Credium Privacy Policy

Credium® is a registered trademark of DFI CAPITAL MANAGEMENT LTD. References in this Privacy Policy to "Credium", "we", "us" or "our" mean DFI CAPITAL MANAGEMENT LTD together with its majority-owned and controlled subsidiaries worldwide, acting under the Credium® brand, unless a specific product, service or partner notice states otherwise.

This Privacy Policy explains how we collect, use, store, disclose and protect personal data when you access or use credium.com, the Credium platform, Credium mobile applications, Credium Products, Credium Wallets, support channels, communications and related digital interfaces.

Important wallet privacy notice. Credium Wallets are designed as non-custodial wallet provisioning supported by third-party wallet infrastructure, including Privy.io where applicable. Credium does not custody user Digital Assets, does not hold user Private Keys, does not control user funds, and cannot unilaterally authorize Wallet transactions. Some wallet-related data, such as public wallet addresses and on-chain transaction data, may be visible on public blockchain networks and may be outside Credium's ability to delete, modify or conceal.

1. Scope and relationship with other notices

1.1. This Privacy Policy applies to Credium Products, including non-custodial wallet interfaces, account access, support, website use, mobile applications, service notices, security features, product analytics and related communications.

1.2. This Privacy Policy does not replace the privacy notices of Authorized Partners, payment providers, card issuers, fiat rail providers, identity verification providers, on-ramp providers, off-ramp providers, exchanges, blockchain networks, wallet infrastructure providers, app stores, analytics providers or other third parties that process personal data for their own purposes.

1.3. Regulated Services, including fiat payments, card issuing, card processing, money transmission, electronic money, conversion, on-ramp, off-ramp, brokerage, custody or similar regulated activities where applicable, are provided by Authorized Partners in the jurisdictions where such services are lawfully offered and subject to their own terms and privacy notices.

1.4. If a specific product notice, partner notice or consent screen gives more detailed information about a particular feature, that more specific notice will apply to that feature.

2. Definitions

For purposes of this Privacy Policy, the following definitions apply. Capitalized terms not defined here may be defined in Credium product terms, wallet terms, partner terms or applicable law.

"Applicable Data Protection Law" means all privacy, data protection, electronic communications, e-privacy, consumer privacy, cybersecurity, data security and related laws applicable to the processing of personal data, including the UK GDPR, the UK Data Protection Act 2018, the EU GDPR where applicable, and other local privacy laws.

"Authorized Partner" means a third-party service provider that is authorized, licensed, registered, exempt or otherwise permitted to provide regulated or specialist services in the jurisdictions where those services are made available, including payment, card, fiat rail, conversion, on-ramp, off-ramp, identity verification, compliance or similar services.

"Blockchain Data" means public or semi-public data recorded on, derived from, or associated with blockchain networks, including wallet addresses, transaction hashes, balances, timestamps, token movements, smart contract interactions, gas data and network identifiers.

"Credium Products" means the products, software, interfaces, features, tools and services made available under the Credium® brand, including Credium Wallets and related non-custodial wallet features, but excluding Regulated Services and third-party services unless expressly stated otherwise.

"Credium Wallet" means a self-hosted, non-custodial digital asset wallet made available through the Credium platform using Third-Party Wallet Infrastructure and configured so that the user, and not Credium, controls transaction authorization. The term "Wallet" has the same meaning.

"Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable person, depending on Applicable Data Protection Law.

"Private Key" means private key material, seed phrases, recovery phrases, signing material, passkeys, recovery factors, secrets, credentials or other cryptographic controls capable of authorizing wallet actions.

"Processor" means a person or entity that processes Personal Data on behalf of a controller, as defined by Applicable Data Protection Law.

"Regulated Services" means services that may be subject to licensing, registration, authorization or financial regulation, including fiat payments, card issuing, card processing, money transmission, electronic money, conversion, on-ramp, off-ramp, brokerage, custody or similar regulated activities.

"Third-Party Wallet Infrastructure" means technology, software, key management, authentication, wallet recovery, transaction signing, node, RPC, indexing, hosting, security, analytics or other infrastructure supplied by third-party providers, including Privy.io where applicable, and used by Credium to make Credium Wallets available.

"USDC" means the U.S. dollar-referenced stablecoin or token commonly known as USDC, or another substantially equivalent supported stablecoin where expressly indicated in the Credium platform. USDC is not issued by Credium.

"USD Balance" means the user interface display of the estimated U.S. dollar market value of USDC or other expressly supported Digital Assets actually present in, or attributable to, a Credium Wallet. A USD Balance is a display and accounting abstraction only and is not fiat money, electronic money, stored value, a bank deposit or a claim against Credium.

3. Controller and privacy contact

3.1. Unless a product notice states otherwise, DFI CAPITAL MANAGEMENT LTD is the controller of Personal Data processed by Credium for Credium Products.

3.2. For privacy questions, data subject requests or concerns about this Privacy Policy, contact privacy@credium.com.

3.3. Where a service is provided by an Authorized Partner or another third party, that party may act as an independent controller, joint controller, processor or subprocessor depending on the relevant service and contractual arrangement. You should review the relevant partner privacy notice before using that service.

3.4. Credium is established in the United Kingdom. The United Kingdom is outside the European Union and European Economic Area. Where EU/EEA, UK or other data protection rules apply, Credium applies the mitigation measures described in this Privacy Policy and any applicable data processing agreements, transfer mechanisms or partner notices.

4. Non-custodial wallet context and third-party technology

4.1. Credium Wallets are intended to be self-hosted and non-custodial. Credium provides software interfaces and related technology layers that allow users to create, access, view and interact with Wallets and blockchain networks.

4.2. Credium Wallets may be created and accessed using Third-Party Wallet Infrastructure, including Privy.io where applicable. Such providers may process Personal Data, authentication data, device data, wallet metadata or technical data to provide wallet creation, authentication, recovery, transaction signing, account security, availability and related functions.

4.3. Credium does not request or store your seed phrase or private key. You should never send Credium, support agents, partners or anyone else your seed phrase, recovery phrase or private key. Credium will never ask you to disclose these credentials by email, chat, social media or support ticket.

4.4. Because blockchain networks are public or decentralized systems, certain Wallet activity may be visible to third parties independently of Credium. Credium cannot prevent third parties from viewing, indexing, analyzing, copying or using public Blockchain Data.

5. Personal Data we collect

The Personal Data we collect depends on how you use Credium Products, your jurisdiction, the features available to you and whether you interact with Authorized Partners. We may collect the following categories:

• Contact and account data, such as name, email address, phone number, username, country or region, account identifiers, communication preferences and support identifiers.
• Authentication and access data, such as login method, passkey or authentication status, wallet connection status, session identifiers, access tokens, security settings, device identifiers and account recovery metadata.
• Device, technical and usage data, such as IP address, browser, operating system, mobile device information, app version, timestamps, referring URLs, crash logs, diagnostics, feature usage, cookie identifiers and similar technical data.
• Wallet and Blockchain Data, such as public wallet addresses, public keys, transaction hashes, network identifiers, balances, token holdings, USDC-related data, USD Balance display data, gas data, smart contract interactions, transaction status and on-chain history.
• Support and communications data, such as messages, requests, complaints, feedback, attachments you provide, call or chat metadata and our responses.
• Compliance and risk data, such as sanctions, geolocation, fraud-prevention, device-risk, politically exposed person, adverse media or screening results where required or supplied by Authorized Partners or service providers.
• Partner service data, such as KYC or KYB status, payment status, card status, fiat transaction status, conversion status, eligibility status, limits, partner reference numbers and similar data received from Authorized Partners where relevant to a Credium feature.
• Marketing and preference data, such as newsletter preferences, campaign interactions, referral information, survey responses, product interest data and opt-out choices.

6. Data we do not intentionally collect or control

6.1. Credium does not intentionally collect or store user seed phrases, raw private keys or recovery phrases, and you must not disclose them to us.

6.2. Credium does not custody Digital Assets and does not maintain custodial accounts holding Digital Assets on behalf of users. Wallet funds and transactions are controlled by the user through applicable wallet authentication and authorization mechanisms.

6.3. Card numbers, bank account details, payment credentials, identity documents and biometric checks may be collected or processed by Authorized Partners or specialist providers where required for Regulated Services. Credium may receive limited status, reference, compliance or operational information from those partners, but does not necessarily receive the underlying sensitive document or credential data.

6.4. We do not intentionally collect special category data, such as health data, religious beliefs or trade union membership, unless you voluntarily provide it or processing is required by law. Please do not provide unnecessary sensitive information through Credium support channels.

7. How we collect Personal Data

7.1. We collect Personal Data directly from you when you create an account, use a Credium Product, request support, configure a Wallet, communicate with us, subscribe to updates or interact with forms and interfaces.

7.2. We collect Personal Data automatically when you access credium.com, the Credium platform or mobile applications, including through cookies, SDKs, logs, analytics tools, security tools and similar technologies.

7.3. We collect or receive Personal Data from third parties, including Third-Party Wallet Infrastructure providers, Authorized Partners, compliance providers, authentication providers, app stores, analytics providers, fraud-prevention providers, blockchain analytics providers and public blockchain networks.

7.4. Blockchain Data may be collected from public networks, nodes, indexers, explorers or analytics systems. Public blockchain activity may remain available even if you stop using Credium Products.

8. How we use Personal Data

We use Personal Data for the purposes described below:

• To provide, operate and maintain Credium Products, Credium Wallets, account access, authentication, Wallet display, transaction status, balances, support, service notices and related functionality.
• To display Wallet information, USDC-related data, USD Balance abstractions, transaction history, supported networks, supported assets and interface information.
• To provide security, prevent fraud, detect misuse, verify access, protect systems, troubleshoot issues, monitor performance, debug errors and maintain platform integrity.
• To coordinate with Authorized Partners for services you request, such as fiat rails, card-related services, identity checks, conversion, on-ramp, off-ramp, payments or other Regulated Services where available.
• To comply with legal, regulatory, sanctions, tax, accounting, audit, law-enforcement, consumer-protection and contractual obligations.
• To respond to support requests, complaints, privacy requests and other communications.
• To improve Credium Products, conduct analytics, research usage trends, test features, maintain records, train support teams and develop new functionality.
• To send service communications, security alerts, legal notices, policy updates, product information and marketing communications where permitted by law.
• To establish, exercise or defend legal rights and to enforce Credium terms, policies, partner requirements and prohibitions.

9. Legal bases for EU/EEA and UK users

Where the EU GDPR, UK GDPR or similar rules require a lawful basis for processing, we rely on one or more of the legal bases below depending on the context.

The applicable legal basis may vary by product, jurisdiction and feature. Some processing by Authorized Partners is performed by those partners as independent controllers under their own privacy notices.

10. Blockchain Data and public ledgers

10.1. Blockchain Data may be public, permanent, pseudonymous and independently accessible. When a wallet address or transaction can be linked to you, it may be Personal Data under Applicable Data Protection Law.

10.2. Credium may process Blockchain Data to provide Wallet display, transaction history, USDC-related information, USD Balance displays, network status, security checks, fraud-prevention, compliance checks, troubleshooting and support.

10.3. Credium cannot erase, anonymize, restrict, correct or block public blockchain records controlled by decentralized networks, validators, miners, third-party nodes, explorers, analytics providers or other independent participants.

10.4. If you exercise a privacy right, Credium will assess what off-chain Personal Data it controls and what actions are technically and legally possible. Erasure or restriction of Credium-controlled off-chain data may not remove public Blockchain Data from a blockchain network.

11. USD Balance, USDC and stablecoin information

11.1. Credium may display a USD Balance as an interface abstraction representing the estimated U.S. dollar market value of USDC or other expressly supported Digital Assets present in, or attributable to, a Credium Wallet.

11.2. Credium may process Wallet balance data, USDC token data, transaction history, price or market reference data and related metadata to calculate, display, update or support the USD Balance interface.

11.3. The USD Balance display does not mean Credium issues fiat money, electronic money, stored value or a deposit. USDC and other supported Digital Assets are issued or maintained by third parties and may be subject to their own terms, reserves, risks, availability and privacy practices.

12. How we share Personal Data

We may share Personal Data with the following categories of recipients where necessary and lawful:

• Third-Party Wallet Infrastructure providers, including Privy.io where applicable, for wallet creation, authentication, key-management infrastructure, account security, wallet recovery, transaction signing, availability and related technical functions.
• Authorized Partners that provide Regulated Services, including fiat rails, card issuing, card processing, money transmission, electronic money, conversion, on-ramp, off-ramp, compliance and identity verification services where available.
• Technology and operations providers, including hosting, cloud, database, network, analytics, logging, security, customer support, communications, email, push notification, document management and service providers.
• Compliance and risk providers, including sanctions screening, fraud prevention, blockchain analytics, device intelligence, geolocation, KYC/KYB, AML and risk monitoring providers.
• Professional advisers, auditors, insurers, banks, consultants and legal advisers where reasonably necessary for business, compliance, audit, risk and legal purposes.
• Governmental authorities, regulators, courts, law enforcement and third parties where disclosure is required by law, legal process, court order, regulatory request or to protect legal rights, safety, security or platform integrity.
• Corporate transaction parties in connection with a merger, acquisition, restructuring, financing, sale of assets, transfer of business, insolvency process or similar corporate event.

12.1. We do not sell user seed phrases, private keys or Digital Assets, because Credium does not collect or custody them.

12.2. We do not sell Personal Data in the ordinary meaning of selling it for money. Where a law defines targeted advertising, sharing or cross-context behavioral advertising broadly, we will provide opt-out choices where required.

13. Authorized Partners and Regulated Services

13.1. Authorized Partners may collect and process Personal Data directly from you or through Credium interfaces for Regulated Services you request. This may include identity data, documents, liveness or biometric checks, source-of-funds information, payment data, bank account data, card data, transaction data, tax data and compliance information.

13.2. Authorized Partners may independently determine the purposes and means of some processing and may be legally required to retain data, screen users, monitor transactions, report suspicious activity, decline transactions, suspend services or respond to authorities.

13.3. Credium may receive limited partner data, such as verification status, eligibility status, risk indicators, transaction references, card status, fiat rail status, error codes, limits, support information or compliance flags, to operate Credium Products and coordinate the service requested by you.

13.4. Credium is not responsible for an Authorized Partner's independent privacy practices, security measures, regulatory obligations, service availability, eligibility decisions or data retention. You should review each partner's privacy notice and terms before using partner services.

14. Cookies, SDKs and similar technologies

14.1. We may use cookies, pixels, SDKs, local storage, device identifiers, analytics tools and similar technologies to operate Credium Products, secure sessions, remember preferences, analyze usage, improve performance, detect fraud and, where permitted, measure or deliver communications.

14.2. Some cookies and similar technologies are necessary for product functionality and security. Non-essential analytics or marketing technologies may require consent depending on your jurisdiction.

14.3. You may be able to manage cookies through your browser, device settings, in-app settings or consent tools. Disabling necessary technologies may affect product functionality, security or availability.

15. International transfers

15.1. Credium is based in the United Kingdom and may process Personal Data in the United Kingdom, the European Economic Area, the United States and other jurisdictions where Credium, its service providers, Authorized Partners or infrastructure providers operate.

15.2. Where Personal Data is transferred internationally, we use transfer mechanisms required or permitted by Applicable Data Protection Law, which may include adequacy decisions, standard contractual clauses, UK international data transfer agreements or addenda, data processing agreements, transfer risk assessments and other lawful safeguards.

15.3. For transfers from the EU/EEA to the United Kingdom, Credium may rely on the European Commission adequacy decision for the United Kingdom to the extent it applies. If an adequacy decision does not apply, or for transfers to other jurisdictions, Credium will use another lawful transfer mechanism where required.

15.4. Third-party providers may have their own international transfer arrangements. For example, a wallet infrastructure provider may act as a processor or subprocessor under its data processing addendum, including standard contractual clauses or equivalent transfer mechanisms where applicable.

16. Data retention

16.1. We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide Credium Products, maintain accounts, support users, comply with law, resolve disputes, enforce terms, maintain security and keep appropriate business records.

16.2. Retention periods vary depending on the type of data, sensitivity, product feature, legal basis, risk, contractual requirements, partner requirements and legal obligations.

16.3. We may retain certain data for longer where required or permitted by law, including for tax, accounting, anti-fraud, sanctions, AML, regulatory, audit, dispute-resolution or legal claims purposes.

16.4. Public Blockchain Data may remain permanently available on blockchain networks and may be retained or indexed by third parties independently of Credium.

16.5. Where possible and appropriate, we may delete, anonymize, aggregate or de-identify Personal Data so that it can no longer reasonably identify you.

17. Security

17.1. We use technical, organizational and administrative measures designed to protect Personal Data against unauthorized access, disclosure, alteration and destruction, taking into account the nature of the data and processing risks.

17.2. Security measures may include access controls, encryption in transit, monitoring, logging, least-privilege controls, secure development practices, vendor due diligence, incident response processes, backups and account protection measures.

17.3. No method of internet transmission, blockchain interaction, electronic storage, wallet infrastructure, authentication or mobile application security is completely secure. You are responsible for securing your device, passwords, passkeys, recovery methods, email account, app access and wallet credentials.

17.4. If you suspect unauthorized access, phishing, loss of credentials, account compromise or a security incident involving your Credium account or Wallet, contact support@credium.com promptly. For privacy-specific matters, contact privacy@credium.com.

18. Your privacy rights

18.1. Depending on your location and Applicable Data Protection Law, you may have rights to access, receive a copy of, correct, delete, restrict, object to, or port your Personal Data; withdraw consent; opt out of certain marketing; opt out of sale, sharing or targeted advertising where applicable; and lodge a complaint with a supervisory authority.

18.2. EU/EEA and UK users may have rights under the EU GDPR or UK GDPR, including the right to be informed, right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object and rights relating to automated decision-making and profiling.

18.3. To exercise privacy rights, contact privacy@credium.com. We may need to verify your identity, jurisdiction, relationship to the account and authority to act before fulfilling a request.

18.4. Some rights are subject to limitations. We may be unable or legally not required to delete data needed for legal obligations, security, fraud prevention, dispute resolution, records, partner obligations, compliance, or public Blockchain Data that is not controlled by Credium.

18.5. You may unsubscribe from non-essential marketing communications by using the unsubscribe link in the message or contacting us. You will continue to receive service, security, legal and transactional communications where necessary.

19. EU/EEA and UK GDPR mitigation measures

19.1. Although Credium is established outside the EU/EEA, we aim to apply GDPR-aligned safeguards where EU/EEA or UK privacy rules apply or where we choose to offer equivalent protections as a matter of good practice.

19.2. These safeguards may include: privacy notices; lawful basis assessment; data minimization; purpose limitation; retention controls; contracts with processors; security measures; privacy-by-design reviews; records of processing; transfer mechanisms; vendor diligence; support for data subject rights; and breach assessment and notification processes where required.

19.3. Where we use processors or subprocessors, we seek to impose data protection obligations appropriate to the processing, including confidentiality, security, assistance with data subject rights, incident notification, deletion or return obligations and international transfer safeguards where required.

19.4. Where a feature could result in higher risk processing, we may conduct risk assessments, data protection impact assessments or additional reviews where required by Applicable Data Protection Law.

19.5. Where Credium does not determine the purposes and means of processing, such as independent partner KYC, partner card processing or public blockchain network operations, the relevant partner or network participants may be responsible for their own GDPR or privacy obligations.

20. United States and other regional privacy rights

20.1. Users in certain U.S. states and other jurisdictions may have additional privacy rights, such as rights to know, access, correct, delete, obtain a portable copy, opt out of certain targeted advertising, sale or sharing, limit certain sensitive data uses, and appeal certain decisions.

20.2. Credium does not knowingly sell Personal Data for money. If a local law treats certain analytics, advertising or marketing disclosures as a sale, share or targeted advertising, we will provide applicable opt-out mechanisms where required.

20.3. We will not discriminate against you for exercising privacy rights, subject to lawful exceptions. Some features may be unavailable if the data needed to provide the feature is deleted or restricted.

20.4. Privacy rights and procedures may vary by jurisdiction. Contact privacy@credium.com if you wish to exercise a local privacy right.

21. Children and age restrictions

21.1. Credium Products are not intended for children. You must be at least 18 years old, or the age of legal majority in your jurisdiction if higher, to use Credium Products unless a specific product notice states otherwise and Applicable Law permits it.

21.2. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to Credium, contact privacy@credium.com and we will take appropriate steps as required by law.

22. Unlawful use, compliance and legal requests

22.1. You must not use Credium Products for illegal, prohibited, sanctioned, fraudulent, deceptive, abusive, harmful or unauthorized activities. Credium may process Personal Data and Blockchain Data to detect, prevent, investigate or respond to such activity.

22.2. Credium is not responsible for user conduct, user-authorized transactions, third-party wallet use, third-party smart contracts, public blockchain activity or uses of Credium Products that violate Applicable Law or Credium policies.

22.3. We may disclose Personal Data where required by law, regulation, court order, subpoena, legal process, government request or partner obligation, or where we believe disclosure is necessary to protect rights, safety, security, users, Credium Products or the integrity of the platform.

22.4. We may suspend, restrict or refuse access to Credium Products if we believe it is necessary for legal, regulatory, partner, fraud-prevention, security or risk reasons.

23. Automated decision-making and profiling

23.1. Credium may use automated tools to support security, fraud prevention, risk management, device checks, geolocation controls, sanctions screening, compliance workflows, product analytics and support prioritization.

23.2. Credium does not intend to make solely automated decisions that produce legal or similarly significant effects on you without human involvement unless permitted by Applicable Data Protection Law and subject to required safeguards.

23.3. Authorized Partners may conduct automated or semi-automated identity, risk, fraud, compliance, eligibility or transaction monitoring under their own terms and privacy notices. Their decisions may affect partner service availability independently of Credium.

24. Changes to this Privacy Policy

24.1. We may update this Privacy Policy from time to time to reflect changes in Credium Products, technology, law, partner arrangements, regulatory requirements or business operations.

24.2. If we make material changes, we will provide notice as required by law, which may include posting the updated Privacy Policy on credium.com, within the Credium platform, in mobile applications, or by electronic notice.

24.3. The updated Privacy Policy becomes effective on the date stated in the updated policy or notice. Your continued use of Credium Products after the effective date means the updated policy applies to your use.

25. Contact and company information

Privacy requests, questions or complaints: privacy@credium.com
General product and wallet support: support@credium.com