Last updated: May 2026
This Privacy Policy explains how G7 Company LLC, a company registered in Georgia and operating Fintap, collects, uses, stores, discloses and protects personal data in connection with https://fintap.app/, the Fintap application, non-custodial wallet software, interfaces, onboarding, support, technical integration and related Services.
Important role clarification. We may provide software/interface, onboarding, technical integration, commercial coordination and support functions. Regulated virtual asset, payment, exchange, conversion, transfer, custody, KYC/KYB/KYT, Travel Rule, wallet screening, sanctions screening, transaction monitoring or settlement functions may be performed by independent authorised, registered or licensed third-party provider(s) under their own privacy notices, terms and legal obligations. We do not sell personal data.
1. Controller and provider roles
For processing carried out by us for operation of the Platform, support, security, direct business customer/user relationship management, compliance controls and legal administration, the Company acts as data controller unless stated otherwise. Third-party providers may act as separate controllers or processors for their own regulated, compliance, payment, exchange, KYC/KYT, settlement or execution services. Their privacy notices may apply in addition to this Privacy Policy.
2. Personal data we may collect
| Data category | Examples | Purpose |
|---|---|---|
| Account and contact data | Name, email address, phone number, username, support messages, communication history, language preferences and related contact details. | To create and administer accounts, communicate with you, provide support, manage contractual relationships and prevent abuse. |
| Identification and verification data | Identity documents, date of birth, nationality, residence, selfies/biometric checks, company documents, beneficial ownership, directors, authorised representatives, PEP/adverse media/sanctions results and verification status. | To perform or support KYC/KYB, sanctions screening, fraud prevention, AML/CTF risk controls, provider onboarding and legal/compliance requirements. These checks may be performed by third-party providers. |
| Wallet and blockchain data | Public wallet addresses, transaction hashes, blockchain network metadata, balances visible through public ledgers, user-initiated transaction data, wallet identifiers and locally generated/encrypted wallet metadata. | To enable non-custodial wallet functionality, display balances/history, troubleshoot, support security controls and assist with risk review. We do not request, store or recover private keys or seed phrases. |
| Provider-service data | Provider onboarding status, transaction metadata, payment/fiat/execution status, refund/reversal information, limits, declines, provider risk flags and support information. | To display provider-service activity, coordinate support, manage risk, comply with provider requirements and respond to disputes or compliance requests. Provider-controlled data may also be processed by providers under their own notices. |
| Device, log and usage data | IP address, approximate location, device model, operating system, browser, app version, crash logs, diagnostics, security events, cookies, SDK data and similar technical data. | To maintain security, prevent fraud, troubleshoot, improve reliability, analyse usage and protect the Platform and users. |
| Business user/counterparty data | Corporate documents, registration number, website/domain, business model, products/services, ownership and control, directors, representatives, settlement information and expected activity. | To conduct direct business customer/user due diligence, assess prohibited/restricted activity, onboard integrations and comply with provider and internal AML/CTF requirements. |
3. How we use personal data
4. Legal bases
Depending on the context and the law applicable to the relevant individual, we may rely on performance of a contract, legitimate interests, legal obligations, consent, establishment/exercise/defence of legal claims, substantial public interest or another lawful basis. For EU/EEA or UK data subjects, we will apply the relevant GDPR/UK GDPR legal bases where applicable. For Georgian data subjects, we will process personal data in accordance with Georgian personal data protection requirements applicable to our role and processing activities.
5. Sharing personal data
We may share personal data only where necessary and proportionate, including with:
6. International transfers
Our business, infrastructure and providers may involve processing in multiple jurisdictions. Where personal data is transferred outside the country where it was collected, we use appropriate safeguards where required, such as contractual protections, confidentiality obligations, data processing terms, technical/organisational security measures and, for EU/EEA transfers where applicable, Standard Contractual Clauses or other recognised mechanisms.
7. Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including service provision, support, security, accounting, tax, contractual, compliance, AML/CTF, sanctions, fraud prevention, audit, dispute and legal purposes. Compliance, due diligence, provider allocation, screening, escalation, rejection, termination and training-related records may be retained for at least five years after the end of the relevant relationship or activity, unless a different period is required by applicable law, provider requirements, litigation hold, regulatory request or legal advice.
Some information cannot be fully erased, including immutable public blockchain data and records retained by independent regulated or compliance providers under their own legal obligations. Deletion of Platform data does not delete or affect your self-custody wallet, private keys, seed phrase or public blockchain records.
8. Security
We use organisational and technical measures designed to protect personal data against unauthorised access, alteration, loss, misuse or disclosure, including access controls, encryption where appropriate, logging, monitoring, secure development practices and confidentiality restrictions. Because the Services may include non-custodial wallet software, security of your device, private keys, seed phrase, backups and wallet recovery materials remains your responsibility.
9. Your rights and choices
Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability or withdrawal of consent. Some rights may be limited where we or a provider must retain data for compliance, AML/CTF, sanctions, fraud prevention, legal claims, security or statutory obligations. Where a third-party provider acts as an independent controller, we may route your request to that provider or ask you to contact the provider directly.
10. Cookies and analytics
We may use cookies, SDKs and similar technologies to maintain session integrity, secure the Platform, remember preferences, understand usage and improve user experience. Where required by law, we will request consent for non-essential cookies or analytics. You can manage cookies through your browser settings.
11. Minors
The Services are not intended for persons under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact us so that we can take appropriate action.
12. Changes and contact
We may update this Privacy Policy to reflect changes in law, provider requirements, risk controls, products or processing activities. Questions or requests may be submitted to support@fintap.app. Data controller for Company-controlled processing: G7 Company LLC, Georgia.