Privacy Policy

Effective Date: September 2025

This Privacy Policy (“Policy”) explains how Autentic Ltd. (“Autentic”, “we”, “our”, or “us”) collects, uses, stores, discloses, and protects Personal Data of individuals (“Users”, “you”) who access or use our websites, platform, applications, products, or services (collectively, the “Services”), including but not limited to autentic.global, the Autentic Platform (Dashboard, Marketplace), and projects such as Autentic DAO: Mersin House Token #1.

By using our Services, you acknowledge that you have read, understood, and consent to the processing of your Personal Data in accordance with this Policy.

1. Data Controller and Processor Roles

  • Autentic Ltd. acts as Data Controller for Personal Data collected during onboarding, KYC/KYB, and general use of the Services.
  • Certain third parties (e.g., KYC providers, payment processors, hosting providers) act as Data Processors on our behalf.
  • Where applicable, Autentic and affiliates may act as joint controllers with project-specific entities (SPVs).

2. Data We Collect

We may collect the following categories of Personal Data:

  1. Identification Data – name, nationality, date of birth, residential address, government-issued IDs, and photographs.
  2. Contact Data – email, phone, communication preferences.
  3. Financial & Transaction Data – wallet addresses, blockchain transactions, token purchases, bank card details (via providers), dividend distributions.
  4. Compliance Data – results of KYC/KYB, AML/CTF monitoring, sanctions checks, PEP screening.
  5. Technical Data – IP address, device identifiers, operating system, browser type, cookies, log files.
  6. Communications Data – emails, support tickets, messages, or community interactions.

3. Purposes of Processing

We process Personal Data for:

  • Onboarding, identity verification, AML/CTF compliance.
  • Executing transactions, distributions, and project-related obligations.
  • Providing access to the Platform, Dashboard, Marketplace.
  • Enabling governance participation (DAO voting, proposals).
  • Security monitoring, fraud detection, and risk management.
  • Customer support, service communications, and dispute resolution.
  • Analytics, product improvement, and marketing (where permitted).

4. Legal Bases for Processing

Processing is based on:

  • Contract performance with the User.
  • Legal obligations, including AML/CTF and recordkeeping.
  • Legitimate interests, such as security and fraud prevention.
  • Consent, where required for cookies, marketing, or specific processing.

5. Data Sharing and Disclosure

Personal Data may be shared with:

  • Service Providers – KYC/KYB/AML vendors, blockchain analytics, payment processors, IT/cloud hosting.
  • Affiliated Entities & SPVs – including those managing tokenized projects.
  • Professional Advisors – auditors, lawyers, consultants.
  • Regulators & Authorities – where required under law, regulation, or legal process.

We do not sell or rent Personal Data.

6. International Data Transfers

We process Personal Data globally, including transfers to the United Kingdom, European Union, United States, Turkey, United Arab Emirates, Singapore, and other jurisdictions where we operate.
Safeguards include:

  • Adequacy decisions by the European Commission.
  • Standard Contractual Clauses (SCCs).
  • Other legally recognized protections.

7. Data Retention

  • Retained for at least five (5) years following termination of the relationship, or longer if required by law (e.g., AML).
  • Technical or anonymized data may be retained for analytics/security.

8. Cookies and Tracking Technologies

  • We use cookies and similar technologies for functionality, analytics, and security.
  • Consent banner is presented to EU/UK Users to manage cookie preferences.
  • Analytics may include Google Analytics, Yandex Metrica, or similar.
  • Users may disable cookies, but some Services may not function properly.

9. Marketing Communications

  • Marketing messages are sent only where permitted by law.
  • EU/UK Users: explicit opt-in consent is required.
  • US Users: right to opt-out (CCPA “Do Not Sell or Share My Data”).
  • Users may withdraw consent or opt-out at any time.

10. Data Subject Rights

Users may exercise:

  • Access – confirmation whether we process your data.
  • Rectification – correction of inaccurate data.
  • Erasure – deletion under lawful conditions.
  • Restriction – limit processing in certain cases.
  • Portability – receive data in machine-readable format.
  • Objection – object to processing based on legitimate interests.
  • Withdraw Consent – at any time, where applicable.
  • Complaint – with a supervisory authority (ICO UK, EU DPA, US/other authorities).

Requests: [email protected]
We will respond within 30 days (extendable to 60 days where legally permitted).

11. Security Measures

  • Encryption in transit and at rest.
  • Role-based access control.
  • Penetration testing and audits.
  • Incident response procedures.

No system is fully secure; Users must also protect credentials and devices.

12. Children’s Data

Services are not intended for persons under 18 (or majority age in their jurisdiction). We do not knowingly collect data from minors.

13. Blockchain and Non-Custodial Model

  • Autentic does not custody user funds, wallets, or private keys.
  • Blockchain records are immutable and public.
  • Users acknowledge transactions may be linked with other identifiers for compliance.

14. Amendments

We may amend this Policy at any time. Updated versions will be posted on www.autentic.global with revision date. Continued use constitutes acceptance.

15. Contact

Autentic Ltd.
Suite 1, Second Floor, Sound & Vision House
Francis Rachel Street, Victoria, Mahe, Seychelles
Email: [email protected]