DPT (HK) Limited

Privacy Policy

Privacy Policy: DPT

Effective Date: 12 August 2025

Summary of how we use your data

  • We respect your privacy and are committed to protecting it as described in this policy.
  • We use your personal data to provide, improve and administer our product(s), to enter into and perform the terms of service with our users, and to comply with legal and regulatory requirements.
  • Data is shared with our vendors and partners, and when we have a good faith belief that doing so is necessary to comply with legal and regulatory enquiries or requirements.
  • Our privacy policy sets out more details of this processing, including information in relation to your data protection options, and your right to object to certain processing.

What does this policy cover?

This policy describes how DPT (HK) Limited and its affiliates (referred to as “we” or “us” in this policy) will collect, make use of, and share (i.e. “process”) your personal data in connection with our website(s), apps and services (including API services). For the purposes of this policy, the term “affiliate” shall mean any entity, individual, firm, or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control with DPT (HK) Limited.

This policy also describes data protection rights you may have (depending on applicable law), such as a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your rights” section.

On or before collecting personal data, we will inform you of: (1) the purpose of collection and all directly related purposes; (2) the classes of persons to whom the data may be transferred; (3) whether it is obligatory or voluntary to provide the data, and the consequences of failing to do so; and (4) that the collection is lawful and fair. Please read this policy carefully as some of this information is provided below.

What personal data do we process?

We process personal data about you when you interact with us, our websites, our apps or our services (including API services). This may include:

  • any details that you provide to us from time to time, such as your name, username, email address, phone number, address, or security details (e.g. application passcode, identifier, two-factor-authentication token seed record) and other identifying information where you contact us or otherwise provide it by other means;
  • payment and account details, including wallet address(es), transaction history, account numbers and similar operational and administrative information;
  • your app, site and account preferences, including app and site notifications, and sounds and confirmation dialogs, if applicable;
  • any personal data you submit for identity verification or “KYC” purposes (such as your full legal name, nationality/ies, residency/ies, date of birth, identification documents (and related information such as document, identification or license numbers, issue and expiry dates, and place of birth), photograph, video, and other biometric information associated with identity verification);
  • any self-reported location you may provide (including browser location and/or other proof of address information) plus the geolocation of the IP address you connect from;
  • your marketing and other communication preferences, and a record of any consents you have given us;
  • information related to the browser or device you use to access our website or apps, as well as data that tells us about general usage, such as page visits and timestamps, and which features of the website or app are popular, or suffer from issues we need to fix;
  • the content and details (e.g. date) of messages you post or that you send us (e.g. customer support queries); and
  • customer service notes and other records.

We will aim to mark data fields as optional or mandatory when collecting personal data from you via forms. Note that where personal data is stated as mandatory: if relevant data is not provided, then we will not be able to do these things and provide the services you expect.

We do not collect fingerprints, facial recognition data, or other biometrics, other than any photos and/or videos of yourself and/or your identification documents that you may voluntarily submit (for example during an account verification or recovery process and which may be processed by facial recognition software for that purpose). Where you enable biometric security (such as fingerprint or Face ID login), your biometrics will be handled by your device, not by us.

What personal data do we receive from third parties?

We may receive personal data from service partners where you use their services to make payments or transfers to us or where you otherwise use their services in connection with our services. We receive personal data from partners when they refer you to us (for example, we receive data about the service you used, and that referred you). We may receive personal data from service partners who are assisting with our compliance and security operations, such as identity verification services. Third parties may monitor the Web on our behalf, for example looking for stolen or compromised credentials. Our communications service provider may also enable us to learn more about your social media presence, in order for us to send you more personalised communications. We may receive personal data from other public sources and platforms, where you have provided that data and it is made available to us. Finally, some authorities or other persons seeking access to information about users may provide information about the circumstances of their request, and about the individuals of interest.

How do we use this personal data, and what is the legal basis for this use?

We process this personal data for the following purposes:

  • To fulfil (or take steps linked to) a service agreement with you. This includes:
    • creating your account;
    • providing the user interface and allowing you to access our apps and sites and to interact with our services, and the services of third parties that are available via our apps and sites;
    • taking and making payments and transfers and processing transactions, including chargebacks;
    • allowing you to configure alerts or integrate third party platforms, where applicable, in each case in accordance with our policies and terms of service;
    • communicating with you;
    • providing customer services;
    • verifying your identity, the source of any funds that are transferred to or via our services, and to comply with any know-your-client or anti-money-laundering and counter-terrorist-financing laws, regulations or policies.
  • As required by us or third parties to conduct their business and pursue their other legitimate interests, in particular:
    • to provide services you have requested;
    • to monitor, improve and protect the services we provide (on our own or with others), in particular by looking at how they are used, testing alternatives, and by learning from feedback and comments you provide;
    • to personalise our services and user interfaces;
    • to monitor user behaviour to prevent, investigate and/or report misconduct such as spam, misrepresentation, security incidents, suspicious transactions or other suspicious activity, or crime (such as fraud), in accordance with applicable law, and to cooperate with authorities seeking to do the same;
    • to investigate any complaints received from you or from others;
    • in connection with legal claims, compliance, regulatory, or investigative purposes (including disclosure in connection with legal process or litigation); and
    • to invite individuals to take part in market research and beta tests.
  • Where you give us consent (so far as that consent is required):
    • we will send you direct marketing in relation to our relevant products and services, or other products and services provided by us and carefully selected partners (for direct marketing, we will aim to provide notice informing you of the intended use and obtain your consent before using or transferring your personal data for such purposes);
    • we may place cookies, monitor email and/or user engagement, and use other similar technologies in accordance with our cookies policy and the information provided to you when those technologies are used;
    • on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
  • For purposes which are required by law or to comply with legal obligations, in particular:
    • to prevent, detect, mitigate and investigate fraudulent or illegal activities; and
    • in response to requests by relevant courts and other public authorities, such as those conducting an investigation.

We implement appropriate technical and organisational safeguards to protect personal data against unauthorised or accidental access, processing, erasure, loss, or use, including encryption, access control, secure storage, and secure destruction procedures.

Fully automated decision-making

Our platform applies certain automatic processes based on your account configuration, requests and input, in accordance with the services that you use. For example, you may set up alerts, limits, or other transaction parameters.

Automated decision-making that uses your personal data may also be employed, to protect accounts and to uphold our terms of service. In particular, if you attempt to access our services from a jurisdiction in respect of which our services are restricted, your account may be automatically restricted.

Relying on our legitimate interests

To the extent required by law, we aim to carry out balancing tests when significant data processing activities are justified on the basis of our “legitimate interests”, as described above.

Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to display marketing without your consent. You may have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time, in accordance with applicable law. Where you do have such a right, you can exercise it by following the instructions in the communication where this is an electronic message, changing your account settings, or by contacting us using the details set out below.

Who will we share this data with, and where?

We will share your personal data between our affiliate companies so they can help deliver and improve our services, run our business, and comply with our legal obligations and related third party requests.

Personal data may be shared with third party participants in any affiliate programme (or any other successor or parallel programme of a similar nature) who referred you to our site (so they can track successful referrals), and partners for promotions or service integrations. Information payments services partners and infrastructure providers. Personal data may be shared with courts or public authorities (including regulatory and law enforcement authorities at supranational, national, state and local level) if required as described above, mandated by law or regulation, or required for the legal protection of our or third party legitimate interests, in compliance with applicable laws and regulations, and relevant / competent public authorities’ requests.

Personal data will also be accessed by employees or contractors, or shared with third party service providers, who will process it on our behalf for the purposes identified above. In particular, we use third party website and database hosting; web and app analytics; cloud computing services; account verification, compliance, fraud prevention and investigations; and customer services and support.

In the event that the business is transferred to or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s advisers, and to the new owners of the business.

Your rights

Depending on applicable law, you may have the right to ask us for a copy of personal data about you; to correct or delete that personal data; restrict the processing of that personal data; and to obtain a copy of personal data about you that you provided to us (in connection with our agreement with you, or with your consent), in a structured, machine readable format, and to ask us to port this data to (i.e. share that data with) another organisation.

In addition, applicable law may provide the right to object to the processing of personal data about you, in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

You have the right to appeal the result of significant fully automated decisions. This should be done by emailing us within 14 calendar days from the date of the decision, which we will then review.

If these rights apply, they may however be limited, for example if fulfilling your request would reveal personal data about another person, would infringe the rights of another person or legal entity (including our rights), or if you ask us to delete or change data which we are required by law to keep (or have other compelling legitimate interests in keeping). We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch using the details set out below. You may make a Data Access Request (DAR) or Data Correction Request (DCR) to us using a prescribed form or equivalent written request (please see the Annex to this policy for the relevant form). We may charge a reasonable fee for processing a DAR or DCR. Instructions for making such requests are available upon request. If you have unresolved concerns, you typically have the right to complain to regulators, depending on applicable law.

How long do we retain data?

Where we process personal data in connection with performing an agreement with you, we keep the data for 7 years from your last interaction with us. We will take all reasonably practicable steps to ensure that personal data is accurate and up-to-date (to the extent that we are provided with current information), and will erase or anonymise data when it is no longer required for the purpose for which it was collected, unless retention is required by law or regulation or otherwise in accordance with this policy.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of that request indefinitely, so that we can continue to respect your request in future.

Where we process personal data for site security purposes, we retain it for 3 years.

Longer retention periods may apply, such as where ongoing access to records continues to be important to our defence of legal claims or where we are required by law or regulation to retain information for specific periods.

Cookies and related technologies

We use cookies (and local storage objects, but we refer to these collectively as “cookies” in this policy), web beacons/tags, and other related approaches to collect information about your use of our website and services. Cookies are small pieces of information sent by a web server to a web browser, to allow certain functionality or analytics. In particular, we use the following:

Strictly Necessary Cookies: These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, things you have asked for such as remembering your login details or alert details cannot be provided. We also use these cookies to balance traffic over multiple servers, so we can keep it responsive and capable of dealing with high traffic from all users.

Performance Cookies: These cookies collect information on how people use our website and services. For example, we use these to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, transaction operations, customer support, and marketing.

Functionality Cookies: These cookies remember choices you make such as the country you visit from, and language and search parameters. These can then be used to provide you with an experience more appropriate to your selections.

Targeting cookies or advertising cookies: These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. These cookies are usually placed by third party advertising networks. They remember the websites you visit, and that information is shared with other parties such as advertisers.

Social Media Cookies: These cookies allow you to share what you’ve been doing on the website on social media such as Facebook and X. Please refer to their respective privacy policies to learn how their cookies work and can be controlled.

Web beacons, tags: Some of our web pages, emails, or parts of our apps may contain electronic images, or computer code, that allow us to learn more about how our website and apps are used (just like performance cookies, mentioned above). These “web beacons” and “tags” collect only limited information. In our app, we may use pieces of code provided by third parties, which also help analyse the data. We may also carry web beacons placed by third party advertisers.

If you want to delete any cookies, please check your browser or device settings (and help pages) for instructions on how to delete them. Your browser or device may also offer tracking controls for things other than cookies, such as beacons and tags. Please note that by deleting our cookies or disabling future cookies, in particular the “strictly necessary” cookies described above, you may not be able to access certain areas or features of our site.

External links

Although our website and apps only look to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any links to third party websites or apps. We cannot control, guarantee or verify their contents. They will have their own policies and practices, for example with regard to privacy and personal data, and you should acquaint yourselves with those before further engaging with those third party websites or apps.

Changes to this Policy

We may revise this Privacy Policy from time to time. If we make a change to this policy that we consider material, we will take steps to notify users by a notice on the website and/or app. Your continued use of our website, apps and services (including API services) will be subject to the updated Privacy Policy.

Getting in touch with us

If you have any questions or concerns about how we process your data, including if you would like to exercise any rights, you can get in touch with our contact point for privacy queries at privacy@dpt.xyz.