookies are required for the operation of our website. They include, for example, cookies that enable the website to recognize a previous visitor.

ii. Analytical/performance cookies:
These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser setting to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of some of our Services. For more information about the individual cookies and similar technologies used on our website and the purposes for which they are used in the table below:

Technology

Name

Purpose

More information

Amplitude

amplitude_id

Used to distinguish users.

Google Analytics

_ga

Used to distinguish users.

_gid

Used to distinguish users.

_gat

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

AMP_TOKEN

Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

_gac_<property-id>

Contains campaign related information for the user

__utma

Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists.

__utmt

Used to throttle request rate.

__utmb

Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists.

__utmc

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

__utmz

Stores the traffic source or campaign that explains how the user reached the site. The cookie is created when the javascript library executes.

__utmv

Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable.