Privacy Policy

1. Who We Are

This Privacy Policy explains how CookaPay ("CookaPay," "Intra," "we," "our," or "us") collects, uses, stores, shares, and protects personal information when you use the Intra mobile application, related websites, and related support services (collectively, the "Services").

By using the Services, you acknowledge that your information will be handled as described in this Privacy Policy.

Intra is a digital wallet and card-management application operated by CookaPay.

If you have questions, requests, or complaints about this Privacy Policy or our data practices, you may contact us at:

2. Scope of This Privacy Policy

This Privacy Policy applies to personal information processed through:

• the Intra mobile application;
• our website and web pages that link to this Privacy Policy;
• customer support, compliance, and account-related communications; and
• account, KYC, card, transfer, withdrawal, and security features made available through Intra.

This Privacy Policy does not apply to third-party services, websites, or apps that are not controlled by CookaPay, even if they are linked from our Services.

3. Information We Collect

We collect information you provide directly, information generated through your use of the Services, information stored locally on your device when you use certain app features, and information we receive from service providers and business partners.

3.1 Information You Provide Directly

• account registration information, such as your email address, username, full name, and phone number;
• account profile information;
• customer support communications and any information you provide when contacting us;
• payment-password setup or verification inputs submitted for protected operations;
• transfer details, including recipient email address, amount, and transaction-related details;
• withdrawal details, including wallet address, coin, network, amount, remarks, and related transaction details;
• card-application and card-management information; and
• any other information you choose to submit through the Services.

3.2 Identity Verification and Compliance Information

• surname and given name;
• nationality;
• gender;
• date of birth;
• email address and mobile number;
• government-issued identification numbers;
• identification document type;
• residential address details;
• delivery address details;
• KYC review status and rejection reasons;
• images of the front and back of identity documents; and
• additional supporting document details you submit as part of identity verification.

3.3 Financial and Transaction Information

• wallet balances and balance-history records;
• transfer records and recipient validation details;
• withdrawal records, including destination wallet addresses, blockchain/network details, fees, and transaction IDs;
• transaction history and transaction descriptors;
• card application status and card account details;
• masked card information and related servicing data; and
• where card-detail reveal or servicing is supported, card-related data needed to provide that feature securely.

3.4 Device, Security, and Technical Information

• an app-generated device identifier;
• authentication metadata, such as nonce and timestamp values used to help secure requests;
• IP address and general network information derived from requests to our systems;
• device and operating-system information;
• app session and token-related information;
• log, security, and error information; and
• fraud-prevention and account-protection signals.

3.5 Information Stored Locally on Your Device

• authentication tokens and session state;
• local user profile cache;
• KYC draft information saved before submission;
• local file paths for selected or captured KYC images;
• a hashed local PIN if you enable device-level app unlock; and
• whether biometric unlock has been enabled in the app.

3.6 Information We Receive From Service Providers and Partners

• identity-verification and document-processing results;
• card-related status updates and servicing responses;
• financial transaction and compliance review outcomes; and
• fraud, security, and risk-control signals.

4. Permissions and Device Features

4.1 Camera Permission

Intra requests access to your device camera to support user-initiated features such as:

• capturing identity-verification documents for KYC submission; and
• scanning QR codes in supported wallet and withdrawal flows.

We do not use camera access for advertising, profiling, or background surveillance.

4.2 Photo Library / Media Access

If supported by your device and app flow, Intra may request access to your photo library or media files so that you can:

• select identity-document images for KYC submission; or
• choose an image containing a QR code for scanning or related processing.

We only access photos or files you choose to provide.

4.3 Biometric Authentication

If you enable biometric unlock, Intra may use your device's biometric authentication system, such as Face ID or fingerprint authentication, to unlock the app or confirm access.

CookaPay does not receive, collect, or store your underlying biometric template. Biometric matching is handled by your device operating system. We receive only the success/failure result needed to complete authentication.

5. How We Use Information

We may use your information to:

• create, maintain, and service your account;
• authenticate you and secure your session;
• provide wallet, transfer, withdrawal, card, and related financial features;
• process and review KYC and compliance submissions;
• upload and process identity documents you submit;
• validate recipients and process transaction requests;
• display balances, transaction history, card status, and account information;
• provide customer support and respond to inquiries;
• detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, and security incidents;
• enforce our Terms of Service and other legal rights;
• comply with applicable legal, regulatory, audit, accounting, and reporting obligations; and
• improve the safety, reliability, and functionality of the Services.

6. How We Share Information

We do not sell or rent your personal information.

We may share your information with the following categories of recipients where necessary to operate the Services and meet legal obligations:

6.1 Service Providers

We may share information with service providers that help us operate the Services, such as providers that support:

• hosting and backend infrastructure;
• authentication and security operations;
• customer support;
• document upload and storage;
• identity verification and compliance review; and
• technical operations necessary to provide app functionality.

6.2 Financial, Card, and Compliance Partners

Where relevant to the Services you use, we may share information with our financial, card, payout, identity-verification, fraud-prevention, and compliance partners to:

• verify your identity;
• process KYC submissions and document reviews;
• provide or service card-related features;
• process transfers and withdrawals; and
• satisfy anti-fraud, anti-money-laundering, sanctions-screening, and other regulatory obligations.

6.3 Legal and Regulatory Disclosures

We may disclose information if we believe it is necessary to:

• comply with applicable law, regulation, legal process, or governmental request;
• respond to court orders, subpoenas, or regulator requirements;
• protect the rights, property, and safety of CookaPay, our users, partners, or the public; or
• investigate and prevent fraud, security incidents, money laundering, or other unlawful activity.

6.4 Business Transfers

If CookaPay is involved in a merger, acquisition, financing, reorganization, asset sale, or similar corporate transaction, your information may be disclosed or transferred as part of that transaction, subject to applicable law.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain your account, fulfill the purposes described in this Privacy Policy, and comply with legal, regulatory, tax, accounting, audit, fraud-prevention, and recordkeeping obligations.

Retention periods may vary depending on the type of information and the reason we hold it. For example:

• account and profile information may be retained while your account remains active;
• transaction, card, security, and compliance records may be retained for longer periods where required for legal, regulatory, dispute-resolution, audit, fraud-prevention, or enforcement purposes;
• KYC and identity-verification records may be retained as required by applicable law and compliance obligations; and
• local device data, such as cached session data, saved KYC drafts, or local security settings, may remain on your device until it is cleared by the app, removed by you, or deleted when the app is uninstalled or reset.

When retention is no longer required, we will delete, anonymize, or securely dispose of the information as appropriate, unless we are legally required or permitted to keep it.

8. Account Deletion and Data Deletion Requests

You may request deletion of your Intra account and associated personal information by using the deletion method made available through our website or by contacting us at belle240601@gmail.com.

Please note:

• we may need to verify your identity before processing a deletion request;
• certain information may need to be retained after account deletion where required by law or where necessary for legitimate business purposes such as fraud prevention, security, dispute resolution, regulatory compliance, and recordkeeping; and
• deleting your account may not automatically delete records that we are required to keep under applicable financial, compliance, or legal obligations.

If certain data must be retained, we will retain it only for the period and purpose required or permitted under applicable law.

9. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure.

These measures may include:

• encrypted transmission over secure network channels;
• secure storage for certain authentication credentials;
• access controls and need-to-know restrictions;
• request-signing and authentication safeguards; and
• security monitoring and incident-response processes.

No method of transmission or storage is completely secure. Accordingly, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be stored, processed, and transferred in Hong Kong and in other jurisdictions where CookaPay, its affiliates, or its service providers operate.

Those jurisdictions may have data-protection laws that differ from the laws in your country or region. Where applicable, we take steps designed to ensure that personal information receives an appropriate level of protection when transferred internationally.

11. Your Choices and Rights

Depending on where you live and the laws that apply to you, you may have rights relating to your personal information, including rights to request access, correction, deletion, restriction, or objection.

You may also be able to:

• update certain account information through the Services;
• control device permissions through your device settings;
• disable biometric unlock within the app;
• contact us to request assistance with account or privacy matters; and
• request deletion as described above.

We may need to verify your identity before responding to certain requests.

12. Children's Privacy

The Services are not directed to children. We do not knowingly collect personal information from children in violation of applicable law. If you believe that a child has provided personal information to us unlawfully, please contact us so that we can review and take appropriate action.

13. Third-Party Services and Links

The Services may contain links to third-party services or depend on third-party partners for operational functions such as identity verification, card servicing, or financial processing. We are not responsible for the privacy practices of third-party services that we do not control. We encourage you to review the privacy policies of those third parties where relevant.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data practices. When we do, we will post the updated version on this page and update the "Last updated" date above. Your continued use of the Services after the updated Privacy Policy becomes effective means that you acknowledge the revised policy.