Made with Kleap
Legal

Privacy Policy

Last updated: January 2025

This Privacy Policy describes how CoinVault ("we", "our", "the Company") collects, uses, stores, and discloses personal information when you use our website, products, and services. We are committed to protecting your privacy and handling your data in a transparent, lawful, and secure manner in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

We collect the following categories of information:

  • Identity Data: Full legal name, date of birth, nationality, government-issued ID numbers (passport, driver's license, national ID).
  • Contact Data: Email address, phone number, residential address.
  • Financial Data: Source of funds, source of wealth, bank account details (where applicable for fiat on-ramp), transaction history.
  • Technical Data: IP address, browser type, device identifiers, operating system, timestamps, session logs.
  • Behavioral Data: Pages visited, features used, interaction patterns, referral source.
  • Blockchain Data: Public wallet addresses, transaction hashes, on-chain activity related to your account.

2. How We Use Your Information

We process your personal data only for lawful purposes, including:

  • Identity verification (KYC) and sanctions screening (AML).
  • Operating, maintaining, and improving the CoinVault platform and services.
  • Processing transactions and maintaining account records.
  • Detecting, preventing, and reporting fraud, money laundering, and other illegal activity.
  • Complying with legal, regulatory, and tax reporting obligations.
  • Communicating service updates, security alerts, and (with consent) marketing materials.
  • Enforcing our Terms of Service and protecting our legal rights.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data on the following legal bases: (a) performance of a contract โ€” to deliver the services you have signed up for; (b) legal obligation โ€” to comply with KYC, AML, and tax laws; (c) legitimate interests โ€” to secure our platform and prevent fraud, where your rights do not override those interests; and (d) consent โ€” for non-essential cookies and marketing communications, which you may withdraw at any time.

4. Cookies & Tracking

CoinVault uses first-party and select third-party cookies. Strictly necessary cookies enable core functionality (authentication, security, transaction processing). Analytics cookies help us understand platform usage. You can manage cookie preferences via your browser settings or our cookie consent banner. Disabling certain cookies may limit platform functionality.

5. Data Sharing & Disclosure

We do not sell personal data. We may share data with:

  • Regulatory authorities, tax agencies, and law enforcement where legally required.
  • Identity verification and sanctions screening providers (e.g., Jumio, Onfido, Chainalysis).
  • Custody and banking partners involved in transaction processing.
  • Auditors, legal counsel, and professional advisors under confidentiality.
  • Service providers (hosting, email, analytics) bound by data processing agreements.
  • A successor entity in the event of a merger, acquisition, or sale of assets.

6. International Data Transfers

We may transfer your data to countries outside your jurisdiction. Where required, we use Standard Contractual Clauses (SCCs) or rely on adequacy decisions. By using CoinVault, you understand that your data may be processed in jurisdictions with different data protection standards than your home country.

7. Data Retention

We retain personal data for as long as your account is active and for a minimum of 5 years after closure, as required by AML regulations. Technical logs are retained for 12 months. We delete or anonymize data when it is no longer needed for the purposes described in this Policy.

8. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data, subject to legal retention requirements.
  • Restrict or object to certain processing activities.
  • Data portability โ€” receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with a supervisory authority.

9. Security Measures

We implement industry-standard technical and organizational safeguards, including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, multi-party computation for sensitive operations, regular penetration testing, and 24/7 security monitoring. No system is 100% secure; we cannot guarantee absolute security of your data.

10. Children's Privacy

CoinVault services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email and a prominent in-app notice at least 30 days before they take effect. Continued use of CoinVault after the effective date constitutes acceptance of the revised policy.

12. Contact

For privacy-related requests, contact our Data Protection Officer at privacy@coinvault.io or via our Contact page.