Privacy Policy

Version privacy-2026-04-02-v1 • Effective 2026-04-02

Quick summary

We process personal data to provide secure crypto account services, wallet operations, referral analytics, and support. We apply role-based controls, transport security (including encrypted request/response handling where configured), and monitoring for abuse prevention. You can request privacy rights based on your region.

Data controller identity and contact

Controller: [PLACEHOLDER: Legal Entity] • Contact: [PLACEHOLDER: privacy email] • DPO/Privacy Lead: [PLACEHOLDER: DPO contact].

Categories of personal data collected

  • Account and identity: email, account identifiers, KYC verification artifacts where required.
  • Transaction and wallet: wallet IDs, transaction metadata, balance movement events.
  • Technical/security telemetry: IP/device signals, request logs, abuse prevention indicators.
  • Referral/campaign analytics: attribution source, referral performance and manager analytics.
  • Support communications: tickets, complaint messages, troubleshooting records.

Sources of data

  • Provided directly by users.
  • Collected automatically through app and security logs.
  • Received from verification, compliance, or infrastructure vendors.

Purposes and legal bases

We process data to provide services, secure accounts, comply with legal duties, and improve operations.

Data categoryPurposeLegal basis (GDPR)Retention
Account/IdentityAccount provisioning and authenticationContract + legal obligation[PLACEHOLDER]
Wallet/TransactionsExecution and audit recordsContract + legitimate interests[PLACEHOLDER]
Technical/SecurityFraud prevention, security monitoringLegitimate interests + legal obligation[PLACEHOLDER]
Referral/Manager AnalyticsProgram reporting and attributionLegitimate interests[PLACEHOLDER]
Support CommunicationsIssue resolution and complaints handlingContract + legitimate interests[PLACEHOLDER]

Sharing and disclosure categories

  • Service providers (hosting, support tooling, analytics, communications).
  • Compliance/legal authorities where required by law.
  • Fraud prevention and security vendors.
  • Corporate transaction counterparties under confidentiality controls.

International transfers and safeguards

Where data moves across borders, we use lawful safeguards such as standard contractual clauses and equivalent transfer mechanisms where required.

Retention periods

Retention is based on service necessity, legal requirements, dispute windows, and security obligations.

User rights by region

  • GDPR-style rights: access, rectification, deletion, portability, restriction, objection, complaint.
  • CCPA/CPRA-style rights: know, delete, correct, and opt-out rights where applicable.
  • Request process: submit via [PLACEHOLDER: rights request form endpoint].

Automated decision-making and profiling

We may use automated risk signals for abuse prevention and security triage. Significant legal effects are subject to additional review controls where required.

Security measures summary

  • Role-based access controls and principle of least privilege.
  • Security logging, anomaly monitoring, and abuse prevention telemetry.
  • Transport security controls, including encrypted payload handling where enabled.

Children/minor policy

Services are not intended for children under [PLACEHOLDER: age].

Cookies and tracking

Cookie and tracking details are described in our Cookie Policy. Terms references are available in Terms of Service.

Changes and notifications

Material changes are announced by in-app notice, email, and/or policy changelog panel.

Policy version and changelog panel

  • Current version: privacy-2026-04-02-v1
  • Effective date: 2026-04-02
  • [PLACEHOLDER: changelog entries]

Compliance checklist

  • Category-purpose-basis-retention mapping table included.
  • Rights by region and request flow included.
  • Cross-links to Terms and Cookie policies included.
  • DPO/contact placeholders included for legal completion.

Frontend implementation notes

  • Use section-level quick summaries and anchor navigation.
  • Add last updated timestamp component from effective date/version block.
  • Render changelog panel and rights-request CTA.
  • Provide mobile collapsible section mode for compact reading.