Kura Logo
Launch App

Privacy Policy

Last Updated: June 2026

This Privacy Policy explains how Kura Finance LLC ("Kura", "we", "us") collects, uses, and shares information when you use the Kura mobile application and related services (the "Service"), including the self-custody wallet, the Kura Card, on-chain swaps, and financial tracking. By using the Service, you agree to this Policy.

1. Information We Collect

We follow a data-minimization-first policy and only collect what is needed to operate the Service:

  • Account & authentication data: email address and authentication identifiers managed through our login provider (Privy), and optional display name.
  • Identity verification (KYC) data: when you apply for the Kura Card, identity documents and verification data are collected and processed by our verification and card partners (Didit and Gnosis Pay). Kura does not retain raw government-ID images on its own servers.
  • Financial account data: when you link a bank or brokerage account, account and transaction information is retrieved via Plaid. When you link on-chain wallets, balances and DeFi positions are retrieved via DeBank.
  • Wallet & blockchain data: your public smart-account address and on-chain transactions on the Base network. Your private keys and seed phrase are generated and stored on your device and are never transmitted to Kura.
  • Subscription data: plan and entitlement status managed through RevenueCat and the Apple App Store / Google Play. We never receive your full payment card number.
  • Device & usage data: limited technical logs needed for security, reliability, and fraud prevention.

2. How We Use Your Information

We use information only to deliver and secure product functionality — provisioning your wallet, issuing and operating the Kura Card, aggregating linked accounts, generating analytics and user-requested exports, processing subscriptions, and meeting legal, KYC/AML, and sanctions-screening obligations. We do not sell your personal or financial data, and we do not use your sensitive financial records for advertising or behavioral profiling.

3. Third-Party Services & Sub-Processors

We rely on the following partners to provide the Service. Your use of features that depend on them is also subject to their respective privacy policies:

  • Plaid — bank and brokerage account connectivity.
  • Privy — authentication and embedded wallet infrastructure.
  • Gnosis Pay — issuance and operation of the Kura Card and its on-chain account.
  • Didit — identity verification (KYC).
  • DeBank — on-chain token and DeFi position data.
  • 0x & LI.FI — non-custodial swap and bridge routing.
  • Bridge — crypto-to-fiat and fiat-to-crypto on/off-ramp.
  • MoonPay — card-based deposits and additional on-ramp currency coverage.
  • Pimlico — ERC-4337 bundler and gas paymaster on Base.
  • RevenueCat, Apple App Store, Google Play — subscription billing and entitlement management.
  • CoinGecko — market price data.

4. Plaid End-User Disclosure

We use Plaid Inc. ("Plaid") to connect your accounts and access financial data. By linking an account, you grant Kura and Plaid the right to access and use that information in accordance with this Policy and Plaid's privacy policy. Plaid's handling of your data is governed by the Plaid End User Privacy Policy.

5. Kura Card & Identity Verification

The Kura Card is issued and operated through Gnosis Pay and its banking, card-network, and processing partners. Applying for the Card requires identity verification (KYC), performed by Didit and/or Gnosis Pay. Identity and card data you provide are processed by these partners under their own privacy policies and applicable financial-services regulations, and may be retained by them as legally required even after you stop using the Card. Kura receives only the limited card status and metadata needed to display your Card in the app.

6. Fiat On/Off-Ramp

To move between crypto and fiat, we integrate third-party ramp providers. Bridge handles crypto-to-fiat and fiat-to-crypto conversion, while MoonPay processes credit/debit card deposits and covers additional currencies. When you use a ramp, you transact directly with that provider: they collect and process the payment, identity, and transaction information needed to complete and comply with regulations on your conversion, under their own privacy policies and terms. Kura does not receive or store your full payment card number.

7. Zero-Access Security Model

Kura follows a Zero-Access, non-custodial architecture. Your financial snapshots are sealed with a Data Encryption Key that is unlocked only by your passkey (Face ID / Touch ID) on your device. We cannot initiate transfers from your connected accounts or wallets, and we do not maintain broad plaintext access to your sensitive financial data. As a result, we are structurally limited in what readable data we can produce — including if our systems are breached or when responding to third-party or government requests.

8. Data Retention

We retain personal data only as long as needed to provide the Service or to meet legal, accounting, and regulatory requirements. KYC and card-related records held by Gnosis Pay and Didit are retained under their own regulatory retention obligations. On-chain transactions recorded on public blockchains are permanent and outside our control.

9. Your Rights & Account Deletion

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. You can request account deletion in-app or by contacting us; we will delete data we control, subject to records that partners or law require us (or our partners) to retain. To exercise these rights, contact support@kura-finance.com.

10. Children & International Transfers

The Service is not intended for anyone under 18. Because our partners operate globally, your information may be processed in countries other than your own; we and our partners apply appropriate safeguards for such transfers.

← Back to Home