Privacy Policy | Hello World Co-Op

Introduction

Hello World Co-Op DAO (“we”, “our”, or “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services, particularly regarding identity verification (KYC).

What Data We Collect

KYC Verification Data: When you complete identity verification, we collect:

Full name
Date of birth
Government-issued ID information (passport, driver's license, etc.)
Photograph (selfie for identity matching)
Residential address
Email address

Technical Data: We also collect technical information including:

IP address (hashed for privacy)
Device information and browser type
Session data and authentication tokens
Internet Computer Principal ID

How We Use Your Data

We process your personal data for the following purposes:

Identity Verification: To verify your identity and prevent fraud
Regulatory Compliance: To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations
Service Provision: To provide you access to DAO membership and governance features
Security: To protect against unauthorized access and maintain system security

Third-Party KYC Provider

Identity verification is performed by Persona, a third-party KYC service provider. When you initiate KYC verification, your data is shared with Persona for processing. Persona has its own privacy policy and data protection measures. You can learn more at Persona's Privacy Policy.

Important: Once verification is complete, Persona stores your KYC documents and photos according to their retention policy. We only store a reference ID and verification status in our system.

Data Retention

In accordance with GDPR Article 5 (data minimization and storage limitation):

KYC Records: Retained for 7 years from verification date to comply with legal obligations and regulatory requirements
Automatic Deletion: After 7 years, KYC records are automatically deleted from our system via an automated cleanup process
Data Minimization: We only store the minimum necessary data - your verification status and reference ID. Actual identity documents are stored by Persona.

Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data is encrypted at rest using AES-256 encryption provided by the Internet Computer platform's stable memory
IP Hashing: IP addresses are hashed (one-way encrypted) before storage
Access Control: Strict access controls limit who can view KYC data
Audit Trail: All data access and modifications are logged for security monitoring

Your Rights (GDPR Articles 15-20)

Under GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15): Request a copy of your personal data we hold
Right to Rectification (Article 16): Request correction of inaccurate data
Right to Erasure (Article 17): Request deletion of your data with a 30-day grace period for withdrawal
Right to Restrict Processing (Article 18): Request limitation on how we use your data
Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
Right to Object (Article 21): Object to processing of your personal data
Right to Withdraw Consent: Withdraw your consent at any time (this may affect your ability to use certain features)

To exercise these rights, please contact us at privacy@helloworlddao.com

Data Deletion Process (Right to Erasure)

You can request deletion of your KYC data at any time. Here's how it works:

Request Deletion: Submit a deletion request through your account settings or by emailing privacy@helloworlddao.com
30-Day Grace Period: Your request enters a 30-day grace period during which you can cancel the deletion if you change your mind
Automatic Processing: After 30 days, your KYC data is automatically and permanently deleted from our system
Third-Party Data: Note that you must separately request deletion from Persona for data stored with them

Important: Deleting your KYC data will revoke your verified status and may affect your ability to participate in certain DAO activities that require verification.

Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA).

Age Verification: We implement age verification during registration to prevent users under 13 from creating accounts. Date of birth is requested before any other personal information is collected.
Under-13 Blocking: If a user indicates they are under 13, no personal information is collected and account creation is blocked.
Ages 13-17: Users aged 13-17 may create accounts with limited functionality. Full membership features (voting, governance participation) require users to be at least 18 years old.
Discovery of Under-13 Accounts: If we discover that a user under 13 has created an account, we will promptly disable the account and delete all associated personal data within 72 hours.

Parents and Guardians: If you believe your child under 13 has provided personal information to us, please contact us immediately at privacy@helloworlddao.com so we can take appropriate action.

International Data Transfers

Our services operate on the Internet Computer Protocol (ICP), a decentralized blockchain network with nodes worldwide. Your data may be processed in multiple jurisdictions. We ensure adequate safeguards are in place for international transfers in compliance with GDPR Chapter V.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact:

Email: privacy@helloworlddao.com

Data Protection Officer: dpo@helloworlddao.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.