OWN Crypto – Privacy Policy
Last Updated: 04 March 2026
Version: 1.0
1.1 This Privacy Policy explains how personal data is processed in connection with the OWN Crypto Platform, including website, web app, support channels and related services (the “Platform”).
1.2 Split‑provider model. The Platform involves multiple service providers (Storefront/Core/Cards). Different entities may act as data controllers for different processing activities.
2.1 Storefront Controller (general platform interface, marketing, support intake).
Vowallex, S.A. de C.V. (details in Terms of Service)
Email: contact [AT] owncrypto.io
2.2 Core Services Controller (KYC, AML/CTF, custody, trading, transfers).
ARGOcoin LLC (details in Terms of Service)
Email: [email protected]
2.3 Card Programme Controllers.
Vowallex acts as controller for card programme onboarding and card transaction data to the extent it receives such data. Card Issuers and processors may act as independent controllers under their own notices.
2.4 Privacy enquiries. You may submit privacy requests to: [email protected] (or contact [AT] owncrypto.io). For Core‑layer requests specifically, you may also contact [email protected].
Note: If you are in the EEA/UK and Vowallex/ARGOcoin is required to appoint an EU/UK representative under GDPR/UK GDPR, the representative’s details should be added here.
3.1 Account and contact data: name, email, phone, address, username, business role, support communications.
3.2 Verification (KYC/KYB) data (Core Services): identity documents, selfies/liveness data, date of birth, nationality, proof of address, source of funds/wealth information, UBO data for businesses, and screening results.
3.3 Transaction data: deposits/withdrawals, exchange orders, ledger entries, wallet addresses, transaction identifiers, beneficiary/originator info (including Travel Rule data where required).
3.4 Card programme data: card onboarding data, card tokens/identifiers, card transaction metadata, dispute/chargeback records (subject to programme flows).
3.5 Technical data: device identifiers, IP address, log data, browser data, cookies, security events, fraud signals.
3.6 Marketing data: preferences, campaign interactions, referral identifiers (where applicable).
4.1 Directly from you (forms, uploads, support).
4.2 From third parties: identity verification vendors, blockchain analytics/risk tools, sanctions/PEP screening providers, Card Issuers/processors, and public sources (adverse media) where permitted.
We process personal data for the following purposes and legal bases (as applicable):
5.1 To provide Services and perform the contract (Article 6(1)(b)): account creation, onboarding, customer support, executing transactions, card issuance/management.
5.2 To comply with legal obligations (Article 6(1)(c)): AML/CTF, sanctions, Travel Rule, fraud prevention, recordkeeping, responding to lawful requests.
5.3 Legitimate interests (Article 6(1)(f)): platform security, improving services, preventing abuse, internal analytics, enforcing terms, risk management.
5.4 Consent (Article 6(1)(a)): marketing communications where required, optional cookies, certain biometric processing where required by local law.
6.1 Between providers. Vowallex may transmit data to ARGOcoin for Core Services (including KYC submissions), and may share relevant data with card programme participants for card services.
6.2 With service providers (processors). We use vendors for hosting, analytics, communications, identity verification, compliance tooling, security, and customer support.
6.3 With regulators and law enforcement. We may disclose data where required by Applicable Law or valid legal process.
6.4 With other VASPs/CASPs (Travel Rule). Where required, we share originator/beneficiary information with other providers.
6.5 Corporate transactions. In a merger/acquisition, data may be transferred subject to confidentiality and lawful basis.
7.1 Your data may be transferred to countries outside your jurisdiction (including El Salvador and Kyrgyz Republic).
7.2 Where GDPR applies, transfers will use appropriate safeguards (e.g., Standard Contractual Clauses) where required.
8.1 We retain data as long as necessary for the purposes above, including legal retention periods (often 5–10 years for AML‑related records).
8.2 Retention may be extended where necessary for disputes, investigations, or legal claims.
9.1 We implement appropriate technical and organisational measures (access controls, encryption where appropriate, monitoring, least privilege, incident response).
9.2 No system is 100% secure; you must also protect your credentials and devices.
10.1 Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, object, portability, and withdraw consent.
10.2 You may lodge a complaint with your local supervisory authority (where GDPR applies).
11.1 See the Cookie Policy for details on cookies and choices.
12.1 The Platform is not intended for individuals under 18. We do not knowingly collect children’s data.
13.1 We may update this Privacy Policy. Material changes will be notified.
14.1 This Privacy Policy is governed by the governing law provisions in the Terms of Service, without prejudice to mandatory data protection laws.