Privacy Policy

Effective Date: Jan-15-2026  |  Last Updated: Jan-15-2026

This Privacy Policy explains how OK.de Services GmbH ("OK.secure", "we", "us", "our") processes personal data when you use the OK.secure Messenger application and related services ("Services").

This Policy is drafted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable national data protection laws. It applies to users within the European Union and to users internationally, subject to applicable local laws.

1. Data Controller

OK.de Services GmbH
Uhlandstraße 165/166
10719 Berlin, Germany
Email: [email protected]

OK.de Services GmbH is the data controller for personal data processed in connection with the OK.secure messenger, AI features, and technical integrations described in this Policy.

2. Scope of Application

This Privacy Policy applies to processing of personal data in connection with:

  • OK.secure Messenger (messages, voice, video, files)
  • Account management and security
  • AI-assisted features
  • Non-custodial crypto wallet integrations
  • Financial-service integrations under the OK.pay brand
  • Customer support

It does not apply to services provided independently by third parties acting as separate data controllers, even if accessible via OK.secure.

3. Age Restriction

OK.secure is intended for users 16 years of age or older.

We do not knowingly process personal data of individuals under 16.

4. Categories of Personal Data Processed

4.1 Identification and Account Data

Username, email address, optional phone number, optional display name, internal account identifiers, and account status data.

4.2 Authentication and Security Data

Login timestamps, device identifiers, temporary IP address processing, security logs, and encryption key identifiers (private keys remain on user devices).

4.3 Communication Data

End-to-end encrypted messages, calls, files, and delivery metadata. Message content is inaccessible to OK.secure in plaintext.

4.4 Technical and Usage Data

App version, operating system, crash diagnostics, performance logs, and language/region settings.

4.5 Support and Correspondence Data

Information provided during customer support interactions.

4.6 AI Feature Data (OK.ai)

User prompts, generated responses, and required technical metadata. Processed ephemerally.

4.7 Non-Custodial Wallet Technical Data

Public wallet addresses, public keys, transaction identifiers (hashes), token or asset identifiers, and transaction metadata required to display wallet activity and facilitate interactions with third-party crypto services.

Private keys and recovery phrases are not processed by OK.secure.

4.8 Financial Integration Technical Data

Limited technical status and integration data related to OK.pay services. No banking credentials, card numbers, or transaction details are processed by OK.secure.

5. Purposes and Legal Bases of Processing

  • Contract performance (Art. 6(1)(b) GDPR)
  • Legal obligations (Art. 6(1)(c) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR – security, abuse prevention)
  • Consent, where applicable (Art. 6(1)(a) GDPR)

6. Encryption, Security, and Key Management

OK.secure uses end-to-end encryption. Cryptographic keys are generated and stored on user devices. Blockchain technology is used only for wallet and crypto functionality, not for message key management.

7. Encrypted Cloud Storage

Encrypted data may be stored on secure cloud infrastructure. Content remains encrypted at rest; decryption keys remain client-side. Cloud providers act as processors under Art. 28 GDPR.

8. AI Tools and Automated Processing

AI features ("OK.ai") are provided via third-party AI services operated through Amazon Web Services (Amazon Bedrock).

OK.secure:

  • Does not develop, train, or host AI models
  • Acts solely as an integrator and interface provider
  • Does not permit AI providers to use data for training or profiling

No automated decision-making under Art. 22 GDPR occurs.

9. Crypto and Non-Custodial Wallet Services

9.1 Non-Custodial Wallet (Self-Custody)

The OK.secure crypto wallet is a non-custodial (self-custody) wallet.

  • Private keys and recovery phrases remain under user control
  • OK.secure does not custody assets
  • OK.secure cannot recover wallets or restore funds

Users are solely responsible for safeguarding their recovery credentials.

9.2 Use of Third-Party Crypto Service Providers

OK.secure does not itself provide buying, selling, exchanging, transferring, or spending of cryptocurrency.

All such services are provided exclusively by third-party providers, including:

  • Coinify ApS – buying, selling, and exchanging crypto
  • OnRamper B.V. – fiat-to-crypto on-ramps
  • Changelly – crypto-to-crypto exchange services
  • Bitrefill AB – spending crypto on goods and services

These providers act as independent data controllers.

Their privacy policies and terms apply.

9.3 Know-Your-Customer (KYC) Requirements

Where required by law, third-party crypto providers may require identity verification (KYC).

  • KYC data is processed solely by the respective provider
  • OK.secure does not collect or store KYC data
  • This may apply to crypto-to-crypto exchange services (e.g., Changelly)

9.4 Public Blockchain Data

Blockchain networks are inherently transparent. Public addresses, transaction hashes, timestamps, and amounts may be publicly visible. OK.secure does not control blockchain records.

9.5 Network Access and Technical Communication

Wallet functionality may involve technical communication with blockchain infrastructure to display balances or initiate user-requested actions.

OK.secure minimizes data collection and does not use technical data for analytics or advertising.

9.6 No Blockchain Surveillance by OK.secure

OK.secure does not independently perform blockchain surveillance, sanctions screening, or transaction monitoring.

Any such checks are performed only by third-party crypto providers in the context of their regulated services.

9.7 Third-Party Applications and External Services

Interactions with external dApps or services occur under those providers’ own terms and privacy policies.

10. E-Banking, Payment and Card-Based Financial Services (OK.pay)

OK.pay is a Prisma Payments EP S.A. product integrated into OK.secure.

Prisma Payments EP S.A. acts as the independent data controller for:

  • Financial accounts
  • Payments
  • VISA debit card issuance
  • KYC/AML compliance

OK.secure:

  • Is not a bank or payment institution
  • Does not hold funds or issue cards
  • Does not process PANs, CVVs, or PINs

Users should review the OK.pay Privacy Policy and Prisma Payments EP S.A. Privacy Policy provided on www.ok-pay.com for details on financial data processing.

11. Analytics and Tracking

OK.secure does not use personal data for analytics, profiling, or behavioral tracking. Only anonymized technical monitoring is used for reliability and security.

12. Law Enforcement Requests

Requests are reviewed for legality and proportionality. Only legally required data is disclosed. Users are notified where permitted.

13. International Data Transfers

Transfers are protected via adequacy decisions, Standard Contractual Clauses, and safeguards.

14. Data Retention

Data is retained only as long as necessary, then deleted or anonymized.

15. Data Subject Rights

Users have rights under Articles 15–22 GDPR.

Requests: [email protected]

16. Supervisory Authority

Users may lodge a complaint with a competent supervisory authority (Art. 77 GDPR).

17. Security Measures

Encryption, access controls, incident response, and regular security reviews are in place.

18. Policy Changes

Updates will be communicated appropriately.

19. Contact

OK.de Services GmbH
Email: [email protected]

Need help? Get Support
To top