Privacy Policy

Iamverse Investment ("we," "us," or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website and investment platform (the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

• Account Registration Data: Full legal name, email address, date of birth, country of residence, and password (stored as a one-way bcrypt hash).
• Identity Verification (KYC): Government-issued photo identification (passport, driver's license, or national ID card), proof of residential address (utility bill, bank statement, or government correspondence dated within 90 days), and — where required — source-of-funds documentation.
• Financial Information: Bank account details, cryptocurrency wallet addresses, deposit amounts, withdrawal requests, and selected investment plans.
• Communications: Support tickets, email correspondence, and any information you voluntarily provide when contacting us.

1.2 Information Collected Automatically

• Device & Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, clickstream data, session duration, referral URLs, and feature interactions.
• Cookies & Similar Technologies: Session cookies, persistent cookies, and local storage. Please see our Cookie Policy for full details.
• Log Data: Server access logs, error logs, and security event logs, including timestamps and associated IP addresses.

1.3 Information From Third Parties

• Sanctions & PEP Screening Providers: Results from OFAC, HM Treasury, and OSFI sanctions list checks.
• Fraud Prevention Services: Risk scores and device fingerprinting data used to detect unauthorized access.

2. Legal Bases for Processing

We process your personal data on the following legal bases, depending on the context:

• Contractual Necessity: To perform our obligations under the Terms of Service — including account management, investment processing, and withdrawal execution.
• Legal Obligation: To comply with KYC/AML regulations, tax reporting requirements, sanctions screening mandates, and data retention laws in the United States, United Kingdom, and Canada.
• Legitimate Interest: To prevent fraud, ensure platform security, improve our services, and conduct internal analytics — provided these interests do not override your fundamental rights.
• Consent: For optional marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

3. How We Use Your Information

• Creating, authenticating, and managing your account.
• Processing deposits, investments, ROI calculations, and withdrawals.
• Conducting identity verification (KYC) and anti-money laundering (AML) checks.
• Screening against OFAC, HM Treasury, and OSFI sanctions lists and PEP databases.
• Monitoring transactions for suspicious activity and potential fraud.
• Generating audit trails for regulatory compliance and dispute resolution.
• Communicating account-related notifications (deposit confirmations, maturity alerts, security warnings).
• Improving platform performance, user experience, and security measures.
• Responding to support requests and legal inquiries.
• Complying with applicable laws, regulations, court orders, and government requests.

4. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Hosting providers, email delivery services, payment processors, and KYC verification partners — bound by data processing agreements and limited to the minimum data necessary to perform their function.
• Regulatory & Law Enforcement Authorities: When required by law, regulation, court order, or government request — including FinCEN (USA), FCA/NCA (UK), FINTRAC (Canada), and tax authorities (IRS, HMRC, CRA).
• Professional Advisors: Lawyers, auditors, and compliance consultants, subject to professional confidentiality obligations.
• Corporate Events: In connection with a merger, acquisition, reorganization, or sale of assets — with advance notice to affected users where feasible.

We do not share your data with advertising networks or data brokers.

5. International Data Transfers

Your data may be transferred to, stored in, or processed in countries outside your country of residence. When transferring data outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement (IDTA), or other lawful transfer mechanisms. For transfers involving Canadian personal information, we ensure the receiving jurisdiction provides a substantially similar level of protection as required under PIPEDA.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy, subject to the following minimum periods:

After the applicable retention period, data is securely deleted or irreversibly anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

7.1 Under UK GDPR / EU GDPR

• Access — Request a copy of your personal data.
• Rectification — Correct inaccurate or incomplete data.
• Erasure — Request deletion, subject to legal retention obligations.
• Restriction — Limit processing in certain circumstances.
• Portability — Receive your data in a structured, machine-readable format.
• Objection — Object to processing based on legitimate interest.
• Automated Decision-Making — Right not to be subject to solely automated decisions with legal effects.

UK residents may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7.2 Under CCPA (California, USA)

• Right to Know — What personal information we collect, use, and disclose.
• Right to Delete — Request deletion of personal information, subject to legal exceptions.
• Right to Opt-Out — We do not sell personal information. No opt-out is required.
• Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

7.3 Under PIPEDA (Canada)

• Access & Correction — Request access to, and correction of, your personal information.
• Consent Withdrawal — Withdraw consent, subject to legal or contractual restrictions.
• Complaint — File a complaint with the Office of the Privacy Commissioner of Canada (OPC).

To exercise any of these rights, contact our Data Protection Officer at dpo{{ $siteName }}.com. We will respond within 30 days (or the applicable statutory period).

8. Data Security

We implement technical and organizational measures to protect your data, including:

• AES-256 encryption for data at rest.
• TLS 1.3 for all data in transit (no plaintext fallback).
• Bcrypt password hashing with per-user salts.
• Role-based access control (RBAC) with principle of least privilege.
• CSRF token validation, rate limiting, and HTTP-only secure session cookies.
• Automated server and application security monitoring.
• Regular access reviews and security assessments.

No system is 100% secure. While we take all reasonable measures, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by applicable law.

9. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at dpo{{ $siteName }}.com.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any external sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email notification and/or a prominent notice on the Service at least 14 days before taking effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy. We recommend reviewing this page periodically.

12. Contact Information