Last updated: April 2025

Privacy Policy

1. Introduction

Fannty Ltd ("Fannty," "we," "us," or "our"), a company registered in England and Wales under company number 16644848 with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, is the data controller responsible for your personal data.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including the Bridgy decentralized multichain wallet and associated on-ramp, off-ramp, OTC, and fiat settlement solutions (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our Services.

2. Information We Collect

We may collect and process the following categories of personal data:

Personal Identification Data

  • Full name, date of birth, and nationality
  • Government-issued identification documents (passport, driving licence, national ID) for Know Your Customer (KYC) verification
  • Proof of address documentation
  • Email address and telephone number
  • Photographic images (selfie verification)

Financial Data

  • Cryptocurrency wallet addresses
  • Transaction history and records
  • Bank account or payment card details (where applicable)
  • Source of funds and source of wealth information

Technical Data

  • Internet Protocol (IP) address
  • Device type, operating system, and browser type
  • Unique device identifiers
  • Mobile network information
  • Time zone and location data (at city level)

Usage Data

  • Pages and features accessed within our Services
  • Time and duration of visits
  • Referral source and navigation paths
  • Interaction data (clicks, scrolls, form submissions)

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service Delivery: To create and manage your account, process transactions, and provide access to our wallet, on-ramp, off-ramp, OTC, and fiat settlement services.
  • KYC/AML Compliance: To verify your identity, conduct due diligence, and comply with anti-money laundering and counter-terrorist financing regulations.
  • Transaction Processing: To execute, confirm, and record cryptocurrency and fiat transactions initiated through our platform.
  • Communication: To send service-related notifications, respond to inquiries, and provide customer support.
  • Security and Fraud Prevention: To detect, prevent, and investigate fraudulent activity, unauthorised access, and other illegal activities.
  • Legal Obligations: To comply with applicable laws, regulations, and legal processes, including responding to lawful requests from public authorities.
  • Service Improvement: To analyse usage patterns, improve our Services, and develop new features.

4. Legal Basis for Processing

Under UK GDPR Article 6, we process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
  • Legal Obligation (Article 6(1)(c)): Processing is necessary for compliance with a legal obligation to which we are subject, including KYC/AML regulations and financial reporting requirements.
  • Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate interests, such as fraud prevention, network and information security, and service improvement, provided these interests are not overridden by your fundamental rights and freedoms.
  • Consent (Article 6(1)(a)): Where we rely on your consent, such as for marketing communications or optional analytics, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Blockchain Data

You acknowledge and understand that blockchain technology is inherently transparent and decentralised. Transactions conducted on public blockchains are publicly visible and permanently recorded on the distributed ledger. This means:

  • Cryptocurrency wallet addresses and transaction details (amounts, timestamps, and counterparty addresses) are publicly accessible on the blockchain.
  • Blockchain data is immutable. Once a transaction is confirmed on the blockchain, it cannot be altered, reversed, or deleted by Fannty or any other party.
  • Fannty has no ability to erase, modify, or restrict access to on-chain data. Your rights to erasure and rectification under UK GDPR do not extend to data that is recorded on a public blockchain, as such data is outside our technical control.

We encourage you to consider the public nature of blockchain transactions before initiating any transaction through our Services.

6. Data Sharing

We may share your personal data with the following categories of recipients:

  • KYC/AML Service Providers: Third-party identity verification and compliance providers who assist us in fulfilling our regulatory obligations.
  • Banking and Payment Partners: Financial institutions and payment processors that facilitate fiat transactions and settlement services.
  • Blockchain Analytics Providers: Companies that provide transaction monitoring and risk scoring services for compliance purposes.
  • Law Enforcement and Regulatory Authorities: Where we are legally required or permitted to do so, including in response to court orders, subpoenas, or requests from competent authorities.
  • Professional Advisors: Legal, accounting, and auditing professionals engaged by Fannty.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. All data sharing is conducted under appropriate contractual safeguards.

7. International Transfers

Your personal data may be transferred to, and processed in, countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries that the UK Secretary of State has determined provide an adequate level of data protection (adequacy regulations).
  • Standard contractual clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or the International Data Transfer Agreement (IDTA).
  • Any other lawful transfer mechanism recognised under UK data protection law.

You may request further information about the specific safeguards applied to international transfers by contacting our Data Protection Officer.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. Specifically:

  • Account Data: Retained for the duration of your active account and for a minimum of five (5) years following account closure, as required by UK anti-money laundering regulations.
  • Transaction Records: Retained for a minimum of seven (7) years from the date of the transaction, in accordance with financial record-keeping requirements.
  • KYC Documentation: Retained for a minimum of five (5) years following the end of the business relationship.
  • Technical and Usage Data: Retained for up to twenty-four (24) months, unless a longer retention period is required for security or legal purposes.

When personal data is no longer required, it will be securely deleted or anonymised.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request deletion of your personal data, subject to our legal retention obligations and the limitations described in Section 5 (Blockchain Data).
  • Right to Restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact our Data Protection Officer at dpo@fannty.com. We will respond to your request within one (1) month of receipt, as required by law.

10. Cookies

Our website and Services use cookies and similar tracking technologies. The types of cookies we use include:

  • Strictly Necessary Cookies: Essential for the operation of our Services, including authentication, security, and session management. These cookies cannot be disabled.
  • Analytics Cookies: Used to collect information about how visitors use our website, including pages visited, time spent, and navigation patterns. This data is aggregated and anonymised.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services. For more information, refer to your browser's help documentation.

11. Children

Our Services are not intended for, nor directed at, individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data from our records. If you believe that a child has provided us with personal data, please contact us at dpo@fannty.com.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256).
  • Strict access controls and role-based permissions for employees and contractors who access personal data.
  • Regular security audits, penetration testing, and vulnerability assessments.
  • Incident response procedures for data breaches.
  • Employee training on data protection and information security practices.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last updated" date and, where appropriate, by sending a notification to the email address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

  • Data Protection Officer: dpo@fannty.com
  • General Support: contact@fannty.com
  • Postal Address: Fannty Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

If you are not satisfied with our response to your request or believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):