Privacy policy

• Account details. Name, email, password (where applicable), business legal name, country of incorporation, team members and roles.
• Business verification. Documents and information needed to verify your business and the people who control or own it — including legal address, EIN or local equivalent, ownership structure, and identification documents for beneficial owners.
• Transaction data. Counterparties, amounts, currencies, rail-level metadata, references, and timestamps for transfers you initiate or receive.
• Device and product usage. IP address, browser or device type, pages and actions inside the dashboard, and error logs we use to keep the service reliable.
• Support communications. Anything you send us through email, in-app messages, or other support channels.

• To open and operate your account.
• To meet our obligations under applicable laws — including identity verification, sanctions and watchlist screening, anti-money-laundering monitoring, and recordkeeping.
• To process transactions, settle funds, and produce statements and receipts.
• To detect and prevent fraud, abuse, and unauthorized access.
• To improve the product, fix bugs, and respond to your requests.

We share information only as necessary to operate the service and meet our legal obligations:

• Regulated financial service providers that provide the banking, payment-rail, custody, and stablecoin infrastructure behind your accounts. These providers run their own KYB and compliance programs and may contact you directly during onboarding.
• Service vendors that help us run the product — for example, cloud hosting, email delivery, customer support tooling, and analytics. These vendors act on our instructions under written agreements.
• Government authorities and law enforcement when required by law, valid legal process, or to protect against fraud or harm.
• Successors in a merger, acquisition, or similar corporate transaction, subject to confidentiality terms.

We do not sell your data, and we do not share it with advertisers or marketing networks for cross-context targeting.

We retain account and transaction information for as long as your account is open and afterward for the period required by applicable financial regulations — typically five to seven years from the end of the relationship, depending on the jurisdiction. Support communications and product logs are retained for shorter periods proportionate to their purpose.

We use industry-standard controls including encryption in transit and at rest, role-based access for our team, network isolation for production data, and continuous monitoring for unauthorized access. No system is perfect — if we ever learn of a security incident affecting your information, we will notify you and the appropriate regulators in line with applicable law.

• Access and correction. You can view and update most account information directly from the dashboard or by contacting us.
• Deletion. You can ask us to delete your account. We may need to keep certain records to comply with financial regulations even after deletion.
• Marketing communications. Operational emails (security alerts, transaction notifications, legal notices) are part of the service and cannot be turned off while your account is open. Anything else is opt-out at any time.
• Regional rights. If you are in the EEA, UK, California, or another jurisdiction with specific privacy rights, those rights apply to information we hold about you. Contact us to exercise them.

We are based in the United States and our infrastructure partners operate across multiple jurisdictions. Information you give us may be processed in countries other than the one you live in, including the United States, under appropriate safeguards.

We may update this policy as our product or applicable law changes. We will post the updated policy here and update the effective date. Material changes will be communicated to account administrators by email.

Questions or requests about this policy can be sent to privacy@batuay.com.