Privacy Policy
Last Updated: October 8, 2025
I. GENERAL PROVISIONS
CryptoMate UAB, (private limited company, company code 306087584, registered at Vilnius, Architektų g. 56-101, Lithuania) (the "Company", "we", "us", or "our") administrates Cryptomate.me (the "Website" or the "Platform") and offers CryptoMate API services (the "APIs") and other services (all together hereinafter referred to as the "Services") available through the Platform.
This Privacy Policy (the "Policy") applies to any personal data you provide to us as an applicant, current customer, or former customer, and to your use of the Website and the Services. It explains how we collect, use, disclose, and protect your personal data in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR"), applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CRPA), and U.S. financial privacy laws like the Gramm-Leach-Bliley Act (GLBA).
The Company is committed to protecting your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. We implement and maintain appropriate legal, organizational, technical, and physical security measures to safeguard your information.
By using our Website and Services, you confirm you have read, understood, and agree with this Policy. We reserve the right to amend this Policy at any time. The most current version will always be posted on our Website, and we will notify you of any material changes as required by law.
II. PERSONAL DATA MANAGEMENT PRINCIPLES
The Company undertakes to ensure your personal data is:
- Processed lawfully, fairly, and transparently.
- Collected for specified, explicit, and legitimate purposes.
- Adequate, relevant, and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary.
- Processed with appropriate security and confidentiality.
III. LAWFULNESS OF PERSONAL DATA PROCESSING
Your personal data will be processed based on one or more of the following legal grounds:
- Consent: You have given consent for one or more specific purposes.
- Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal or regulatory obligation (e.g., Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements).
- Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
IV. PURPOSES FOR PROCESSING YOUR PERSONAL DATA
In addition to the purposes stated elsewhere, we use your data for the following:
- Service Provision: To create and manage your account, provide our Services, and process transactions.
- Identity Verification: To comply with legal obligations such as AML and KYC regulations, and to prevent fraud.
- Security and Performance: To ensure the proper and secure operation of our Platform, prevent fraud, and protect the rights and safety of our users and the public.
- Customer Support: To respond to your inquiries and provide support services.
- Personalization: To personalize and improve your experience on our Platform.
- Research and Development: To analyze usage and trends to improve our Services and develop new features.
- Direct Marketing: To update you on our Services and offers, based on our legitimate interest or your consent. You may opt out at any time.
- Enforcement of Terms: To enforce our User Agreement and other policies.
- Quality Assurance: We may record customer support calls to ensure service quality and for training purposes, with your consent where required by law.
V. HOW WE COLLECT YOUR DATA
The Company collects your personal data when you:
- Register for and use our Services.
- Complete identity verification procedures, including through third-party services.
- Link bank accounts or other financial accounts.
- Contact our customer support.
- Consent to a call being recorded.
- Use or view our Platform via browser cookies.
- From authorized third parties, such as identity verification services, credit bureaus, financial institutions, and public databases, to fulfill our legal and business obligations.
VI. CATEGORIES OF DATA WE PROCESS
We may process the following categories of personal data (this list is not exhaustive):
- Personal Identification Information: Full name, date of birth, photograph, Social Security Number (or other government-issued ID numbers).
- Contact Information: Email address, telephone number, residential address.
- Financial Information: Bank account details, transaction history, crypto-wallet addresses, information from linked financial accounts.
- Biometric Information: If you consent, we may collect biometric data, such as facial geometry, from photos or videos you provide for identity verification purposes.
- Technical Information: IP address, browser type, device information, operating system, location data, language preference.
- Communications: Correspondence, chat records, call recordings and metadata.
- Usage Data: Information about how you use our Website and Services, including your actions on the Platform.
VII. PERSONAL DATA RECIPIENTS
Your personal data may be shared with the following categories of recipients:
- Service Providers: IT, marketing, cloud storage, and telecommunication service providers who assist us in our business operations.
- Financial Institutions: Banks, payment processors, and other financial institutions to process transactions.
- Verification Services & Credit Bureaus: Third-party services to verify your identity, perform credit checks, and comply with AML/KYC requirements.
- Affiliates: We may share information with our parent companies, subsidiaries, and other affiliated entities for business and operational purposes.
- Governmental and Law Enforcement Authorities: When required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to prevent physical harm or financial loss.
- Business Transfers: In connection with a merger, acquisition, or sale of company assets, your data may be transferred.
We process your data primarily within the European Economic Area (EEA). If we transfer your data outside the EEA, we will ensure it is protected by implementing safeguards such as Standard Contractual Clauses approved by the European Commission or by transferring to countries deemed to provide an adequate level of data protection.
VIII. U.S. GRAMM-LEACH-BLILEY ACT (GLBA) NOTICE
For U.S. customers, this notice explains how we collect, use, and share your "nonpublic personal information" (NPI) under the GLBA.
What does CryptoMate UAB do with your personal information?
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. This notice tells you how we collect, share, and protect your personal information.
What? The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and income; Account balances and transaction history; Credit history and payment history.
How? All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons CryptoMate UAB chooses to share; and whether you can limit this sharing.
| Reasons we can share your personal information | Does CryptoMate UAB share? | Can you limit this sharing? |
|---|---|---|
| For our everyday business purposes—such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
| For our marketing purposes—to offer our products and services to you | Yes | No |
| For joint marketing with other financial companies | No | We don't share |
| For our affiliates' everyday business purposes—information about your transactions and experiences | Yes | No |
| For our affiliates to market to you | No | We don't share |
| For nonaffiliates to market to you | No | We don't share |
Who is providing this notice? CryptoMate UAB.
IX. DATA RETENTION AND STORAGE
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To comply with financial regulations, including AML and anti-fraud obligations, we are required to retain personal data related to your account and transaction history for a period of at least five (5) years after the termination of your business relationship with us. After this period, your personal data will be securely deleted or anonymized.
X. INFORMATION SECURITY
We are committed to protecting your information. We implement robust technical and organizational security measures to protect your personal data against unauthorized access, processing, disclosure, alteration, or destruction. These measures include:
- Encryption: We use industry-standard encryption protocols, including Transport Layer Security (TLS/SSL) for data in transit and AES-256 encryption for data at rest.
- Access Controls: Access to personal data is strictly limited to authorized personnel who have a legitimate business need.
- Security Audits: We conduct regular security assessments and penetration testing to identify and remediate vulnerabilities.
- Employee Training: Our staff receives regular training on data protection and information security best practices.
XI. CHILDREN'S PRIVACY
Our Services are not intended for or directed at individuals under the age of 18 ("Children"). We do not knowingly collect personal data from Children. If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information from our servers.
XII. YOUR RIGHTS REGARDING PERSONAL DATA (GDPR)
For individuals in the EEA, you have certain legal rights in relation to your personal data, including:
- Right of Access: The right to know what data we hold about you and to obtain a copy.
- Right to Rectification: The right to correct inaccurate personal data.
- Right to Erasure (Right to be Forgotten): The right to have your personal data deleted, subject to our legal retention obligations.
- Right to Restrict Processing: The right to limit the processing of your personal data in certain circumstances.
- Right to Data Portability: The right to receive your data in a structured, machine-readable format.
- Right to Object: The right to object to processing based on legitimate interests, including for direct marketing.
You may exercise these rights by contacting us at support@cryptomate.me. We will respond to your request within one month, though this period may be extended for complex requests.
XIII. YOUR U.S. STATE PRIVACY RIGHTS
This section provides additional details for residents of certain U.S. states, such as California, Colorado, and Virginia. Your rights may vary depending on your state of residence.
For California Residents (CCPA/CRPA):
You have the following rights regarding your personal information:
- Right to Know/Access: The right to request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions (e.g., information needed to comply with our legal obligations).
- Right to Correct: The right to request the correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not "sell" or "share" (for cross-context behavioral advertising) your personal information as those terms are defined under the CCPA.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of your sensitive personal information (e.g., Social Security Number, account log-in) to that which is necessary to perform the Services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise these rights, please contact us at support@cryptomate.me. We will verify your request using the information associated with your account.
Do Not Track Signals: Some web browsers transmit "do-not-track" signals. At this time, we do not take action in response to these signals.
XIV. YOUR RESPONSIBILITIES
You are responsible for providing correct and up-to-date information. You are also responsible for maintaining the security of your account credentials and for any activity that occurs under your account. We strongly recommend you use a unique, complex password and enable all available security features.
XV. DISPUTE RESOLUTION BY BINDING ARBITRATION
Please read this section carefully as it requires you to arbitrate disputes with us and limits the manner in which you can seek relief.
You agree that any dispute, claim, or controversy arising out of or relating to this Privacy Policy shall be resolved by binding arbitration on an individual basis. The arbitration will be administered by a mutually agreed-upon arbitration service. This arbitration provision shall not apply to disputes in which either party seeks equitable relief for the alleged unlawful use of copyrights, trademarks, or other intellectual property.
You and CryptoMate UAB also agree to waive any right to a jury trial and to participate in a class action lawsuit or class-wide arbitration.
XVI. CONTACT DETAILS
If you have any questions regarding this Policy or wish to exercise your rights, please contact our Data Protection Officer at: support@cryptomate.me
For formal notices, you may also contact us by mail at:
CryptoMate UAB
Architektų g. 56-101
Vilnius, Lithuania
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania or your local supervisory authority.
XVII. FINAL PROVISIONS
This Policy shall be governed by and construed in accordance with the laws of the Republic of Lithuania, without regard to its conflict of law provisions.
Our Website may contain links to third-party sites. This Policy does not apply to those sites, and we are not responsible for their privacy practices. Please review the privacy policies of any third-party sites you visit.