1. Overview

This Privacy Policy explains how XAUShare.com (“XAUShare”, “we”, “us”, “our”) collects, uses, discloses, and protects your information when you access or use our website, applications, prepaid card flows, and related services (the “Services”). By using the Services, you agree to this Privacy Policy.

2. Information We Collect

2.1 Information you provide

• Account data: name, email, phone, username, password (hashed).
• KYC data: full name, date of birth, nationality, address, ID type/number, and related declarations.
• KYC documents: ID front/back, selfie/liveness image, proof of address, and any supplemental documents.
• Support data: messages, attachments, and information you send to support.

2.2 Information collected automatically

• Device and usage data: IP address, device identifiers, browser type, pages viewed, referral URLs, timestamps, and logs.
• Cookies and similar tech: session cookies, security cookies, preference cookies, analytics tags (where enabled).

2.3 Blockchain and wallet data

• Public wallet addresses you connect or submit.
• Transaction data visible on public blockchains (hashes, token transfers, timestamps, amounts).

We do not ask for or store your seed phrase. You are solely responsible for safeguarding your wallet credentials.

3. How We Use Information

• Provide, operate, and maintain the Services.
• Verify identity, perform KYC checks, and meet AML/CTF obligations.
• Detect, prevent, and investigate fraud, abuse, or suspicious activity.
• Process requests (including redemption requests) and enforce limits.
• Improve product performance, security, and user experience.
• Communicate service updates, security notices, and support responses.
• Comply with legal obligations and respond to lawful requests.

4. Legal Bases for Processing

Where applicable, we process personal data based on:

• Contract: to provide the Services you request.
• Legal obligations: KYC/AML compliance and recordkeeping.
• Legitimate interests: security, fraud prevention, analytics, and service improvement.
• Consent: where required for certain cookies/communications (you can withdraw consent where applicable).

5. How We Share Information

We may share information with:

• Service providers: hosting, analytics, email delivery, customer support tools, and KYC verification vendors.
• Compliance partners: screening, fraud detection, blockchain analytics, and risk scoring providers.
• Legal and regulatory: courts, regulators, and law enforcement when required or permitted by law.
• Business transfers: mergers, acquisitions, or asset sales (subject to confidentiality and lawful transfer rules).

We do not sell your personal data as “sale” is commonly defined in many privacy laws.

6. International Transfers

Your information may be processed in countries different from your country of residence. We implement reasonable safeguards to protect data during cross-border transfers where required.

7. Data Retention

We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and meet KYC/AML recordkeeping requirements. Retention periods may vary depending on your activity and applicable law.

8. Security

We use administrative, technical, and physical safeguards designed to protect your data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

• Encrypted transport (TLS) where applicable
• Access controls and least-privilege
• Monitoring, audit logs, and incident response procedures

9. Cookies & Tracking

We use cookies and similar technologies for authentication, security, preferences, and analytics (if enabled). You can control cookies through your browser settings. Disabling cookies may affect functionality.

10. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete certain personal data
• Object to or restrict certain processing
• Data portability (where applicable)
• Withdraw consent (where processing is based on consent)

Note: We may be required to retain certain KYC/AML records even after an account closure or deletion request.

11. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for their privacy practices. Review third-party privacy policies before providing personal information.

12. Children

The Services are not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us to remove it where legally possible.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective Date” will reflect the latest version. Continued use of the Services constitutes acceptance of the updated policy.

14. Contact

Privacy or compliance questions: legal@xaushare.com