Privacy Policy

Cryptoyield Technologies Ltd. (“Cryptoyield”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy describes our practices regarding the collection, use, storage, and disclosure of information we receive when you use our platform, website, and services (collectively the “Service”).

This policy applies to all users of the Service regardless of location, and supplements any additional privacy notices we may provide for specific products or features. By using the Service you consent to the practices described in this Policy.

We act as the Data Controller for personal data collected through the Service. Our registered Data Protection Officer (DPO) can be contacted at the address in Section 13.

Information you provide directly:

• Identity data: full name, username, date of birth, nationality, government-issued ID (where KYC is required).
• Contact data: email address, phone number, physical address.
• Financial data: wallet addresses, transaction history, staking positions, deposit and withdrawal records.
• Account data: username, password (hashed), account preferences and settings.
• Communications: messages you send us via support, live chat, or email.

Information we collect automatically:

• Technical data: IP address, browser type and version, operating system, device identifiers.
• Usage data: pages visited, features used, clicks, scroll depth, session duration.
• Transaction data: timestamps, amounts, network addresses for all on-platform transactions.
• Log data: server logs including access times, error codes, and referring URLs.

Information from third parties:

• KYC / AML providers: identity verification results, sanctions screening outcomes.
• Blockchain analytics: on-chain data associated with wallet addresses for compliance monitoring.
• Analytics partners: aggregated behavioural data to improve the Service.

We process your personal data on the following legal bases:

• Contract performance: to create and manage your account, process staking positions, execute withdrawals, and provide the Service.
• Legal obligation: to comply with KYC/AML laws, tax reporting requirements, and regulatory mandates.
• Legitimate interests: to detect fraud, prevent abuse, improve our products, and communicate service updates.
• Consent: for marketing communications, analytics cookies, and any other processing where we request your permission.

Specifically, we use your information to:

• Verify your identity and eligibility to use the Service.
• Process transactions and maintain accurate records.
• Calculate and distribute staking rewards and referral income.
• Send transactional communications (deposit confirmations, reward credits, security alerts).
• Detect, investigate, and prevent fraud, money laundering, and other illegal activities.
• Improve platform performance, personalise your experience, and develop new features.
• Comply with applicable legal and regulatory obligations.
• Enforce our Terms of Service and other agreements.

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Service providers: trusted third parties who assist us in operating the platform (cloud hosting, email delivery, KYC verification, analytics). These providers are contractually bound to process data only on our instructions.
• Regulatory & legal: government authorities, regulators, law enforcement, and courts where required by law or valid legal process.
• Business transfers: in the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred as part of that transaction, subject to the same privacy protections.
• Safety: where necessary to protect the safety, rights, or property of Cryptoyield, our users, or the public.
• With your consent: where you have explicitly authorised us to share data with a specific third party.

When we share data with service providers we require them to implement appropriate technical and organisational safeguards, and we enter into Data Processing Agreements (DPAs) where required by applicable law.

We use cookies and similar technologies to operate and improve the Service. You can manage your cookie preferences via your browser settings or our cookie consent panel.

You can opt out of non-essential cookies at any time. Disabling essential cookies may affect platform functionality. We honour Do Not Track signals where technically feasible.

We retain your personal data for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Account data: retained for the life of your account and for 7 years after closure for AML/tax compliance.
• Transaction records: retained for 10 years to comply with financial regulations.
• KYC documents: retained for 5 years after your last transaction, or longer if required by law.
• Communications and support records: retained for 3 years.
• Analytics / log data: typically retained for 13 months in aggregated form.

When data is no longer required we securely delete or anonymise it. Anonymised data may be retained indefinitely for statistical and research purposes as it can no longer be linked to you.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Multi-factor authentication options for account access.
• Regular penetration testing and vulnerability assessments.
• Role-based access controls limiting internal data access to authorised personnel.
• Real-time security event monitoring and incident response procedures.
• Regular security training for all staff handling personal data.

Despite our best efforts, no security system is impenetrable. In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and relevant supervisory authorities within the timeframes required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Right to access: obtain a copy of the personal data we hold about you.
• Right to rectification: correct inaccurate or incomplete personal data.
• Right to erasure ('right to be forgotten'): request deletion of your personal data, subject to legal retention requirements.
• Right to restriction: request that we limit the processing of your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: where processing is based on your consent, withdraw it at any time without affecting prior processing.
• Right not to be subject to automated decisions: request human review of automated decisions that significantly affect you.

To exercise any of these rights, please contact us at privacy@cryptoyield.io. We will respond within 30 days. We may need to verify your identity before processing your request. You also have the right to lodge a complaint with your local data protection supervisory authority.

Cryptoyield operates globally. Your personal data may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

Where we transfer personal data outside the European Economic Area (EEA) or the UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Transfers to countries with an EU adequacy decision.
• Binding Corporate Rules (BCRs) where applicable.

You can request a copy of the safeguards we have in place for international transfers by contacting our DPO.

The Service is not directed to, and we do not knowingly collect personal data from, individuals under the age of 18 (or the relevant age of majority in your jurisdiction). If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@cryptoyield.io.

Upon receiving such a notification, we will take reasonable steps to delete the data and close the account as quickly as possible, subject to any legal obligations we may have.

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services.

We encourage you to review the privacy policies of every third-party service you visit. Our inclusion of a link does not imply any endorsement or affiliation.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes we will:

• Update the 'Last updated' date at the top of this page.
• Notify you by email if the changes are material.
• Where required by law, seek your consent before applying the new policy to your data.

We encourage you to review this Policy periodically. Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the revised terms.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us:

We aim to respond to all data-related requests within 30 calendar days. If your request is complex, we may extend this by an additional 60 days and will notify you accordingly.