Skip to content
  • Quick Start
  • FAQ’s
  • Apple Pay Setup
  • Google Pay Setup
  • About
  • Fees

Privacy Policy

Last Updated: June 17, 2026

Operated by Vault27 Limited (Company ID: 3-102-948161)

Registered Address: San José, Montes de Oca, San Pedro, Barrio Dent, Calle 37, Avenida 3, Oficina 101, Costa Rica

Contact: legal@vault27.pro

THIS PRIVACY POLICY EXPLAINS HOW VAULT27 LIMITED COLLECTS, USES, STORES, SHARES, AND PROTECTS YOUR PERSONAL DATA IN CONNECTION WITH THE VAULT27 CARD PLATFORM. PLEASE READ IT CAREFULLY. BY USING THE VAULT27 CARD SERVICE, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY AND CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.

Contents

1. WHO WE ARE & HOW TO CONTACT US 2. SCOPE OF THIS POLICY 3. THE PERSONAL DATA WE COLLECT 4. HOW AND WHY WE USE YOUR PERSONAL DATA 5. HOW WE SHARE YOUR PERSONAL DATA 6. INTERNATIONAL DATA TRANSFERS 7. DATA RETENTION 8. DATA SECURITY 9. YOUR RIGHTS AS A DATA SUBJECT 10. CHILDREN'S PRIVACY 11. COOKIES & TRACKING TECHNOLOGIES 12. AUTOMATED DECISION-MAKING & PROFILING 13. THIRD-PARTY LINKS & SERVICES 14. CHANGES TO THIS PRIVACY POLICY 15. COMPLAINTS 16. GOVERNING LAW VAULT27 DEX — PRIVACY POLICY DEX 1. INTRODUCTION DEX 2. INFORMATION WE COLLECT DEX 3. HOW WE USE YOUR INFORMATION DEX 4. WALLET SECURITY SCREENING DEX 5. SHARING OF INFORMATION DEX 6. PRIVATE KEY DEX 7. COOKIES AND LOCAL STORAGE DEX 8. DATA RETENTION DEX 9. INTERNATIONAL TRANSFERS DEX 10. CHILDREN DEX 11. YOUR RIGHTS DEX 12. SECURITY DEX 13. CHANGES TO THIS POLICY DEX 14. CONTACT

1. WHO WE ARE & HOW TO CONTACT US

Data Controller: Vault27 Limited

Company ID: 3-102-948161

Registered Address: San José, Montes de Oca, San Pedro, Barrio Dent, Calle 37, Avenida 3, Oficina 101, Costa Rica

Support: legal@vault27.pro

Website: vault27.pro

2. SCOPE OF THIS POLICY

This Privacy Policy applies to all personal data collected by Vault27 in connection with your use of the Vault27 Card Service, including registration and account creation, identity verification (KYC) and AML screening, card issuance and transactions, revenue share programme participation, cryptocurrency deposits and blockchain-linked activities, communications with support or compliance teams, and use of the website, app, and related services.

3. THE PERSONAL DATA WE COLLECT

We may collect identity and contact information such as your full legal name, date of birth, residential address, email address, phone number, nationality, country of residence, government-issued ID documents, and biometric verification data including selfies and liveness verification. We also collect financial and transaction data such as wallet addresses, deposits, top-ups, card transactions, withdrawals, transfers, exchange rates, revenue share commission records, and source of funds data where required.

We may also collect technical and device data including IP address, approximate geolocation, device type, operating system, browser type, device identifiers, log files, session times, cookies, and similar technologies. In addition, we may collect communications data, compliance and due diligence records, sanctions and PEP screening results, internal compliance notes, suspicious activity records, blockchain analytics data, and public blockchain information such as wallet addresses, transaction hashes, timestamps, and amounts.

Vault27 does not collect or store your full card number, CVV, or PIN in unencrypted form. These are handled by card programme partners in accordance with PCI DSS standards.

4. HOW AND WHY WE USE YOUR PERSONAL DATA

We process your personal data only where we have a lawful basis to do so, including contractual necessity, legal obligation, legitimate interests, and consent.

We use your data to provide the service, including creating and managing your account, processing card purchases, top-ups, withdrawals, issuing and managing prepaid cards, calculating revenue share commissions, processing cryptocurrency deposits and conversions, and providing customer support.

We also use your data for identity verification and compliance, including KYC, AML, sanctions screening, PEP checks, adverse media checks, suspicious activity monitoring, SAR filing, and responding to lawful requests from regulators, law enforcement, and courts.

We use your data for security and fraud prevention, service improvement and analytics, communications such as alerts and support replies, and marketing communications where you have given express consent.

5. HOW WE SHARE YOUR PERSONAL DATA

Vault27 does not sell your personal data to third parties. We only share your data in limited circumstances.

We may share data with carefully selected service providers and processors, including KYC and identity verification partners such as Sumsub, issuing banks and card network partners, blockchain analytics providers, secure cloud hosting providers, payment processors, customer support platforms, and analytics providers.

We may also share personal data with regulators, government agencies, law enforcement, financial intelligence units, card networks, and legal advisers where required by law or regulation. Your username may be visible to members of your direct upline and downline within the revenue share network, but not your full name or other personal information without consent.

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity. Public blockchain data remains inherently visible on public networks and is outside Vault27's control.

6. INTERNATIONAL DATA TRANSFERS

Vault27 is incorporated in Costa Rica and service providers may operate in the United States, the European Union, and other jurisdictions. Your personal data may be transferred outside your country of residence. Where data is transferred outside the EEA or UK, Vault27 uses appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, and other approved transfer mechanisms.

7. DATA RETENTION

We retain personal data only as long as necessary or required by law. Active account data is kept for the duration of your relationship with Vault27. Closed account identity and KYC data is retained for at least 7 years after closure. Transaction records are retained for at least 7 years. AML and compliance records are retained for at least 5 years. Marketing data is retained until you withdraw consent or unsubscribe. Support communications are typically retained for 3 years, and technical logs for 12 months unless needed longer for security investigations.

8. DATA SECURITY

Vault27 implements a comprehensive programme of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction.

Security measures include:

  • TLS 1.2 or higher for data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive cardholder data
  • PCI DSS compliant card data handling
  • Multi-factor authentication for administrative access
  • Firewalls, intrusion detection systems, and real-time threat monitoring
  • Regular penetration testing and vulnerability assessments
  • Role-based access controls and confidentiality obligations
  • Data protection training and data processing agreements
  • Breach response plans and regular internal audits

You are responsible for maintaining the confidentiality of your login credentials and notifying Vault27 immediately if you suspect unauthorised access. Vault27 will never ask you for your password.

9. YOUR RIGHTS AS A DATA SUBJECT

Depending on your jurisdiction, you may have the right to access your personal data, request correction of inaccurate data, request deletion in certain circumstances, restrict processing, receive your data in a portable format, object to processing based on legitimate interests, withdraw consent, and request human review of certain automated decisions.

If you are in the European Economic Area or the United Kingdom, these rights apply under the GDPR / UK GDPR. If you are a California resident, you may also have additional rights under the CCPA / CPRA, including the right to know, delete, correct, opt out of sale or sharing for cross-context behavioural advertising purposes, and not be discriminated against for exercising your privacy rights.

To exercise your rights, contact legal@vault27.pro. Vault27 may need to verify your identity before processing your request.

10. CHILDREN'S PRIVACY

The Vault27 Card Service is strictly intended for users aged 18 and over. Vault27 does not knowingly collect personal data from persons under 18. If such data is discovered, Vault27 will promptly delete it and may close the relevant account.

11. COOKIES & TRACKING TECHNOLOGIES

Vault27 uses cookies and similar technologies such as pixel tags, web beacons, and local storage objects to operate the platform, recognise returning users, improve user experience, and understand how the platform is used.

Types of cookies used may include essential cookies, functionality cookies, analytics cookies, security cookies, and marketing cookies where consent has been given. Users can control cookies through browser settings, though disabling essential cookies may affect platform functionality.

12. AUTOMATED DECISION-MAKING & PROFILING

Vault27 uses automated processing for KYC verification, sanctions and PEP screening, transaction risk scoring, and fraud detection. Where an automated decision significantly affects you, such as account suspension or transaction blocking, you may request human review and challenge the decision by contacting legal@vault27.pro.

13. THIRD-PARTY LINKS & SERVICES

The Vault27 Card Platform may contain links to third-party websites, services, or applications, including merchant sites, blockchain explorers, and external KYC portals. Vault27 is not responsible for the privacy practices or content of such third parties, and you should review their privacy policies separately.

14. CHANGES TO THIS PRIVACY POLICY

Vault27 may update or amend this Privacy Policy at any time. Where changes are material, the updated policy will be posted on vault27.pro with a revised "Last Updated" date, and users may be notified by email in advance where required by law. Where processing relies on consent, material changes affecting that processing will require fresh consent before taking effect. Continued use of the service after the effective date of revised policy terms not affecting consent-based processing constitutes acceptance of those updates.

15. COMPLAINTS

If you have a complaint about how Vault27 handles your personal data, please contact legal@vault27.pro first so the matter can be addressed directly. If you are not satisfied with the response, you may lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.

16. GOVERNING LAW

This Privacy Policy is governed by the laws of the Republic of Costa Rica. For users in the European Union or United Kingdom, applicable data protection law such as GDPR / UK GDPR applies in addition to and prevails where there is a conflict. For users in California, the CCPA / CPRA also applies where relevant.


VAULT27 DEX — PRIVACY POLICY

Last Updated: May 15, 2026

1. INTRODUCTION

Vault27 Limited (Cédula Jurídica 3-102-948161), registered in San José, Costa Rica, operates the Vault27 DEX at vault27.pro. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your information.

By using the Vault27 DEX you consent to the practices described in this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Information you provide

  • Email address from your Vault27 account login
  • Vault27 Card account details where linked to your DEX account

2.2 Information collected automatically

  • Blockchain wallet address — your public DEX wallet address is logged when you use the Platform
  • Transaction data — public blockchain transaction data associated with your wallet address
  • Device information — device type, operating system, browser type, and browser language
  • Usage data — pages visited, features used, timestamps, and session data
  • IP address — collected for security, fraud prevention, and geographic access restriction purposes
  • Cookies and local storage — used to remember your preferences, token imports, and session state

2.3 Blockchain data

Your DEX wallet address and all on-chain transactions are publicly visible on the blockchain. Vault27 Limited collects and analyses publicly available blockchain data associated with your wallet address for security screening and platform improvement purposes.

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

  • Providing and operating the DEX Platform
  • Generating and facilitating your DEX Wallet
  • Processing swap, bridge, send, and receive transactions
  • Displaying your token holdings and market data
  • Security screening of wallet addresses
  • Fraud prevention and AML/CTF compliance
  • Geographic access restriction enforcement
  • Platform improvement and analytics
  • Communication regarding your account
  • Legal compliance and regulatory obligations

4. WALLET SECURITY SCREENING

4.1 We screen wallet addresses against third-party blockchain analytics providers to identify wallets associated with sanctioned individuals or entities, known illicit activity, hacking, fraud, darknet markets, or other prohibited conduct.

4.2 Wallets identified as high risk may be blocked from accessing the Platform without notice. Where such a block constitutes a significant automated decision affecting you, you may request human review by contacting legal@vault27.pro.

4.3 This screening is conducted for AML/CTF compliance and platform integrity purposes.

5. SHARING OF INFORMATION

We do not sell your personal information. We may share information with:

  • Third-party service providers — including blockchain analytics providers, RPC node providers, market data providers, bridge protocols, and hosting providers, solely to operate the Platform
  • Legal authorities — where required by law, court order, or to comply with applicable regulations
  • Successors — in the event of a merger, acquisition, or sale of assets

6. PRIVATE KEY

The Vault27 DEX uses a proprietary, self-hosted wallet solution built and maintained entirely by Vault27 Limited. Your private key is generated and displayed within the secure browser environment only. Vault27 Limited does not collect, store, transmit, or have access to your private key at any time. You are solely responsible for storing your private key securely offline.

7. COOKIES AND LOCAL STORAGE

We use cookies and browser local storage to:

  • Maintain your session
  • Remember your token preferences and imports
  • Store your chain and network preferences
  • Improve Platform performance

You can disable cookies in your browser settings. This may affect Platform functionality.

8. DATA RETENTION

We retain your data in line with applicable legal and regulatory obligations. Identity and KYC data is retained for at least 7 years following account closure. AML and compliance records are retained for at least 5 years. Transaction records are retained for at least 7 years. Technical logs are retained for 12 months unless needed longer for security investigations. You may request deletion of personal data not subject to a legal retention obligation by contacting legal@vault27.pro. Note that public blockchain data cannot be deleted as it is immutable.

9. INTERNATIONAL TRANSFERS

Your data may be processed in Costa Rica and other countries where our service providers operate. Where data is transferred outside the EEA or UK, Vault27 uses appropriate safeguards including Standard Contractual Clauses or other approved transfer mechanisms. By using the Platform you acknowledge that such transfers may occur.

10. CHILDREN

The Platform is not intended for users under 18 years of age. Vault27 Limited does not knowingly collect personal information from minors. If you believe a minor has provided us with personal information please contact us immediately at legal@vault27.pro.

11. YOUR RIGHTS

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to processing of your personal data
  • Request data portability
  • Request human review of significant automated decisions

To exercise any of these rights contact legal@vault27.pro.

12. SECURITY

Vault27 Limited implements technical and organisational security measures to protect your data. However no system is completely secure and we cannot guarantee absolute security of your information. You are responsible for maintaining the security of your account credentials and private key.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy at any time. Material changes will be notified via the Platform or by email. Continued use following any update constitutes acceptance of the revised policy.

14. CONTACT

For all privacy enquiries:

Email: legal@vault27.pro

Website: vault27.pro

Vault27 Limited

Cédula Jurídica 3-102-948161

San José, Montes de Oca, San Pedro

Barrio Dent, Calle 37, Avenida 3, Oficina 101

Costa Rica

QUICK LINKS

Home
Quick Start
FAQ’s
Apple Pay Setup
Google Pay Setup
Fees

Important Information

About
Privacy Policy
Terms & Conditions
Privacy Policy
Prohibited Activities
Forbidden Regions
Forbidden MCC Codes

© 2026 Vault27 | Costa Rica | 3-102-948161 S.R.L. | All rights reserved.