Privacy Policy

1.Information We Collect

We collect the following categories of personal data depending on how you interact with the Services:

1.1 Identity & Contact Data

• We might ask for your name, email, phone number, birthday, and which country you live in.
• Government-issued identification documents, proof of address, and selfie/liveness data for Know Your Customer (KYC) verification.

1.2 Authentication Data

• Hashed passwords, passkeys (WebAuthn/FIDO2 credentials), and biometric identifiers, where you opt in on your device.
• Device-bound key shares used for multi-party computation (MPC) or threshold signature schemes (TSS).

1.3 Wallet & Transaction Data

• Public wallet addresses, on-chain transaction hashes, signed payloads, asset balances, and selected networks.
• In self-custodial configurations, OrzenVault does not have access to your full private keys.

1.4 Device & Technical Data

• IP address, device identifiers, operating system, browser type, application version, crash logs, language settings, and time zone.

1.5 Usage Data

• Pages visited, features used, referring URLs, session duration, and click events.

1.6 Communications Data

• Support tickets, feedback submissions, and survey responses.

1.7 Marketing Preferences

• Opt-in and opt-out states for newsletters, product announcements, and research invitations.

2.How We Collect Information

We collect information in three primary ways:

• Directly from you, such as when you register, verify your identity, or contact support.
• Automatically, using cookies and similar technologies visit cookie policy for more info.
• We may also collect information from third parties, such as identity verification services, blockchain analytics firms, fraud prevention partners, payment processors, or companies that provide authentication methods (including social or email login).

3.Lawful Bases for Processing (GDPR / UK GDPR)

Where the EU GDPR or UK GDPR applies, we rely on the following lawful bases:

• Contract: to provide the Services you request and fulfil our obligations to you.
• Legal Obligation: We follow laws that stop money laundering, terrorism funding, and tax evasion, as well as any other rules we are required to obey.
• Legitimate Interests: to secure the Services, prevent fraud, debug, and improve our products, while balancing these needs with your rights and freedoms.
• Consent: for marketing communications, optional analytics, and non-essential cookies.

4.How We Use Your Information

We use the personal data we collect to:

• Provide, operate, and maintain the Services.
• Authenticate users and protect accounts from unauthorized access.
• Conduct KYC, AML, and sanctions screening where legally required.
• Send transactional notices and, where you have consented, marketing communications.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Improve, debug, and develop new platform features.
• Comply with legal, regulatory, and law-enforcement obligations and requests.

5.How We Share Your Information

OrzenVault shares personal data only in the following circumstances:

• Service Providers: Sometimes, we work with other companies to help us run things like cloud storage, checking who you are, analyzing usage, or answering customer questions. These companies have to keep your information safe and private.
• Blockchain Networks: Blockchain information like wallet addresses and transaction details are public, permanent, and outside our control after being published to the blockchain.
• Regulators, Law Enforcement & Courts: We may disclose personal data when required by law or to safeguard our legal interests and ensure user safety.
• Business Transfers: If there is a merger, acquisition, financing, or asset sale, personal data may be shared as part of the transaction, always under confidentiality agreements.
• With Your Consent: We share your personal data with others solely when you explicitly authorize us to do so.

We never sell your personal information for cash. If certain laws count sharing some advertising info as a “sale,” you can read Section 8 to learn how to say no to that.

6.International Data Transfers

Sometimes, your information might be sent to other countries (like the United States) to help us run our services. When this happens, we use special rules to help keep your data safe, such as:

• European Commission Standard Contractual Clauses (SCCs).
• The UK International Data Transfer Addendum.
• The Swiss-US Data Privacy Framework.
• Other lawful transfer mechanisms as required.

Copies of applicable transfer safeguards are available upon written request.

7.Data Retention

We keep your information only as long as we need it to give you our services or to follow the law. For example:

• KYC, transaction, and AML records are typically retained for a minimum of five (5) years following account closure, or longer where required by applicable law.
• Marketing information is kept until you opt to withdraw your consent.
• Other data is retained in accordance with our internal data retention schedule.

8.Your Privacy Rights

Depending on your jurisdiction, your rights may include the ability to:

• Access, correct, delete, restrict, port, or object to the processing of your personal data.
• You may withdraw your consent at any time if our processing of your personal data is based on your consent.
• If you think your privacy rights have been violated, you can complain to the official group in charge of protecting people’s data in your country or region. This could be a local government office, the EU/EEA authority, or the UK’s Information Commissioner’s Office.
• Say no to the sale or sharing of your personal information and limit how your sensitive details are used (as allowed by law).
• You can choose not to let computers make important decisions about you, if the law says you can.

To exercise any of these rights, contact us at contact@orzenvault.com. We will respond within the periods required by law - generally 30 days for GDPR and 45 days for CCPA/CPRA—and may require identity verification before processing certain requests.

9.Data Security Measures

OrzenVault implements administrative, technical, and physical safeguards to protect personal data, including:

• We scramble your data so it’s safe when it’s sent over the internet and when it’s stored.
• Role-based access controls and least-privilege principles.
• Secure enclaves and hardware-backed key storage where supported.
• We routinely review our security measures, perform vulnerability assessments, and run penetration tests to help ensure system safety.

No way of sending or storing data is 100% safe. You also need to keep your passwords and security info safe.

10.Automated Decision-Making

No method of sending or storing data is completely free from security risks. You are responsible for keeping your credentials, recovery factors, and self-custodial key shares safe. right to:

• Request human review of the decision.
• Express your point of view and provide additional context.
• Contest the decision and seek a revised outcome.

11.Children’s Privacy

Our Services are intended for users who are at least 18 years old or have reached the legal age of majority in their jurisdiction. We do not knowingly collect information from anyone under this age. If you believe a minor has provided us with personal data, contact us at contact@orzenvault.com so we can remove it.

12.Third-Party Links & Integrations

Sometimes, our services might have links to other websites, apps, or blockchain networks that aren’t run by us. We don’t control how these other sites or apps handle your information, so it’s a good idea to check their privacy policies before using them.

13.Updates to This Privacy Policy

We might change this Privacy Policy from time to time if our business, technology, or the law changes. If we make important changes, we’ll let you know through our app, website, or by email. The “Last Updated” date at the top tells you when we last changed something. If you keep using our services after changes are made, it means you agree to the new policy.

14.Contact Information