enLast updated: November 2025
1. General Provisions
The confidentiality of your data remains one of our priorities. We strive to collect only the minimum information necessary while ensuring the proper functionality of our products and compliance with regulatory obligations.
Fintap operates as a digital-asset wallet and financial infrastructure platform designed for storing, managing, and transferring digital assets through regulated custodians and VASP partners.
The processing of personal information depends on the nature of your interaction with our services and the level of verification required by applicable law or our third-party providers.
By using the Fintap application, downloading it to a mobile device, or visiting our website, you agree to the personal-data processing methods described here.
This Privacy Policy operates together with our Terms of Use and other documents governing your relationship with us. The following sections explain how we process personal data when providing our services.
2. Personal Data: Collection and Processing
“Personal data” means information that enables us to identify you as a user. We receive such data: directly from you; automatically when you use our application or website; from third-party sources, such as analytics or KYC/KYT service providers.
We seek to minimise the collection of identifiable data and, where possible, use anonymised or aggregated information.
2.1 Data We Collect When You Use the Fintap Application
| Type of data | Purpose of processing & legal basis |
|---|---|
| Personal identification data (name, date of birth, nationality, document number, selfie, photo of document) | Collected and verified by regulated KYC providers such as Sumsub to comply with AML/CFT and virtual-asset service regulations. |
| Private keys and public addresses | Used within the custody system managed by licensed custodians to execute transactions and provide secure access to funds. |
| On-chain transaction history (timestamps, addresses, amounts) | Displaying transaction history and confirming operations. |
| Device model, OS, language, browser type | Ensuring compatibility, performance analysis, and UX improvement. |
2.2 Data We Collect When You Use Our Website
| Type of data | Purpose of processing & legal basis |
|---|---|
| E-mail address and any other information you provide | Feedback and support. Legal basis — performance of the service terms. |
| Profiles and messages in X (Twitter), Telegram, etc. | Informing you about news and activity on social media. Processed only with your consent. |
| Browser, language, time zone, OS, and other technical parameters | Statistics and service optimisation. The IP address is temporary and not stored. |
3. Cookies
We use cookies and similar technologies to understand how users interact with our site, improve the interface, and offer personalised solutions. You can manage your cookie consent through your browser settings.
4. Transfer of Information
We do not sell your personal information. However, in certain situations, we must share your data with external parties:
Regulated financial and compliance providers KYC, KYT, payment, and custody partners, who act on our behalf and may process personal data solely for the provision of Fintap services.
Service providers, including cloud storage vendors, analytics platforms, and technical support contractors. They act on our instructions and may not use the data for their own purposes. For services provided to, or on behalf of, EU financial entities, we align with the DORA(Digital Operational Resilience Act Regulation EU 2022 2554). Our contracts with ICT providers include audit and access rights for competent authorities, incident notification obligations, logging and retention, controls for sub outsourcing, exit and portability assistance, and requirements to maintain service availability, integrity, and confidentiality.
Corporate changes. If we participate in a merger, asset sale, or acquisition, user information may be transferred to successors, subject to the data protection obligations in force at the time of collection.
Legal compliance and protection of interests. We may disclose data where required by law, a government request, or court proceedings, or to ensure user safety, prevent fraud, and protect the rights or property of the company and its users.
International data transfers. Where personal data is transferred outside your country, and for EU and UK data subjects outside the EEA or UK, we rely on recognized transfer safeguards such as the European Commission Standard Contractual Clauses or the UK Addendum. Additional technical and organizational measures are applied where appropriate to protect the data during transfer and at rest.
DORA specific transparency. For EU financial sector customers, we maintain a register of ICT third party providers engaged for the services, assess the criticality and importance of related functions, and provide, upon lawful request, information necessary for supervisory access and testing, including participation in threat led testing where required.
Anonymised data. We may use anonymised or aggregated data, which cannot identify you, for analytics, marketing, or reporting.
5. International Transfer
Data may be transferred and processed outside your country of residence, including within the European Union and other jurisdictions where our regulated partners operate.
We apply appropriate safeguards, including agreements that meet legal requirements.
6. Storage Period
We retain personal data only for as long as necessary to achieve the purposes for which it was collected or as required by law (e.g., tax, financial-regulation, or AML/CFT obligations). When data is no longer needed or legal retention ends, we securely delete or anonymise it.
Note: Even after you delete the wallet or the application, not all data can be erased. Custodial records and blockchain transactions may remain immutable due to regulatory and technological constraints.
7. Data Security
We implement technical and organisational measures consistent with international information-security standards (ISO/IEC 27001). Data is stored on protected servers. Users are responsible for safeguarding access to their devices and passwords.
Wallet information, including credentials and authorisations, is managed through regulated custodial infrastructure. Fintap and its technology partners do not store or have direct access to users’ private keys.
We therefore strongly recommend that you: set a strong password; enable device- protection features; never share your password or recovery phrase with third parties.
8. Your Rights
You have the right to access, rectification, objection to processing, erasure, restriction of processing, data portability, and withdrawal of consent.
For identity-related data processed through KYC providers, you may exercise these rights by contacting the relevant regulated provider directly or through our support channel.
9. Protection of Minors
The service is not intended for persons under 18. We do not knowingly collect data from children under 18.
10. Policy Updates
We reserve the right to revise this policy periodically in connection with: changes in legislation; updates to our products or business processes; the need to enhance data- processing transparency; recommendations from regulatory authorities.
If we make material changes, we will reflect this in the “last updated” date at the beginning of the document and, where required, endeavour to notify you additionally (for example, via the app interface, e-mail, or a website banner).
We encourage you to review the current version regularly to stay informed about how your data is processed. By continuing to use our service after updates take effect, you confirm your agreement with the new edition. If you disagree with the changes, you may stop using our services and delete your application or account (where applicable).
11. Contacts
If you have questions, comments, or requests regarding personal-data processing, please contact us by e-mail at [email protected]. Our representative will acknowledge receipt and address your concerns fairly and promptly.
Data controller: Global Financial Services & Solutions Sp. z o.o., registered under the laws of Poland.