1 Information We Collect

We collect information that you voluntarily provide to us when you register on our platform, express interest in obtaining information about us or our products and services, participate in activities on the platform, or otherwise contact us. The personal information we collect may include:

• Personal Identification Information: Full name, date of birth, government-issued identification numbers, and proof of address documents for KYC/AML compliance.
• Contact Information: Email address, phone number, and residential address.
• Financial Information: Bank account details, wallet addresses, transaction history, and investment preferences.
• Technical Data: IP address, browser type, operating system, device identifiers, and browsing behavior on our platform.
• Verification Data: Photographs, video verification, and other biometric data required for identity verification processes.

2 How We Use Your Information

ZenithTrust Vault uses the collected information for various business purposes, always with the goal of providing you with a secure and seamless investment experience:

• To create, maintain, and secure your investment account
• To process transactions, withdrawals, and investment allocations
• To verify your identity and comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations
• To communicate with you about your account, transactions, and platform updates
• To personalize your dashboard experience and investment recommendations
• To detect, prevent, and investigate fraudulent or unauthorized transactions
• To comply with legal obligations and respond to lawful requests from regulatory authorities
• To improve our platform through analytics, research, and user feedback

3 Data Protection & Security

We implement a comprehensive set of security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmitted between your browser and our servers is protected using TLS 1.3 encryption with 256-bit keys.
• Cold Storage: The majority of digital assets under our management are held in multi-signature cold storage wallets, isolated from online networks.
• Access Controls: Strict role-based access controls ensure that only authorized personnel with a legitimate business need can access sensitive data.
• Two-Factor Authentication (2FA): We require and enforce 2FA for all account access and transaction approvals.
• Regular Audits: Our security infrastructure undergoes regular internal and third-party penetration testing and security audits.
• DDoS Protection: Enterprise-grade distributed denial-of-service protection ensures platform availability.

4 Data Sharing & Third Parties

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating our platform, processing payments, or conducting identity verification — all bound by strict data processing agreements.
• Legal Compliance: When required by law, court order, or governmental regulation, including reporting obligations to financial intelligence units.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, subject to standard confidentiality arrangements.
• With Your Consent: We may share your information for any other purpose with your explicit consent.

5 Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect usage analytics:

• Essential Cookies: Required for the basic functionality of our platform, including session management and security features.
• Analytics Cookies: Help us understand how visitors interact with our website through aggregated, anonymized data.
• Preference Cookies: Remember your language, region, and display preferences for a personalized experience.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (only with your consent).

You can control cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

6 Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable law. Specifically:

• Account information is retained for the duration of your account being active, plus a period of 7 years following account closure to comply with financial record-keeping regulations.
• Transaction records are retained for a minimum of 10 years per anti-money laundering requirements.
• Identity verification documents are retained for 7 years after the business relationship ends.
• Technical logs and analytics data are anonymized or deleted within 24 months.

7 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restriction: Request restriction of processing of your personal data under certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 9.

8 International Data Transfers

ZenithTrust Vault operates globally, and your information may be stored and processed in any country where we have facilities or engage service providers. When transferring data across borders, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
• Data processing agreements that meet or exceed GDPR requirements
• Regular transfer impact assessments to evaluate and mitigate risks

9 Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data without parental consent, we will take immediate steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

10 Changes to This Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:

• Post the revised policy on this page with an updated "Last Updated" date
• Notify registered users via email at least 30 days before the changes take effect
• Display a prominent notice on our platform for a reasonable period

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.