Skip to main contentSkip to navigation

Privacy Policy

Last updated February 2026

This Privacy Policy (“Policy”) describes how A.D. Labs LTD (“GeroWallet”, “Gero”, “we”, “us”, or “our”), a company incorporated and registered in Israel with its registered address at Balfur 93, Bat-Yam, Israel, collects, uses, stores, and protects your personal information when you use:

  • The Gero Dashboard browser extension (the “Extension”), available for Google Chrome, Brave, and compatible browsers
  • The GeroWallet website at https://gerowallet.io (the “Website”)
  • All related products and services, including the Gero Card, staking, token swapping, crypto cashback, and on-ramp/off-ramp services (collectively, the “Services”)

By using any of our Services, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use our Services.

1. Information We Collect

We are committed to collecting only the information necessary to provide and improve our Services. The types of information we collect depend on how you interact with us.

1.1 Information You Provide Directly

When you use our Services, you may voluntarily provide us with:

  • Account information: Name, email address, and password when creating a Gero account or signing up for services such as Gero Nexus
  • Contact information: Name, email address, subject, and message content when you submit a support request through our Website
  • Early access signup: Name and email address when you sign up for early access to new features
  • Google account information: If you choose to authenticate via Google OAuth2, we receive your name, email address, and profile picture from Google
  • KYC verification data: When applying for the Gero Card, you must complete identity verification administered by our partner Kaiserex (via Zoho Forms). This may include your full name, government-issued identification, selfie/photo, proof of address, and source of funds information. This data is collected and processed by Kaiserex and its service providers, not by GeroWallet directly.

1.2 Information Collected Automatically

When you use our Extension or Website, certain information is collected automatically:

  • Device identifier: The Extension generates a random, anonymous identifier (UUID) on first installation. This identifier is not linked to your personal identity and is used solely for analytics and service delivery purposes. You may opt out of this tracking at any time through the Extension settings.
  • Wallet address: Your public wallet address is sent to our backend to enable features such as cashback notifications, transaction monitoring, and personalised alerts. Your public wallet address is visible on the blockchain and is not private information.
  • Browsing activity (Extension only): The Extension monitors the URLs of websites you visit to provide cashback offers and rewards from our partner merchants. This data is processed locally and shared with our cashback service provider (BringWeb3) only for the purpose of matching eligible cashback offers. You may opt out of this feature or disable it for specific domains.
  • Usage analytics: We collect anonymised analytics events related to Extension usage (such as popup interactions and feature usage) to improve our Services. These events are associated with your anonymous device identifier, not your personal identity.
  • Website analytics: If enabled, we use Google Analytics to collect anonymised information about Website visits, including pages viewed, referral sources, and general geographic region. This data is aggregated and not used to identify individual users.
  • Feature flags: We use LaunchDarkly to manage feature rollouts. This service receives your anonymous device identifier to determine which features are enabled for your session.
  • IP address: Your IP address may be collected when you interact with our Website (for example, when submitting forms). IP addresses are used for rate limiting and fraud prevention and are not stored long-term.

1.3 Information We Do NOT Collect

We never collect, store, or have access to your private keys, seed phrases (recovery phrases), or wallet passwords. These are generated and encrypted locally on your device and never leave your browser. GeroWallet is a non-custodial wallet — you are the sole custodian of your cryptographic keys at all times.

2. Browser Extension Permissions

The Gero Dashboard browser extension requests certain browser permissions to function. Below is a complete list of permissions and why each is needed:

  • Storage & Unlimited Storage: To securely store your encrypted wallet data, preferences, and settings locally on your device. No wallet data is transmitted to our servers.
  • Tabs & Active Tab: To detect which website you are visiting for cashback offer matching, and to open new tabs when you initiate actions such as on-ramp purchases or dApp connections.
  • Scripting: To inject the wallet provider into web pages so that decentralised applications (dApps) can detect and interact with your wallet, similar to how other Web3 wallets (e.g., MetaMask) operate.
  • Web Navigation: To monitor page navigation events for cashback offer activation and to ensure the wallet provider is correctly injected on page load.
  • Clipboard Read: To allow you to paste wallet addresses and other data when sending transactions or interacting with the Extension.
  • Cookies: To manage authentication sessions with integrated third-party services such as Kaiserex (card provider) when embedded in the Extension interface.
  • Notifications: To send you browser notifications about transaction confirmations, cashback activations, and important wallet alerts.
  • Identity: To enable optional Google OAuth2 sign-in for account authentication.
  • Alarms: To manage background tasks such as auto-lock timers (for security) and periodic data cleanup.
  • Side Panel: To provide an optional side panel interface within your browser for quick wallet access.
  • Host permissions (all websites): Required to inject the wallet provider script into any website so that dApps across the web can interact with your wallet. This is standard practice for Web3 wallet extensions and is necessary for dApp compatibility. The Extension does not read or modify website content beyond injecting the wallet provider interface.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, operate, and maintain the wallet, card, staking, swapping, cashback, and other Services
  • Cashback and rewards: To match your browsing activity with eligible cashback offers from partner merchants and deliver rewards to your wallet
  • Transaction processing: To submit transactions to blockchain networks, retrieve token balances, and display price information
  • Notifications and alerts: To send you relevant notifications about transactions, cashback activations, and security alerts
  • Customer support: To respond to your support requests and communicate with you about your account
  • Product improvement: To analyse anonymised usage data and improve our Services, fix bugs, and develop new features
  • Feature management: To manage feature rollouts and A/B testing through our feature flag service
  • Security and fraud prevention: To detect and prevent fraud, abuse, and security threats, including rate limiting form submissions
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

4. Third-Party Service Providers

We work with trusted third-party service providers to deliver our Services. These providers receive only the data necessary for their specific function:

4.1 Blockchain Infrastructure

  • Koios / Blockfrost: Cardano blockchain API providers used to query balances, submit transactions, and retrieve blockchain data. These services receive your public wallet address and transaction data.
  • ZkFold: Privacy blockchain infrastructure for the Midnight network, used for zero-knowledge proof generation and private transactions.
  • ADA Handle: Cardano naming service used to resolve human-readable names (handles) to wallet addresses.

4.2 Financial Services

  • Satchel.eu: Licensed Electronic Money Institution (EMI) that issues the Gero Card. Satchel.eu processes your KYC data and manages fiat (euro) balances.
  • Kaiserex: Cryptocurrency-to-euro conversion provider and card programme partner. Kaiserex administers KYC verification through Zoho Forms and processes card top-up conversions.
  • SmartAtlas: Card programme facilitation and management services provider.
  • MoonPay: Fiat-to-crypto on-ramp service. When you purchase cryptocurrency through MoonPay, your transaction is governed by MoonPay's own privacy policy and terms of service.
  • Guardarian: Alternative fiat-to-crypto on-ramp service, subject to Guardarian's own privacy policy and terms.

4.3 Rewards and Cashback

  • BringWeb3 (Bring Labs Ltd): Provides the crypto cashback and rewards infrastructure. BringWeb3 receives your anonymous device identifier, wallet address, and browsing data related to cashback-eligible websites to match and deliver rewards. BringWeb3's data processing is governed by their own privacy policy and terms.

4.4 Trading and Market Data

  • DexHunter: Decentralised exchange (DEX) aggregator for token swaps on Cardano. DexHunter may receive your wallet address for balance tracking and swap execution.
  • CoinGecko: Cryptocurrency price data provider. CoinGecko receives requests for token prices but does not receive your personal information.
  • Kraken: Real-time trading data provider via WebSocket connection, used for displaying live market prices. No personal data is shared with Kraken.
  • Splash Trade: Token information and analytics provider for the Cardano ecosystem.

4.5 Website and Communication Services

  • Google Analytics: Website analytics service (used on the Website only, if enabled). Collects anonymised browsing data subject to Google's privacy policy.
  • Resend: Email delivery service used to forward support contact form submissions. Resend processes your name, email, and message content solely for email delivery.
  • Google Sheets API: Used to store early access signup data (name and email) via Google's service account authentication.
  • Contentful: Content management system used to manage blog content on our Website. Contentful does not receive any user personal data.
  • Ably: Real-time messaging service used for delivering notifications and live updates within the Extension.
  • LaunchDarkly: Feature flag management service used to control feature rollouts. Receives your anonymous device identifier only.

4.6 Hardware Wallet Integration

  • Trezor Connect: Enables connection with Trezor hardware wallets for enhanced security. Communication occurs directly between your browser and Trezor's servers — no data passes through GeroWallet servers.

5. Data Storage and Security

5.1 Local Storage (Extension)

The Extension stores the following data locally on your device using the browser's built-in storage APIs:

  • Encrypted wallet data: Private keys and seed phrases are encrypted and stored locally. They never leave your device.
  • Wallet addresses: Your public blockchain addresses
  • Preferences and settings: Your Extension configuration, notification preferences, opt-out settings, and display preferences
  • Anonymous device identifier: A randomly generated UUID for analytics purposes
  • Cached data: Token information, price data, and domain lists for performance optimisation

5.2 Server-Side Storage

Data submitted through our Website (support requests, early access signups) is stored using the third-party services described in Section 4. We do not operate our own database servers for user personal data.

5.3 Security Measures

We implement appropriate technical and organisational measures to protect your information:

  • Private keys and seed phrases are encrypted on your device and never transmitted
  • All communications use HTTPS/TLS encryption in transit
  • The Website enforces strict security headers including Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options
  • Form submissions are protected by rate limiting and input validation
  • The Extension uses Manifest V3 with a strict Content Security Policy restricting script and connection sources

6. Your Rights and Choices

6.1 Opt-Out of Analytics and Tracking

You may opt out of analytics tracking at any time through the Extension settings. When you opt out:

  • Your opt-out preference is communicated to our backend and respected for all subsequent requests
  • You may also disable cashback notifications and browsing activity monitoring for specific websites or entirely
  • On the Website, you may opt out of Google Analytics by using browser-based tools such as the Google Analytics Opt-Out Browser Add-on

6.2 Data Access and Portability

You have the right to request access to the personal data we hold about you. Since the Extension stores wallet data locally on your device, you have direct access to your own data at all times. For data stored on our servers (such as early access signups or support requests), you may contact us to request a copy.

6.3 Data Deletion

You may delete your data in the following ways:

  • Extension data: Uninstalling the Extension removes all locally stored data, including wallet data, preferences, and your anonymous device identifier. You may also clear Extension data through your browser settings.
  • Account data: You may request deletion of your account and associated data by contacting us at [email protected]
  • Third-party data: For data held by our third-party partners (Kaiserex, Satchel.eu, BringWeb3, etc.), you may need to contact those parties directly pursuant to their privacy policies

6.4 Data Correction

If any personal information we hold about you is inaccurate, you have the right to request correction. Please contact us at [email protected].

6.5 Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority in your country of residence

Our legal bases for processing your personal data under the GDPR include: performance of a contract (providing the Services you have requested), legitimate interests (improving our Services, fraud prevention, and security), compliance with legal obligations, and your consent (where applicable, such as for marketing communications or optional analytics).

7. Data Retention

We retain personal data only for as long as necessary:

  • Extension data: Stored locally on your device until you uninstall the Extension or clear your browser data
  • Support requests: Retained for as long as needed to resolve your inquiry and for a reasonable period thereafter for quality assurance
  • Early access signups: Retained until the relevant feature launches or you request deletion
  • Analytics data: Anonymised analytics data may be retained indefinitely as it cannot be linked to individual users
  • KYC data: Retained by our card service partners (Kaiserex, Satchel.eu) in accordance with their legal and regulatory obligations, which may require retention for up to 5 years after account closure

8. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including Israel, the European Union, and the United States (where some of our service providers are located). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with an adequate level of data protection as determined by the European Commission (Israel has received an adequacy decision from the EU)
  • Standard contractual clauses approved by the European Commission
  • Other lawful transfer mechanisms under applicable data protection laws

9. Children's Privacy

Our Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Website and updating the “Last updated” date. For material changes, we will use reasonable efforts to provide advance notice via the Website, email, or within the Extension. Your continued use of the Services after any changes constitutes acceptance of the updated Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

A.D. Labs LTD
Attention: Privacy / Legal Department
Balfur 93, Bat-Yam, Israel
Email: [email protected]

If you are located in the EEA and believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the data protection authority in your country of residence.

Back to Legal