Privacy Policy
How we collect, use, and protect your personal information.
Effective Date: November 1, 2025
Who we are. GNR (the "Service") is provided by Hengsheng Digital Ventures Ltd. ("we," "us," or "our"), a California limited liability company located at Pleasanton, CA 94588.
If you have questions, contact us at gnr20262026@gmail.com.
This Policy applies to account creation for individual and business users, KYC/KYB workflows, and any interaction with our APIs, websites, and apps.
1. Scope
This Policy applies to: account creation for individual and business users (including phone/email verification); KYC/KYB and compliance workflows; and any interaction with our APIs, websites, and apps where this Policy is posted or linked. It does not apply to third-party services you choose to connect to GNR (e.g., your external wallet apps or exchanges); those are governed by their own policies.
2. Information We Collect
A. You provide directly: Identifiers & contact (name, email, phone number, country/region, business name and contact person); Auth & security (passwords, one-time codes, session tokens); KYC/KYB where applicable (date of birth, address, government ID numbers, ID photos/liveness checks, corporate registration documents, ownership/control information, sanctions screening results); Support (messages, attachments, feedback). B. Automatically from your use: Device/usage data (IP address, device OS, app version, language, time zone, crash logs, and analytics events); Transaction/activity data (product interactions, API requests, timestamps, audit logs, and where you use on-chain features, public blockchain addresses and transactions). C. From third parties: KYC/KYB providers, anti-fraud & security services, auth & messaging (e.g., SMS/email verification), cloud & analytics. Examples: Amazon Web Services (including Amazon SES), Google Cloud, and Twilio.
3. How We Use Information
We use personal information to: (1) Create and secure accounts; send verification codes and password resets. (2) Provide and improve the Service; personalize experiences and measure performance. (3) Comply with law (KYC/KYB, AML/CFT, sanctions screening, tax/record-keeping, fraud prevention). (4) Communicate with you about service updates, security alerts, and policy changes; send transactional emails/SMS only (no marketing unless you opt in). (5) Protect the Service, our users, and the public.
4. Legal Bases (EEA/UK/Switzerland)
Where GDPR or similar laws apply, we process personal data based on: Contract (to provide the Service you request); Legal obligation (KYC/KYB, AML/CFT, record retention); Legitimate interests (security, fraud prevention, improving the Service); and Consent (where required by law). You may withdraw consent at any time, without affecting prior lawful processing.
5. Sharing & Disclosure
We share personal information with: Service providers/processors under contracts requiring confidentiality and data-protection; Affiliates for operations consistent with this Policy; Compliance parties (banks, payment partners, regulators, law enforcement) when required by law; Business transfers in connection with mergers, financing, acquisitions, or similar transactions. We do not sell personal information and do not share it for cross-context behavioral advertising.
6. Cookies & Similar Technologies
We use necessary cookies and local storage for authentication and security. With consent (where required), we may use analytics cookies to understand usage and improve features. You can control cookies through your browser settings; disabling some cookies may affect functionality.
7. Data Retention
We keep personal information for as long as needed to provide the Service, meet legal/AML record-keeping (often 5–7 years after account closure, depending on jurisdiction), resolve disputes, and enforce agreements. On public blockchains, transaction data may be stored indefinitely by design.
8. Security
We implement organizational and technical safeguards such as encryption in transit, access controls, least-privilege policies, logging, and periodic reviews. No system is 100% secure; you are responsible for using strong passwords, enabling device security, and notifying us promptly of any suspected compromise.
9. International Transfers
We may process and store information in the United States and other countries. When we transfer personal data from the EEA/UK/Switzerland, we rely on appropriate safeguards (e.g., Standard Contractual Clauses and additional measures as needed).
10. Your Rights
California/US (CPRA and similar laws): You may have the right to know, access, correct, delete, and limit the use of sensitive personal information, and to opt out of the sale or sharing of personal information (we do not sell/share). We will not discriminate against you for exercising these rights. EEA/UK/Switzerland (GDPR): You may request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests. You may lodge a complaint with your local data-protection authority. How to exercise rights: Send requests to gnr20262026@gmail.com with sufficient information to verify your identity.
11. Children's Privacy
Our Service is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided information, contact us to delete it.
12. Third-Party Links & Wallets
The Service may link to third-party sites or allow you to connect third-party wallets. Your use of those services is governed by their policies, not ours. Review their privacy practices carefully.
13. Changes to This Policy
We may update this Policy from time to time. We will post the updated version and change the "Effective Date." Material changes will be notified through the Service or by email/SMS where appropriate.
14. Contact Us
Hengsheng Digital Ventures Ltd. Address: Pleasanton, CA 94588 Email: gnr20262026@gmail.com
If you are in the EEA/UK/Switzerland and wish to contact our representative or DPO (if appointed), email gnr20262026@gmail.com.
CPRA Notice at Collection (California)
Categories collected: identifiers (name, email, phone), commercial and usage information, geolocation (approximate IP-based), internet/network activity, sensitive data (government ID, biometrics/liveness, exact identifiers) for KYC/KYB. Purposes: account creation, security, compliance (AML/KYC), service operations, fraud prevention, debugging, and legal obligations. Retention: as described in Section 7. Selling/Sharing: we do not sell or share personal information for cross-context behavioral advertising. Right to Limit Sensitive PI: we use sensitive PI only for permitted purposes (e.g., to perform services reasonably expected by an average consumer, security, and legal compliance).