diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 31822d84c7..c621e225dc 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -1,5 +1,9 @@ name: E2E Test +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/android-app.yml b/.github/workflows/android-app.yml index 0103523492..8f168b6fe9 100644 --- a/.github/workflows/android-app.yml +++ b/.github/workflows/android-app.yml @@ -1,5 +1,9 @@ name: Build android app +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/android-release.yml b/.github/workflows/android-release.yml index 5caac2416f..2fd966c4e4 100644 --- a/.github/workflows/android-release.yml +++ b/.github/workflows/android-release.yml @@ -1,5 +1,9 @@ name: Release android app +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: workflow_dispatch: jobs: diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 104537dc8e..cacde40f3f 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,5 +1,9 @@ name: Check links and Publish Docs +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/rust-cargo-deny.yml b/.github/workflows/rust-cargo-deny.yml index ef64547b22..1f0305f942 100644 --- a/.github/workflows/rust-cargo-deny.yml +++ b/.github/workflows/rust-cargo-deny.yml @@ -1,5 +1,9 @@ name: Check cargo deny +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml index 41aa1a1ae0..7934ab70a5 100644 --- a/.github/workflows/rust-clippy.yml +++ b/.github/workflows/rust-clippy.yml @@ -1,5 +1,9 @@ name: Rust clippy +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/rust-fmt.yml b/.github/workflows/rust-fmt.yml index ec9a97fda3..8f813f7290 100644 --- a/.github/workflows/rust-fmt.yml +++ b/.github/workflows/rust-fmt.yml @@ -1,5 +1,9 @@ name: Rustfmt +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/rust-test-android.yml b/.github/workflows/rust-test-android.yml index c6dde2dee3..d6380b3739 100644 --- a/.github/workflows/rust-test-android.yml +++ b/.github/workflows/rust-test-android.yml @@ -1,5 +1,9 @@ name: Rust backend test for android +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/rust-test-ios.yml b/.github/workflows/rust-test-ios.yml index c4b62e1de8..a4ef8d750d 100644 --- a/.github/workflows/rust-test-ios.yml +++ b/.github/workflows/rust-test-ios.yml @@ -1,5 +1,9 @@ name: Rust backend test for ios +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: push: diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml index b4d3db0362..016566e512 100644 --- a/.github/workflows/semantic.yml +++ b/.github/workflows/semantic.yml @@ -1,5 +1,9 @@ name: Semantic PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request_target: types: @@ -7,6 +11,9 @@ on: - edited - synchronize +permissions: + pull-requests: write + jobs: main: # By default, these PR titles are allowed: diff --git a/.github/workflows/testflight-prod.yml b/.github/workflows/testflight-prod.yml index 7a794a2127..935b2d68c5 100644 --- a/.github/workflows/testflight-prod.yml +++ b/.github/workflows/testflight-prod.yml @@ -5,7 +5,7 @@ on: jobs: distribute_testflight: - if: contains('["krodak","prybalko"]', github.actor) + if: contains('["krodak","ERussel","stepanLav"]', github.actor) runs-on: macos-13 name: Distribute TestFlight Production Build diff --git a/.github/workflows/testflight-qa.yml b/.github/workflows/testflight-qa.yml index 5c3b3c3159..9db441a895 100644 --- a/.github/workflows/testflight-qa.yml +++ b/.github/workflows/testflight-qa.yml @@ -5,7 +5,7 @@ on: jobs: distribute_testflight: - if: contains('["krodak","prybalko"]', github.actor) + if: contains('["krodak","ERussel","stepanLav"]', github.actor) runs-on: macos-13 name: Distribute TestFlight QA Build diff --git a/ios/PolkadotVault.xcodeproj/project.pbxproj b/ios/PolkadotVault.xcodeproj/project.pbxproj index df38cc0d2b..f61f3b7992 100644 --- a/ios/PolkadotVault.xcodeproj/project.pbxproj +++ b/ios/PolkadotVault.xcodeproj/project.pbxproj @@ -3187,7 +3187,7 @@ CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_ASSET_PATHS = "\"PolkadotVault/Preview Content\""; - DEVELOPMENT_TEAM = P2PX3JU8FT; + DEVELOPMENT_TEAM = QXCVVJ6654; ENABLE_BITCODE = NO; ENABLE_PREVIEWS = YES; "EXCLUDED_ARCHS[sdk=iphonesimulator*]" = arm64; @@ -3220,10 +3220,10 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = accent_pink300; CODE_SIGN_IDENTITY = "Apple Development"; - CODE_SIGN_STYLE = Manual; + CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_ASSET_PATHS = "\"PolkadotVault/Preview Content\""; - DEVELOPMENT_TEAM = ""; + DEVELOPMENT_TEAM = QXCVVJ6654; ENABLE_BITCODE = NO; ENABLE_PREVIEWS = YES; INFOPLIST_FILE = PolkadotVault/Info.plist; @@ -3255,7 +3255,7 @@ BUNDLE_LOADER = "$(TEST_HOST)"; CLANG_ENABLE_MODULES = YES; CODE_SIGN_STYLE = Automatic; - DEVELOPMENT_TEAM = 4GK8JWU7P9; + DEVELOPMENT_TEAM = QXCVVJ6654; "EXCLUDED_ARCHS[sdk=iphonesimulator*]" = arm64; INFOPLIST_FILE = PolkadotVaultTests/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( @@ -3280,7 +3280,7 @@ BUNDLE_LOADER = "$(TEST_HOST)"; CLANG_ENABLE_MODULES = YES; CODE_SIGN_STYLE = Automatic; - DEVELOPMENT_TEAM = P2PX3JU8FT; + DEVELOPMENT_TEAM = QXCVVJ6654; INFOPLIST_FILE = PolkadotVaultTests/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", @@ -3366,7 +3366,7 @@ CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_ASSET_PATHS = "\"PolkadotVault/Preview Content\""; - DEVELOPMENT_TEAM = P2PX3JU8FT; + DEVELOPMENT_TEAM = QXCVVJ6654; ENABLE_BITCODE = NO; ENABLE_PREVIEWS = YES; INFOPLIST_FILE = PolkadotVault/Info.plist; @@ -3398,7 +3398,7 @@ BUNDLE_LOADER = "$(TEST_HOST)"; CLANG_ENABLE_MODULES = YES; CODE_SIGN_STYLE = Automatic; - DEVELOPMENT_TEAM = 4GK8JWU7P9; + DEVELOPMENT_TEAM = QXCVVJ6654; INFOPLIST_FILE = PolkadotVaultTests/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", diff --git a/ios/PolkadotVault/Resources/Docs/privacy-policy.txt b/ios/PolkadotVault/Resources/Docs/privacy-policy.txt index dfa1bb9ab2..5b70a74b2e 100644 --- a/ios/PolkadotVault/Resources/Docs/privacy-policy.txt +++ b/ios/PolkadotVault/Resources/Docs/privacy-policy.txt @@ -1,225 +1,126 @@ -Parity Technologies Limited (“**We**”; “**us**”; or “**our**”) are committed to protecting and respecting your privacy. +**1. GENERAL INFORMATION** -This policy (together with our terms of use on our websites [https://parity.io](https://parity.io), [https://paritytech.io](https://paritytech.io) and [https://polkadot.io](https://polkadot.io) (the “**Sites**“) and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. +Novasama Technologies GmbH, Schönhauser Allee 163, 10435 Berlin, Germany (hereinafter "**Novasama**" or “**we**”) offers the mobile application Polkadot Vault (hereinafter: “**Vault**”), a non-custodial wallet software that allows the User to turn his/her mobile device, such as smartphone or tablet (hereinafter: “**Storage Device**”), into a cold storage hardware wallet by holding the User’s private cryptographic keys offline while keeping the Storage Device offline. The Vault can be downloaded from the Apple App Store and from the Google Play Store. The User can use the Vault to safekeep their Private Keys, manage their accounts and blockchain-based digital assets (hereinafter: “**Digital Assets**”), send and receive transactions of Digital Assets, and cryptographically sign blockchain transactions. The Vault contains certain features that, inter alia, allow the User to connect the Vault to third-party decentralized applications (hereinafter: “**DApp**”), protocols and services that Novasama does not operate itself (hereinafter: “**Third-Party Services**”). Novasama does not offer Third-Party Services in its own name. Further information about the functions offered in connection with the Vault can be found in Novasama’s General terms and conditions of business and use (hereafter “GTC”). We encourage you to read the GTC carefully as they affect your obligations and legal rights regarding the usage of the Vault. -**What data do we collect from you?** +In connection with the usage of the Vault, no personal data will be processed by Novasama since the Vault will be installed on Users’ Storage Device without Novasama having access to any personal data of the User when using the Vault. However, Novasama may process personal data of persons who visit Novasama’s website https://novasama.io/ (hereinafter each a “**Website** and together “**Websites**”) and/or contact Novasama. Personal data is information that relates to an identified or identifiable natural person. An identifiable natural person is a person who can be identified directly or indirectly, e.g., by means of association with an online identifier (hereinafter: “**Data Subject**”). -The Ethereum and Substrate based blockchain clients written in the programming language Rust known as Parity does not collect information from you, however any information you publish onto a blockchain like Ethereum is public by design. +Novasama takes the protection of personal data very seriously. We treat personal data confidentially, in accordance with this Privacy Notice and applicable data protection law, including, but not limited to the General Data Protection Regulation (hereinafter: “**GDPR**”) and the German Federal Data Protection Act (hereinafter: “**FDPA**”). +This Privacy Notice informs you about how we handle your personal data that is under our control. +Unless otherwise provided in this Privacy Notice, capitalised terms used herein have the meaning determined in the GTC. -If you go to our Sites or utilise other services, we may collect and process the following personal data about you: +**2. CONTROLLER** -- **Information you give us**. This is information about you that you give us by filling in forms on our Sites, filling in forms on the sites of third party vendors providing us with a service, or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you agree to our contributors license agreement (“**CLA**”), apply to attend one of the events that we host, attend one of the events that we host, apply for a job on our Sites, ask to receive our newsletter and when you report a problem with our Sites. The information you give us may include your name, address, e-mail address and phone number and job application information (e.g. your CV, education data, and picture). +Novasama acts as responsible party and, hence, as controller within the meaning of the GDPR with regard to the personal data processed in connection with the Websites or any contacting of Novasama. A controller is a natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data. +If you have any questions regarding this Privacy Notice or the processing of your personal data, do not hesitate to contact us via the following contact details: -- **Information we collect about you**. With regard to each of your visits to our Sites we may automatically collect the following information: - - technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, and versions, operating system and platform; and - - information about your visit, including the full Uniform Resource Locators (URL), page response times and download errors. +**Name:** +**Novasama Technologies GmbH** +**Address:** +**Schönhauser Allee 163, 10435 Berlin, Germany** +**Email:** +**admin@novasama.io** -- **Information we receive from other sources**. This is information we receive about you if you use any of the other websites we operate or the other services we provide or, to the extent permitted by law, publicly accessible information about you on e.g. business social media. We are working closely with third parties (including, for example, recruitment services providers, and event organisation service providers and event partners). We will notify you when we receive information about you from them and the purposes for which we intend to use that information. +**3. PURPOSES AND LEGAL BASES OF DATA PROCESSING BY NOVASAMA** -**Cookies** +**a) General** -Our Sites uses cookies to distinguish you from other users of our Sites. This helps us to provide you with a good experience when you browse our Sites and also allows us to improve our Sites. For detailed information on the cookies we use and the purposes for which we use them see our “**Cookie Policy**” below. +The Vault was built with privacy in mind, and we expect you to use it in a privacy-friendly manner. We intend to provide you with all the necessary tools and opportunities to use the Vault while processing as little personal data as possible. In particular, no personal data will be processed by Novasama in connection with the usage of the Vault. Rather, all personal data provided by the User when using the Vault will be stored locally on the User’s Storage Device and kept offline therein. Should the Vault be used to sign a transaction or to interact with DApps no personal data will be processed or accessed by Novasama. Any data processing in connection with the use of the Vault will, therefore, either be a data processing by a third party through interaction with Third-Party Services according to Section 4.a) of this Privacy Notice or a blockchain data processing according to Section 4.b) of this Privacy Notice, which are both not controlled by Novasama. Other than described under Section 3. b) - d) below, we neither collect your personal data nor process or store it. -**For what purposes do we use your data and what is the legal basis for this use?** +**b) Visiting our Websites** -We may use information held about you in the following ways and relying on the following legal bases: +When visiting our Websites certain personal data is automatically collected every time you call up the Websites and is automatically stored in so-called server log files. The personal data processed in this regard are browser type and version, operating system used, website from which the access is made (referrer URL), host name of the accessing computer, date and time of access as well as IP address of the requesting computer (hereafter referred to as “**Access Personal Data**”). +The processing of Access Personal Data is necessary for technical reasons to provide the Websites in a functional way and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimisation of the Websites. We do not combine this data with other data sources, nor do we evaluate the data for marketing purposes. +The Access Personal Data is only stored for the period of time for which it is required to achieve the above-mentioned purposes. Your IP address is stored for a maximum of 7 days for IT security purposes. +The legal basis for the temporary storage and processing of Access Personal Data is Art. 6 (1) sentence 1 lit. b GDPR, which permits the processing of personal data for the fulfilment of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical Access Personal Data. Our legitimate interest here is to be able to provide you with the Websites in a technically functioning and user-friendly way and to ensure the security of our systems. - As required by Parity to conduct our business and pursue our legitimate interests, in particular: - - to notify you about changes to our service; - - to ensure that content from our Sites are presented in the most effective manner for you and for your computer; - - to administer our Sites and for internal operations, including troubleshooting and statistical purposes; - - to improve our Sites to ensure that content is presented in the most effective manner for you and for your computer; - - to allow you to participate in interactive features of our service, when you choose to do so; - - as part of our efforts to keep our Sites safe and secure; - - to use information you provide to investigate any complaints received from you or from others, about our Sites or our products or services; - - to assess your eligibility for the particular role you applied for; - - to assess your eligibility for any role that we might have available; - - to schedule, arrange and administer events and meetups in which you have expressed an interest (including creating an attendance record for the event and sending anonymised data to the venue including attendees, dietary requirements and accessibility requirements); - - to document the copyright and other rights granted with contributions made under our CLA; - - to use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation); and - - Information we receive from other sources: We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive). +**c) Contacting us** - Where you give us consent: - - we or our carefully selected partners will send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners. However, we will only provide you with marketing related information after you have, where legally required to do so, opted in to receive those communications and having provided the opportunity for you to opt out at any time. - - we place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used - - on other occasions where we ask you for consent. We will use the data for the purpose which we explain at that time. +If you contact us, we may collect and process certain information related to your request, such as your name, email addresses and any other data requested by us or data that you choose to provide us with (hereafter together referred to as “**ontact Data**”). - For purposes which are required by law: - - In response to requests by government or law enforcement authorities conducting an investigation. +Contact Data will be processed for the purpose of processing and answering your enquiry and in the event of follow-up questions. -**Relying on our legitimate interests** +If you contact us, our processing activities in this regard are based on our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR to provide appropriate response to customer/contact enquiries. In addition, if you contact us within the framework of an existing contractual relationship or in advance for information about our services, the Contact Data you provide to us will be processed for the purpose of processing and answering your contact enquiry in accordance with Art. 6 (1) sentence 1 lit. b GDPR as a legal basis. +The Contact Data will remain with us until the purpose for storing/processing no longer applies (i.e., after processing your enquiry has been completed). The Contact Data will, at the latest, be deleted after one (1) year from the last date when you contacted us regarding the same matter. Mandatory legal provisions – in particular retention periods – remain unaffected. -We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice. +**d) Other processing purposes** -**Withdrawing consent or otherwise objecting to direct marketing** + **i) Compliance with legal requirements:** We also process your personal data to comply with other legal obligations that may apply to us in connection with our business activities, including, but not limited to compliance with mandatory retention periods under commercial, trade or tax law or regulations and laws against money laundering. We process your personal data in accordance with Art. 6 (1) sentence 1 lit. c GDPR as legal basis to fulfil a legal obligation to which we are subject. -Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is no other legal ground for the processing. + **ii) Legal enforcement:** We also process your personal data in order to be able to assert our rights and enforce our legal claims, as well as to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In this context, we process your personal data to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR as legal basis, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences. -You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below. + **iii) Consent:** Please note that we currently do not collect your personal data based on your consent. However, in case you give us consent to process your personal data for certain purposes (e.g., sending information material and offers), the lawfulness of this processing is based on your consent. Consent given can be withdrawn at any time. Please note that the withdrawal is only effective for the future and processing up to that point is not affected. -**Who will we share your data with, where and when?** +**4. OTHER DATA PROCESSING NOT CONTROLLED BY NOVASAMA** -We will share your personal information with: +**a) Interaction with Third-Party Services** -- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries for : - - website maintenance and security; and - - recruitment and hiring -- Selected third parties including but not limited to: - - business partners and sub-contractors for the performance of any contract we enter into with them or you; - - our newsletter service provider for the purposes of providing you with our newsletter; - - event organisation service providers for the purposes of scheduling and arranging events and meetups in which you have expressed an interest; - - our applicant tracking system service provider for the purposes of assessing your application for a role at Parity; and - - third party developers for and / or providers of website hosting and maintenance. +Using the Vault to cryptographically sign a transaction may require the User to interact with certain Third-Party Services. Any interaction with or enabling such connections may allow such Third-Party Services providers to collect, process, or share certain personal data about you. Please note that Novasama does neither receive, process or store such personal data nor does it control, operate, or manage those Third-Party Services providers. Therefore, Novasama is not responsible for the Third-Party Services providers’ data processing or privacy documentation (policy, notice, statement) and any data protection rights in this regard would need to be exercised against the Third-Party Services provider. When you intend to interact with any such Third-Party Services providers or leave the Vault, we encourage you to read the privacy documentation of the respective Third-Party Service you use or visit. -We will also disclose your personal information to third parties: +**b) Blockchain data processing** -- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets. -- If Parity Technologies Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. -- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Parity Technologies Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. +Please note that certain data, such as public addresses associated with your wallets and information about transactions associated therewith (hereafter “**Transactions**”), interact with public decentralised blockchain infrastructures and blockchain-based software, including smart-contracts, which work autonomously. “Decentralised” means that there is no single person, including Novasama, who controls the blockchain or stores data available thereon. “Public” means that the access is available for anyone and cannot be restricted. The data entered in a public decentralised blockchain is distributed via the nodes that simultaneously store all records entered into the blockchain. By design, blockchain records cannot be changed or deleted and are said to be “immutable”. Due to the blockchain’s nature, once you start entering information into a blockchain, particularly by carrying out any Transactions, such information, which may be considered personal data, will become publicly available on a blockchain. Please be aware that any Transaction within a blockchain is irreversible and any information, including personal data, entered into a blockchain cannot be deleted or changed. Novasama will never control such information entered in a blockchain nor manage access to it and is, therefore, not responsible for any data processing in this regard. The ultimate decision whether to transact on a blockchain or carry out any Transaction rests with you. Therefore, your ability to exercise certain data protection rights in this regard will be limited. -The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA (in our case the US) who works for us or for one of our suppliers. +**c) App Store data processing** -Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to admin@parity.io. -Our Sites may, from time to time, contain links to and from the websites of our partner networks, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. +The Vault can be downloaded from the Apple App Store and from the Google Play Store. Please note, that downloading the Vault from an App Store will allow the respective App Store provider to collect, process, or share certain personal data about you (e.g. account information and/or contact details). Please note that Novasama does neither receive, process or store such personal data nor does it control, operate, or manage those App Store providers. Therefore, Novasama is not responsible for the App Store providers’ data processing or privacy documentation (policy, notice, statement) and any data protection rights in this regard would need to be exercised against the App Store provider. When you intend to interact with any such App Store providers, e.g. to download the Vault, we encourage you to read the privacy documentation of the respective App Store provider you use or visit prior. -**Your rights** +**5. DATA RECIPIENTS** -You have the right to **ask us for a copy** of your personal data; to **correct**, **delete** or **restrict** (stop any active) processing of your personal data; and to **obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format**, and to ask us to **share (port) this data to another controller**. +Within Novasama those persons will get access to your personal data that need it to fulfil our contractual and legal obligations. -In addition, you can **object to the processing** of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). +In individual cases we may transmit personal data to our advisors in legal or tax matters, whereby these recipients act independently in their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other applicable data protection regulations. Furthermore, they are obliged to maintain special confidentiality and secrecy due to their professional status. Other than that, we will not transfer any personal data controlled by us to any third-party recipients. -These **rights may be limited**, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR. We will inform you of relevant exemptions we rely upon when responding to any request you make. +**6. DATA TRANSFER TO THIRD COUNTRIES** -To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out under the Section “**Contact**” below. If you have unresolved concerns, you have the **right to complain** to an EU data protection authority where you live, work or where you believe a breach may have occurred. +We will not transfer any personal data to recipients located in countries outside the EU (European Union) / EEA (European Economic Area). -You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at admin@parity.io. +**7. DURATION OF DATA STORAGE** -**Which entity is my data controller, and which affiliates might my data be shared with?** +We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage (see above under Section 3 on the individual processing purposes). This may also include the periods of initiating a contract (pre-contractual legal relationship) and processing a contract. On this basis, personal data is regularly deleted as part of the fulfilment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes: -The data controller for your information is Parity Technologies Limited of c/o IGNITION LAW Moray House, Floor 1, Moray House, 23-31 Great Titchfield Street, London, United Kingdom, WC1W 7PA. + · Fulfilment of legal storage obligations, which result, for example, from the German Commercial Code (§§ 238, 257 para. 4 HGB) and the German Fiscal Code (§ 147 para. 3, 4 AO). The periods specified there for storage or documentation are up to ten years. -Your data might be shared with our group company Parity Technologies Deutschland GmbH, Glogauer Str. 6, 10999, Berlin, Germany for recruiting purposes and for the management of group functions. -How long will you retain my data? + · Preservation of evidence taking into account the statute of limitations. According to §§ 194 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years. -Where you are a contributor, customer or a registered user, we will keep your information for the duration of any contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. +**8. DATA SUBJECT RIGHTS** -Where we process personal data with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to process your data indefinitely so that we can respect your request in future. +You are entitled to the following rights as a Data Subject under the legal requirements: -For data about your visits to our Sites and where we process personal data for Sites security purposes, we will retain this data for 12 months following your last visit of our Sites. +**a) Right of withdrawal:** You may, in accordance with Art. 7 (3) GDPR, at any time withdraw any consent you provided to allow us to process your personal data. Please note that the withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected. However, please note that we currently do not collect your personal data based on your consent. -Data you provided to us in the course of your job application will be kept for 6 months, if your application was not successful. If you enter in an employment relationship with us, the relevant information will be kept for the duration of the employment contract as part of your personnel file. +**b) Right to information/access:** You are entitled at any time, within the framework of Art. 15 GDPR, to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you are also entitled, within the framework of Art. 15 GDPR, to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your personal data. The restrictions of § 34 FDPA apply. +**c) Right to rectification:** You are entitled to request us to rectify the personal data stored about you if it is inaccurate or incorrect, in accordance with Art. 16 GDPR. -Laws may require us to hold certain information for specific periods. In other cases, we may retain data for an appropriate period after any relationship with you ends to protect itself from legal claims, or to administer its business. +**d) Right to erasure:** You are entitled, under the conditions of Art. 17 GDPR, to demand that we delete personal data relating to you without delay. The right to erasure does not apply if the processing of the personal data is necessary, for example, to comply with a legal obligation (e.g., statutory retention obligations) or to assert, exercise or defend legal claims. Furthermore, the restrictions of § 35 FDPA apply. -**How you protect my data** +**e) Right to restrict processing:** You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR. -We strive to maintain the highest standards of security and Parity has put in place robust technical and organizational measures for the protection of your data in accordance with the current, general state of the art technologies, especially to protect the data against loss, falsification or access by unauthorized third persons. However the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites. Any transmission is at your own risk. Once we have received your personal data we will use strict procedures and security features to prevent unauthorized access. +**f) Right to data portability:** You are entitled, under the conditions of Art. 20 GDPR to demand that we hand over to you the personal data concerning you that you have provided to us, in a structured, common and machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. However, we are currently not processing your personal data based on your consent or based on performance of a contract with you. -Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. +**g) Right of objection:** You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object only exists within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. -**Cookie-policy** +**h) Right of appeal to a supervisory authority:** Subject to the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. A list of data protection supervisory authorities in Germany and their contact details can be found here. As a rule, the Data Subject can turn to the supervisory authority at his/her habitual residence or place of work or Novasama’s registered office. The supervisory authority responsible for Novasama is the Berlin Commissioner for Data Protection and Freedom of Information (Der Berliner Beauftragte für Datenschutz und Informationsfreiheit) -Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The use of cookies is now standard for most websites. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. See the subsection “How to manage cookies” for further information +**Other concerns:** For further data protection questions and concerns, please contact us under the contact details provided in Section 2 above. -**Necessary cookies** +**9. REQUIREMENT TO PROVIDE DATA** -The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. To set all other types of cookies we need your permission. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. +Visiting our Websites requires you to provide certain personal data to us, as described in Section 3.b) above. Other than that, you are not required to provide any personal data to us. However, if you decide not to provide your personal data to us, you may not be able to contact us and/or we will not be able to contact you, e.g., to respond to your enquiries or questions. -**Parity Technologies’ use of cookies** +**10. AUTOMATED DECISION MAKING / PROFILING** -The only cookie set on Parity Technologies’ websites is the "cfduid" cookie. This cookie is set by a third party, CloudFlare (a content delivery network service), and is necessary for the website to function properly as it is used to identify trusted web traffic. It does not correspond to any user ID in the web application, nor does the cookie store any personally identifiable information. In addition, it’s a “first-party” cookie bound to Parity’s hostname and not accessible from anywhere else, which makes it unusable for tracking purposes. Where technically possible it is also marked as “Secure” which would only allow its transmission over encrypted channels. [https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-](https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-) +We do not use your personal data to make any automated decision making or profiling (meaning an automated analysis of your personal circumstances). -This cookie expires after 1 year. +**11. CHILDREN PERSONAL DATA** -**How to manage cookies** +The Vault is not intended for the use of children (under 18 years old). We do not knowingly market to, solicit, process, collect, or use personal data of children. -Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third party cookies. Search for "cookies" under your web browser's “Help menu” for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our Sites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit [ http://youronlinechoices.eu/](http://youronlinechoices.eu/). +If we become aware that a child has provided us with personal data, we will use commercially reasonable efforts to delete such information from our database within a reasonable timeframe. If you are the parent or legal guardian of a child and believe that we have collected personal data from your child, please contact us. -**Changes to our privacy policy** +**12. CHANGES TO THIS PRIVACY NOTICE** -Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. - -**Contact** - -Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to admin@parity.io or by writing to Parity Technologies Limited of c/o IGNITION LAW Moray House, Floor 1, Moray House, 23-31 Great Titchfield Street, London, United Kingdom, WC1W 7PA. - -**Supplemental privacy notice for event participants** - -"We", "our", "Parity" – refers to Parity Technologies Limited. - -This notice supplements our Privacy Notice and describes how we collect, use, share and retain additional personal data collected when you participate in a Parity event (whether as an attendee, guest, or speaker), and how to access and control this additional data. Please let us know if you have any questions about this supplemental notice. - -**What additional data do we collect from you:** - -**Event registration** - -When you register to participate in a Parity event we will collect some or all of the following information from you directly or we will receive it from Eventbrite or Meetup: - -- Name -- Meetup or Eventbrite profile link -- Organisation -- Email address -- Dietary requirements -- Accessibility requirements - -When you book an event through Eventbrite or Meetup you will also have to agree to their terms and conditions of service. Please note that Eventbrite and Meetup are third-party services that are not owned or managed by Parity. This policy only refers to the way Parity will use your information. - -If you wish to attend one of our events but do not wish to use Eventbrite or Meetup to book a place, please contact the event organiser. Contact details for each event are provided on the event booking page. - -**Event photography and audio / video recordings** - -We frequently take photos and record audio and/or video at our events. If so, we may make and store photographs containing your likeness and recordings of your voice and likeness. We may associate your image and the sound of your voice with your name if you are identified during the recording or identify yourself by name. - -If you do not want your photograph to be taken or to be featured in video or audio of an event please let a member of our team know. - -**What we do with this additional data and why:** - -**Event registration data** - -We may use this information for the purposes of scheduling, organising and administering the event, this includes but is not limited to: - -- registering you to attend the event; -- sending you an email to you to confirm your registration and provide you with updates regarding the event; -- tracking and administering dietary and accessibility requirements; and -- organising and arranging an appropriate venue and refreshments. - -**Event photography and audio or video recordings** - -We may use, edit, copy, exhibit, publish, or distribute photos and audio or video recording from our events for the purposes of promoting our events and Parity. -When we share this additional data - -**Event registration data** - -Unless otherwise stated we use Meetup or Eventbrite to manage online registration for our events. We may share your personal data with Meetup or Eventbrite (or an alternative service provider), event partners (including but not limited to: event space providers, caterers and security service providers) and partner organisations (for example partners with whom we are joint hosting or presenting) as needed to provide you with information and services associated with the event and so as to administer the event itself. - -**Event photography and audio or video recordings** - -We may publish our or distribute photos and audio or video recording from our events via social media, including Twitter, Telegram, and LinkedIn. In doing so we will share those photos, audio or video with those services and their users. - -**How long do we retain your data?** - -**Event Registration Data** - -If you have informed us that you wish to be contacted about future events we will keep your data until you tell us that you no longer wish to be contacted. We will check from time to time that you still wish to hear from us. If you have informed us that you do not wish to be contacted about events we will delete your information within eight weeks of the event. - -Event photography and audio or video recordings - -Any photos and audio or video recording from our events that we choose not to use for the purposes of promoting our events and Parity will be deleted within eight weeks of the event. - -**Changes to this supplemental policy** - -We keep this policy under regular review and we will post any updates on this webpage. - -**How to contact us** - -Please contact us at admin@parity.io if you have any questions about this supplemental policy or the information we hold about you. -Statutory information - -**Statutory information about Parity Technologies Limited:** - -- Registered in England and Wales -- Registered Number: 09760015 -- Registered Office: Ignition Law, Moray House Floor 1, 23-31 Great Titchfield Street, London, United Kingdom, WC1W 7PA. +We keep this Privacy Notice under regular review and may update it at any time. If we make any changes to this Privacy Notice, we will change the “Last Updated” date above. Please review this Privacy Notice regularly to check for any updates. The current version of the Privacy Notice can be accessed at any time on https://novasama.io/vault-privacy. +Last Updated: February 5, 2024 diff --git a/ios/PolkadotVault/Resources/Docs/terms-and-conditions.txt b/ios/PolkadotVault/Resources/Docs/terms-and-conditions.txt index f309609586..2094b0dd47 100644 --- a/ios/PolkadotVault/Resources/Docs/terms-and-conditions.txt +++ b/ios/PolkadotVault/Resources/Docs/terms-and-conditions.txt @@ -1,194 +1,87 @@ -**POLKADOT VAULT MOBILE APPLICATION - END USER LICENCE AGREEMENT** +**General terms and conditions of business and use** +**1. Basic Provisions; Risk Information; No Financial Service** -**Parity Technologies Limited** is a company registered in England and Wales under company number 09760015, with its registered office at c/o Ignition Law, 1 Sans Walk, London, England, EC1R 0LT ("**Parity**"). Parity operates this Polkadot Vault mobile application (the "**App**"). +**1.1** Novasama Technologies GmbH, Schönhauser Allee 163, 10435 Berlin, Germany (hereinafter: “**Novasama**”) offers the mobile application Polkadot Vault (hereinafter: “**Vault**”) to customers as Free-Ware free of charge. The Vault is a non-custodial wallet software that allows the User to turn his/her mobile device, such as smartphone or tablet (hereinafter: “**Storage Device**”), into a cold storage hardware wallet by holding the User’s private cryptographic keys (hereinafter: “**Private Key**”) offline while keeping the Storage Device offline. Novasama does neither store, nor has access to or control over a User's Private Key and seed recovery phrase (hereinafter: “**Mnemonic Phrase**”) at any time. -In this document, when we refer to "**we**", "**us**" or "**our**", we mean Parity; and when we refer to "**you**" or "**your**" we mean you, the person downloading, accessing and/or using the App. -**1. Understanding these terms** +**1.2** The User can use the Vault to safekeep their Private Keys, manage their accounts and blockchain-based digital assets (hereinafter: “**Digital Assets**”), send and receive transactions of Digital Assets, and cryptographically sign blockchain transactions. - 1.1 This end user license agreement together with appendix 1 to it and our instructions referred to in it (this "**EULA**") describes how you may download the App and access and/or use the App. By downloading, accessing and/or using the App, this EULA will apply to you and you agree to the terms of this EULA. You should therefore read the terms carefully before downloading, accessing and/or using the App. If any written instruction we have given you is inconsistent with the terms set out in this document, you should comply with our instructions and in doing so you will not be in breach of the inconsistent term of this document. +**1.3** By using the Vault, the User confirms that the User is aware of the inherent risks associated with the use of cryptographic and blockchain-based systems and that the User is experienced with securing Private Keys and handling Digital Assets. The User is aware that Digital Asset markets can be highly volatile due to various factors such as speculation, advancing technology, or changes in the regulatory environment and may involve financial risks. Blockchain transactions signed by using the Private Key stored in the Vault and validated by the blockchain network are irrevocable and irreversible, and there is no possibility to retrieve Digital Assets that have been transferred. - 1.2 When certain words and phrases are used in this EULA, they have specific meanings (these are known as "**defined terms**"). You can identify these defined terms because they start with capital letters (even if they are not at the start of a sentence). Where a defined term is used, it has the meaning given to it in the section of this EULA where it was defined (you can find these meanings by looking at the sentence where the defined term is included in brackets and speech marks). +**1.4** The User acknowledges that Novasama offers a non-custodial wallet solution. The User is responsible for storing and securing the User’s Mnemonic Phrase and Private Keys, as well as any backups thereof. In particular, the User acknowledges that the failure or loss of the Storage Device can lead to the irreversible loss of all information stored in the Vault including the Mnemonic Phrase and/or Private Key. Therefore, the User commits to keeping a back-up copy of his/her information, including Mnemonic Phrase and Private Key, separate from the Vault and from the Storage Device altogether. - 1.3 In order to access and/or use the App it must be downloaded on to a smartphone or other mobile device running either the iOS or Android operating systems (the device you use, "**Device**"). In order to download the App, you will need Internet access. +**1.5** Novasama does not store Mnemonic Phrases and Private Keys for the User, nor does it have any backups or access to the User’s Mnemonic Phrase and Private Keys. In the event of loss of the Mnemonic Phrase and Private Keys by the User, Novasama will not be able to recover the User's Private Keys or otherwise restore access to the Vault or any Digital Assets. Novasama is not responsible for the loss of the User’s Mnemonic Phrase or Private Keys. In case of loss, only the User himself can recover his/her Wallet. +**1.6** The User is aware that the use of blockchain infrastructures and the processing of blockchain transactions may result in network fees, which shall be borne by the User. Novasama does not charge the User with these network fees and cannot influence these costs. +**1.7** Novasama does not provide any financial services, in particular Novasama does not give any investment recommendations or advice and does not provide any trading or crypto custody services. Novasama is also not a provider of Digital Assets, does not offer Digital Assets for sale or purchase. The User is responsible for the tax treatment, in particular income tax treatment, of the profits from the purchase or sale of Digital Assets and use of other services. - 1.4 Please note that: +**2. Scope of Application; Amendment of the General Terms and Conditions of Business and Use** - 1.4.1 to download the App, you must also review and agree to the additional app terms set out in appendix 1 to this EULA and any other terms and conditions imposed by the app store from which you have downloaded the App; and +**2.1** These General Terms and Conditions of Business and Use (hereinafter: “**GTC**”) apply to contracts concluded between Novasama and the contractual partner (hereinafter: “**User**”) (hereinafter: “**User Agreement**”). The contract is concluded by downloading the Vault on the User’s Storage Device subject to these GTC. The use of the Vault is only permitted to legal entities, partnerships and natural persons with unlimited legal capacity. In particular, minors are prohibited from using the Vault. +‍ - 1.4.2 we will not collect any personal information from or in relation to you, including from your downloading, accessing and/or use of the App. If you contact us, we only use your personal information in accordance with our privacy policy (available at [*www.parity.io/privacy*](www.parity.io/privacy)). +**2.2** The application of the User’s general terms and conditions is excluded. Deviating, conflicting or supplementary general terms and conditions of the User shall only become part of the contract if and to the extent that Novasama has expressly agreed to their application in writing. This consent requirement shall apply in any case, even if for example Novasama, being aware of the general terms and conditions of the contractual partner, accepts payments by the contractual partner without reservations. -**2. The App** +**2.3** The current version of the GTC is published on Novasama’s website under https://novasama.io, indicating the date of the last update to the GTC. By downloading or updating the Vault, the User accepts the version of the GTC available at the time of his/her latest download or update. - 2.1 Subject to the terms of this EULA, the App is made available to you free of charge. The App does not connect to any computer system (other than the Device on which you install it) and does not gather or transmit to us or any other person any data in relation to you or your use of the App. +**3. Functions of the Vault; User’s Duty of Care; Third-Party Services.** - 2.2 You are responsible for making all arrangements necessary for you to have access to and use of the App. You should not allow any other person to access and/or use the App on your Device. +**3.1** The Vault allows the User, *inter alia*, to store his/her Private Keys and Mnemonic Phrase offline, to create multiple accounts with derivation paths using his/her Mnemonic Phrase, and to sign transactions or services related to Digital Assets in an air-gapped way without connecting the Storage Device to the internet and/or to other devices. The Vault is native to the Polkadot ecosystem and can be used for any supported blockchain. Novasama continues to develop the Vault on a regular basis, so that the services offered may be subject to change. The presentation of the Vault only reflects the current functionality and does not constitute a binding offer for future services. - 2.3 The App and the content on it are provided for general information purposes only. They are not intended to amount to advice on which you should rely. +**3.2** To use the Vault, the User must choose a Storage Device which the User is willing to permanently disconnect from the internet and from other devices. The User must reset this Storage Device to factory settings, download the Vault and disconnect the Storage Device from the internet and from all other devices. The Vault will then guide the User through the set-up process. The User acknowledges that, once the Vault is set-up, its security benefits as a hardware wallet might be corrupted if the Storage Device is ever connected to the internet and/or to other devices. The User is responsible for keeping the Storage Device safe and offline at all times. Furthermore, the User must frequently update the metadata about blockchain network specifications (hereinafter: “**Metadata**”) stored in the Vault. Otherwise, the User might not be able to, e.g., sign transactions for as long as the Metadata in the Vault is outdated. Up-to-date Metadata is currently provided by Novasama as well as by other providers and can be imported into the Vault in an air-gapped way while keeping the Storage Device offline. - 2.4 You may only access and/or use the App for your own domestic, private and non-commercial use. +**3.3** From time to time, Novasama may release updated versions of the Vault software. Should the User decide to update the Vault, the User must reset the Storage Device and delete the Vault and the information contained therein prior to connecting the Storage Device to the internet. After that, the User must download and set-up the updated version of the Vault again and add his/her Private Keys, as described in Section 3.2. The User’s obligation to keep back-up copies of his/her information, including Mnemonic Phrase and Private Key, remains unaffected (cf. Section 1.4). - 2.5 Subject to clause 2.6, the App (once downloaded on to a Device in accordance with this EULA) is designed to enable you to: +**3.4** The Vault contains certain features (hereinafter: “**Vault Features**”) that, inter alia, allow the User to connect the Vault to third-party decentralized applications (hereinafter: “**DApp**”), protocols and services that Novasama does not operate itself (hereinafter: “**Third-Party Services**”, cf. Section 4 below). Novasama does not offer Third-Party Services in its own name. The conditions of service provisions for Third-Party Services, if any, shall be governed exclusively by the applicable contractual provisions between the User and the respective provider of the Third-Party Services. Novasama continues to develop the Vault Features on a regular basis, so that the Vault Features offered and Vault's compatibility with Third-Party Services may be subject to change. The presentation of the Vault and the Vault Features in the Vault only reflects the current functionality and does not constitute a binding offer for future services.‍ - 2.5.1 generate private keys using a recovery phrase ("**Private Key(s**)") and a corresponding public key and store them on such Device; +**4. Conditions of Service; GNU GPLv3** - 2.5.2 verify and sign transactions on Blockchains (as defined below) using the relevant Private Key ("**Digital Signature**"); and +**4.1** The User's right to use the Vault is limited to the respective state of art. Novasama may temporarily restrict the Vault or certain Vault Features if this is necessary due to capacity limits, to maintain the security or integrity of the software, servers or services or to carry out technical measures, e.g. maintenance work serving the proper or improved service of the Vault. In these cases, Novasama will take the User’s legitimate interests into account, e.g. by providing appropriate information about planned maintenance work in advance. Section 6 of the GTC remains unaffected. - 2.5.3 when used in conjunction with certain Third Party Services (which are defined in clause 4.3), can be used to broadcast transactions on the relevant Blockchains, +**4.2** To the extent the User connects his/her Vault to Third-Party Services or relies on content or data from third party providers, Novasama does not warrant their accuracy, completeness or timeliness. No contractual relationship exists between Novasama and the Third-Party Service providers and the Third-Party Service providers are not acting as agents of or at the direction of Novasama. Novasama has no technical, legal or organizational means to influence Third-Party Services. Novasama is not liable for any damages incurred by the User due to the use of Third-Party Services, in particular when signing transactions or importing Metadata, such as in case of bridged tokens, unavailability and customization of DApps and protocols, transactions to incompatible, incorrect or unassigned wallet addresses, transactions to DApps, failure of nodes or unavailability of blockchain networks, hacker attacks on DApps, or inaccurate Metadata imported from Third-Party Service providers. +**4.3** Novasama reserves all intellectual property rights in and to the Vault, Vault Features, its software, content, data, or other material. Novasama provides the Vault software code on an "open source" basis in accordance with the terms of the GPL 3.0 license, which can be found here: https://opensource.org/licenses/GPL-3.0, and make the source code of the Vault available here https://github.com/novasamatech. You are free to use, modify and distribute the software code of the Vault in accordance with the terms of GPL 3.0. -(the "**App** **Functionality**"). +**5. Fees** - 2.6 The App Functionality the App, can only be used on the Ethereum public blockchain protocol, blockchain protocols built on our "Substrate" technology, including Kusama and Polkadot, and other blockchain protocols as are indicated within the App itself ("**Blockchain(s)**"). You are responsible for your choice of and interaction with the relevant Blockchain. +Blockchain network fees which are due for the execution of transactions shall be borne by the User. Novasama does not charge the User with these network fees and cannot influence these costs. Furthermore, Novasama has no control over the fees charged by the Third-Party Services. - 2.7 The App is not itself part of any blockchain. For this reason, we will have no liability to you in relation to any activity on any blockchain or the performance or availability of any blockchain. In addition, we do not guarantee that a Digital Signature will result in the related transaction being recorded on the relevant Blockchain. You are responsible for ensuring that any transactions you broadcast, or Digital Signatures you create, conform to the applicable rules of the relevant Blockchain. +**6. Liability of Novasama; Force Majeure** - 2.8 You should only download, access and/or use the App if you are familiar with interacting with the Blockchains. We recommend you learn about and understand the basics of the Blockchains in connection with which you intend to use the App before downloading, accessing and/or using the App. +**6.1** Except in case of intentional misconduct (*Vorsatz*) or gross negligence (*grobe Fahrlässigkeit*), any liability of Novasama shall be excluded for any and all claims arising in connection to the Vault provided to the Customer as Free-Ware free of charge. Warranty obligations shall only arise if Novasama has fraudulently concealed a possible defect in the Vault or the contractual services. - 2.9 The purpose of the App is to provide the App Functionality on a Device which is not connected to any form network or the internet. The App should only ever be used on an offline Device. Once you have downloaded, installed and set up the App on the Device, it is very important that you follow the instructions we provide on our website (available at [https://github.com/paritytech/parity-signer](https://github.com/paritytech/parity-signer)) to ensure the Device is not connected to any network or the internet. +**6.2** The limitations of liability according to Section 6.1 do not apply (i) concerning damages arising from injury to life, body or health, (ii) as far as Novasama has assumed a guarantee, (iii) to claims of the User according to the Product Liability Act (*Produkthaftungsgesetz*), and (iv) to claims of the User according to any applicable data privacy laws. - 2.10 You are responsible for the use and security of any Device on which you have installed the App. We will have no liability to you for any losses or damages you incur in respect of (i) access and/or use of the App (including the creation of any Digital Signature or loss of Private Keys) as a result of unauthorised persons gaining access to your Device; or (ii) your Device being compromised or corrupted. +**6.3** The liability provisions in Sections 6.1 and 6.2 shall also apply to the personal liability of the executive bodies, legal representatives, employees and vicarious agents of Novasama. -**3. Your account and password** +**6.4** If the User suffers damages from the loss of data, Novasama is not liable for this, as far as the damages would have been avoided by a regular and complete backup of all relevant data by the User. - 3.1 You will need to register an account on the App in order to make full use of the App ("**Account**"). If you register an Account, you will be asked to provide certain information (such as your email address) and to create a pin code and a seed recovery phrase, as part of our security procedures. The information relating to your Account is never transmitted to us. You must treat such pin code and recovery phrase as confidential and you must not disclose it to any third party. Your recovery phrase is used to generate your Private Key, so if you lose your recovery phase, you will not be able to regenerate your Private Key to recover your Account. This may mean you are unable to access any digital currency, token and cryptocurrency associated with such Private Keys and/or create any Digital Signatures. You should ensure that you have taken appropriate steps to securely back-up any of your data stored on your Device (including the recovery phrase and Private Keys) so that such data is accessible in these circumstances. +**6.5** Novasama takes all possible measures to enable the User to access the Vault and the Vault Features. In the event of disruptions to the technical infrastructure, the internet connection or a relevant blockchain, Novasama shall be exempt from its obligation to perform. This also applies if Novasama is prevented from performing due to force majeure or other circumstances, the elimination of which is not possible or cannot be economically expected of Novasama. - 3.2 You are responsible for any unauthorised access and/or use of your App or Account login details. +**6.6** Liability in any other event but Section 6.1 to 6.5 above is excluded. -**4. Acceptable use** +**7. Indemnities** -*General* +**7.1** The User agrees to indemnify Novasama to the extent liable under statutory law from all claims, which other Users or other third parties assert for infringement of their rights against Novasama due to the User’s use of the Vault or other Third-Party Services. - 4.1 We provide software code in the App on an "open source" basis in accordance with the terms of the GPL 3.0 licence, which can be found here: [*https://opensource.org/licenses/GPL-3.0*](https://opensource.org/licenses/GPL-3.0), ("GPL 3.0") and make the source code of the App available at [*https://github.com/paritytech/parity-signer*](https://github.com/paritytech/parity-signer). You are free to use, modify and distribute the software code in the App in accordance with the terms of GPL 3.0. In the case of any conflict between the terms of GPL 3.0 and the terms of this EULA in relation to your use of the software code in the App, the terms of GPL 3.0 shall prevail. +**7.2** In this case, the User assumes all necessary costs of legal defense of Novasama, including all statutory court and attorney fees. This does not apply if the User is not responsible for the infringement. - 4.2 When accessing and/or using the App, you agree: +**7.3** In case of a claim asserted by a third party, the User is obliged to the extent liable under statutory law to provide Novasama with immediate, truthful and complete information necessary for the examination of claims and defense. - 4.2.1 not to access and/or use the App in any unlawful manner, for any unlawful purpose or in any manner inconsistent with this EULA; +**8. Data Protection** - 4.2.2 not to infringe our intellectual property rights or those of any third party in relation to your use of the App (to the extent that such access and/or use is not licensed under this EULA); and +‍Novasama informs the User about Novasama’s processing of personal data, including the disclosure to third parties and the rights of the User as an affected party, in the data protection information. - 4.2.3 to comply with all technology control or export laws and regulations that apply to the technology used or supported by the App. +**9. Final Provisions** -*Use with other software and hardware* +**9.1** Novasama is entitled to transfer its rights and obligations under the User Agreement in whole or in part to third parties with a notice period of four weeks. In this case, the User has the right to terminate the User Agreement without notice. - 4.3 When you make use of the App, you may use the App Functionality to enter into transactions on the relevant Blockchain (for example, transferring crypto currency, entering into a smart contract, or purchasing goods) (“**Transactions**”). You may also use the App in conjunction with other services or software (including cryptographic wallet technology such as software wallets) which are provided by a person or company other than Parity (“**Third Party Services**”). You agree and understand that you are responsible for any Transaction which you enter into and we do not operate or control any such Third Party Services. We have no responsibility for any Transactions you enter into and your use of Third Party Services is at your sole risk and we provide no warranty or guarantee of any in respect of Third Party Services. You further agree that under no circumstances will we be liable to you for any losses or damages arising from any Transactions or any interactions between you and the provider of any such Third Party Services or for any information that such Third Party Services provider provides you or you to them. +**9.2** Should individual provisions of these GTC be or become invalid or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions. The invalid or unenforceable provision shall be replaced by the statutory provision. If there is no statutory provision or if the statutory provision would lead to an unacceptable result, the parties shall enter negotiations to replace the invalid or unenforceable provision with a valid provision that comes as close as possible to the economic purpose of the invalid or unenforceable provision. -*Bugs and Viruses* +**9.3** The User Agreement including these GTC shall be governed by German law. The application of the UN Convention on Contracts for the International Sale of Goods is excluded. For consumers domiciled in another European country but Germany, the mandatory provisions of the consumer protection laws of the member state in which the consumer is domiciled shall also apply, provided that these are more advantageous for the consumer than the provisions of the German law. - 4.4 We do not guarantee that the App will be totally secure or free from bugs or viruses. +**9.4** For users who are merchants within the meaning of the German Commercial Code (*Handelsgesetzbuch*), a special fund (*Sondervermögen*) under public law or a legal person under public law, Berlin shall be the exclusive place of jurisdiction for all disputes arising from the contractual relationship. - 4.5 You must not misuse the App by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. By breaching this provision, you would commit criminal offences. +**9.5** In the event of a conflict between the German and the English version of these GTC, the German version shall prevail. -**5. Intellectual property** +Last Updated: February 28, 2024 - 5.1 As we refer to above, we grant to you a licence to use the software code in the App on the terms of GPL 3.0. This right does not apply to the Parity name and mark, the Polkadot Vault product names, and any texts, designs, graphics, photographs and images contained in the App, which you are not entitled to use (other than through the use of the App on your Device in accordance with this EULA) or modify in any circumstances . We reserve all other rights. - - 5.2 We are the owner or licensee of all intellectual property rights in the App and its content, the Parity name and mark and Polkadot Vault product names and images. Those works are protected by intellectual property laws and treaties around the world. All such rights are reserved. - - 5.3 You are not granted any right to use, and may not use, any of our intellectual property rights other than as set out in this EULA. You must not use the App (or any part of it or its content) for commercial purposes. - - 5.4 Any communications or materials you send to us by electronic mail or other means will be treated as non-proprietary and non-confidential. We are free to publish, display, post, distribute and otherwise use any ideas, suggestions, concepts, designs, know-how and other information contained in such communications or material for any purpose, including, but not limited to, developing, manufacturing, advertising and marketing us and our products. - -**6. Our liability** - - 6.1 Nothing in this EULA excludes or limits our liability for: - - 6.1.1 death or personal injury caused by our negligence; - - 6.1.2 fraud or fraudulent misrepresentation; and - - 6.1.3 any matter in respect of which it would be unlawful for us to exclude or restrict our liability. - - 6.2 The App is built on open source software and made available in accordance with this agreement as an open source community project. Accordingly, we make the App (and both the source code and object code in it) available on an "as is" basis. This means that we cannot guarantee or warrant to you that the App is free from errors or defects. - - 6.3 It is possible that as a result of an error or defect the version of the App stored on your Device may become corrupt and unusable so that it may not be possible to retrieve the data stored on it (including any Private Keys). You should ensure that you have taken appropriate steps to securely back-up any of your data (including any Private Keys) stored on your Device so that it is not lost in these circumstances. Save if we cause damage to your Device or other digital content and such damage would not have occurred if we had exercised reasonable care and skill, as the App is free for you to access and/or use and we receive no data in relation to you from your use of it, we will not be liable to you in any way if the App stops working properly or at all, including where any data stored in the App is lost or corrupted. - - 6.4 Nothing in this EULA affects your statutory rights. Advice about your statutory rights is available from your local Citizens' Advice Bureau or Trading Standards Office. - - 6.5 We only supply the App for domestic and private use. You agree not to use the App, or any content on the App, for any commercial or business purposes and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity. - - 6.6 The App may contain inaccuracies or typographical errors. We make no representations about the reliability, availability, timeliness or accuracy of the content included on the App. - - 6.7 We assume no responsibility for the content of any websites or services which you use the App to authenticate transactions on. We will not be liable for any loss or damage that may arise from your use of them. - - 6.8 Save as set out in clause 6.1 above, our maximum liability to you under this EULA is £100. - -**7. Suspension and termination** - - 7.1 Either you or we may terminate this EULA at any time for any reason. - - 7.2 If you breach any of the terms of this EULA, we may immediately do any or all of the following (without limitation): - - 7.2.1 issue a warning to you; - - 7.2.2 temporarily or permanently withdraw your right to use the App; - - 7.2.3 issue legal proceedings against you for reimbursement of all costs resulting from the breach (including, but not limited to, reasonable administrative and legal costs); - - 7.2.4 take further legal action against you; and/or - - 7.2.5 disclose such information to law enforcement authorities as we reasonably feel is necessary to do so. - - 7.3 If we withdraw your right to use the App, then: - - 7.3.1 all rights granted to you under this EULA shall cease; - - 7.3.2 you must immediately cease all activities authorised by this EULA, including your use of any services provided through the App; and - - 7.3.3 you must immediately delete or remove the App from your Device, and immediately destroy all copies of the App then in your possession, custody or control and if we request you to, certify to us that you have done so. - -**8. Changes to this EULA** - - 8.1 We may make changes to the terms of this EULA from time to time (if, for example, there is a change in the law that means we need to change this EULA). Please check this EULA (at the address indicated in clause 1.1) regularly to ensure that you understand the up-to-date terms that apply at the time that you access and use the App. If we update the terms of this EULA, the updated terms will apply 10 days after the update is posted (at the address indicated in clause 1.1) to each of your uses of the App from that point on. - - 8.2 From time to time updates to the App may be issued through the relevant app store. As the App is designed to operate on a Device which remains offline, you agree that it is your responsibility to check whether we have published any updates to the App. You should carry out this check on a device on which the App has not been installed and follow our instructions (available at [https://github.com/paritytech/parity-signer](https://github.com/paritytech/parity-signer)) as to how to update the App. - - 8.3 You will be assumed to have obtained permission from the owners of any Devices that are controlled, but not owned, by you to download a copy of the App onto the Devices. You and they may be charged by your and their service providers for Internet access on the Devices. You accept responsibility in accordance with the terms of this EULA for the use of the App in relation to any Device, whether or not it is owned by you. - -**9. Other important information** - - 9.1 Each of the clauses of this EULA operates separately. If any court or relevant authority decides that any of them are unlawful or unenforceable, the remaining clauses will remain in full force and effect. - - 9.2 If we fail to insist that you perform any of your obligations under this EULA, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you and will not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing, and that will not mean that we will automatically waive any later default by you. - - 9.3 If you wish to have more information on online dispute resolution, please follow this link to the website of the European Commission: [*http://ec.europa.eu/consumers/odr/*](http://ec.europa.eu/consumers/odr/). This link is provided as required by Regulation (EU) No 524/2013 of the European Parliament and of the Council, for information purposes only. We are not obliged to participate in online dispute resolution. - -**10. Governing law and jurisdiction** - - 10.1 This EULA is governed by English law. This means that your download, access to, and use of, the App, and any dispute or claim arising out of or in connection therewith will be governed by English law. - - 10.2 You can bring proceedings in respect of this EULA in the English courts. However, as a consumer, if you live in another European Union member state you can bring legal proceedings in respect of this EULA in either the English courts or the courts of that Member State. - - 10.3 As a consumer, if you are resident in the European Union and we direct this App to the member state in which you are resident, you will benefit from any mandatory provisions of the law of the country in which you are resident. Nothing in this EULA, including clause 10.1, affects your rights as a consumer to rely on such mandatory provisions of local law. - -**11. Contacting us** - -Should you have any reasons for a complaint, we will endeavour to resolve the issue and avoid any re-occurrence in the future. You can always contact us by using the following details: -Address: Parity Technologies Limited, c/o Ignition Law, 1 Sans Walk, London, England, EC1R 0LT -Email address: admin@parity.io and legal@parity.io - -Thank you. - -**Terms last updated 09 Februray 2021** - -**APPENDIX 1** - -**Additional App Terms** - -The following terms and conditions shall apply to your access and/or use of the App in addition to those set out in this EULA. - -For the purpose of this appendix 1, "**Appstore Provider**" means the provider of the app store through which you have downloaded the App (for example, Apple is the Appstore Provider if you have downloaded the App from the Apple App Store, Google is the Appstore Provider if you have downloaded the App from Google Play, etc). - -1. You acknowledge and agree that this EULA has been concluded between you and Parity, and not with the Appstore Provider. You acknowledge and agree that the Appstore Provider is not responsible for the App and its content. - -2. You acknowledge and agree that the Appstore Provider has no obligation to provide any maintenance or support in respect of the App. Should you have any problems in using the App, please contact us at admin@parity.io. - -3. In the event that the App does not conform with any product warranty provided for by this EULA, the Appstore Provider may provide you with a refund of the price that you paid to purchase the App (if any). The Appstore Provider shall, to the maximum extent permitted by law, have no obligation to you whatsoever with respect to the App. - -4. You acknowledge and agree that the Appstore Provider shall not be responsible for addressing any claims that you might have relating to the App, including (without limitation): product liability claims; any claim that the App fails to conform to any applicable legal or regulatory requirement; and claims arising under consumer protection or similar legislation. - -5. In the event that a third party claims that the App infringes its intellectual property rights, Parity (and not the Appstore Provider) shall be solely responsible for the investigation, defence, settlement and discharge of such claim. - -6. You warrant and represent that: (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a "terrorist supporting" country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties. - -If the Appstore Provider is Apple, you acknowledge and agree that Apple and its subsidiaries are third party beneficiaries to this EULA. Upon your acceptance of this EULA, Apple will have the right to enforce the EULA against you as a third party beneficiary. diff --git a/ios/fastlane/Appfile b/ios/fastlane/Appfile index d87383074a..1b58274e56 100644 --- a/ios/fastlane/Appfile +++ b/ios/fastlane/Appfile @@ -1,4 +1,4 @@ app_identifier "io.parity.NativeSigner" -apple_id "krzysztof@parity.io" -team_name "PARITY TECHNOLOGIES LIMITED" -team_id "P2PX3JU8FT" +apple_id "stepan@novasama.io" +team_name "Novasama Technologies GmbH" +team_id "QXCVVJ6654" diff --git a/ios/fastlane/lanes/lane_build.rb b/ios/fastlane/lanes/lane_build.rb index c19ed2d52b..5a63133e22 100644 --- a/ios/fastlane/lanes/lane_build.rb +++ b/ios/fastlane/lanes/lane_build.rb @@ -11,7 +11,7 @@ configuration = options[:configuration] app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier) - profile_name = "NativeSigner Distribution Provisioning Profile" + profile_name = "Polkadot Vault Distribution" output_name = scheme # just in case we need to customise it for other GAs export_method = "app-store" compile_bitcode = false @@ -50,7 +50,7 @@ lane :prepare_code_signing do |options| api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY] app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier) - profile_name = "NativeSigner Distribution Provisioning Profile" + profile_name = "Polkadot Vault Distribution" cert( api_key: api_key, diff --git a/rust/Cargo.lock b/rust/Cargo.lock index a06ccd8c7c..9b81d5cb16 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -3001,9 +3001,9 @@ dependencies = [ [[package]] name = "raptorq" -version = "2.0.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90b1b1fad69672f0b901b5004863ea4307f03d168a3db5f2bcba4d3dfed88e97" +checksum = "7cc8cd0bcb2d520fff368264b5a6295e064c60955349517d09b14473afae4856" [[package]] name = "rayon" diff --git a/rust/generate_message/src/error.rs b/rust/generate_message/src/error.rs index 7c745c1821..bb186f6e04 100644 --- a/rust/generate_message/src/error.rs +++ b/rust/generate_message/src/error.rs @@ -530,6 +530,7 @@ impl std::fmt::Display for Changed { /// /// Expected to receive data in hexadecimal format, got something different. /// [`NotHexActive`] specifies what was expected. +#[allow(dead_code)] #[derive(Debug)] pub enum NotHexActive { /// Network genesis hash, fetched through RPC call. diff --git a/rust/qr_reader_phone/Cargo.toml b/rust/qr_reader_phone/Cargo.toml index 9524bef1a1..c7df0a3a68 100644 --- a/rust/qr_reader_phone/Cargo.toml +++ b/rust/qr_reader_phone/Cargo.toml @@ -8,7 +8,7 @@ edition = "2018" [dependencies] hex = "0.4.3" -raptorq = "2.0.0" +raptorq = "1.8.1" nom = "7.1.3" thiserror = "1.0.57" constants = {path = "../constants"} diff --git a/rust/qrcode_rtx/Cargo.toml b/rust/qrcode_rtx/Cargo.toml index e1af43c162..05a2f73da5 100644 --- a/rust/qrcode_rtx/Cargo.toml +++ b/rust/qrcode_rtx/Cargo.toml @@ -9,7 +9,7 @@ edition = "2018" [dependencies] bitvec = "1.0.1" hex = "0.4.3" -raptorq = "2.0.0" +raptorq = "1.8.1" qrcodegen = "1.8.0" png = "0.17.13"