Privacy Policy

Capital Wallet acts as the data controller for the personal data you provide when using our platform. If you have any questions about how we handle your data, please contact our Data Protection Officer at [email protected].

We collect the following categories of personal data:

• Identity data: Full name, date of birth, nationality, government-issued ID documents.
• Contact data: Email address, phone number, residential address.
• Financial data: Source of funds, income range, net worth, transaction history.
• Technical data: IP address, browser type, device information, login timestamps.
• Compliance data: KYC verification results, AML risk scores, PEP and sanctions screening results.
• Communications data: Support ticket contents and correspondence with our team.

We process your personal data for the following purposes:

• Account management: To create and manage your Capital Wallet account.
• Legal compliance: To fulfil our KYC, AML, and MiCA regulatory obligations.
• Service delivery: To process deposits, withdrawals, and conversions.
• Security: To detect and prevent fraud, unauthorised access, and other illegal activities.
• Customer support: To respond to your enquiries and resolve disputes.
• Marketing: To send you product updates and promotional communications, where you have opted in.

We rely on the following legal bases under GDPR:

• Contract performance: Processing necessary to provide our services to you.
• Legal obligation: Processing required to comply with MiCA, AML Directive, and other applicable laws.
• Legitimate interests: Fraud prevention, security monitoring, and platform improvement.
• Consent: Marketing communications and optional data uses where you have given your consent.

We may share your personal data with:

• Identity verification providers: We use Sumsub to conduct KYC and AML screening.
• Regulatory authorities: We may be required to share data with financial intelligence units or competent authorities.
• Service providers: Trusted third parties who process data on our behalf (e.g., cloud hosting, email delivery), subject to appropriate data processing agreements.

We do not sell your personal data to third parties.

We retain your personal data for as long as your account is active and for a minimum of 5 years after account closure, in accordance with our AML and regulatory obligations. Certain data may be retained for longer periods where required by law.

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data, subject to our legal retention obligations.
• Right to restriction: Request that we limit our processing of your data in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at [email protected].

We use essential cookies to operate our platform (e.g., authentication session cookies). We do not use tracking or advertising cookies. You can manage cookie preferences through your browser settings.

Your data is stored and processed within the EU/EEA. Where we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption, access controls, and regular security audits.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice within the platform. The date at the top of this page indicates when the policy was last revised.

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your national data protection authority. A list of EU supervisory authorities is available on the European Data Protection Board website.

For any privacy-related questions or requests, please contact:

Data Protection Officer
[email protected]