Privacy Policy

Effective as of: January 12, 2026

This Privacy Policy describes how Zentopayments S.L ("We", "Us", "Our") collects, uses, and shares your personal data when you use the ZentoVault application ("Application") and our services ("Services").

1. Data Controller

The data controller responsible for your personal data is:

To the extent we process your data upon the instructions of Striga Technology OÜ (our third-party service provider for Virtual Asset and Virtual IBAN services), we act as a data processor. For any additional personal data processing for our own purposes, we act as a data controller.

2. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide

• Identity Data: First name, last name, date of birth, nationality, government-issued identification documents
• Contact Data: Email address, phone number, residential address
• Account Data: Username, password (encrypted), account preferences
• Financial Data: Bank account details, transaction history, wallet addresses
• Verification Data: Identity verification documents, proof of address, selfie photos for KYC purposes

2.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, device type, operating system
• Usage Data: Pages visited, time spent on pages, click patterns, features used
• Location Data: Approximate location based on IP address

2.3 Information from Third Parties

• Identity Verification: Results from identity verification services
• Financial Information: Transaction data from payment processors and banking partners

3. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

4. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

4.1 Third-Party Service Providers

• Striga Technology OÜ (Sepapaja 6, Tallinn, Estonia) - Our licensed Virtual Asset Service Provider that provides Virtual Asset services and Virtual IBAN issuing. Striga processes your data as a data controller for regulatory compliance purposes.
• Identity Verification Providers - For KYC/AML compliance
• Cloud Hosting Providers - For secure data storage and application hosting

4.2 Legal and Regulatory Authorities

We may disclose your data to law enforcement, regulatory authorities, or other third parties when required by law or to protect our legal rights.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including:

• Estonia - Where our service provider Striga Technology OÜ is located (within the EEA)

For any transfers outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including:

• Account data: For the duration of your account plus 5 years after closure
• Transaction records: 7 years (as required by anti-money laundering regulations)
• KYC documentation: 5 years after the end of the business relationship
• Marketing preferences: Until you withdraw consent

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Request correction of inaccurate data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18): Request limitation of processing
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at info@zentovault.com.

You also have the right to lodge a complaint with a supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing algorithms
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our Application. Types of cookies we use include:

• Essential Cookies: Required for the Application to function properly
• Analytics Cookies: Help us understand how users interact with the Application
• Preference Cookies: Remember your settings and preferences

You can manage your cookie preferences through your browser settings.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective as of" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: