Offramp - Privacy Policy

Privacy Policy

February 26, 2024
‍

INTRODUCTION

This Privacy Policy governs the practices of how Elendil Capital sp. zo.o. (referred to herein as “we”, “our”, “ours” or “us”) collects, uses, transfers and shares personal information related to your use of our Servicesand the App. This Policy is designed to align with the European General DataProtection Regulation (“GDPR”) provisions. It is committed to ensuring the transparent, lawful, equitable, and secure management of our Users' data.

Our Privacy Policy explains what kind of personal data we gather through our App and Services, how and why we collect it, our purposes for its use, and the third parties we may share it with. Moreover, it explains how you, as a data subject, may exercise your rights about your data.

Should any alterations be made to this Policy (alongside other policies, including our Terms of Service, we will notify you of such changes through our official communication channels on Discord and Twitter and directly on this page.

We strongly encourage you to read this Policy to understand the processes involving your data and your associated rights. For inquiries related to this Privacy Policy, data collection and usage, data disclosure and sharing, or any other concerns or requests related to your data, please do not hesitate to contact us via the communication channels mentioned above.

‍

DEFINITIONS

The following section covers the basic definitions used in this Privacy Policy. It describes what your data means and who controls and processes your data.

Personal Data: Personal data means any information about an identified or identifiable natural person. This includes details like names, addresses, email addresses, identification numbers, and even IP addresses or cookie identifiers, as well as any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.

Data Subject: The data subject is the person the personal data is about. In simpler terms, it’s you or any other individual whose personal information is being collected and processed.

Data Controller: The data controller is the one who determines the purposes and means of processing personal data. In other words, they're the boss when deciding why and how your data is used. In this case, it would be us.

Data Processor: The data processor, on the other hand, processes personal data on behalf of the data controller. In our case, they are vendors and partners we collaborate with that process your data for purposes determined by us.

DATA PROTECTION OFFICER

We have designated a data protection officer (“DPO”) to supervise inquiries regarding this privacy policy. Should you have any inquiries or questions concerning this Privacy Policy or our privacy procedures, or if you wish to exercise your legal rights as a data subject, please do not hesitate to contact our Data Protection Officer at [email protected].

INFORMATION WE COLLECT

We need to gather information about you to provide our Services and offer our Products.

Information that You Provide

This category covers your content and details using our Services and the App. We will never request information about your racial or ethnic background, personal life, sexual orientation, political views, philosophical or religious beliefs, biometric or genetic data, or trade union membership.

When you create your Account, we may request your contact information, including your full name, personal address, email address, and phone number.Additionally, to verify your identity in compliance with legislative requirements, we may collect the following personal information as outlined inthe table below:

Category of personal information	Examples of personal information (list non-exhaustive)
Identity data	- Full name - Date of birth - Gender - Nationality - Passport number - Social security number - Driver's licence number - National ID card details
Contact data	- Email address - Phone number - Physical address - Mailing address - Emergency contact information
Financial data	- Bank account numbers - Credit card information - Income details - Tax identification number - Financial transaction history
Location data	- GPS coordinates - Location history - Wi-Fi access point data - IP addresses
Employment data	- Employment details - Job titles and descriptions - Workplace location
Transaction data	- Purchase and sale history - Transaction amounts - Payment methods used - Billing addresses - Order amounts
Usage data	- Website or app usage patterns - Session durations - Pages visited - Clickstream data - Error logs and crash reports
Marketing data	- Marketing preferences - Subscriptions and newsletter preferences - Responses to marketing campaigns - Engagement with promotional materials - Referral sources
User Account data	- Usernames and account identifiers - Profile pictures and avatars - User-generated content (profile descriptions, bios) - User preferences and settings - Social connections and followers
Social media data	- Social media profiles - User-generated content (posts, comments) - Friends and connections - Social network activity

‍

Communications

If you contact us directly, we may request additional information such as your name, email address, personal address, phone number, and other relevant personal details. Whenever we ask for this information during communication, we will clearly explain the reasons behind it.

Payment Information

Our Services enable users to select their preferred payment method for executing Orders and Transactions via third-party credit and financial institutions and payment service providers. We do not retain your financial account information; the payment provider securely handles it. Note that these vendors may, in turn, collect and process your personal information on their behalf and for their purposes and obligations. To learn more about how third-party payment service providers and financial institutions collect, use and share your personal information, you are encouraged to read their privacy policies or notices provided on the official websites of the respective service providers.

Information from Third Parties

In our continuous effort to provide seamless and comprehensive Services, we may obtain personal data from third-party partners and vendors. Incase of such integration, the information collected by our partners is shared with us. We require our partners to have lawful purposes to collect, process and use your data before sharing it with us. These third-party partners and vendors play a vital role in enhancing the functionality and utility of our platform. Here's how personal data from these sources may be used:

Merchant VASPs
We collaborate with third-party Merchant VASPs to facilitate transactions with Fiat currencies. In such cases, we may receive information you shared with these Merchant VASPs as part of your transactions. This information may include transaction history, account details, and other relevant financial data. Strict privacy and security standards govern our use of this data to ensure the confidentiality and integrity of your financial information.

API Integrations
We may integrate with third-party APIs like Plaid and Chainlink to provide you with certain features and services. These integrations allow us to access and retrieve specific financial data with your explicit consent. The data obtained through such integrations may include bank account information, transaction history, account balances, and other financial details. We utilise this data to offer enhanced features and allow you to purchase Crypto Funds in exchange for fiat currency before depositing it into your account. Your consent is sought and obtained when accessing your financial data through API integrations, and you retain control over the scope of data shared.

Public Databases
We may obtain personal data from publicly available databases to enhance our Services and fulfil our legal and regulatory obligations. The information retrieved from these databases may include names, addresses, contact information, employment details, affiliations with restricted, sanctioned, or prohibited groups and associations (as defined by relevant legal acts), and other publicly accessible data. This data assists us in various functions, such as identity verification, fraud prevention, and compliance with relevant laws and regulations.

Identity Verification Partners
To ensure the security and integrity of ourServices, we collaborate with identity verification partners who provide us with access to specific personal data required for identity verification purposes. This data may comprise full names, address information, identification document images and data, personal identification codes, identification document holder photos, date of birth, citizenship, place of birth and other relevant identity-related data.

Credit and Financial Institution
We may obtain personal data from financial and credit institutions in compliance with the law and industry standards. This data can encompass financial transaction history, account balances, credit scores, account details, and other financial information. This information is crucial for enabling financial transactions and ensuring compliance with relevant regulations.

Blockchain Data
We may collect publicly available blockchain data to monitor and detect illegal activities, including those defined by applicable laws and regulations. This data may include blockchain transaction details, wallet addresses, and other relevant blockchain information.

MarketingPartners, Advertisers and Analytics
In collaboration with marketing partners, we may collect personal data to better understand your interaction with our app and services. This data aids us in refining our marketing strategies and offering you personalised recommendations. In turn, advertisers may provide us with personal data to assess the effectiveness of advertising campaigns and optimise ad targeting. At the same time, analytics partners help us understand how you use and interact with our platform. The partners' shared data may include user preferences, interaction patterns, user behaviour on our App, response to marketing campaigns, interest-based data, click-through rates, conversion data, session durations, traffic sources, clickstream data, and other relevant data.

HOW WE USE YOUR DATA

Lawful Basis and Legitimate Interest

Our collection, use, and sharing of your data are founded on various lawful bases, depending on the context. The following scenarios represent the circumstances in which we engage in data collection:

Consent: We process your data when you grant your explicit consent. This typically occurs when you have reviewed our data processing purposes and willingly agreed to them. Examples include subscribing to our marketing notifications and campaigns or permitting the use of your personal information to enhance your experience while using our App and Services.

Performance of a contract: We process your information when performing a contract with you is essential. This encompasses situations where your data is required for processing and finalising your orders or adhering to the terms of any other contractual agreement we have entered into with you. It also includes enforcing the terms of this Policy and other agreements, providing our Services, ensuring the quality of our Services, and offering customer service and support.

Legal Obligation: We use your data when a legal obligation necessitates data disclosure. This occurs when compliance with legal requirements imposed by law or legal orders is mandatory.

LegitimateInterests: We may process your data when we have a legitimate interest that aligns with the operation and provision of our Services. This includes activities aimed at improving our App, maintaining proper security measures, and preventing illegal activities related to your data. Our legitimate interests are pursued only when they do not infringe upon our fundamental rights.

In the table below, you will find the list of purposes for which we use your data and what lawful bases we invoke for its use.

‍

Purpose	Purpose description	Lawful basis
Providing and Maintaining Services and App	Providing and maintaining Services and the App: Managing the operation and maintenance of our Services to ensure their functionality and availability	Performance of a contract
Payment Processing and Order Execution	Processing payments and executing Orders in compliance with market fairness, transparency, competitiveness, and genuineness rules	Performance of a contract
Fraud Prevention	Detecting and preventing fund losses, including those resulting from fraud and misuse of our Services and App	Legitimate interest
Compliance with Laws and Regulations	Ensuring compliance with relevant laws and regulations, including anti-money laundering, terrorism financing, fraud prevention, and other financial crime regulations	Compliance with a legal obligation Performance of a contract Legitimate interest: ensuring that we do not deal with funds resulting from proceeds of crime, such as money laundering or terrorist financing, and do not assist in or facilitate in any manner any financial crime and other criminal activities.
User Communication and Support	Communicating with you directly or through our partners for customer support, notifications regarding changes and updates to the Services, crucial service-related information, marketing, and promotional purposes.	Performance of a contract
User Notifications	Sending various communications, including notifications, reminders, and confirmations, to keep you informed about your activities and our Services	Performance of a contract
Service Improvement	We are continuously improving the quality, performance, and features of our Services.	Legitimate interest: to grow our business continuously, to implement the industry's best practices and adhere to its standards, to attract potential customers and users to use the Services and the App
Research and Development	Conducting research and development activities related to our Services, including the development of new features and functionalities of the App and the introduction of new products and services	Legitimate interest: to improve the functionality of our Services and the App, to ensure the competitiveness of our product, to grow our business and attract potential customers and users by introducing novel features and providing continuous development of the App
Measurement and Analytics	Performing measurement and analytics to understand how our users interact with our Services, analyse user behaviour, and identify user preferences	Legitimate interest: to learn how users interact with and use our Services and App, to conduct studies, to develop a marketing strategy and implement amendments to the Services, fixes and new features Consent, if required
Safety and Security	Promoting the safety, security, and integrity of your funds, our Services, and data through protective measures and ongoing monitoring	Legitimate interest: to ensure the security of our data and funds, to prevent unauthorised access to your account and irreversible loss of funds. Performance of a contract
User Account Management	Managing user accounts, including account setup, recovery, and termination	Performance of a contract
Personalization	Tailoring user experiences based on preferences and behaviours for personalised content and recommendations	Legitimate interest: to ensure that our users receive information and content that they opt to see, to enhance user experience and customer satisfaction Consent, if required
Third-Party Service Providers	Engaging third-party service providers for specific tasks such as payment processing and customer support	Legitimate interest Consent, if required
User Feedback	Collecting user feedback to improve our services and gather valuable insights	Performance of a contract Legitimate interest: to gather feedback from our users to learn of errors, issues and problems arising from the use of Services and the App, to implement fixes, to develop new features and to ensure customer satisfaction with our Services and the App. Consent, if required
Record Keeping	Maintaining records for auditing, accounting, and compliance purposes by applicable laws	Compliance with a legal obligation
Partnerships and Collaborations	Sharing data with partners, collaborators, or affiliates for joint initiatives, promotions, or integrated services	Legitimate interest: to ensure certain functionality of our App, to develop and grow our business
User Education	Providing educational resources and training materials to enhance user knowledge and promote secure service usage	Legitimate interest: to educate our users and enhance your experience on the App
Social Media Use	Using social media channels, such as Twitter and Discord, for advertising, notification and customer support, among others	Consent Performance of a contract

‍

HOW WE SHARE YOUR DATA

We may share the information we collect with various third parties to support and enhance our business operations (data sub-processors). You may find a list of our sub-processors annexed at the end of this Policy.

Please be aware that certain service providers operate outside of theEU/EEA area. For detailed information on how your data is handled when shared with third parties outside the EU/EEA, please refer to the Data TransfersOutside the EU/EEA section below. This section clarifies the types of third parties with whom we share information and highlights the presence ofnon-EU/EEA service providers for transparency regarding data handling practices.

Vendors and Service Providers

We collaborate with vendors and service providers who assist us in maintaining and optimising our business. These service providers encompass a range of functions, including web and mobile analytics services, advertisers,IT partners, hosting and software providers, and sales and marketing products.

Credit and Financial Institutions

We may share your information with credit and financial institutions to process your transaction and complete your order. Payment providers collect information expressly to process your transaction. For further details, please read the privacy policy of the respective credit or financial institution you use. We may forward your information to credit and financial institutions to finalise your order; however, we never keep your payment information or use it in anyway other than to process your transaction.

Third-Party VASPs

In certain instances, we may share your personal information with third-party VASPs to facilitate the exchange of fiat currency to crypto currency as part of your transactions. Additionally, we collaborate with Metamask to enable the seamless connection of your wallet to your account for enhanced functionality.

To complete the exchange of fiat currency to cryptocurrency as part of your transactions, we may share your relevant personal information with third-party Virtual Asset Service Providers (VASPs). These VASPs are integral to ensuring the successful execution of your cryptocurrency transactions. We recommend reviewing their respective privacy policies to understand how these VASPs collect, use, and protect your personal information.

Metamask

To provide you with an enhanced user experience and the capability to connect your wallet to your Account seamlessly, we collaborate with Metamask. This integration allows for convenient wallet management and access to cryptocurrency-related features. Metamask's handling of your personal information is governed by its privacy policy, which we encourage you to review for detailed insights into its data practices. Your personal information is shared with Metamask solely to facilitate cryptocurrency transactions and enhance your wallet connectivity.

Identity Verification Services

We utilise third-party identity verification services to ensure compliance with legal requirements under relevant law and to uphold youractivities' safety, transparency, and lawfulness. Using our verification partners' services, we cross-reference the personal information you provide, ora third party offers with the information in our databases and public records.

Advertisers

In our commitment to providing you with a seamless experience, we may share certain information with advertisers who play a role in enhancing ourServices. These advertisers assist us in delivering relevant content and promotions tailored to your interests. The information shared with advertisers may include user preferences, interaction patterns, engagement with advertising campaigns, and interest-based data. Our collaboration with advertisers aims to provide advertisements that align with your preferences and interests.

Business Partners

To jointly deliver integrated services, promotions, or joint initiatives, we may share specific information with our trusted business partners in various fields. The data shared with business partners can encompass a variety of relevant information to support our shared objectives. Any information shared is handled in compliance with data protection laws and regulations, and it is used exclusively to deliver the intended services and enhance your overall experience.

Law Enforcement

We may share your information with law enforcement agencies and competent authorities in exceptional circumstances and as applicable laws and regulations require. This is done to support investigations, maintain legal compliance, and ensure the safety and security of our App and users. It may be necessary in the case of court proceedings, complying with a legal order or other legal process, as well as for financial crime, money laundering and terrorism financing prevention, if we have substantial grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.

Transfers, Mergers and Acquisitions

In insolvency, bankruptcy, acquisition, transfer of ownership, sale ofassets or succession, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.

HOW YOUR DATA IS SECURED

At Elendil Capital Sp. z o.o., we consider the security of your personal information paramount. We employ various technical, organisational, and administrative measures to safeguard your data against un authorised access, disclosure, alteration, and destruction. These security measures include:

Data Encryption: We utilise industry-standard encryption protocols to protect data during transmission and storage. This ensures that your information remains confidential and secure.

Access Controls: Access to your personal information is restricted to authorised personnel who require access for legitimate business purposes. Access controls and authentication mechanisms are implemented to verify and restrict access.

Employee Training: Our team is trained in data security best practices to ensure they handle your information with care and adhere to strict data protection guidelines.

Data Backups: Regular data backups are performed to prevent data loss in case of unexpected events or system failures.

Incident Response: We have established incident response procedures to address and mitigate any security incidents or breaches promptly, should they occur.

BlockchainTechnology: Our App operates on blockchain technology, inherently providing transparency, immutability, and decentralisation. This ensures that your transactional and personal data is stored securely across multiple nodes, reducing the risk of unauthorised alterations or data breaches.

User-ControlledData: As an App User, you control your personal information through private keys and digital wallets. Your data is encrypted and accessible only by you, reducing the exposure to external threats.

Smart Contracts: We employ intelligent contracts, self-executing and tamper-proof agreements, to govern and automate transactions. These contracts enhance security by reducing the need for intermediary intervention and minimising the risk of fraud.

Cryptography: Robust cryptographic protocols secure data transmission and storage within our App. This ensures that your sensitive information remains confidential and protected from unauthorised access.

Regular Audits and Updates: Our team conducts regular security audits and updates to identify and mitigate potential vulnerabilities or weaknesses in our App's infrastructure. We remain committed to staying at the forefront of security best practices in the blockchain space.

Data Minimization: We collect and store only the minimum personal information necessary to facilitate your transactions and provide our Services. Unnecessary data is not retained, reducing the potential impact of any security incidents.

User Education: We encourage users to educate themselves about blockchain security best practices and the responsible management of private keys and digital assets. We provide resources and guidance to help you protect your data effectively.

While we take extensive measures to protect your data, it's also essential for users to play a role in their data security. We encourage you to:

‍

● Use strong, unique passwords for your Metamask and payment accounts connected to the App;

● Enable multi-factor authentication when available;

● Keep your login credentials confidential; and

● Regularly update your account information and review access permissions.

‍

If you ever have concerns about the security of your data, suspect any unauthorised activity, or would like to know the specific measures undertaken to secure your data, please don't hesitate to contact us via Telegram or Discord.

DATA RETENTION

Your personal information is held and stored securely for your active account with us. We are committed to retaining your personal information only for the period necessary to fulfil the specific purposes for which it was collected. The retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered. Here's an outline of our data retention practices:

‍

Category	Retention purposes and periods
Legal obligations	Personal information related to our legal obligations, such as compliance with anti-financial crime and anti-money laundering laws and regulations, may be stored for as long as these legal requirements mandate. We are dedicated to upholding our legal obligations and ensuring that data is retained as necessary to meet these standards.
Marketing contact information	Contact information used for marketing purposes is retained only for your consent. If you decide to withdraw your consent, this data is promptly deleted from our records.
Correspondence with us	Correspondence with us may be retained for up to five years. This ensures we can maintain accurate quality assurance, dispute resolution, and compliance records.
Technical information	Information collected through technical means, such as cookies and analytics, is retained for up to one year. This data assists us in improving the performance and functionality of our services and enhancing your overall experience.
Transaction history	Transaction records, including details of cryptocurrency transactions and innovative contract interactions, may be retained for up to five years to ensure transparency, auditability, and dispute resolution. These records help users track their transaction history and support the integrity of the blockchain network.
Smart contract data	Data related to intelligent contracts executed within the App may be retained indefinitely on the blockchain for transparency and verification. Smart contract data is typically accessible and immutable as per the nature of blockchain technology.
User preferences	User preferences and settings, such as language preferences or interface customisation, may be stored for as long as necessary to maintain a personalised user experience. This data allows users to have a consistent and tailored interaction with the App.
Error and debug logs	Logs of errors and debugging information may be retained for up to three years to identify and resolve technical issues. These logs support the continuous improvement and maintenance of the App's functionality.
Consent records	Records of user consent, particularly in the context of data processing, are retained for as long as the consent is valid, plus five years after its withdrawal. These records help verify that users have provided informed consent for specific data processing activities and comply with the relevant legal requirements imposed on us.
Blockchain metadata	Metadata associated with blockchain transactions, such as timestamps and block numbers, may be retained as part of the blockchain's permanent ledger.
Security and Access Logs	Logs of user access and security-related events, such as login attempts and authentication records, may be retained for security monitoring and threat detection for up to five years. These logs help protect the dApp from unauthorised access and breaches.

‍

YOUR RIGHTS AS DATA SUBJECT

As a User of our Services and the App, you have certain rights regarding the personal data that we collect and use. These rights are designed to give you control and transparency over your data. The following are your rights as a data subject:

Right to Access: You can request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we are processing your data and, if so, access to specific details of that processing.

Right toRectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request the correction or completion of such data.

Right to Erasure(Right to Be Forgotten): You have the right to request the deletion of your data under certain circumstances. This right is not absolute and may be subject to legal requirements or legitimate interests that override your request.

Right toRestriction of Processing: You can request the restriction of processing of your data in certain situations. We will limit how we use your data, but we may continue storing it.

Right to DataPortability: In some cases, you have the right to receive your data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

Right to Object: You can object to processing your data, including for direct marketing purposes or when we rely on legitimate interests as our legal basis for processing.

Rights Related toAutomated Decision-Making and Profiling: We commit to transparent and fair automated decision-making processes. If you are subject to automated decision-making that produces legal effects or significantly affects you, you can request human intervention and reconsider the decision.

Exercising Your Rights

To exercise any of the rights outlined above or if you have any questions or concerns regarding processing your data, don't hesitate to get in touch with our Data Protection Officer (DPO) at [email protected]. Our DPO will assist you in addressing your data-related inquiries and ensuring that your rights as a data subject are respected and upheld.

You will not be charged a fee for accessing your data or exercising any above mentioned rights. If your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee. This fee, if applicable, will be based on the administrative costs associated with processing your request. Alternatively, we may refuse to comply with your request in these exceptional circumstances. If such a situation arises, we will explain our decision clearly and transparently. Please note that we will always act by applicable data protection laws and regulations when assessing the reasonableness of any fees or the validity of requests.

Under the GDPR, we are committed to responding promptly to legitimate requests regarding your data. The statutory period for us to reply to such requests is one month from the date of receipt. However, when the request is particularly complex or has a high volume of requests, we may extend this period by up to two months as necessary. This extension will be based on carefully considering the complexity and number of requests received.

DATA TRANSFERS OUTSIDE EU/EEA

As some of our business partners, vendors and service providers are outside the European Union or European Economic Area, we may need to transfer your data to countries outside the EU/EEA zone.

We take stringent measures to ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains adequately protected.

Transfers to and from Processors in Countries with Adequacy Decisions

Some of our data processing activities may involve transfers to and from data processors in countries that have received adequacy decisions from the European Commission. Adequacy decisions confirm that these countries provide a level of data protection that is deemed equivalent to EU/EEA standards. When such transfers occur, your data is adequately protected by the recipient's legal framework.

Transfers from and to Other Countries

In cases where data is transferred to countries that do not have adequacy decisions or other recognised mechanisms, we utilise Standard Contractual Clauses (SCCs) as provided by the European Commission. SCCs area set of contractual terms and conditions approved by the European Commission, providing a framework for the lawful transfer of personal data that imposes data protection obligations on both parties involved in the data transfer and ensuring that your data remains protected according to EU/EEA standards. These clauses include provisions that require the recipient to provide an adequate level of data protection.

We are committed to ensuring that all international transfers of your data are conducted with the utmost care and in compliance with relevant data protection regulations. If you have any questions or concerns about international data transfers or the mechanisms we employ to protect your data, please do not hesitate to contact our Data Protection Officer (DPO) at [DPO contact information].

POLICY CHANGES

We may periodically update this Privacy Policy to reflect changes in our data processing practices and legal requirements or to improve transparency and clarity. When we make significant changes to this policy, we will notify you through the following channels:

Direct updates to the Policy: Any substantial changes to this Privacy Policy will be incorporated directly into the Policy and available for viewing through the App. We encourage you to review this Policy periodically to stay informed about how we handle your data.

Notification via Twitter: We will use our official Twitter account to announce essential updates and changes to the Privacy Policy. Follow us on Twitter to receive messages and stay informed about the latest developments.

Notification via Discord: We will also use our official Discord channel to communicate significant changes to the Privacy Policy. Join our Discord community to receive updates and discuss our data practices.

CONTACT DETAILS

For any inquiries, requests, or concerns related to this Privacy Policy or our data processing practices, please get in touch with us using the following information:

Elendil Capital Sp. z o.o.

Registered Office Address: 22B Bartycka Street lok. 21A, 00-716 Warsaw

Contact Email: [email protected]

Data Protection Officer (DPO): Luc Mikhail H Loja

DPO Contact Email: [email protected]

Official Twitter: https://twitter.com/OfframpXYZ

Official Discord: https://discord.gg/offrampxyz

‍

ANNEX I

SUB-PROCESSOR LIST

Sub-Processor	Jurisdiction	Purpose
Sum and Substance Ltd. (Sumsub)	United Kingdom	Identity Verification and Anti-Money Laundering Screening
TRM Labs, Inc.	United States	Transaction Monitoring and Anti-Money Laundering Screening
UAB GuruPay	Lithuania	Payment services provider
Reap Technologies Limited	Hong Kong	Payment card issuer
Yellow Card Financial, Inc.	United States	Virtual Asset Services Provider

‍