Legal

Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, store, and protect your personal information when you use KryptoMate.

Last updated: February 2026Effective immediately

1. Introduction

KryptoMate ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile applications, interact with our Telegram bot, access our API, or use any of our services (collectively, the "Platform"). By using our Platform, you consent to the data practices described herein.

This policy applies to all users globally and is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy legislation.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when creating an account, making purchases, or contacting support:

  • Identity Information — Full legal name, date of birth, nationality, and government-issued identification documents (passport, national ID, driver's license) for KYC verification.
  • Contact Information — Email address, phone number, and mailing address.
  • Financial Information — Cryptocurrency wallet addresses, transaction history, payment card details (processed by our PCI-compliant payment partners), and billing information.
  • Account Information — Username, password (stored as a salted hash, never in plaintext), account preferences, language settings, and communication preferences.
  • Verification Documents — Government-issued ID scans, proof of address documents (utility bills, bank statements), selfie photos, video verification recordings, and source of funds declarations.
  • Travel Information — Passenger names, passport details, frequent flyer numbers, travel preferences, and special assistance requirements (for flight and hotel bookings).
  • Support Communications — Messages, attachments, and metadata from support tickets, live chat, and email correspondence.

2.2 Information Collected Automatically

When you access our Platform, we automatically collect:

  • Device Information — Device type, operating system, browser type and version, screen resolution, language settings, and unique device identifiers.
  • Usage Data — Pages visited, features used, products viewed, search queries, time spent on pages, click patterns, and navigation paths.
  • Network Information — IP address, internet service provider, approximate geographic location (city/region level), and connection type.
  • Log Data — Access timestamps, error logs, referring URLs, exit pages, and server response times.
  • Transaction Metadata — Blockchain transaction hashes, confirmation times, network fees, and wallet interaction patterns.

2.3 Information from Third Parties

We may receive information from trusted third-party sources, including:

  • Identity verification and fraud prevention services (e.g., Sumsub, Onfido).
  • Blockchain analytics providers (e.g., Chainalysis, Elliptic) for transaction risk scoring.
  • Payment processors (Binance Pay, KuCoin Pay, Bybit Pay, Gate.io) for transaction confirmations.
  • Airline and hotel booking systems (Amadeus GDS, accommodation aggregators) for reservation confirmations.
  • Publicly available blockchain data and sanctions screening databases.
  • Social login providers (Apple, Google) if you choose to authenticate via third-party accounts.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery — Processing orders, delivering digital products, managing hotel and flight reservations, issuing virtual cards, and providing customer support.
  • Identity Verification — Complying with KYC/AML regulations, verifying your identity, and preventing fraud and financial crime.
  • Transaction Processing — Processing cryptocurrency and card payments, tracking order status, managing refunds, and reconciling accounts.
  • Travel Services — Communicating passenger information to airlines and hotels, managing booking modifications, and facilitating check-in processes.
  • Platform Improvement — Analyzing usage patterns, conducting A/B testing, improving product recommendations, and enhancing Platform functionality and performance.
  • Communication — Sending order confirmations, delivery notifications, booking updates, flight status alerts, account security alerts, and service announcements.
  • Marketing — Sending promotional offers, personalized recommendations, and newsletters where you have provided explicit opt-in consent. You may opt out at any time.
  • Security & Fraud Prevention — Detecting, investigating, and responding to fraud, unauthorized access, security threats, and suspicious activity.
  • Legal Compliance — Complying with applicable laws, regulations, court orders, and governmental requests, including tax reporting obligations.
  • Wholesale & API — Managing wholesale accounts, monitoring API usage, enforcing rate limits, and providing business analytics to wholesale partners.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR and applicable privacy laws:

  • Contractual Necessity — Processing necessary to perform our contract with you, including order fulfillment, account management, and service delivery.
  • Legal Obligation — Processing necessary to comply with legal requirements, including AML/KYC regulations, tax reporting, sanctions screening, and law enforcement requests.
  • Legitimate Interests — Fraud prevention, platform security, service improvement, and business analytics, where these interests are not overridden by your rights.
  • Consent — Marketing communications, non-essential cookies, and optional data sharing. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information with the following categories of recipients:

  • Service Providers — Trusted third parties assisting in platform operations, including cloud hosting (AWS), payment processing, identity verification, email delivery, analytics, and customer support tools.
  • Product Suppliers & Partners — Gift card issuers, game publishers, eSIM providers, mobile carriers, and other product suppliers as necessary to fulfill your orders.
  • Travel Partners — Airlines, hotels, accommodation providers, and lounge operators as necessary to process and manage your travel bookings.
  • Legal & Regulatory — Law enforcement agencies, regulatory authorities, Financial Intelligence Units, and courts when required by law, regulation, or valid legal process.
  • Fraud Prevention — Fraud prevention services, blockchain analytics providers, and sanctions screening services to protect the Platform and its users.
  • Business Transfers — In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction, subject to equivalent privacy protections.

6. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, which may have different data protection laws. When we transfer personal data internationally, we implement appropriate safeguards to ensure adequate protection, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all third-party processors.
  • Adequacy decisions where applicable.
  • Technical and organizational security measures to protect data in transit and at rest.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, subject to the following minimum retention periods:

  • Account Data — Retained for the duration of your active account and for a reasonable period (up to 2 years) after account closure to handle any post-closure inquiries.
  • Transaction Records — Minimum five (5) years after the transaction date, as required by AML regulations and tax reporting obligations.
  • KYC/Verification Documents — Minimum five (5) years after the end of the business relationship, as required by applicable AML regulations.
  • Travel Booking Records — Minimum three (3) years after the travel date for dispute resolution and regulatory compliance.
  • Support Communications — Retained for two (2) years after resolution for quality assurance and dispute resolution.
  • Marketing Preferences — Retained until you withdraw consent or unsubscribe.
  • Log & Analytics Data — Retained for up to twelve (12) months, then anonymized or deleted.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption of all data in transit using TLS 1.3 and at rest using AES-256.
  • Secure server infrastructure hosted on enterprise-grade cloud platforms with SOC 2 compliance.
  • Role-based access controls, principle of least privilege, and multi-factor authentication for all internal systems.
  • Regular security audits, penetration testing, and vulnerability assessments by independent third parties.
  • Automated intrusion detection, DDoS protection, and real-time security monitoring.
  • Incident response procedures with defined escalation paths and notification timelines.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access — Request a copy of the personal data we hold about you, including the purposes of processing and categories of recipients.
  • Right to Rectification — Request correction of inaccurate or incomplete personal data.
  • Right to Erasure — Request deletion of your personal data, subject to legal retention obligations (AML/KYC records cannot be deleted during the mandatory retention period).
  • Right to Restrict Processing — Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability — Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object — Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on your consent.
  • Right to Lodge a Complaint — File a complaint with your local data protection supervisory authority.
  • Right to Non-Discrimination — Exercise your privacy rights without receiving discriminatory treatment (CCPA).

To exercise any of these rights, contact us at [email protected]. We will verify your identity and respond within 30 days (or as required by applicable law). Certain requests may be subject to legal limitations.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze Platform usage:

  • Essential Cookies — Required for core Platform functionality, including session management, authentication, security tokens, and shopping cart persistence. Cannot be disabled.
  • Analytics Cookies — Help us understand how users interact with the Platform, measure performance, and identify areas for improvement. We use privacy-focused analytics.
  • Preference Cookies — Remember your settings, language preferences, theme selection, and recently viewed products.
  • Marketing Cookies — Used to deliver relevant advertisements and measure campaign effectiveness. Only set with your explicit consent.

You can manage cookie preferences through the consent banner displayed on your first visit, or through your browser settings at any time. Disabling essential cookies may impair Platform functionality.

11. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at [email protected].

12. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no industry-standard interpretation. However, you can control tracking through our cookie consent mechanism and browser settings.

13. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. Material changes will be communicated via a prominent notice on the Platform, email notification, or both. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy regularly.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

KryptoMate — All rights reserved