Privacy Policy

Effective: October 1, 2015 00:00 UTC. Version 6.1

Summary

We believe privacy is a universal right, and our business is to help you secure it by protecting your digital information and your anonymity. We do not ask for or collect your name, address or any other personally identifying information. You may create any username and Kahuna™ ID you like, so long as they meet formatting rules and are not being used by someone else. We urge you to use words and phrases that are meaningful to you but which do not identify you personally. You can download and install and run our applications anonymously, and you can use various identified or anonymous payment methods to purchase Kahuna™ Traffic Credits. Put simply…

What personal info do we collect? Nothing. Who do we tell? Everyone.

You are required to supply a working email address, but there is no requirement that it identify you personally. You may also supply a mobile phone number to which we can send text messages containing web account change verification codes, but this is not required and can be done via email instead.

Information we collect and save

Web Account: We collect and associate with your web account the user name or alias you supply when you sign up, the email address(es) you supply, and the Kahuna™ ID you create for yourself. You may use any web account name and Kahuna™ ID you like, provided they meet formatting rules and are not being used by someone else.

Web Account Reset and New Device Verification: When you sign up for our services we ask you to create an account PIN and a separate change verification code, both of which we save and associate with your web account for use when you need to add or remove a device or reset your account. Exclusively at your option, you can also provide us with a mobile phone number to which we can send text messages when any such change is requested, in which case we save and associate that number with your web account. A mobile phone number is NOT required, it's merely a convenience option.

Kahuna™ Traffic Credits: We collect and save a running total amount of Kahuna™ Traffic Credits you purchase, expressed in bytes, and associate that number with your web account. When you use the Service, we debit the number of bytes you use from your total credit. We save only that balance as a single number.

Your Data: When you use our Services, your data is encrypted by open-source plug-ins on the originating device using keys known only to the sender(s) and recipient(s) and that exist only on their devices. All keys are owned exclusively by users; we have no keys and we have no ability to decrypt or access the 'plain text' versions of any data. If a recipient is not online at the time a transfer occurs, we will temporarily cache (store) the encrypted data until the recipient picks it up, or an expiration time is reached.

Cookies: We use cookies to improve our web-based Services. For example, cookies help us remember your username for your next visit, understand how you are interacting with our web-based Services, and help us to improve them based on that information. However, you can set your browser to not accept cookies, and this will not have a material negative impact on your ability to use the Services, but it may result in inconveniences such as having to reenter your username each time you log into web-based Services.

Device information: We collect basic device information such as the name you give your device and the amount of memory or storage available on it. This helps us to avoid sending more data to a device than it can handle. However, we do NOT collect or save any form of personally identifying information from the device or about how you use it, even if the device offers such data to us.

Error Reports: If one of our products experiences an error, at your option you can use a built-in error reporting facility to send us an Error Report, along with your comments about what you were doing when it occurred. Error Reports contain the name of the program modules that were executing at the time the error occurred, as well as other technical information about the program's state and in some cases basic information about your device (such as whether you ran out of disk space or memory). Error Reports do NOT contain user data and are NOT sent unless you explicitly decide to do so, on a per-report basis. The entire content of the data to be sent is readable in the report before you send it.

Business Partners: We have carefully vetted business partners with whom we may share basic technical information in the event of various types of attack on our Service, such as penetration attempts or DDoS attacks. That data does NOT include any type of Personally Identifying Information because we don't collect any in the first place. If you specifically 'opt-in' to receive operational or service notifications, or special offers from us or our partners, we may share your publicly visible email address with those business partners who administer or deliver such information, but we do NOT share any other account or usage information because we have none.

Financial Transaction Information

We ourselves do NOT collect or record any sort of financial information about you or your transactions with us.

Like all online vendors, when you purchase our Services we temporarily pass your web session to an online card payment processor and wait for them to tell us whether or not your payment was processed. If they tell us it was approved, the only data we record and associate with your account is the amount of Kahuna™ Traffic Credits, expressed in bytes, that your payment corresponds to, and a Transaction-Key that can be used to subtract those bytes of credit, should you later dispute your purchase or it is otherwise cancelled. No other financial information of any kind is recorded by us. However…

Although that's the entire story as far as our services are concerned, it's not the entire picture because credit card payments and bank transfers leave records. These are kept by banks, card processing companies, and many governments, and are entirely outside our control. If the existence of such records is a concern for you, click here to learn various ways to pay for our Services anonymously using postal money orders, cash over the counter for Kahuna™ and other types of gift cards at retail establishments, or various forms of anonymous electronic currency.

Information we do NOT save

Location data: We do NOT collect or save any form of location (GPS) data. If your device transmits its location to us anyway, we disregard it (and we think you should turn off such features, if your device allows you to do so).

IP Addresses in our web services: We do NOT normally save the IP addresses of devices that use our website(s). When you use our website(s) to create or manage your account, add devices or obtain Kahuna™ Traffic Credits we retain your IP address in memory only, and only for as long as necessary to complete your session (typically a few minutes). When that session is complete we discard the IP address, UNLESS we detect it is clearly being used as part of an attack or other form of illegal penetration attempt of our Services, in which case it will be logged and may be denied further access. It may also be subject to additional security-related analysis by us or our business partners.

IP Addresses in our apps and the Kahuna™ network: Customer IP addresses are NOT used by Kahuna™ to route data internally and they are NOT transported through the network. Consequently, both senders and recipients cannot determine each other's IP addresses. The IP address of your device is known to the Kahuna™ node (server) it contacts to initiate a data exchange, and is kept in that one node's memory only for so long as data is being transported. When the data exchange is complete that node discards the IP address, UNLESS we detect it is clearly being used as part of an attack or other form of illegal penetration attempt of our Service, in which case it will be logged and may be denied further access. It may also be subject to additional security-related analysis by us or our business partners.

Using our services with VPNs: You may access our Web Services and use our applications and the Kahuna™ Network with VPNs without restriction. This will allow you to hide your IP address, which we permit and encourage you to do. We have successfully tested several VPN providers. Please note that depending on the VPN provider you may experience fluctuations in performance outside our control.

Kahuna™ IDs: We do NOT collect or save the Kahuna™ IDs of the users you communicate with or the devices you synchronize with.

Advertising: We do NOT accept advertising and we have no advertising-related sponsorship or revenue of any kind. Nor do we sell or trade what little data we do possess, Ever.

Pixel Tags: We do NOT use pixel tags

Cross-site Tracking: We do NOT engage in any kind of cross-site tracking.

Application Usage Patterns. We do NOT collect, record or perform of any kind analysis of individually identifying usage patterns over time or by any other metric, all we keep is a running balance of the amount of Data Credit you have remaining. When you run low we alert you 'in-app' and at your option also via email.

Website Usage Patterns: We use basic web site traffic analysis and aggregate demographic information, but we do NOT collect, record or perform of any kind analysis of individually identifying usage patterns over time or by any other metric.

Logs: We do NOT log any information associated with the use of the Kahuna™ network, including file or other data transfers, voice or video calls, instant messages or any other use. We do NOT log any authenticated web requests. The logs generated from other web traffic do not include any identifying information, and are limited to only protocol-related errors. Our goal is to have nothing meaningful to disclose to any third party.

Information sharing

We may share what little information we have with others under the conditions listed below:

Others working for us: We use certain trusted third parties to help us provide, improve and protect our Services. These third parties will access your information only to perform tasks on our behalf and in compliance with this Privacy Policy.

Other users: At your exclusive option, you can decide to allow our web-based Services to display your name or nickname (alias) and an email address to other web-based Service users so they can find and invite you to share with them. This is NOT required. Of course, you can always share your Kahuna™ ID with others using channels having nothing to do with us, such as in a phone conversation or email exchange.

Law & Order: We may disclose your information to third parties if we determine that such disclosure is necessary to comply with the law, protect any person from death or serious bodily injury, prevent fraud or abuse of our Services or our users, or protect our property rights. If we are ordered to disclose information by legitimate legal process, the only data we can supply is that which you supplied to us when you signed up for our services, and copies of the encrypted data stream your device sent into the network, should it still be there (once data is delivered it ceases to exist in the network, so the presence of encrypted data for a given user is extremely improbable). User data exists in the Kahuna™ network ONLY in an encrypted form, and only the sender and recipient have decryption keys. We have absolutely no access to the content, and of course we can’t disclose what we don’t have access to. These and related issues are discuss in further detail in the "Illegal Conduct" and "Legal Compliance" paragraphs of our "Terms of Service".

Advertisers and other third parties: We carry no advertising and therefore have no need to and do not collect the types of personally identifying data that would interest advertisers. We do not sell, rent, lease or in any other way disclose information of any sort to advertisers or other third parties.

Safe Harbor: MetaLuminous complies with the EU-U.S. and Swiss-U.S. Safe Harbor ("Safe Harbor") frameworks and principles. (Compliance for us is trivial because we collect no personal data to begin with). You can learn more about Safe Harbor by visiting http://export.gov/safeharbor. TRUSTe is the independent organization responsible for reviewing and resolving complaints about Safe Harbor compliance. Should you have a concern you agree to first submit such complaints directly to us at support@merlin.world. If you aren't satisfied with our response, please contact TRUSTe at http://truste.com.

Transparency

Because we hold no meaningful information about our customers, it's unlikely that we will receive very many information requests from law enforcement agencies. However, if we do and to the maximum extent permitted by law, every 6 months we will post:

  • How many requests we received from law enforcement and government agencies worldwide.
  • How many customers this involved.
  • What agencies or organizations made the request.

As of out latest Transparency Report for the period ending 1 October, 2015 there were zero requests.

Information Protection

All web account information is stored only in an encrypted form. Only iterated, "salted hashes" of web account credentials (passwords, PINs and change verification codes) are stored, not the plain-text passwords or codes themselves. Additionally, all hashed data is then stored only in an encrypted database. We do not possess any end-user credentials or encryption keys so there is nothing to protect.

Changes

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you at the email address associated with your web account.

Contact

If you have questions or concerns about our Services and privacy please feel free to contact us at support@merlin.world.