1. WHO WE ARE & HOW TO CONTACT US
Data Controller: Vault27 Limited
Company ID: 3-102-948161
Registered Address: San José, Montes de Oca, San Pedro, Barrio Dent, Calle 37, Avenida 3, Oficina 101, Costa Rica
Support: legal@vault27.pro
Website: vault27.pro
2. SCOPE OF THIS POLICY
This Privacy Policy applies to all personal data collected by Vault27 in connection with your use of the Vault27 Card Service, including registration and account creation, identity verification (KYC) and AML screening, card issuance and transactions, revenue share programme participation, cryptocurrency deposits and blockchain-linked activities, communications with support or compliance teams, and use of the website, app, and related services.
3. THE PERSONAL DATA WE COLLECT
We may collect identity and contact information such as your full legal name, date of birth, residential address, email address, phone number, nationality, country of residence, government-issued ID documents, and biometric verification data including selfies and liveness verification. We also collect financial and transaction data such as wallet addresses, deposits, top-ups, card transactions, withdrawals, transfers, exchange rates, revenue share commission records, and source of funds data where required.
We may also collect technical and device data including IP address, approximate geolocation, device type, operating system, browser type, device identifiers, log files, session times, cookies, and similar technologies. In addition, we may collect communications data, compliance and due diligence records, sanctions and PEP screening results, internal compliance notes, suspicious activity records, blockchain analytics data, and public blockchain information such as wallet addresses, transaction hashes, timestamps, and amounts.
Vault27 does not collect or store your full card number, CVV, or PIN in unencrypted form. These are handled by card programme partners in accordance with PCI DSS standards.
4. HOW AND WHY WE USE YOUR PERSONAL DATA
We process your personal data only where we have a lawful basis to do so, including contractual necessity, legal obligation, legitimate interests, and consent.
We use your data to provide the service, including creating and managing your account, processing card purchases, top-ups, withdrawals, issuing and managing prepaid cards, calculating revenue share commissions, processing cryptocurrency deposits and conversions, and providing customer support.
We also use your data for identity verification and compliance, including KYC, AML, sanctions screening, PEP checks, adverse media checks, suspicious activity monitoring, SAR filing, and responding to lawful requests from regulators, law enforcement, and courts.
We use your data for security and fraud prevention, service improvement and analytics, communications such as alerts and support replies, and marketing communications where you have given express consent.
6. INTERNATIONAL DATA TRANSFERS
Vault27 is incorporated in Costa Rica and service providers may operate in the United States, the European Union, and other jurisdictions. Your personal data may be transferred outside your country of residence. Where data is transferred outside the EEA or UK, Vault27 uses appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, and other approved transfer mechanisms.
7. DATA RETENTION
We retain personal data only as long as necessary or required by law. Active account data is kept for the duration of your relationship with Vault27. Closed account identity and KYC data is retained for at least 7 years after closure. Transaction records are retained for at least 7 years. AML and compliance records are retained for at least 5 years. Marketing data is retained until you withdraw consent or unsubscribe. Support communications are typically retained for 3 years, and technical logs for 12 months unless needed longer for security investigations.
8. DATA SECURITY
Vault27 implements a comprehensive programme of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction.
Security measures include:
- TLS 1.2 or higher for data in transit
- AES-256 encryption for data at rest
- End-to-end encryption for sensitive cardholder data
- PCI DSS compliant card data handling
- Multi-factor authentication for administrative access
- Firewalls, intrusion detection systems, and real-time threat monitoring
- Regular penetration testing and vulnerability assessments
- Role-based access controls and confidentiality obligations
- Data protection training and data processing agreements
- Breach response plans and regular internal audits
You are responsible for maintaining the confidentiality of your login credentials and notifying Vault27 immediately if you suspect unauthorised access. Vault27 will never ask you for your password.
9. YOUR RIGHTS AS A DATA SUBJECT
Depending on your jurisdiction, you may have the right to access your personal data, request correction of inaccurate data, request deletion in certain circumstances, restrict processing, receive your data in a portable format, object to processing based on legitimate interests, withdraw consent, and request human review of certain automated decisions.
If you are in the European Economic Area or the United Kingdom, these rights apply under the GDPR / UK GDPR. If you are a California resident, you may also have additional rights under the CCPA / CPRA, including the right to know, delete, correct, opt out of sale or sharing for cross-context behavioural advertising purposes, and not be discriminated against for exercising your privacy rights.
To exercise your rights, contact legal@vault27.pro. Vault27 may need to verify your identity before processing your request.
10. CHILDREN'S PRIVACY
The Vault27 Card Service is strictly intended for users aged 18 and over. Vault27 does not knowingly collect personal data from persons under 18. If such data is discovered, Vault27 will promptly delete it and may close the relevant account.
11. COOKIES & TRACKING TECHNOLOGIES
Vault27 uses cookies and similar technologies such as pixel tags, web beacons, and local storage objects to operate the platform, recognise returning users, improve user experience, and understand how the platform is used.
Types of cookies used may include essential cookies, functionality cookies, analytics cookies, security cookies, and marketing cookies where consent has been given. Users can control cookies through browser settings, though disabling essential cookies may affect platform functionality.
12. AUTOMATED DECISION-MAKING & PROFILING
Vault27 uses automated processing for KYC verification, sanctions and PEP screening, transaction risk scoring, and fraud detection. Where an automated decision significantly affects you, such as account suspension or transaction blocking, you may request human review and challenge the decision by contacting legal@vault27.pro.
13. THIRD-PARTY LINKS & SERVICES
The Vault27 Card Platform may contain links to third-party websites, services, or applications, including merchant sites, blockchain explorers, and external KYC portals. Vault27 is not responsible for the privacy practices or content of such third parties, and you should review their privacy policies separately.
14. CHANGES TO THIS PRIVACY POLICY
Vault27 may update or amend this Privacy Policy at any time. Where changes are material, the updated policy will be posted on vault27.pro with a revised "Last Updated" date, and users may be notified by email in advance where required by law. Where processing relies on consent, material changes affecting that processing will require fresh consent before taking effect. Continued use of the service after the effective date of revised policy terms not affecting consent-based processing constitutes acceptance of those updates.
15. COMPLAINTS
If you have a complaint about how Vault27 handles your personal data, please contact legal@vault27.pro first so the matter can be addressed directly. If you are not satisfied with the response, you may lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.
16. GOVERNING LAW
This Privacy Policy is governed by the laws of the Republic of Costa Rica. For users in the European Union or United Kingdom, applicable data protection law such as GDPR / UK GDPR applies in addition to and prevails where there is a conflict. For users in California, the CCPA / CPRA also applies where relevant.
VAULT27 DEX — PRIVACY POLICY
Last Updated: May 15, 2026
1. INTRODUCTION
Vault27 Limited (Cédula Jurídica 3-102-948161), registered in San José, Costa Rica, operates the Vault27 DEX at vault27.pro. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your information.
By using the Vault27 DEX you consent to the practices described in this Privacy Policy.
2. INFORMATION WE COLLECT
2.1 Information you provide
- Email address from your Vault27 account login
- Vault27 Card account details where linked to your DEX account
2.2 Information collected automatically
- Blockchain wallet address — your public DEX wallet address is logged when you use the Platform
- Transaction data — public blockchain transaction data associated with your wallet address
- Device information — device type, operating system, browser type, and browser language
- Usage data — pages visited, features used, timestamps, and session data
- IP address — collected for security, fraud prevention, and geographic access restriction purposes
- Cookies and local storage — used to remember your preferences, token imports, and session state
2.3 Blockchain data
Your DEX wallet address and all on-chain transactions are publicly visible on the blockchain. Vault27 Limited collects and analyses publicly available blockchain data associated with your wallet address for security screening and platform improvement purposes.
3. HOW WE USE YOUR INFORMATION
We use collected information for the following purposes:
- Providing and operating the DEX Platform
- Generating and facilitating your DEX Wallet
- Processing swap, bridge, send, and receive transactions
- Displaying your token holdings and market data
- Security screening of wallet addresses
- Fraud prevention and AML/CTF compliance
- Geographic access restriction enforcement
- Platform improvement and analytics
- Communication regarding your account
- Legal compliance and regulatory obligations
4. WALLET SECURITY SCREENING
4.1 We screen wallet addresses against third-party blockchain analytics providers to identify wallets associated with sanctioned individuals or entities, known illicit activity, hacking, fraud, darknet markets, or other prohibited conduct.
4.2 Wallets identified as high risk may be blocked from accessing the Platform without notice. Where such a block constitutes a significant automated decision affecting you, you may request human review by contacting legal@vault27.pro.
4.3 This screening is conducted for AML/CTF compliance and platform integrity purposes.
5. SHARING OF INFORMATION
We do not sell your personal information. We may share information with:
- Third-party service providers — including blockchain analytics providers, RPC node providers, market data providers, bridge protocols, and hosting providers, solely to operate the Platform
- Legal authorities — where required by law, court order, or to comply with applicable regulations
- Successors — in the event of a merger, acquisition, or sale of assets
6. PRIVATE KEY
The Vault27 DEX uses a proprietary, self-hosted wallet solution built and maintained entirely by Vault27 Limited. Your private key is generated and displayed within the secure browser environment only. Vault27 Limited does not collect, store, transmit, or have access to your private key at any time. You are solely responsible for storing your private key securely offline.
7. COOKIES AND LOCAL STORAGE
We use cookies and browser local storage to:
- Maintain your session
- Remember your token preferences and imports
- Store your chain and network preferences
- Improve Platform performance
You can disable cookies in your browser settings. This may affect Platform functionality.
8. DATA RETENTION
We retain your data in line with applicable legal and regulatory obligations. Identity and KYC data is retained for at least 7 years following account closure. AML and compliance records are retained for at least 5 years. Transaction records are retained for at least 7 years. Technical logs are retained for 12 months unless needed longer for security investigations. You may request deletion of personal data not subject to a legal retention obligation by contacting legal@vault27.pro. Note that public blockchain data cannot be deleted as it is immutable.
9. INTERNATIONAL TRANSFERS
Your data may be processed in Costa Rica and other countries where our service providers operate. Where data is transferred outside the EEA or UK, Vault27 uses appropriate safeguards including Standard Contractual Clauses or other approved transfer mechanisms. By using the Platform you acknowledge that such transfers may occur.
10. CHILDREN
The Platform is not intended for users under 18 years of age. Vault27 Limited does not knowingly collect personal information from minors. If you believe a minor has provided us with personal information please contact us immediately at legal@vault27.pro.
11. YOUR RIGHTS
Depending on your jurisdiction you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your personal data
- Object to processing of your personal data
- Request data portability
- Request human review of significant automated decisions
To exercise any of these rights contact legal@vault27.pro.
12. SECURITY
Vault27 Limited implements technical and organisational security measures to protect your data. However no system is completely secure and we cannot guarantee absolute security of your information. You are responsible for maintaining the security of your account credentials and private key.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy at any time. Material changes will be notified via the Platform or by email. Continued use following any update constitutes acceptance of the revised policy.
14. CONTACT
For all privacy enquiries:
Email: legal@vault27.pro
Website: vault27.pro
Vault27 Limited
Cédula Jurídica 3-102-948161
San José, Montes de Oca, San Pedro
Barrio Dent, Calle 37, Avenida 3, Oficina 101
Costa Rica