klimaProtocol LogoMenu button

Privacy Policy

Last updated: February 2026

This Privacy Policy explains how personal data may be processed when you use Klima Protocol websites and any related verification-gated features. Most Klima Protocol activity is on-chain and therefore public by design.

1) Who we are

Controller: Klima Fintech Ltd. (British Virgin Islands)

Contact: privacy@klimaprotocol.com

2) What this policy covers

This policy covers:

  • Website / off-chain interactions (e.g., pages you visit, forms you submit, support communications).
  • On-chain activity (e.g., wallet addresses and transactions recorded on public blockchains).
  • Identity verification (KYC), where used via zkMe, and the resulting verification outcome and gating status we maintain.

This policy does not replace third-party policies for vendors you interact with directly (e.g., zkMe). Where relevant, we link to those resources.

3) Key concept: on-chain data is public and persistent

When you interact with Klima Protocol smart contracts, the blockchain will record information such as:

  • Wallet address
  • Transactions and interaction history
  • Token balances (depending on chain mechanics)

This information:

  • is publicly visible
  • is not controlled by Klima Fintech Ltd.
  • typically cannot be deleted or modified

Wallet addresses are pseudonymous but may become identifiable if linked to other information.

4) Identity verification (KYC) via zkMe

4.1 When verification is used

Some features may require verification to align with market integrity, counterparty requirements, or risk controls that the ecosystem chooses to apply (for example, to reduce fraud/abuse or meet expectations of certain carbon market participants).

4.2 Roles

Klima Fintech Ltd.: controller for the limited verification result data we maintain (see below).

zkMe: processes identity verification inputs (documents, liveness checks, screening) within their systems.

Learn more: https://docs.zk.me/hub/

4.3 What happens in verification flows

zkMe may perform (depending on configuration):

  • document validation
  • liveness checks
  • screening checks (e.g., sanctions/PEP)
  • eligibility checks (e.g., age or country parameters)

What we receive and store:

  • verification outcome (e.g., pass / flag)
  • verification reference (e.g., verification ID and timestamp)
  • wallet address used for gating
  • proof / gating status (e.g., whether a proof/attestation is present and recognized)

What we do not receive or store:

  • document images
  • raw biometric data
  • full document numbers
  • decrypted identity attributes (e.g., name, DOB, address)

4.4 Wallet address sharing clarification

To enable verification-gated access and (where applicable) minting/association of a non-transferable proof, zkMe must be able to associate a verification result to a wallet address. Depending on implementation, this may occur because:

  • you provide the wallet address during the zkMe flow, and/or
  • we transmit the wallet address to zkMe for the purpose of completing verification association or proof minting.

In all cases, the wallet address is the only identifier we expect to share for this purpose, and we do not send identity documents to zkMe.

5) Access gating proof (on-chain)

After successful verification, a non-transferable on-chain proof/attestation may be minted or referenced for gating.

This proof/attestation:

  • is designed to contain no “raw” personal identity data (e.g., it may reflect boolean or threshold flags such as “passed verification” and optional eligibility thresholds)
  • is public and may be difficult or impossible to erase due to blockchain properties
  • is used to gate access to certain features

Choose a wallet you are comfortable associating with this proof/attestation.

We may revoke gating or require re-verification if risk changes (e.g., policy updates, suspected fraud, sanctions list updates, or integrity concerns).

6) Website contact forms & off-chain communications

If you contact Klima Protocol via a website form:

Typical form data may include:

  • Name
  • Email address
  • Organization name
  • Message content

This data is used to respond to your enquiry and manage follow-up communications directly related to that enquiry. Where you opt in, contact details may be used to send updates; you can unsubscribe at any time.

7) Cookies & analytics

The website may use:

  • Essential cookies (site functionality)
  • Analytics / session tools (e.g., Lucky Orange)
  • Standard traffic analytics

These tools may collect:

  • IP address (or partial IP depending on configuration)
  • Browser type / device info
  • Pages visited
  • Interaction data (e.g., clicks, scroll)

We use analytics to:

  • Improve usability and performance
  • Understand general traffic patterns
  • Protect the site from abuse and diagnose issues

We do not use analytics for advertising profiling.

Where required by law, we provide a cookie consent mechanism.

8) Purposes and legal bases (GDPR/UK GDPR, where applicable)

Where GDPR/UK GDPR applies, we process limited personal data for:

  • Security and abuse prevention (e.g., protecting services, investigating suspicious activity)
    Legal basis: legitimate interests
  • Site analytics and product improvement
    Legal basis: legitimate interests (and consent where required for cookies/trackers)
  • Responding to enquiries (where you contact us)
    Legal basis: legitimate interests (and/or steps requested by you prior to a potential relationship)
  • Verification-gated access (where verification is used)
    Legal basis: legitimate interests (protecting integrity, reducing abuse, aligning with counterparty expectations)

Note: We are intentionally not describing this as “legal obligation” here, and we are not relying on “contractual necessity” framing for gating.

9) Sharing and disclosures

We do not sell personal data.

We may share limited data as follows:

9.1 zkMe (verification vendor)

zkMe processes identity verification inputs within zkMe systems. We receive and store only the limited outcomes/references described above. zkMe may use sub-processors; refer to zkMe’s published materials for details.

9.2 Service providers (security/audit)

We may use service providers for security monitoring, auditing, incident response, or infrastructure. Where used, access is limited and subject to contractual and technical safeguards. Data involved is expected to be limited to items like wallet addresses, timestamps, and security logs.

9.3 Authorities / regulators

Only where required by law or upon lawful request, we may disclose information we hold. In practice, this is expected to be limited to wallet addresses and gating/verification status metadata (not identity documents, which we do not hold).

10) Data retention

10.1 On-chain

On-chain records are retained according to blockchain characteristics and are not controlled by us.

10.2 In our systems (off-chain)

We retain only what we need for security, integrity, and operating verification-gated access:

  • Verification outcome (pass/flag), verification reference, wallet address, and gating status: retained as needed for audit, abuse prevention, and integrity controls.
  • Access/security logs: typically retained for a limited period appropriate for security operations.

10.3 zkMe retention

zkMe’s retention and deletion practices are controlled by zkMe. Refer to zkMe’s terms/policies for how long they retain verification inputs and what deletion options exist.

11) Your rights

Subject to applicable law, you may request:

  • Access to personal data we hold about you
  • Rectification (where applicable)
  • Restriction or objection (where applicable)
  • Portability (where applicable)
  • Erasure (where legally possible)

Notes (important limitations)

  • On-chain data cannot be deleted or modified by us.
  • zkMe’s retention rules may limit or delay erasure of data held by zkMe.
  • Where we rely on legitimate interests, you may object, and we will assess your request.
  • If you request erasure of the data we maintain for gating, the practical effect is that we can remove your wallet address and associated pass/flag status from our allowlist / gating records. If removed, that wallet will not be able to access verification-gated features unless it completes verification again through zkMe.
  • Refer to zkMe’s terms of use and privacy materials for their retention and erasure terms.

To exercise rights: privacy@klimaprotocol.com and include the wallet address(es) relevant to your request.

You may also have the right to complain to your local supervisory authority where applicable.

12) International transfers

Blockchain infrastructure is global by design.

For off-chain processing, vendors (including zkMe) and infrastructure providers may process data in multiple jurisdictions. Where required, appropriate safeguards are used (e.g., SCCs/IDTA/adequacy decisions). You can request more detail via privacy@klimaprotocol.com.

13) Security

We apply reasonable technical and organizational measures appropriate to the limited off-chain data we process. Measures may include controls such as encryption in transit, access controls, logging/monitoring, and vendor management. Blockchain security is governed by the underlying networks and your wallet provider.

14) Children

Klima Protocol services described here are intended for individuals 18+. We do not knowingly verify minors.

15) Changes to this policy

We may update this policy from time to time. The “Last updated” date will change, and material updates will be posted on this page.

TwitterDiscordTelegram
© 2026 Klima Protocol. All rights reserved.
Privacy Policy | Klima Protocol