Komainu

Privacy Policy

1. General Provisions

This Privacy Policy describes the procedure for the collection, use, storage, processing, transfer, and protection of users’ personal data on the platform.

The Company operates in the field of virtual assets and financial technologies in accordance with the applicable laws of the United Arab Emirates and the requirements of relevant regulatory authorities.

By using the website, mobile application, or any other services of the Company, the user confirms that they have read and understood this Privacy Policy.

2. Scope of the Policy

This Policy applies to:

  • clients and prospective clients;
  • website and platform users;
  • client representatives;
  • beneficial owners;
  • individuals contacting customer support;
  • job applicants.

3. Categories of Data We Collect

Depending on the nature of interaction with the platform, we may collect the following categories of data.

3.1 Identification Data

  • full name;
  • date of birth;
  • citizenship and nationality;
  • passport or identification document details;
  • photographs and verification documents;
  • tax residency information;
  • biometric data used for identity verification.

3.2 Contact Information

  • residential address;
  • email address;
  • phone number;
  • preferred communication language.

3.3 Account and Security Information

  • username and account identifier;
  • login history;
  • information about devices used to access the platform.

3.4 Financial Information

  • banking details;
  • source of funds information;
  • income details;
  • employment information;
  • tax-related information.

3.5 Transaction Information

  • deposit and withdrawal history;
  • trading activity;
  • portfolio information;
  • asset transfer records.

3.6 Blockchain and On-Chain Data

  • cryptocurrency wallet addresses;
  • transaction hashes;
  • blockchain transaction history;
  • AML and blockchain screening results.

3.7 Technical Data

  • IP address;
  • browser and device type;
  • system logs;
  • cookies and analytics information.

3.8 Communications

  • customer support correspondence;
  • live chat communications;
  • recorded phone calls;
  • complaints and inquiries.

4. Sources of Personal Data

We may obtain personal data from the following sources.

4.1 Directly from the User

For example:

  • during account registration;
  • during KYC/AML verification;
  • while funding an account;
  • through use of the platform;
  • through support requests.

4.2 Third Parties

Including:

  • banks and payment providers;
  • KYC/AML service providers;
  • blockchain analytics providers;
  • public registries;
  • sanctions and PEP databases.

4.3 Automatically Collected Information

Certain data is collected automatically through cookies, analytics tools, and monitoring systems when the platform is used.

5. How We Use Personal Data

The Company uses personal data solely for the purpose of providing services, complying with legal obligations, ensuring platform security, and improving service quality. Data processing is carried out fairly, reasonably, and only to the extent necessary to achieve the relevant purposes.

5.1 Account Opening and Maintenance

  • user registration;
  • identity verification;
  • KYC and AML checks;
  • account administration.

5.2 Provision of Services

  • transaction processing;
  • trading operations;
  • asset custody;
  • provision of platform functionality.

5.3 Legal and Regulatory Compliance

  • compliance with AML/CFT obligations;
  • sanctions screening;
  • fraud prevention;
  • cooperation with regulatory authorities.

5.4 Security Purposes

  • protection of accounts and assets;
  • prevention of unauthorized access;
  • monitoring suspicious activity;
  • incident investigations.

5.5 Communications

  • responding to user requests;
  • platform notifications;
  • technical and service communications.

5.6 Analytics and Platform Improvement

  • analysis of platform usage;
  • functionality improvements;
  • development of new services.

5.7 Marketing

Where permitted by law, we may send:

  • news and updates;
  • platform announcements;
  • marketing materials;
  • educational content.

Users may opt out of marketing communications at any time.

6. Legal Basis for Processing

Personal data is processed on the basis of:

  • performance of a contract with the user;
  • compliance with legal obligations;
  • legitimate interests of the Company;
  • user consent;
  • security and fraud prevention purposes.

7. Sharing and Disclosure of Data

The Company follows confidentiality and restricted-access principles when handling personal data. Information is shared with third parties only where there is a lawful basis, contractual necessity, or operational requirement for the functioning of the platform.

The Company does not sell users’ personal data.

Data may be shared with:

7.1 Service Providers

Including:

  • cloud service providers;
  • payment systems;
  • KYC/AML providers;
  • blockchain analytics services;
  • IT and cybersecurity contractors.

7.2 Governmental and Regulatory Authorities

Where required by applicable law or regulatory obligations.

7.3 Banks and Financial Institutions

For transaction processing and AML/CFT compliance purposes.

7.4 Professional Advisors

Including legal, tax, audit, and compliance advisors.

8. International Data Transfers

In certain cases, personal data may be transferred outside the user’s country of residence.

Where international transfers occur, the Company applies reasonable safeguards, including:

  • contractual protections;
  • security requirements;
  • access restrictions;
  • data protection standards.

9. Data Retention

The retention period for personal data depends on the nature of the services provided, legal obligations, and the Company’s internal procedures. We do not retain data longer than objectively necessary for the purposes for which it was collected.

Personal data is retained only for as long as necessary to:

  • provide services;
  • comply with legal requirements;
  • resolve disputes;
  • fulfill Company obligations.

AML/KYC data and transaction-related information may be retained for extended periods in accordance with legal and regulatory requirements.

After the applicable retention period expires, the data will be deleted or anonymized.

10. Data Security

The Company places significant importance on information security and the protection of user data. We implement modern technical and organizational measures aimed at preventing unauthorized access, loss, alteration, disclosure, or destruction of information.

Security measures include:

  • data encryption;
  • access control systems;
  • security monitoring systems;
  • firewalls and cybersecurity tools;
  • regular security assessments.

Despite the measures implemented, no system can guarantee absolute data security.

11. User Rights

Users have the right to obtain information regarding the processing of their personal data and to contact the Company with questions related to privacy and data protection. Such requests are reviewed in accordance with applicable laws and internal procedures.

Users may also:

  • request access to their personal data;
  • correct inaccurate information;
  • submit privacy-related inquiries or complaints.

The Company may request identity verification before processing such requests.

12. Cookies and Tracking Technologies

The platform uses cookies and similar technologies for:

  • operation of the website;
  • security purposes;
  • analytics;
  • saving user preferences;
  • improving user experience.

Users may manage cookie preferences through browser settings.

Disabling certain cookies may affect platform functionality.

13. Marketing Communications

The Company may send informational and marketing materials where legally permitted.

Users may unsubscribe from communications:

  • via the unsubscribe link;
  • through account settings;
  • by contacting customer support.

14. Automated Processing

Certain processes may be carried out automatically, including:

  • identity verification;
  • AML and sanctions screening;
  • transaction monitoring;
  • blockchain risk analysis;
  • antifraud checks.

Where required by law, significant decisions are subject to additional human review.

15. AML and Compliance

The Company operates in accordance with anti-money laundering, counter-terrorist financing, and financial crime prevention laws. As part of these obligations, the Company applies a risk-based approach to user verification and transaction monitoring.

This includes:

  • customer due diligence;
  • enhanced due diligence;
  • transaction monitoring;
  • source of funds verification;
  • sanctions screening;
  • regulatory reporting obligations.

The Company may request additional documents or restrict account functionality where necessary to comply with applicable laws and regulations.

16. Blockchain and Public Networks

Transactions involving virtual assets may be recorded on public blockchain networks.

Such data:

  • may be publicly accessible;
  • may be stored indefinitely;
  • may not always be capable of being modified or deleted.

Blockchain addresses may constitute personal data where they can be linked to an identifiable individual.

17. Minors

The Company’s services are intended only for individuals over the age of 18.

The Company does not knowingly collect personal data from minors.

18. Third-Party Services

The platform may contain links to third-party websites and services.

The Company is not responsible for the privacy policies or content of external resources.

19. Data Breach Notification

In the event of a security incident, the Company may:

  • conduct an internal investigation;
  • take measures to mitigate consequences;
  • notify regulatory authorities where required;
  • notify users where legally necessary.

20. Complaints and Requests

Users may submit complaints or requests related to personal data processing.

The Company reviews such requests within reasonable timeframes and in accordance with applicable law.

21. Changes to the Policy

The Company may update this Privacy Policy from time to time.

The latest version will always be available on the platform.

Continued use of the services following publication of updates constitutes acceptance of the revised Policy.

22. Final Provisions

This Policy forms part of the Company’s legal and compliance framework.

By using the platform, the user acknowledges and agrees to the processing of personal data as described in this Privacy Policy.