Privacy Policy

Information We Collect

Personal Information

When you use our services, we may collect personal information that you provide directly, including: full name, email address, phone number, physical address, date of birth, government-issued identification documents, tax identification numbers, and professional credentials.

Financial Information

To facilitate investment transactions and comply with regulatory requirements, we collect financial data such as: bank account details, investment history, accreditation status, source of funds documentation, net worth declarations, and transaction records.

Technical Information

We automatically collect certain technical data when you interact with our platform: IP addresses, browser type and version, device identifiers, operating system, access times, pages viewed, and referral URLs.

Communication Data

We retain records of your communications with us, including emails, chat messages, support tickets, and any feedback you provide.

How We Use Your Information

Service Delivery

We use your information to provide, maintain, and improve our tokenization infrastructure services, including SPV structuring, investor onboarding, compliance verification, and cap table management.

Regulatory Compliance

Your data is processed to fulfill our legal obligations under applicable securities laws, anti-money laundering (AML) regulations, know-your-customer (KYC) requirements, and tax reporting obligations in the jurisdictions where we operate.

Communication

We use your contact information to send transactional notifications, service updates, regulatory disclosures, and, with your consent, marketing communications about our services.

Security and Fraud Prevention

Your data helps us detect, prevent, and respond to fraud, unauthorized access, and other security incidents affecting our platform and users.

Analytics and Improvement

We analyze usage patterns to understand how our services are used, identify areas for improvement, and develop new features that better serve our clients.

Data Sharing and Disclosure

Service Providers

We share data with trusted third-party service providers who assist in operating our platform, including cloud hosting providers, payment processors, identity verification services, and customer support tools. These providers are contractually bound to protect your data.

Legal and Regulatory Bodies

We may disclose information to government authorities, regulators, law enforcement agencies, and courts when required by law or to protect our legal rights. This includes compliance with SEC regulations, FINRA requirements, and international regulatory bodies in jurisdictions such as UAE (DIFC/ADGM), Cayman Islands, and BVI.

Business Partners

With your consent, we may share relevant information with investment partners, fund administrators, legal counsel, and auditors involved in your transactions.

Corporate Transactions

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Data Security

Technical Safeguards

We implement industry-standard security measures including: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication, regular security audits, and penetration testing.

Organizational Measures

Access to personal data is restricted to authorized personnel on a need-to-know basis. All employees undergo background checks and receive regular security training. We maintain comprehensive security policies and incident response procedures.

Infrastructure Security

Our platform is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification, geographic redundancy, and 24/7 monitoring for security threats.

International Data Transfers

Cross-Border Processing

As a platform serving US and MENA markets, your data may be processed in multiple jurisdictions including the United States, United Arab Emirates, and other locations where our service providers operate.

Transfer Safeguards

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses, adequacy decisions, and compliance with applicable data protection frameworks.

Your Rights

Access and Portability

You have the right to request access to your personal data and receive a copy in a structured, machine-readable format.

Correction

You may request correction of inaccurate or incomplete personal information we hold about you.

Deletion

Subject to our legal obligations and legitimate business interests, you may request deletion of your personal data. Note that certain data must be retained for regulatory compliance purposes.

Restriction and Objection

You may request restriction of processing or object to certain uses of your data, including direct marketing.

Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Data Retention

Retention Periods

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Investment-related records are typically retained for a minimum of 7 years after the conclusion of a transaction, as required by securities regulations.

Deletion Process

When data is no longer required, it is securely deleted or anonymized in accordance with our data retention policies and applicable legal requirements.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please contact us:

Email: privacy@assethaus.io

Address: Asset Haus, DIFC, Dubai, UAE

We will respond to your inquiry within 30 days of receipt.

Contents