Base Credit

Privacy template. Replace placeholders and obtain legal review before publishing.

Privacy Policy Template

Privacy Policy For [Platform Brand Name]

This template is for publishing a factual privacy notice for a banking or crypto-enabled platform. It should be completed with your real data flows, lawful bases, retention schedule, service providers, and user-rights process before it goes live.

Legal review required Describe actual data flows Match your support process
Important: if you collect KYC data, transaction monitoring data, wallet screening results, or blockchain analytics outputs, those categories must be described here accurately. This template is not legal advice.

1. Who This Policy Applies To

This Privacy Policy explains how [Legal Company Name] collects, uses, shares, stores, and protects personal data when you use [Platform Brand Name], visit our website, complete onboarding, communicate with support, or interact with our banking, payments, lending, or crypto-related services.

Specify the populations covered here, such as applicants, account holders, beneficial owners, company representatives, counterparties, website visitors, and support contacts.

2. Information We Collect

  • Identity and onboarding data: [name, date of birth, address, government ID, tax information, corporate documents, source-of-funds information, beneficial ownership details].
  • Account and profile data: [login credentials, account preferences, support history, account status, linked businesses, and communication settings].
  • Transaction and service data: [payments, transfers, withdrawals, deposits, ledger activity, wallet addresses, asset movements, blockchain transaction identifiers, settlement data, and risk-review notes].
  • Technical and device data: [IP address, browser details, device identifiers, logs, cookies, authentication events, fraud signals, and security telemetry].
  • Communications: [emails, calls, chat transcripts, complaint records, dispute files, or form submissions].

3. How We Use Personal Data

  • To open and maintain accounts, authenticate users, process applications, and deliver the products you request.
  • To perform fraud prevention, transaction monitoring, sanctions screening, blockchain analytics, risk scoring, and security investigations.
  • To comply with legal, regulatory, tax, AML, KYC, recordkeeping, and law-enforcement obligations.
  • To communicate service updates, incident notices, support responses, and product disclosures.
  • To improve service reliability, analyze usage, troubleshoot failures, and protect the platform from abuse.

If you rely on consent, contract necessity, legal obligation, legitimate interests, or another lawful basis, list the correct basis for each processing category here.

4. How We Share Data

  • Service providers: [cloud hosting, analytics, CRM, customer support, document verification, sanctions screening, blockchain analytics, or communications vendors].
  • Financial partners: [banking partners, payment processors, custodians, liquidity providers, card networks, or settlement agents].
  • Professional advisors and auditors: [legal counsel, auditors, consultants, insurers].
  • Authorities and regulators: where required by law, subpoena, court order, regulatory inquiry, sanctions program, or law-enforcement request.
  • Corporate transactions: [merger, acquisition, financing, reorganization, or asset sale], subject to applicable confidentiality protections.

5. Retention, Transfers, And User Rights

State how long you keep customer, applicant, communications, transaction, and monitoring records, including any mandatory statutory retention periods. If you operate internationally, describe cross-border transfers and the safeguards used.

  • Retention schedule: [for example, X years after account closure, longer where required for AML, tax, litigation, or fraud investigations].
  • International transfers: [countries involved, transfer mechanisms, contractual safeguards, or adequacy basis].
  • Rights requests: [access, correction, deletion, restriction, portability, objection, withdrawal of consent, complaint rights].
  • Request channel: [privacy@example.com, portal URL, mailing address, response timeline].

6. Cookies, Security, And Updates

  • Cookies and tracking: disclose [strictly necessary cookies, analytics tools, advertising pixels, session replay tools, or preference storage] and offer the controls required by your jurisdiction.
  • Security practices: summarize actual access controls, encryption, logging, incident response, and vendor oversight, without overstating guarantees.
  • Policy changes: explain how updates are communicated and how users can review archived versions if you maintain them.

If children are not permitted to use the platform, add that statement here together with the minimum age requirement.