Data Protection & GDPR
What Data We Collect
- Identity Data: Name, email, phone (for KYC)
- Financial Data: Transaction history, balances (for service delivery)
- Technical Data: IP address, browser type (for security)
Your GDPR Rights
1. Right of Access: Download all your data from Settings > Privacy
2. Right to Rectification: Update your profile information anytime
3. Right to Erasure: Request account deletion (subject to regulatory retention)
4. Right to Portability: Export your data in machine-readable format
5. Right to Object: Opt out of marketing communications
How We Protect Your Data
- AES-256 encryption at rest
- TLS 1.3 in transit
- KYC documents processed by SumSub (not stored on our servers)
- Regular security audits and penetration testing
- Data retention: minimum required by MiCA/AML regulations
Data Breach Notification
In the unlikely event of a data breach, we notify affected users within 72 hours as required by GDPR Article 33.