Privacy Policy

1. Introduction

Welcome to LocalPay, a non-custodial cryptocurrency wallet provided by BESPOKE TECHNICAL LEADERSHIP LTD. Your privacy and the security of your assets are our highest priorities.

This policy is built on a fundamental principle: LocalPay is a non-custodial wallet. This means:

• We NEVER have access to your private keys, seed phrase (recovery phrase), or passwords.
• We NEVER have custody or control over your cryptocurrency assets.
• You, and only you, are in full control of your funds.

This privacy policy explains what limited personal data we collect, why we collect it, and how we protect it, in compliance with the UK General Data Protection Regulation (UK GDPR).

BESPOKE TECHNICAL LEADERSHIP LTD ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our LocalPay mobile application and related services (collectively, the "Service").

The entity responsible for your personal data (the "data controller") is:

• Company Name: BESPOKE TECHNICAL LEADERSHIP LTD
• Company Registration Number: 15962086
• Registered Address: 124 City Road, EC1V 2NX, London, United Kingdom

This Privacy Policy applies to information we collect through our Service, in email, text, and other electronic communications sent through or in connection with our Service.

Important Note About Our Service: The LocalPay Service is provided by BESPOKE TECHNICAL LEADERSHIP LTD, a company registered in the United Kingdom, which acts as the data controller for your personal information. BESPOKE TECHNICAL LEADERSHIP LTD is registered with the Information Commissioner's Office (ICO) in the UK. LocalPay is currently in beta.

When using third-party service providers, e.g. stablecoin off-ramp providers, they may act as independent data controllers for the personal data shared to process your transactions. We recommend reviewing their privacy policies.

Access might be limited to new users.

Please read this Privacy Policy carefully before using our Service. If you do not agree with our policies and practices, please do not use our Service. By using our Service, you acknowledge that you have read and understood this Privacy Policy. Your use of the Service does not constitute consent to the processing of your personal data. We rely primarily on legitimate interest and legal obligations as explained in Section 4. Where consent is required, such as for marketing communications, we will ask for it explicitly.

For any questions about this policy or your data, please contact us at privacy@localpay.asia

2. Definitions

To help you better understand this Privacy Policy, we use the following terms:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
• Data Subject: A natural person whose personal data is processed.
• Data Controller: The entity that determines the purposes and means of processing personal data (in this case, BESPOKE TECHNICAL LEADERSHIP LTD).
• Data Processor: An entity that processes personal data on behalf of the data controller.
• User: Any individual who uses our Service.
• Payment Service Provider (PSP): Third-party entities that facilitate payment processing.
• Automated Decision-Making: Any process that evaluates personal aspects by automated means without human intervention.
• Special Category Data: Sensitive personal data revealing racial or ethnic origin, political opinions, religious beliefs, health data, etc.
• Suspicious Activity: Transactions or behaviors that may indicate unauthorized access or fraudulent activity.
• Beneficial Owner: The natural person(s) who ultimately owns or controls a customer or the person on whose behalf a transaction is being conducted.
• Off-ramp Provider: Third-party entities that facilitate the conversion of stablecoins to fiat currency and handle related transaction processing.
• Fiat Transaction: A transaction involving the exchange of stablecoins for traditional currency (e.g., GBP, USD) processed through a third-party off-ramp provider.

3. Information We Collect

We adhere to the principle of data minimization and collect only the information necessary to provide our Service. The specific types of information we might collect include:

3.1 User Profile Information

• Email address (necessary for user profile creation and communications)
• Username or display name (necessary for user profile identification)
• Password (stored in encrypted form using industry-standard encryption)
• Profile information (such as profile picture, optional)
• Communication preferences (necessary to respect your contact preferences)

3.2 Transaction Information

• Transaction history (date, time, amount, recipient)
• Transaction notes or descriptions
• Exchange rates applied
• Service fees
• Off-ramp transaction status and confirmations from third-party providers

3.3 Device and Technical Information

• Device type, model, and operating system
• IP address
• Browser type and version
• Mobile device identifiers
• Geolocation data (collected only with your explicit permission)
• Log data (such as access times, app features used)
• Diagnostic data (crash reports, performance data)
• VPN or proxy detection information

3.4 Communications

• Customer support inquiries and correspondence
• Responses to surveys or feedback requests
• Marketing communications preferences

3.5 Off-Ramp Specific Information

When you use third-party off-ramp services:

• Payment details (e.g., bank account, IBAN, or other fiat transfer information)
• Additional identity verification data required by the off-ramp provider (e.g., proof of address or source of funds)
• Transaction metadata shared with or received from the off-ramp provider (e.g., payout amounts, fees charged by the provider)

This data is only collected if you opt to use off-ramp features and is minimised to what's necessary.

We do not collect any Special Category Data unless required by law for specific purposes.

3A. Know Your Customer (KYC) Requirements

To comply with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, we require users to complete a Know Your Customer (KYC) process. This involves providing a valid government-issued ID, a selfie, and, in some cases, proof of address. KYC verification is carried out by a trusted third-party provider that complies with UK GDPR and international data protection standards. All personal information is processed securely and only for the purpose of verifying identity and meeting legal obligations.

KYC verification is mandatory for users engaging in off-ramp transactions to comply with AML/CTF regulations applicable to fiat conversions. The third-party KYC provider may share verification results with off-ramp providers as needed to process your requests.

4. How We Use Your Information

We use the information we collect for specific, explicit, and legitimate purposes, including:

4.1 Service Provision and User Profile Management

• Creating and managing your User Profile
• Processing your transactions
• Providing customer support
• Sending service-related notifications
• Maintaining and improving our Service

Legal basis: Contract performance (necessary to provide the Service you have requested), legitimate interests (to improve our Service)

4.2 Verification Processes

• Verifying your identity
• Determining appropriate transaction limits
• Preventing fraud and unauthorized access
• Verifying beneficial ownership where applicable
• Sharing verification data with third-party service providers to enable their services (e.g. off-ramps) and ensure compliance with their regulatory requirements

Legal basis: Contract performance, legitimate interests (to protect our Service and users)

4.3 Communications

• Responding to your inquiries
• Providing important updates about our Service
• Sending marketing communications (only with your explicit consent)
• Conducting surveys to improve our Service

Legal basis: Legitimate interests (to respond to your inquiries and improve our Service), consent (for marketing communications)

4.4 Legal Compliance

• Complying with applicable laws and regulations
• Responding to legal requests and preventing harm
• Enforcing our Terms of Service
• Establishing, exercising, or defending legal claims
• Sharing transaction and KYC data with off-ramp providers to meet AML/CTF obligations for fiat-related activities.

Legal basis: Legal obligation, legitimate interests (to enforce our terms and protect our rights)

4.5 Automated Decision-Making

We use automated decision-making in the following circumstances:

• Transaction monitoring: Automated systems analyze transaction patterns to detect potentially fraudulent activity using risk-based algorithms that consider factors such as transaction size, frequency, geographic location, and counterparty risk.
• Suspicious activity detection: Automated systems flag unusual patterns that may indicate unauthorized access or fraudulent activity.
• Off-ramp eligibility: Automated assessment of user verification status and transaction history to determine if off-ramp requests can proceed, with human review available.

Legal basis: Primarily legal obligation (for AML/CTF) and contract performance (to provide access to the third-party off-ramp provider feature).

These processes are subject to human review by our security team, and you have the right to:

• Obtain human intervention
• Express your point of view
• Contest the decision

To exercise these rights, please contact us using the details in Section 13.

5. Information Sharing and Disclosure

We share your personal information only in the specific circumstances described below:

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

• Cloud hosting providers
• Customer support platforms
• Analytics providers
• KYC verification providers
• Off-ramp providers

5.2 Legal Requirements

We may disclose your information if required by law or to protect our rights and the rights of others. This may include disclosures to off-ramp providers or regulatory authorities in connection with fiat transactions.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5.4 Off-Ramp Providers

We may share your personal information, transaction details, and KYC data with third-party off-ramp providers to:

• Process your off-ramp requests
• Verify your identity and eligibility
• Comply with regulatory requirements

These providers are independent data controllers or processors and are required to protect your data in accordance with applicable laws. We only share the minimum data necessary and encourage you to review their privacy policies before using the feature.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is completely secure. We require third-party providers to implement equivalent security measures through contractual agreements.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

To exercise these rights, please contact us at privacy@localpay.asia

When exercising your rights, note that data held by third-party service providers may need to be requested directly from them, as they act as separate data controllers.

9. International Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers are made in accordance with applicable data protection laws.

When using third-party off-ramp services, transfers to off-ramp providers located outside the UK may occur. We use Standard Contractual Clauses or other approved mechanisms to ensure adequate protection.

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date.

12. Complaints

If you have concerns about how we handle your personal data, you can contact us at privacy@localpay.asia. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

13. Contact Information

If you have any questions about this Privacy Policy, please contact us at:

Email: privacy@localpay.asia

Address: BESPOKE TECHNICAL LEADERSHIP LTD
124 City Road, EC1V 2NX
London, United Kingdom