⚠️ Draft Document — Pending legal team review. Not yet in force.
Legal
Privacy Policy
Effective date: 1 May 2026 · AssetsGrator Ltd, England & Wales · UK GDPR compliant
On-chain Compliance & Security
Your personal identity files are stored securely off-chain. The blockchain only records a standard ERC-3643 verification status flag, ensuring your identity is protected.
1. Who We Are
AssetsGrator Ltd (“we”, “us”) is the data controller for personal data processed through our platform. We are registered in England & Wales and currently operate within the FCA Regulatory Sandbox.
Contact: privacy@assetsgrator.com
2. Data We Collect
Identity & KYC Data: Full name, date of birth, nationality, government-issued ID, proof of address, and selfie photographs — collected for legal KYC/AML compliance and processed by our KYC partner, Sumsub.
Investor Classification Data: Income, net worth, investment experience, and professional status — collected to verify eligibility as a Sophisticated or High Net Worth Investor under UK regulation.
Wallet & Blockchain Data: Your Ethereum wallet address is publicly recorded on the Arbitrum blockchain as part of the ERC-3643 token whitelist. Your token balances are recorded on the public ledger associated with your wallet address.
Platform Usage Data: Log data, IP addresses, browser type, and page interaction data — collected via standard server logs and used for security and performance monitoring.
Communications: Emails or messages you send us, including support requests.
3. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| KYC / AML verification | Legal obligation (The Money Laundering Regulations 2017) |
| Investor eligibility assessment | Legal obligation (FCA COBS rules) |
| Platform access and token issuance | Contract performance |
| Revenue distribution | Contract performance |
| Platform security and fraud prevention | Legitimate interests |
| Marketing communications | Consent (opt-in only) |
4. Third-Party Data Processors
We share your data with the following processors under GDPR-compliant Data Processing Agreements:
- Sumsub — KYC/AML identity verification and ongoing monitoring.
- Arbitrum / Ethereum network — Wallet addresses are recorded on a public blockchain. We do not control or own this infrastructure.
- Cloud infrastructure providers — Hosting and backend services, with data stored within the UK/EEA.
We do not sell your personal data to any third party.
5. On-Chain Data and Privacy
Certain data is stored on the Arbitrum public blockchain as part of smart contract operations. This includes your wallet address as a whitelisted identity in the ERC-3643 compliance module.
No sensitive personal identity documents (such as passports or bank statements) are ever written to the blockchain. All transaction details and token holdings are recorded publicly associated with your wallet address, in accordance with the public nature of distributed ledger technology.
6. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15) — Request a copy of the data we hold about you.
- Right to rectification (Art. 16) — Request correction of inaccurate data.
- Right to erasure (Art. 17) — Request deletion of your data, subject to our legal retention obligations.
- Right to restrict processing (Art. 18) — Request that we limit how we use your data.
- Right to data portability (Art. 20) — Receive your data in a machine-readable format.
- Right to object (Art. 21) — Object to processing based on legitimate interests.
- Right to withdraw consent — Withdraw marketing consent at any time.
Please note: we cannot erase data recorded on the public Arbitrum blockchain (wallet address on whitelist, token transfers, or balances).
To exercise your rights, contact: privacy@assetsgrator.com
7. Data Retention
We retain data for the following periods:
- KYC records: 5 years from the end of the business relationship (AML regulatory requirement).
- Transaction records: 6 years (HMRC and UK company law requirement).
- Communication logs: 2 years.
- Marketing data: Until consent is withdrawn.
8. Cookies
We use essential cookies only — required for authentication and security. We do not use advertising or tracking cookies. A cookie preference centre will be provided on the platform.
9. Changes to This Policy
We will notify you of material changes by email with at least 14 days’ notice. The current version is always available at assetsgrator.com/legal/privacy.
10. Complaints
If you are unhappy with how we handle your data, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.