Legal Documentation

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, why we collect it, how we protect it, and your rights.

πŸ“–
Official Wealtii DocumentationMaintained by the core development team
Versionv1.0.0
Last UpdatedJune 20, 2026
Sections22
πŸ“… Effective: June 20, 2026
πŸ›‘οΈ support@wealtii.com
βœ“ 81 Clauses
⌘F
πŸ”

Your Privacy Matters

Wealtii is built on a simple promise: your data is yours. We collect only what we need, we protect it with industry-standard security, and we never sell it. You have the right to access, correct, delete, and export your data at any time. Questions? Reach us at .

1.1

About This Privacy Policy

πŸ”—
This Privacy Policy ("Policy") explains how Wealtii ("Wealtii", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use the Wealtii platform, including our website, web application, and related services (the "Services"). Wealtii is currently operated as an independent digital platform by its founder(s). We are committed to protecting your privacy and treating your data with the utmost care from day one - this is a core principle of how we operate, not just a legal requirement.
1.2

Who This Policy Applies To

πŸ”—
This Policy applies to you if you are: (a) a registered user of Wealtii; (b) a visitor to our website; (c) someone who contacts us through customer support; or (d) anyone who interacts with our platform in any way. This Policy should be read alongside our Terms of Service.
1.3

Your Agreement

πŸ”—
By using our Services, you acknowledge that you have read and understood this Policy, and you agree to the collection and use of your data as described here. If you disagree with any part of this Policy, please stop using the Services and close your account. You must be at least 18 years old (or the legal age of majority in your jurisdiction) to use our Services.
1.4

External Links

πŸ”—
Our platform may contain links to third-party websites or services that we do not own or control. This Privacy Policy does not cover those external sites - they have their own privacy policies and practices. We encourage you to review the privacy policies of any third-party sites you visit.
1.5

Changes to This Policy

πŸ”—
We may update this Policy from time to time. When we make important changes, we will: (a) post the updated Policy with a new "Last Updated" date; (b) send an email notification to your registered address; or (c) display a notice on the platform. We encourage you to review this Policy periodically. Your continued use of the Services after any update means you accept the revised Policy.
2.1

Who Is Responsible for Your Data

πŸ”—
Wealtii is responsible for your personal data. We decide how and why your data is processed, and we take that responsibility seriously. Wealtii is currently in an early operational phase and is not yet legally regulated, but we are working towards establishing a formal legal entity. Regardless of our current stage, we hold ourselves to the same data protection standards expected of established financial services platforms.
2.2

How to Reach Us About Your Data

πŸ”—
You can contact us at any time about questions, concerns, or requests related to your personal data: β€’ Privacy & Data Inquiries: β€’ General Support: β€’ Security Reports: We aim to respond to all data-related inquiries within 30 days. If your request is complex, we may need up to 90 days total, and we will let you know if that is the case.
2.3

Why We Process Your Data

πŸ”—
We only process your personal data when we have a valid reason to do so: β€’ To Provide the Service - Processing your data is necessary to operate your account, process transactions, and deliver the platform features you use. β€’ To Comply with the Law - We are required by applicable laws and regulations to verify identities (KYC), monitor for suspicious activity (AML), and keep certain financial records. β€’ For Legitimate Business Reasons - We use your data to prevent fraud, maintain security, and improve our services - but only when these interests do not override your privacy rights. β€’ With Your Consent - For things like marketing emails, we only proceed when you give us clear permission, and you can withdraw that permission at any time.
3.1

Information You Provide to Us

πŸ”—
When you create an account and use Wealtii, we collect information you give us directly: β€’ Account Information: Your email address, a securely encrypted version of your password (we never store your actual password), your country of residence, and optionally your name and phone number. β€’ Identity Verification (KYC): Depending on the level you choose - government-issued ID (passport, national ID, or driver's licence), a selfie photo (for identity matching), proof of address (utility bill, bank statement, or government letter dated within the last 3 months), and related details like document type and submission date. β€’ Transaction Information: Deposit amounts, purchase and sale details, withdrawal addresses and amounts, order types, and related financial data. β€’ Communications: Messages you send through support tickets, email correspondence, feedback, and any files you attach. β€’ Preferences: Your notification settings, display preferences, two-factor authentication settings, and communication opt-in/out choices.
3.2

Information Collected Automatically

πŸ”—
When you use our platform, certain information is collected automatically to maintain security and improve performance: β€’ Device Information: IP address, browser type, operating system, device type, language preferences, and time zone. β€’ Session Information: Login times, session identifiers, and activity timestamps. We enforce one active session per user for your security. β€’ Usage Information: Pages visited, features used, navigation patterns, and time spent on the platform. β€’ Security Information: Login attempt history, account lockout events, password change dates, and two-factor authentication status - all used to keep your account safe.
3.3

Blockchain & Wallet Data

πŸ”—
Because Wealtii operates in cryptocurrency, we collect certain blockchain-related data: β€’ Wallet Addresses: Unique deposit addresses generated for your account using a secure wallet system. Each deposit creates a new address for your privacy and security. β€’ Transaction Records: On-chain transaction identifiers (hashes) for deposits, withdrawals, and transfers as recorded on the blockchain. β€’ Portfolio Data: Your fund holdings, purchase history, asset allocations, and USDT balance. Important: Your private keys are never stored anywhere in our systems. They exist only temporarily in secure memory during the brief moment a transaction is signed, and are immediately discarded. Wallet addresses and transaction records are, by nature, publicly visible on the blockchain.
3.4

Audit & Compliance Records

πŸ”—
To comply with financial regulations and maintain platform integrity, we keep detailed records: β€’ User Activity Logs: Records of account actions including logins, password changes, verification submissions, and security events. Sensitive data (like passwords or tokens) is automatically removed from all logs. β€’ Financial Records: Structured records of all transactions - deposits, purchases, sales, withdrawals, fees, and portfolio changes - with timestamps and reference numbers. β€’ Verification History: A complete record of every step in the identity verification process, including who reviewed it, when, and what the outcome was. β€’ Fee Records: Detailed records of all fees charged, including the type, amount, percentage, and associated transaction.
3.5

Support & Communication Data

πŸ”—
When you contact our customer support: β€’ Ticket Details: Subject, message content, category, priority level, and status throughout the ticket lifecycle. β€’ Messages: All correspondence between you and our support team, including timestamps. β€’ Attachments: Files you upload (images, PDFs, documents - up to 50MB per file), along with file details like name, size, and upload date. β€’ Related References: Where relevant, we link tickets to associated transactions or verification submissions for faster resolution.
3.6

Notification Data

πŸ”—
We track data about the notifications we send you: β€’ Notification Content: Title, message, type (transaction, security, portfolio, etc.), and priority level. β€’ Delivery Status: Whether notifications were delivered and read, and when. β€’ Your Preferences: Your per-category notification settings - you choose what you want to receive and can change these at any time in your account settings. Security alerts (like login notifications) cannot be disabled for your protection.
4.1

Providing & Managing the Services

πŸ”—
We use your data to deliver the services you signed up for: β€’ Account Management: Creating your account, verifying your identity during login, managing your session, enforcing security, and enabling account recovery. β€’ Transaction Processing: Processing USDT deposits (including generating unique deposit addresses and monitoring blockchain confirmations), executing index fund purchases and sales, and processing withdrawals to your specified wallet addresses. β€’ Portfolio Management: Calculating and displaying your holdings, tracking your fund ownership, computing the value of each index fund, and maintaining your USDT balance. β€’ Identity Verification: Reviewing your KYC submissions, checking uploaded documents, and managing your verification level and transaction limits. β€’ Customer Support: Responding to your support tickets, resolving issues, and providing account assistance. Legal Basis: Contractual necessity - we need to process this data to provide you with the services you requested.
4.2

Security & Fraud Prevention

πŸ”—
Keeping you and the platform safe is a top priority. We use your data to: β€’ Protect Your Account: Verifying your identity during login through secure password validation, two-factor authentication, and signed session tokens. β€’ Detect Fraud: Monitoring login patterns, flagging unusual activity, tracking failed login attempts (with automatic temporary lockout after too many failures), and analysing IP patterns. β€’ Enforce Session Security: Allowing only one active session per user. If someone logs in from a new location, your previous session is automatically ended and you are notified. β€’ Prevent Abuse: Monitoring request frequency to block brute-force attacks and automated abuse. This data is temporary and automatically deleted. β€’ Maintain Audit Trails: Keeping records of security events for investigation and compliance. All sensitive data is automatically removed from log entries. Legal Basis: Legitimate interests - protecting the platform and our users from harm.
4.3

Legal & Regulatory Compliance

πŸ”—
We process your data to comply with applicable laws and regulations: β€’ Identity Verification (KYC/AML): Conducting identity checks as required by anti-money laundering and know-your-customer regulations. Wealtii has voluntarily adopted these practices from day one to align with industry standards. β€’ Transaction Monitoring: Watching for suspicious activity patterns, unusual volumes, rapid fund movements, and transactions involving high-risk or sanctioned addresses. β€’ Sanctions Screening: Checking users against international sanctions lists maintained by major governmental authorities including the United States, European Union, United Kingdom, and United Nations. β€’ Record Keeping: Maintaining financial records and verification documents for the periods required by law (typically 5–7 years). β€’ Tax Compliance: Keeping transaction records that may need to be reported to tax authorities as required by applicable law. Legal Basis: Legal obligation - we are required by law to perform these activities.
4.4

Service Improvement

πŸ”—
We use aggregated and anonymised data to make Wealtii better: β€’ Performance Monitoring: Identifying technical issues and optimising platform speed and reliability. β€’ User Experience: Understanding how people use the platform so we can make it easier and more enjoyable. β€’ Business Insights: Analysing overall usage patterns (not individual data) to guide development decisions. We minimise the use of personal data for analytics and rely on aggregated, anonymised information wherever possible. Legal Basis: Legitimate interests - improving our services.
4.5

Communications

πŸ”—
We use your contact information to communicate with you: β€’ Essential Notifications: Deposit confirmations, purchase and sale receipts, withdrawal updates, security alerts (new login detected, password changed), and KYC status updates. These are part of the service and cannot be turned off. β€’ Service Updates: Important changes to the platform, Terms of Service, Privacy Policy, or scheduled maintenance. β€’ Marketing (Optional): With your permission, we may send promotional emails or announcements. You can opt out at any time through your notification settings or by clicking "unsubscribe" in any marketing email. Legal Basis: Contractual necessity (essential and service communications); Consent (marketing).
5.1

What Cookies We Use

πŸ”—
Wealtii uses a minimal set of cookies - only what is strictly necessary for security. We do not use advertising, social media, or third-party tracking cookies. Here is what we use: β€’ Security Cookie (CSRF Protection): A security token that protects your account against cross-site request forgery attacks. This cookie is flagged as HttpOnly and Secure, meaning it cannot be read by JavaScript and only works over encrypted connections. β€’ Authentication: We use securely signed tokens stored in your browser's local storage (not as cookies) to keep you logged in. Your session is managed and secured on the server side. That is it. We do not use: persistent tracking cookies, advertising cookies, social media cookies, or third-party analytics cookies of any kind.
5.2

Local Storage & Session Storage

πŸ”—
Our web application also uses browser storage for: β€’ Login Session: Your authentication token is stored locally with a 24-hour expiry. After that, you need to log in again. β€’ Display Preferences: Theme, layout, and other visual settings are stored locally for convenience. β€’ Temporary State: Form progress and navigation data may be stored temporarily and is cleared when you close the browser tab. You can clear all local storage through your browser settings at any time - you will simply need to log in again.
5.3

Do Not Track Signals

πŸ”—
Wealtii respects Do Not Track (DNT) browser signals. Since we do not track users across websites, serve targeted ads, or use third-party analytics, our platform already operates in line with DNT expectations by default.
5.4

No Tracking Pixels

πŸ”—
Wealtii does not use web beacons (tracking pixels), clear GIFs, or similar invisible tracking technologies on the platform or in our emails.
6.1

Who We Share Data With

πŸ”—
Wealtii does not sell, rent, or trade your personal data. We only share data when strictly necessary: β€’ Email Delivery: We use an email service to send you account-related emails (verification, password reset, security alerts, notifications). Only your email address and the email content are shared. β€’ Blockchain Networks: When processing deposits and withdrawals, transaction data (wallet addresses, amounts, and transaction hashes) is sent to the blockchain. Blockchain transactions are public and permanent by nature. β€’ Market Data Providers: We get real-time cryptocurrency prices from reputable data providers. We only send cryptocurrency pair symbols (like "BTCUSDT") - no personal data is ever shared with these providers. β€’ Secure File Storage: Identity verification documents and support ticket attachments are stored using secure, encrypted cloud storage with strict access controls. All other infrastructure - databases, security systems, and processing systems - is operated on infrastructure under Wealtii's control.
6.2

Legal & Regulatory Disclosures

πŸ”—
We may share your data with law enforcement or government authorities when required by law. This includes: β€’ Responding to valid subpoenas, court orders, or warrants; β€’ Complying with financial regulatory inquiries; β€’ Filing required reports under anti-money laundering laws; β€’ Reporting to tax authorities as required; β€’ Protecting the rights, safety, or property of Wealtii, our users, or the public. We will make reasonable efforts to let you know before disclosing your data, unless we are prohibited by law from doing so.
6.3

Business Transfers

πŸ”—
If Wealtii is ever involved in a merger, acquisition, or sale of assets, your data may be transferred to the new entity. If this happens: (a) the new entity will be bound by data protection obligations at least as strong as this Policy; (b) you will be notified before your data becomes subject to a different privacy policy; and (c) your privacy choices will continue to be respected.
6.4

Anonymised Data

πŸ”—
We may share aggregated, anonymised data that cannot identify you - for example, total platform trading volumes or average portfolio sizes. This type of data is not personal data and is not subject to the restrictions in this Policy.
6.5

We Do Not Sell Your Data

πŸ”—
Wealtii does not sell your personal data - period. We have not sold personal data in the past 12 months and have no plans to do so. We do not share your data with third parties for advertising or cross-site tracking purposes.
7.1

Where Your Data May Go

πŸ”—
Because Wealtii operates online and uses blockchain technology, your data may be processed in different countries: β€’ Our servers may be located in a different country to yours. β€’ Blockchain transactions are processed by a global network of computers and are publicly accessible worldwide. β€’ Email delivery may route through servers in various locations. β€’ File storage services may operate across multiple regions for reliability.
7.2

How We Protect Transferred Data

πŸ”—
When your data crosses borders, we protect it with: β€’ Encryption in transit (TLS/SSL) and at rest; β€’ Access restricted to authorised personnel only; β€’ Contractual obligations that require any service providers to protect your data to the same standards as this Policy; β€’ As Wealtii grows and formalises its legal structure, we intend to adopt Standard Contractual Clauses (SCCs) or equivalent legal mechanisms where required by data protection authorities. By using our Services, you acknowledge that your data may be transferred internationally as described here.
8.1

How Long We Keep Your Data

πŸ”—
We keep your data only as long as necessary - to provide the service, comply with legal requirements, resolve disputes, and enforce our agreements. Once data is no longer needed, we securely delete or anonymise it.
8.2

Specific Retention Periods

πŸ”—
β€’ Account Data: Kept while your account is active, plus a minimum of 5 years after closure (required by financial regulations). β€’ Financial Transaction Records: Minimum 7 years from the transaction date (regulatory and tax requirements). This includes deposits, purchases, sales, withdrawals, and fee records. β€’ Identity Verification (KYC) Documents: Minimum 7 years from your last transaction or account closure, whichever is later (AML/KYC regulations). β€’ Audit Logs: Minimum 7 years from creation. Security and financial logs are maintained as permanent records for compliance. β€’ Support Tickets: Minimum 3 years after the ticket is closed, or longer if needed for ongoing legal matters. β€’ Session Data: Automatically expires after 24 hours of inactivity. β€’ Notifications: Kept for 12 months, then permanently removed after an additional 90-day grace period. β€’ Rejected KYC Documents: Removed 90 days after rejection, unless needed for regulatory or legal purposes.
8.3

What Happens When You Close Your Account

πŸ”—
When you close your account: β€’ Non-essential data is deleted or anonymised within 90 days; β€’ Financial records and audit logs are kept for the legally required period (typically 5–7 years); β€’ KYC documents are kept for the legally required period, then securely destroyed; β€’ If your account was closed for a Terms of Service violation, your email may be kept in a suppression list to prevent re-registration; β€’ If there are pending legal proceedings or unresolved disputes, relevant data is kept until those matters are fully resolved. You can request details about what data is retained after account closure by contacting us at .
9.1

Your Rights at a Glance

πŸ”—
No matter where you are located, Wealtii honours the following privacy rights to the greatest extent possible: β€’ Right to Access - See what personal data we hold about you. β€’ Right to Correction - Fix any inaccurate or incomplete data. β€’ Right to Deletion - Request that we delete your data (subject to legal retention requirements). β€’ Right to Data Portability - Get a copy of your data in a standard format (JSON or CSV). β€’ Right to Object - Object to certain types of data processing. β€’ Right to Restrict Processing - Ask us to limit how we use your data in certain situations. β€’ Right to Withdraw Consent - Take back any consent you previously gave us. β€’ Right to Not Be Profiled - You will not be subject to automated decisions with significant effects without human review. β€’ Right to Non-Discrimination - We will never penalise you for exercising your privacy rights.
9.2

Accessing Your Data

πŸ”—
You can request a full copy of everything we know about you. We will provide: β€’ The types of data we have collected; β€’ The specific data itself; β€’ Where we got it from; β€’ Why we use it; β€’ Who we have shared it with; β€’ How long we keep it; β€’ What rights you have over it. We will deliver this in a commonly used format (JSON or CSV) within 30 days of your request.
9.3

Correcting Your Data

πŸ”—
You can update most of your account information directly through the platform settings - including your name, phone number, and notification preferences. Email address changes require verification and are subject to a 90-day cooldown for security. For anything else, contact us and we will make the correction.
9.4

Deleting Your Data

πŸ”—
You can request deletion of your personal data. However, we may need to keep certain data where: β€’ Financial regulations require us to retain transaction records (typically 5–7 years); β€’ The data is needed for legal proceedings or defence; β€’ We have a legal obligation to keep it; β€’ It is needed for public interest or research purposes. If we cannot fully delete your data, we will tell you exactly why and will limit how it is used to the minimum necessary for compliance.
9.5

Exporting Your Data

πŸ”—
You can request a full export of your data in a portable format. We can provide: β€’ Your account profile; β€’ Complete transaction history (deposits, purchases, sales, withdrawals); β€’ Portfolio holdings and balances; β€’ Notification preferences; β€’ Support ticket history. Contact us at to request an export.
9.6

Objecting to or Restricting Processing

πŸ”—
You can object to data processing based on our legitimate interests. When you do, we will stop processing unless we can demonstrate compelling reasons that override your rights, or the data is needed for legal claims. You can also ask us to restrict processing when: (a) you dispute the accuracy of your data; (b) the processing is unlawful but you prefer restriction over deletion; (c) we no longer need the data but you need it for legal claims; or (d) you have objected and we are verifying our grounds.
9.7

How to Exercise Your Rights

πŸ”—
To use any of your privacy rights: β€’ Email us at with the subject line "Privacy Rights Request"; β€’ Submit a request through the support ticket system in your account; β€’ Email our general support at . Please include your full name, account email, and a clear description of what you are requesting. We may need to verify your identity before processing your request. We will acknowledge your request within 5 business days and provide a full response within 30 days. If we need more time (up to 60 additional days), we will let you know. There is no fee for exercising your rights.
9.8

Filing a Complaint

πŸ”—
If you believe your privacy rights have been violated, you have the right to file a complaint with a data protection authority. In the EU, contact your local Data Protection Authority. In the UK, contact the Information Commissioner's Office (ICO). In California, contact the California Attorney General. We encourage you to reach out to us first at so we can try to resolve the issue directly.
10.1

How We Protect Your Data

πŸ”—
Wealtii implements multiple layers of security to keep your data safe: β€’ Password Security: Your password is encrypted using a strong one-way hashing algorithm before storage. We never store, see, or transmit your actual password. Password reuse is prevented through history tracking. β€’ Encryption in Transit: All data between your browser and our servers is encrypted using TLS/SSL. Our platform enforces HTTPS on every connection. β€’ Session Security: Login tokens are cryptographically signed with a 24-hour expiry and are invalidated when you log out. We enforce one active session per user - if you log in from a new device, the old session ends automatically. β€’ CSRF Protection: We use signed, time-limited security tokens to prevent cross-site request forgery attacks. β€’ Two-Factor Authentication (2FA): You can add an extra layer of security with an authenticator app (such as Google Authenticator or Authy). Backup codes are encrypted and stored securely. β€’ Private Key Security: Your wallet private keys are never stored anywhere in our systems. They exist only briefly in secure memory when a transaction is signed and are immediately discarded. β€’ Multi-Signature Vault: User funds are held in a multi-signature vault that requires multiple authorised approvals for any transaction - providing strong protection against unauthorised transfers.
10.2

Organisational Security

πŸ”—
Beyond technical measures, we maintain strong security practices: β€’ Access Control: Personal data access is restricted to authorised personnel on a strict need-to-know basis. All administrative access is logged. β€’ Single Session Enforcement: Only one login session is allowed per user. New logins automatically end previous sessions. β€’ Automatic Log Sanitisation: All application logs automatically strip sensitive data - passwords, tokens, and keys are replaced with "**REDACTED**" before being recorded. β€’ File Upload Protection: All uploaded files (KYC documents, support attachments) go through validation including type checking, size limits (10MB for KYC, 50MB for support), and integrity verification. β€’ Incident Response: We have procedures in place to detect, contain, and remediate security incidents. If a breach affects your data, we will notify you and the relevant authorities promptly (see Section 21). β€’ Ongoing Reviews: We regularly review our security practices, access controls, and data processing to identify and fix potential vulnerabilities.
10.3

Infrastructure Security

πŸ”—
Our infrastructure is built with security at every layer: β€’ Database Security: Encrypted connections, protection against injection attacks, and regular backups. β€’ Network Security: Firewalls, intrusion detection, and rate limiting to block unauthorised access and abuse. β€’ Application Security: Input validation, content security policies, and protection against common web attacks (XSS, CSRF, injection). β€’ Automated Processing: Secure systems handle deposits, withdrawals, and other operations with encrypted communications. No security system is perfect - while we use industry-standard measures to protect your data, we cannot guarantee absolute security. You are responsible for keeping your login credentials safe, enabling two-factor authentication, and reporting any suspected unauthorised access immediately.
10.4

Data-at-Rest Protection

πŸ”—
Your data is protected even when it is sitting in our systems: β€’ Database Encryption: Connections are encrypted and access is restricted to authorised application servers only. β€’ File Encryption: KYC documents and support attachments are encrypted at rest using AES-256 encryption with strict access controls. β€’ Sensitive Fields: Certain highly sensitive data (like 2FA secrets and backup codes) has additional encryption beyond standard database protections. β€’ Log Protection: Application logs are sanitised before writing to remove any accidentally captured sensitive data. Logs have restricted permissions and follow rotation and retention policies. β€’ Backup Security: Database backups are stored in access-controlled locations with limited personnel access and audit logging.
10.5

Vulnerability Management

πŸ”—
We actively work to find and fix security issues: β€’ Dependency Monitoring: We regularly update third-party libraries and monitor for known vulnerabilities. β€’ Code Review: All changes undergo review before deployment, with extra scrutiny for security-sensitive code. β€’ Input Validation: Every user input is validated and sanitised to prevent injection attacks, cross-site scripting, and other exploits. β€’ Safe Error Handling: Error messages are designed to be helpful without leaking sensitive system details. β€’ Responsible Disclosure: We welcome security researchers to report vulnerabilities to . We commit to acknowledging reports within 48 hours and providing an initial assessment within 5 business days.
11.1

Age Restriction

πŸ”—
Wealtii is not intended for anyone under 18 years of age. We do not knowingly collect data from minors. If you are under 18, you must not use the platform or create an account.
11.2

If We Discover a Minor's Data

πŸ”—
If we become aware that we have collected data from someone under 18 without appropriate consent, we will immediately delete that data and terminate the account. If you are a parent or guardian and believe your child has created an account, please contact us at so we can take action.
11.3

Age Verification

πŸ”—
Our identity verification (KYC) process requires government-issued identification showing the user's date of birth, which serves as an inherent age check. We are committed to complying with children's privacy protection laws including COPPA and equivalent legislation in applicable jurisdictions.
12.1

What We Automate

πŸ”—
Wealtii uses some automated processes to keep the platform running smoothly: β€’ Transaction Monitoring: Automated systems flag transactions that may indicate suspicious activity. Flagged items are always reviewed by a real person before any action is taken on your account. β€’ Rate Limiting: Automated limits on certain actions (login attempts, verification requests) to prevent abuse. These are based on simple thresholds, not profiling. β€’ Document Validation: Automated checks verify file formats and sizes during KYC submission. The actual review of your documents is done by a real person. β€’ Session Security: Automatic enforcement of single-session rules and temporary lockouts after repeated failed login attempts.
12.2

Human Oversight

πŸ”—
We do not make important decisions about your account using only automated systems. Real people are involved in: β€’ KYC decisions - approval, rejection, or requests for resubmission; β€’ Account suspension or termination; β€’ Review of flagged transactions; β€’ Substantive support responses. If any automated process significantly affects you, you have the right to: (a) request human review; (b) share your perspective; and (c) challenge the decision. Contact us at to exercise these rights.
13.1

Our Commitment to GDPR Principles

πŸ”—
Wealtii voluntarily aligns its data practices with the principles of the General Data Protection Regulation (GDPR), even during our early operational stage: β€’ Lawfulness & Transparency: We process data lawfully and clearly explain how it is used in this Policy. β€’ Purpose Limitation: We collect data for specific, stated purposes and do not use it for anything else. β€’ Data Minimisation: We only collect what is necessary - nothing more. β€’ Accuracy: We keep data up to date and give you tools to correct it. β€’ Storage Limitation: We only keep data as long as genuinely needed. β€’ Security: We implement strong technical and organisational safeguards. β€’ Accountability: We take responsibility for how we handle your data and can demonstrate our practices.
13.2

Rights of EEA, UK & Swiss Users

πŸ”—
If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR including: access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), data portability (Article 20), objection (Article 21), automated decision-making protections (Article 22), consent withdrawal (Article 7(3)), and the right to lodge a complaint with your local supervisory authority (Article 77). We process requests from EEA users within GDPR timelines - 30 days, with the possibility of a 60-day extension for complex requests.
13.3

Data Protection Assessments

πŸ”—
Where our processing is likely to create high risks to user privacy - such as large-scale identity verification or transaction monitoring - we conduct Data Protection Impact Assessments (DPIAs) to identify risks and implement appropriate safeguards. The results of these assessments directly inform our data protection practices.
14.1

California Consumer Rights

πŸ”—
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA): β€’ Right to Know: Request what personal information we have collected, where it came from, and who we have shared it with. β€’ Right to Delete: Request deletion of your personal information (subject to legal exceptions). β€’ Right to Correct: Request correction of inaccurate information. β€’ Right to Opt-Out of Sale: We do not sell your data (see Section 6.5), but you have the right to opt out. β€’ Right to Limit Sensitive Data Use: Limit the use of sensitive personal information to what is necessary for the service. β€’ Right to Non-Discrimination: We will not penalise you for exercising your rights.
14.2

What We Have Collected

πŸ”—
In the past 12 months, we have collected: identifiers (email, name, IP address, user ID), personal information (name, address from KYC documents), protected classifications (date of birth, nationality from ID documents), commercial information (transaction records, portfolio holdings), internet activity (browsing history on our platform, login data), geolocation (approximate location from IP address), biometric information (selfie photos for KYC), and sensitive personal information (government ID numbers, financial account data). We collect this information for the purposes described in Section 4.
14.3

Exercising CCPA Rights

πŸ”—
To exercise your CCPA rights, email with the subject line "CCPA Privacy Request", or contact our support team at . We will verify your identity before processing your request and respond within 45 days (with the possibility of a 45-day extension if needed). You may also designate an authorised agent to submit a request on your behalf with a signed written authorisation.
14.4

Financial Information Note

πŸ”—
Some personal information collected by Wealtii may be exempt from certain CCPA rights under financial privacy laws (such as the Gramm-Leach-Bliley Act). Even where exemptions apply, we strive to honour your privacy rights to the greatest extent possible.
15.1

How We Notify You

πŸ”—
When we update this Policy, we will: β€’ Update the "Last Updated" date at the top; β€’ For important changes (new data types collected, new sharing partners, changes to your rights), we will email you and display a notice on the platform; β€’ For minor changes (wording adjustments, formatting), we will update the date without individual notice. For important changes, we will give you at least 30 days' notice before the changes take effect.
15.2

Your Choices

πŸ”—
Your continued use of the Services after changes take effect means you accept the updated Policy. If you disagree with any changes: (a) stop using the Services; (b) close your account; and (c) contact us if you have questions about how the changes affect your data.
15.3

Version History

πŸ”—
Previous versions of this Policy are available on request by contacting . The current version is 1.0.0, effective June 20, 2026.
16.1

How to Reach Us

πŸ”—
For questions about this Privacy Policy or your personal data: β€’ Privacy & Data Requests: β€’ General Support: β€’ Security Reports: β€’ In-Platform: Submit a support ticket for account-specific inquiries. We aim to respond within 5 business days and process data requests within the timeframes required by law (30 days under GDPR, 45 days under CCPA).
16.2

Complaints & Disputes

πŸ”—
If you believe your privacy rights have been violated, please contact us first at . We will investigate and aim to resolve your concern within 30 days. If you are not satisfied with our response, you can file a complaint with: β€’ European Economic Area (EEA): Your local Data Protection Authority (DPA) - see the European Data Protection Board website for a full list. β€’ United Kingdom: The Information Commissioner's Office (ICO) at ico.org.uk. β€’ California: The California Attorney General at oag.ca.gov. β€’ Other Jurisdictions: The relevant data protection authority in your country. We cooperate fully with data protection authorities in resolving complaints.
17.1

Key Definitions

πŸ”—
β€’ "Account" - Your registered user account on Wealtii. β€’ "AML" - Anti-Money Laundering. Laws and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. β€’ "Blockchain" - A distributed digital ledger that records transactions across many computers, making records transparent and tamper-resistant. β€’ "CCPA" - The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020. β€’ "Controller" / "Data Controller" - The entity that determines why and how personal data is processed (in this case, Wealtii). β€’ "Cookies" - Small text files placed on your device by websites you visit. β€’ "CSRF" - Cross-Site Request Forgery. A type of attack that tricks your browser into making unwanted requests. Our CSRF cookie protects against this. β€’ "Data Subject" - You - the person whose personal data is being processed. β€’ "GDPR" - The General Data Protection Regulation (EU) 2016/679. Europe's comprehensive data protection law. β€’ "KYC" - Know Your Customer. The process of verifying a user's identity to prevent fraud and comply with financial regulations. β€’ "Multi-Signature Vault" - A secure digital vault that requires multiple authorised approvals before any funds can be moved. β€’ "NAV" - Net Asset Value. The per-unit value of an index fund, calculated by dividing the total fund value by the number of outstanding units.
17.2

Additional Definitions

πŸ”—
β€’ "Personal Data" - Any information that can identify you, directly or indirectly - including your name, email, IP address, financial records, and more. β€’ "Platform" - The Wealtii website, web application, and all associated tools and services. β€’ "Processing" - Anything done with personal data: collecting, storing, using, sharing, or deleting it. β€’ "Services" - Everything Wealtii offers through the platform. β€’ "TOTP" - Time-based One-Time Password. A temporary code generated by an authenticator app (like Google Authenticator) used for two-factor authentication. β€’ "USDT" - Tether. A stablecoin cryptocurrency pegged to the value of the US Dollar, used for deposits and withdrawals on Wealtii.
18.1

Blockchain Transparency

πŸ”—
If you use Wealtii, you should understand that blockchain networks are transparent by design: β€’ All transactions on the blockchain are publicly visible and permanently recorded. Anyone with a blockchain explorer can see transaction details, wallet addresses, token amounts, and timestamps. β€’ Deposit addresses generated for your account are visible on the blockchain. While they are not publicly linked to your identity by Wealtii, sophisticated analysis techniques could potentially associate addresses with identities. β€’ Withdrawal transactions from our vault to your wallet are also publicly recorded. β€’ Once a transaction is confirmed on the blockchain, it cannot be deleted, changed, or reversed. This means the right to erasure does not extend to data committed to a public blockchain - deletion is technically impossible. We take reasonable steps to protect the connection between your identity and your blockchain activity, but we cannot guarantee complete anonymity on a public blockchain.
18.2

Wallet & Key Security

πŸ”—
Your wallet security is one of our highest priorities: β€’ Unique Addresses: Each deposit generates a unique wallet address for your privacy and security. No two deposits use the same address. β€’ Private Keys Never Stored: Your private keys are never written to disk, never logged, and never stored in any database. They exist only momentarily in secure server memory during transaction signing and are immediately discarded. β€’ Secure Architecture: Our wallet system uses industry-standard cryptographic methods to generate and manage addresses. The underlying security infrastructure is designed to protect your funds even in the event of partial system compromise. β€’ Deposit Attribution: We track which addresses belong to which accounts so that incoming deposits are correctly credited to you.
18.3

Vault & Fund Operations

πŸ”—
User deposits are transferred to a shared multi-signature vault. Here is what that means for your privacy: β€’ Aggregation Privacy: Because individual deposits are combined in the vault, it becomes more difficult for outside observers to trace funds to specific users. β€’ Multi-Signature Security: Any movement of funds from the vault requires multiple authorised approvals, and these approval events are visible on the blockchain. β€’ Efficient Processing: Deposits and withdrawals are processed in batches where possible, which further reduces the ability to link individual users with specific on-chain transactions.
18.4

Price Data & Market Information

πŸ”—
We get real-time cryptocurrency prices from reputable market data providers. The important thing to know: β€’ No Personal Data Shared: Our price queries contain only cryptocurrency symbols (like "BTCUSDT"). No user data - no names, no wallets, no holdings - is ever sent to these providers. β€’ Public Data: The price information we use is publicly available market data that we cache locally for faster performance. β€’ Secure Delivery: Real-time price updates are delivered to you over encrypted connections. These connections do not store any of your personal data.
19.1

Transaction Privacy

πŸ”—
Each type of transaction has specific privacy considerations: β€’ Deposits: We record the blockchain transaction hash, deposit address, confirmed amount, block confirmations, and timestamp. This is linked to your account and visible only to you and authorised administrators. β€’ Purchases: We record the fund, units purchased, price per unit, total cost, and the fee (0.75% purchase fee). These records are kept for a minimum of 7 years as required by financial regulations. β€’ Sales: Similar to purchases - fund, units sold, price, proceeds, fee (0.75% sell fee), and gain/loss calculation. Also retained for 7 years. β€’ Withdrawals: We record the destination wallet, amount, network fee, transaction hash, approval status, and timestamps. Withdrawal fee: 0.75% capped at $25. β€’ Deposits: Free - no deposit fees. β€’ Refunds: Overpayment refunds incur a 0.5% processing fee. All fees are transparently recorded with full references to the underlying transaction.
19.2

Portfolio Privacy

πŸ”—
Your portfolio data is treated with the highest level of confidentiality: β€’ Your fund holdings, purchase history, and current valuations are stored securely and accessible only to you (through your authenticated session) and to authorised administrators for support and compliance purposes. β€’ Your USDT balance is maintained with decimal precision and updated in real-time as transactions are processed. Balance history is preserved through transaction records. β€’ Portfolio calculations (fund values, performance, allocations) are computed in real-time and are not shared with any third party. β€’ Real-time portfolio updates are delivered over encrypted connections and no data is retained after the connection closes.
19.3

Anti-Money Laundering Processing

πŸ”—
As part of our voluntarily adopted Anti-Money Laundering (AML) practices, we process certain data for compliance: β€’ Transaction Monitoring: We watch for suspicious patterns including rapid deposits and withdrawals, activity inconsistent with your profile, structuring designed to avoid reporting thresholds, and transactions involving flagged addresses. β€’ Verification Thresholds: We track your cumulative activity against KYC tier limits - Basic verification ($10,000 lifetime), Intermediate ($100,000 daily), and Advanced (unlimited). If you approach a limit, additional verification may be required. β€’ Suspicious Activity: Flagged transactions are reviewed by authorised personnel. If suspicious activity is confirmed, we may be required to file a report with the relevant authorities without notifying you (as "tipping off" is prohibited by most AML regulations). β€’ Sanctions Screening: User information is checked against international sanctions lists at account creation and periodically throughout the account lifecycle. AML processing is a legal requirement and cannot be opted out of.
20.1

How Your Account Is Protected

πŸ”—
Wealtii provides multiple layers of protection for your account: β€’ Password: Your password is hashed with a strong one-way algorithm - it is mathematically impossible to reverse. We recommend a unique password of at least 8 characters. β€’ Two-Factor Authentication (2FA): You can enable authenticator app-based two-factor authentication (Google Authenticator, Authy, Microsoft Authenticator). When enabled: (a) the 2FA secret is securely stored; (b) encrypted backup recovery codes are generated; (c) each login requires both your password and a valid 6-digit code from the app; (d) failed 2FA attempts are logged. β€’ One-Time Passwords (OTP): For sensitive operations like email verification, we send a 6-digit code to your email that is valid for 10 minutes and automatically expires after use. β€’ Session Tokens: A cryptographically signed token with a 24-hour lifetime is created when you log in. Only one session is allowed at a time - logging in from a new device automatically ends your previous session. β€’ Account Lockout: Too many failed login attempts will temporarily lock your account to prevent brute-force attacks.
20.2

Email Change Security

πŸ”—
Changing your email address is treated as a high-security action: β€’ 90-Day Cooldown: You can only change your email once every 90 days. β€’ Verification Required: The new email must be verified through a confirmation link before the change takes effect. β€’ Old Email Notified: Your original email address receives a notification about the change. If you did not request it, you can contact us immediately. β€’ Sessions Terminated: All active sessions are ended when an email change is completed.
20.3

Privacy Controls You Can Manage

πŸ”—
You have control over your privacy through your account settings: β€’ Notification Preferences: Choose exactly which notifications you want - transaction confirmations, portfolio updates, security alerts, price alerts, marketing, and more. Security-critical alerts (login notifications, password changes) stay on for your protection. β€’ Marketing Opt-Out: Unsubscribe from all marketing at any time through settings or the unsubscribe link in any marketing email. β€’ Data Export: Request a complete export of your data in JSON or CSV format by contacting . β€’ Account Closure: Request account closure at any time. Non-essential data is removed within 90 days; legally required records are kept for the applicable retention period. β€’ Support Privacy: Support ticket conversations are visible only to you and authorised support staff - never to other users or external parties.
21.1

How We Handle Breaches

πŸ”—
We have procedures in place to detect and respond to data breaches quickly: β€’ Detection: Continuous monitoring for signs of unauthorised access or data exfiltration. β€’ Assessment: Immediate evaluation of the scope, affected data, number of users impacted, and potential consequences. β€’ Containment: Swift action to stop the breach - revoking credentials, isolating systems, blocking malicious access, and rotating security keys as needed. β€’ Remediation: Fixing the root cause and implementing measures to prevent recurrence. β€’ Documentation: Every breach is fully documented regardless of severity.
21.2

How We Will Notify You

πŸ”—
If a data breach is likely to affect your rights: β€’ Authorities: We will notify the relevant data protection authority within 72 hours where required by law. β€’ You: We will notify you without undue delay, with clear details about: what happened, what data was affected, what consequences are possible, what we are doing about it, and how to contact us. β€’ How: Notifications will be sent to your registered email. If email is not feasible, we will use prominent notices on the platform. We may not need to notify you individually if: (a) the affected data was encrypted and unreadable; (b) we have eliminated the risk; or (c) individual notification would be impractical, in which case we will make a public announcement.
22.1

Transparency About Our Stage

πŸ”—
We believe in being upfront with you: β€’ Wealtii is currently operated by its founder(s) and is not yet registered as a formal legal entity. We intend to complete appropriate business registration within the first year of operation. β€’ Certain regulatory licenses and registrations may be in progress. We have voluntarily adopted industry-standard data protection practices, identity verification procedures, and security measures from the very start - because we believe your data deserves protection from day one, not only when regulations require it. β€’ The protections in this Privacy Policy reflect our genuine commitment to your privacy. As we grow, these protections will only get stronger. β€’ References to "the Company" in this Policy refer to the Operator of Wealtii. All obligations described here are binding on the Operator.
22.2

Restricted Jurisdictions

πŸ”—
Wealtii does not serve users in jurisdictions subject to comprehensive sanctions. If we determine a user is in a restricted jurisdiction, we may suspend or terminate their account, freeze assets pending regulatory guidance, and report the activity as required by law. Detailed restrictions are described in our Terms of Service.
22.3

Governing Law

πŸ”—
This Policy is governed by the laws of the jurisdiction where the Operator primarily operates. As Wealtii is in its early stage and the formal legal entity is not yet established, the specific governing law will be determined by the Operator's primary location when any dispute arises. Disputes will be resolved through: (a) good-faith negotiation; (b) mediation; and (c) if necessary, arbitration or litigation. Nothing in this section limits your right to file a complaint with a data protection authority.
22.4

Final Provisions

πŸ”—
If any part of this Policy is found to be invalid or unenforceable, the rest remains in full effect. The invalid part will be modified to the minimum extent needed to make it valid while preserving its intent. This Policy, together with our Terms of Service, constitutes the complete agreement between you and Wealtii regarding the handling of your personal data. If there is any conflict between this Policy and the Terms about data privacy, this Policy takes priority. This Policy is available in English. If translated into other languages, the English version controls in case of any discrepancy.
❓

Frequently Asked Questions

Quick answers about your privacy on Wealtii

πŸ“Š

What personal data does Wealtii collect?

We collect your email, an encrypted version of your password, identity verification documents (if you choose to verify), transaction records, wallet addresses, device/browser information, and support communications. Section 3 has the full breakdown.

🚫

Does Wealtii sell my personal data?

No - never. Wealtii does not sell, rent, or trade your personal data to anyone. We have not sold data in the past 12 months and have no plans to. See Section 6.5.

πŸ—„οΈ

How long does Wealtii keep my data?

It depends on the type: financial records are kept for 7 years (regulatory requirement), KYC documents for 7 years, audit logs for 7 years, session data for 24 hours, and notifications for 12 months. Full details in Section 8.2.

πŸ›‘οΈ

What are my privacy rights?

You can access, correct, delete, export, and restrict your personal data. You can also object to processing and withdraw consent at any time. These rights apply wherever you are. Contact us at . See Section 9.

πŸ”’

How does Wealtii protect my data?

Multiple layers: strong password hashing, TLS/SSL encryption, signed session tokens with 24-hour expiry, CSRF protection, optional two-factor authentication, multi-signature fund vault, single-session enforcement, and automatic log sanitisation. See Section 10.

πŸͺ

Does Wealtii use cookies or tracking?

We use one strictly necessary security cookie (CSRF protection) and nothing else. No advertising cookies, no social media tracking, no third-party analytics, no tracking pixels. See Section 5.

🀝

Who does Wealtii share my data with?

Only when necessary: an email provider (for sending notifications), blockchain networks (transactions are public by nature), and market data providers (only crypto symbols, no personal data). We may also share data with authorities when legally required. See Section 6.

πŸšͺ

How can I delete my account and data?

Request account closure through settings or support. Non-essential data is deleted within 90 days. Financial and KYC records are kept for the legally required period (5–7 years), then securely destroyed. You can request a data export first. See Sections 8.3 and 9.4.

πŸ‡ͺπŸ‡Ί

Is Wealtii aligned with GDPR?

Yes. Wealtii voluntarily aligns with GDPR principles from day one - lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, security, and accountability. We honour all GDPR rights regardless of your location. See Section 13.

πŸ‡ΊπŸ‡Έ

What about California privacy rights (CCPA)?

California residents have rights to know, delete, correct, and opt out under the CCPA/CPRA. We do not sell personal information. You can exercise your rights by contacting . We respond within 45 days. See Section 14.

πŸ”‘

Are my private keys stored by Wealtii?

No. Your wallet private keys are never stored anywhere in our systems - not in databases, not in files, not in logs. They exist only briefly in secure server memory during transaction signing and are immediately discarded. See Section 18.2.

🏒

What happens to my data if Wealtii is acquired?

Your data may transfer to the acquiring entity, but they must honour data protections at least as strong as this Policy. You will be notified before your data is subject to a different policy. See Section 6.3.

πŸ“¦

Can I export all my data?

Yes. You have the right to a full export of your account data, transaction history, portfolio holdings, preferences, and support tickets in JSON or CSV format. Contact to request an export. See Section 9.5.

⛓️

How does blockchain affect my privacy?

Blockchain transactions are publicly visible and permanent. While we protect the link between your identity and on-chain activity, complete anonymity on a public blockchain cannot be guaranteed. Wallet addresses and transaction details are permanently recorded. See Section 18.1.

🚨

What is Wealtii's data breach policy?

We will notify the relevant authority within 72 hours and notify affected users without undue delay. Notifications include what happened, what data was affected, what we are doing about it, and how to contact us. See Section 21.