LegalPrivacy Policy
Privacy Policy
Last updated: Feb 23, 2026
This Privacy Policy explains how Pariflow collects, uses, discloses, stores, and otherwise processes personal data in connection with the Service. By using the Service, you acknowledge processing as described here and in applicable law.
Controller role and scope
Pariflow and its affiliates may act as data controllers for account, compliance, transaction, and security processing. Where we process data strictly on behalf of a regulated partner, we may act as processor under that partner's instructions. This Policy applies to our websites, apps, APIs, and support channels unless a supplemental notice states otherwise.
Lawful bases for processing
- Contract necessity for onboarding, account administration, transaction handling, and support.
- Legitimate interests for fraud prevention, platform integrity, analytics, and security hardening.
- Legal obligations for sanctions, AML, tax, audit, and law-enforcement cooperation.
- Consent where required for optional communications, analytics, or advertising technologies.
Categories of personal data
- Identity and profile data, such as name, email, account handles, and authentication identifiers.
- Verification and compliance data, including sanctions checks, KYC data, and due-diligence records.
- Financial and wallet data, including addresses, transfer metadata, balances, and transaction records.
- Technical and security telemetry, such as IP, device/browser details, session logs, and risk signals.
- Usage and communications data, including support messages, tickets, and feature interaction history.
How we use personal data
- Operate the Service, including authentication, order routing, funding flows, and settlement workflows.
- Enforce Terms, detect abuse, investigate incidents, and apply sanctions/AML controls.
- Maintain auditability, support legal and regulatory obligations, and defend legal claims.
- Improve reliability, product quality, risk models, and user safety controls.
- Send mandatory service communications, legal notices, and operational updates.
Sharing and disclosure
We may disclose personal data to service providers, infrastructure vendors, analytics and fraud-control providers, payment and blockchain partners, professional advisers, corporate affiliates, transaction counterparties where required, and competent authorities. We may also disclose data in connection with mergers, reorganizations, financings, asset sales, or insolvency events. We do not sell personal data for monetary consideration.
International transfers
Personal data may be processed in jurisdictions outside your location. Where required, we use transfer safeguards recognized by applicable law. Government agencies in destination jurisdictions may have lawful access rights under local law.
Retention, legal holds, and deletion
We retain data as long as reasonably necessary for service delivery, security, dispute management, tax/accounting, and regulatory compliance. We may retain data beyond standard periods when subject to legal hold, investigation, audit, or litigation requirements. Deletion requests are processed subject to these mandatory retention obligations.
Cookies, tracking, and Do Not Track
We use cookies and similar technologies for security, authentication, fraud prevention, performance measurement, and product analytics. Some browsers provide Do Not Track signals; unless required by law, our systems may not respond to those signals consistently. See our Cookie Policy for controls and consequences of disabling cookies.
Security
We apply technical and organizational safeguards designed to protect data. No system is perfectly secure, and we cannot guarantee absolute prevention of unauthorized access, data loss, or misuse.
Your privacy rights
Subject to applicable law, you may have rights to access, correct, delete, restrict, object, or request portability of personal data, and to withdraw consent where processing relies on consent. Depending on jurisdiction, you may also have rights regarding targeted advertising or profiling. We may verify identity, request additional information, and deny or limit requests as permitted by law.
Authorized agents and appeals
Where law allows acting through an authorized agent, we may require proof of authorization and direct identity confirmation from you. If we deny a rights request, you may seek review through the process available under applicable law.
Minors
The Service is not directed to persons under 18 or the legal age of majority in their jurisdiction. If we determine an ineligible person has provided data, we may suspend access and delete data where permitted.
Policy updates and contact
We may amend this Policy by posting an updated version. Questions, privacy requests, or regulator inquiries may be submitted to contact@pariflow.com.