FiatKey Privacy Notice

1. Scope & status

This notice applies to the fiat-to-digital-asset preview tools offered at fiatkey.com and any related subdomains. The current build does not require account creation, identity documents, or telemetry. If you voluntarily contact us (for example, via the email links provided), we will process the information you supply solely to respond to your inquiry and will delete it once the conversation concludes unless law requires retention.

2. Data categories & legal bases

When the production platform launches, we expect to process the following categories of personal data under GDPR Article 6(1)(b) (contract), 6(1)(c) (legal obligation), and 6(1)(f) (legitimate interests):

• Identification data (name, government ID details) for KYC / KYB onboarding mandated by AML regulations.
• Contact data (email, phone, business role) to deliver operational notices.
• Transaction artifacts (routing preferences, wallet addresses, bank references) to perform exchanges and comply with audit obligations.
• Technical telemetry (device type, log events) to secure the service and troubleshoot incidents.

We will request explicit consent before processing any optional analytics or marketing data, consistent with PECR and ePrivacy guidance.

3. How we plan to use data

Personal data will be used to:

• Verify eligibility, prevent fraud, and satisfy sanctions screening requirements.
• Provide customer support, investigate disputes, and service transactions.
• Maintain regulatory records, including suspicious activity reports and tax-related filings.
• Improve user experience, accessibility, and routing accuracy while balancing privacy with legitimate interests.

4. Cookies & local storage

The live preview uses only necessary cookies for session security and to remember your consent selection. Preference, analytics, and marketing cookies remain disabled until you opt in through the Cookie Preference Center. Local storage may temporarily hold UI state (such as theme selection) and is cleared when you reset preferences.

5. Sharing & transfers

We do not sell personal data. Once operational, we may share data with verified custodians, liquidity venues, payment processors, compliance vendors, and professional advisers who act as processors or joint controllers bound by contractual safeguards. Cross-border transfers outside the UK/EU will rely on adequacy decisions or Standard Contractual Clauses plus supplementary measures.

6. Security controls

Security measures include role-based access, hardware-backed key management, encryption in transit and at rest, regular penetration tests, and documented incident response procedures. Access to any personal data is limited to personnel who require it to perform regulated duties.

7. Retention & deletion

Personal data will be kept only for as long as necessary to fulfill the purposes listed above and satisfy statutory retention periods (for example, 5–7 years for financial and AML records). After expiry we will securely erase or anonymize the data. Where law requires retention, we will isolate the records and restrict further processing.

8. Individual rights

Submit requests to privacy@fiatkey.com. We will verify your identity before responding and aim to complete requests within 30 days, or notify you of any justified extension.

9. Children’s information

FiatKey services are designed for institutional and professional users. We do not knowingly collect information from anyone under 18. If you believe a minor has provided data, please contact us so we can remove it promptly.

10. Contact & updates

Questions, complaints, or data-subject requests can be sent to privacy@fiatkey.com. If you are located in the UK or EU, you may also lodge a complaint with your supervisory authority. We will communicate significant updates to this notice via the website or direct email before new processing begins.