Privacy Policy

2.1 Information You Provide Directly

• Account Information: Name, email address, username, password, phone number, date of birth
• Identity Verification: Government-issued ID, proof of address, selfie photos for KYC/AML compliance
• Financial Information: Wallet addresses, transaction history, payment methods, bank account details (if applicable)
• Profile Information: Profile picture, bio, preferences, settings
• Communication: Messages, support tickets, feedback, survey responses
• Referral Information: Referral codes, referred users' information

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers, mobile network information
• Usage Data: Pages visited, features used, time spent, click patterns, search queries
• Transaction Data: Transaction amounts, timestamps, asset types, wallet addresses (public blockchain data)
• Location Data: General location based on IP address (we do not collect precise GPS location)
• Log Data: Server logs, error reports, performance data, security events

2.3 Information from Third Parties

• Identity verification services for KYC/AML compliance
• Credit bureaus or financial institutions (with your consent)
• Blockchain analytics providers for transaction monitoring
• Social media platforms (if you connect your account)
• Public blockchain data and on-chain analytics

3.1 Service Provision

• Create and manage your account
• Process transactions and execute trades
• Provide platform features and services
• Facilitate wallet connections and asset management
• Enable AI portfolio management and vault services
• Process credit line applications and approvals

3.2 Compliance and Security

• Verify your identity (KYC/AML requirements)
• Comply with legal obligations and regulatory requirements
• Detect and prevent fraud, money laundering, and other illegal activities
• Monitor transactions for suspicious activity
• Enforce our terms of service and policies
• Protect platform security and user safety

3.3 Communication

• Send transaction confirmations and account notifications
• Respond to your inquiries and support requests
• Send important updates about our services
• Provide marketing communications (with your consent)
• Send security alerts and account activity notifications

3.4 Improvement and Analytics

• Analyze usage patterns and platform performance
• Improve and optimize our services
• Develop new features and functionality
• Conduct research and analytics
• Personalize your experience

3.5 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Contract: To fulfill our contract with you (providing services)
• Legal Obligation: To comply with legal requirements (KYC/AML, tax reporting)
• Legitimate Interest: To improve services, prevent fraud, ensure security
• Consent: For marketing communications and optional features

4.1 With Your Consent

We may share your information with third parties when you explicitly consent, such as connecting your account to external services or participating in referral programs.

4.2 Service Providers

We share information with trusted service providers who assist in our operations:

• Cloud hosting and infrastructure providers
• Identity verification and KYC/AML service providers
• Payment processors and financial service providers
• Analytics and data processing services
• Customer support and communication platforms
• Security and fraud prevention services

These providers are contractually obligated to protect your information and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or government request, including:

• Court orders, subpoenas, or legal processes
• Regulatory investigations or audits
• Tax reporting requirements
• Anti-money laundering and counter-terrorism financing obligations
• Protecting rights, property, or safety

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.

4.5 Public Blockchain Data

Transactions on public blockchains are permanent and publicly visible. Wallet addresses and transaction data on public blockchains cannot be deleted or made private. We do not control blockchain data.

5.1 Technical Safeguards

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security audits and penetration testing
• Multi-signature wallets and cold storage for assets
• Intrusion detection and monitoring systems
• Regular security updates and patches

5.2 Organizational Safeguards

• Employee training on data protection
• Access controls and least-privilege principles
• Background checks for employees with data access
• Regular security assessments and reviews
• Incident response procedures

5.3 Limitations

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. Users are responsible for maintaining the security of their account credentials and private keys.

5.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant authorities within 72 hours, as required by GDPR and other applicable laws.

6.1 Retention Periods

• Account Information: Retained while your account is active and for 7 years after account closure (for legal and tax compliance)
• Transaction Records: Retained for 7 years (regulatory requirement)
• KYC/AML Documents: Retained for 5-7 years after account closure (regulatory requirement)
• Marketing Data: Retained until you opt out or withdraw consent
• Support Communications: Retained for 3 years after last contact
• Log Data: Retained for 1-2 years for security and troubleshooting

6.2 Deletion

Upon request or account closure, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or legitimate business purposes. Note that blockchain transaction data cannot be deleted.

7.1 Access Rights

You have the right to access and receive a copy of your personal information. You can access most information through your account dashboard or by requesting a data export.

7.2 Correction Rights

You can update or correct inaccurate information through your account settings or by contacting support. We may require verification before making changes.

7.3 Deletion Rights

You can request deletion of your personal information, subject to legal and regulatory retention requirements. Account deletion may take up to 30 days.

7.4 Portability Rights

You can request a copy of your data in a structured, machine-readable format. We will provide this within 30 days of your request.

7.5 Objection Rights

You can object to processing of your information for certain purposes, such as direct marketing or legitimate interests. We will honor your request unless we have compelling legitimate grounds.

7.6 Restriction Rights

You can request restriction of processing in certain circumstances, such as when you contest the accuracy of data or object to processing.

7.7 Withdrawal of Consent

Where processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

7.8 Exercising Your Rights

To exercise these rights, contact us at [email protected]. We will respond within 30 days (or as required by applicable law). We may require identity verification before processing requests.

8.1 Types of Cookies

• Essential Cookies: Required for platform functionality (authentication, security)
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

8.2 Third-Party Tracking

We use third-party analytics services (e.g., Google Analytics) that may use cookies and tracking technologies. These services have their own privacy policies.

8.3 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit platform functionality. You can also opt out of certain tracking through our cookie preferences.

9.1 Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding corporate rules
• Other legal mechanisms as required

9.2 EEA Transfers

For transfers from the EEA, we ensure adequate protection through GDPR-compliant mechanisms. You can request details about specific transfer mechanisms.