Privacy Policy
Effective Date: February 5, 2026 · Version 3.0
Squire Coin, a Delaware Limited Liability Company ("Company," "we," "us," or "our"), is the data controller for personal information processed through the Squire Invest platform ("Platform"). Our Data Protection Officer can be reached at dpo@squirecoin.io.
1. Information We Collect
Account Information
When you create an account, we collect your name and email address. If you register with a wallet, we collect your public wallet address. Passwords are handled by our identity provider and are not stored directly by the Platform.
Identity Verification (KYC)
To comply with anti-money laundering regulations, we collect government-issued identification documents, proof of address, source of funds documentation, and other identity verification data through our KYC provider. The scope of data collected depends on your verification tier (Tier 1 through Tier 4). Accredited investor verification may require additional financial documentation.
Transaction Data
We record investment transactions, deposit and withdrawal activity, dividend distributions, and wallet interactions conducted through the Platform.
Usage Data
We automatically collect device information, IP addresses (anonymized after 30 days), browser type, pages visited, and interaction patterns to improve the Platform and detect fraud.
Blockchain Data
Investment transactions are recorded on public blockchain networks (BNB Smart Chain and Polygon). Blockchain data is public, permanent, and immutable. Once recorded on-chain, transaction data cannot be modified or deleted by the Company or any other party. You should consider this before engaging in on-chain transactions.
2. Legal Basis for Processing (GDPR)
Where the General Data Protection Regulation (GDPR) applies, we process your data under the following legal bases:
- Contract performance — processing necessary to provide Platform services and fulfill investment transactions
- Legal obligation — KYC/AML compliance, tax reporting, regulatory record-keeping
- Legitimate interest — fraud prevention, platform security, service improvement
- Consent — marketing communications, optional analytics
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Platform
- Process investments, dividends, and transactions
- Verify your identity and comply with KYC/AML regulations
- Perform automated risk scoring and compliance screening
- Detect and prevent fraud, unauthorized access, and abuse
- Communicate important account updates and security alerts
- Respond to support requests
- Comply with legal obligations and regulatory requirements
Automated Decision-Making
The Platform uses automated systems for KYC/AML risk scoring and fraud detection. These automated processes may affect your ability to use certain Platform features. You have the right to request human review of any automated decision that significantly affects you.
4. Data Protection
We implement security measures to protect your personal data:
- AES-256-GCM encryption for personally identifiable information (PII) at rest
- TLS 1.3 encryption for all data in transit
- HttpOnly, Secure cookies for authentication tokens
- Role-based access controls with PII field-level decryption per role
- Security audit logging on all authentication and PII access events
- Regular security audits and penetration testing
5. Data Sharing
We do not sell your personal information. We may share data with:
- KYC/AML providers — for identity verification, compliance screening, and sanctions checks
- Blockchain analytics providers — for transaction monitoring and compliance
- Blockchain networks — transaction data is recorded on public blockchains (BSC, Polygon) by nature of the technology and is permanently visible
- Law enforcement — when required by law, subpoena, or court order
- Service providers — cloud hosting, email delivery (SendGrid, Mailgun), and infrastructure providers who process data on our behalf under strict data processing agreements
6. Data Retention
We retain personal data only as long as necessary for the purposes stated in this policy, unless longer retention is required by law. Key retention periods:
| Data Category | Retention Period |
|---|---|
| KYC Documents | 5 years after account closure |
| Transaction Records | 7 years |
| Account Information | Account lifetime + 5 years |
| Asset Investment Records | Investment term + 7 years |
| Dividend Distribution Records | Distribution + 7 years |
| Asset Manager Records | Active status + 7 years |
| Customer Communications | 3 years |
| Security Logs | 2 years |
| Dispute Records | Resolution + 7 years |
| Blockchain Data | Permanent (immutable) |
When retention periods expire, data is securely purged from active systems and removed from backups within 90 days of deletion.
7. Cookies
The Platform uses essential cookies for authentication and security only. We do not use third-party advertising or tracking cookies.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| auth-token | Authentication session | 24 hours | HttpOnly, Secure |
| refresh-token | Session renewal | 7 days | HttpOnly, Secure |
| auth-indicator | Client-side session state | 24 hours | Secure (non-HttpOnly) |
Sessions are subject to a 15-minute idle timeout for security. Authentication tokens are never stored in localStorage or exposed to client-side JavaScript (except the non-sensitive auth-indicator).
8. Your Rights
General Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention requirements)
- Object to or restrict certain processing activities
- Receive your data in a portable format
- Withdraw consent where processing is based on consent
- Request human review of automated decisions
GDPR Rights (EEA Residents)
We respond to data subject requests within 30 days, with a possible extension of up to 60 additional days for complex requests. To exercise your rights, contact our DPO at dpo@squirecoin.io.
CCPA Rights (California Residents)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and shared, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. We respond to CCPA requests within 45 days.
Marketing Communications
You may opt out of marketing communications at any time via unsubscribe links in emails, account settings, or by contacting us. Opting out does not affect transactional or security-related communications.
9. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify our Data Protection Officer within 24 hours of discovery and notify affected individuals within 72 hours. Notifications will include the nature of the breach, data affected, remediation steps taken, and recommended protective actions.
10. Children's Privacy
The Platform is not intended for individuals under 18 years of age (or the legal age of majority in their jurisdiction). We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
11. International Transfers
Your data may be processed in countries other than your country of residence. For transfers from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and conduct transfer impact assessments as required.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on the Platform at least 30 days before taking effect. Your continued use after changes take effect constitutes acceptance.
13. Contact
For privacy-related questions or requests:
- Data Protection Officer: dpo@squirecoin.io
- Privacy inquiries: privacy@squirecoin.io
- Compliance: compliance@squirecoin.com
See also our Terms of Service and Risk Disclosure.