Privacy Policy
Last updated: May 2026
BankTON is a financial technology platform. Banking and payment services are provided by licensed partner institutions. This policy explains how BankTON collects, uses, and protects your personal data in connection with its technology services.
1. Who we are
BankTON operates a financial technology platform accessible via the Telegram messenger application. We act as the technology and product layer connecting users with licensed banking and payment service providers. References to "we", "us", or "BankTON" in this policy mean the BankTON platform and its operating entity.
2. What data we collect
We collect personal data only to the extent necessary to provide our services, comply with legal obligations, and protect against fraud. This includes:
- Identity data — full name, date of birth, nationality, and government-issued document details, collected as part of the Know Your Customer (KYC) verification process
- Contact data — email address, phone number, Telegram account identifier
- Financial data — account balances, transaction history, source of funds declarations
- Device and usage data — IP address, device identifiers, operating system, session data, and interaction logs within the BankTON interface
- Communications — support correspondence and any information you voluntarily provide to us
3. Legal basis for processing
We process your personal data under the following legal bases:
- Performance of contract — to open and operate your account and execute transactions
- Legal obligation — to comply with anti-money laundering (AML), counter-terrorism financing (CTF), and sanctions screening requirements
- Legitimate interests — to detect fraud, maintain platform security, and improve our services
- Consent — for marketing communications, where you have opted in
4. How we use your data
- Verifying your identity and onboarding you as a customer
- Processing payments and currency conversions
- Issuing and managing payment cards
- Detecting and preventing fraud, money laundering, and sanctions violations
- Sending service notifications and transaction alerts
- Responding to your support requests
- Complying with regulatory reporting obligations
- Improving platform features and performance
5. Who we share data with
We share personal data only where necessary and always under appropriate contractual safeguards:
- Banking and payment partners — licensed institutions that provide the underlying accounts, card issuance, and payment rails (including SEPA, SWIFT, and local payment schemes)
- KYC and identity verification providers — third-party services used to verify identity documents and screen against sanctions lists
- Cryptocurrency infrastructure providers — for crypto-to-fiat conversion services
- Regulators and law enforcement — where required by applicable law or court order
- Technology infrastructure providers — cloud hosting, security, and analytics vendors under data processing agreements
We do not sell your personal data to third parties.
6. International data transfers
Your data may be processed in countries outside your country of residence, including countries outside the European Economic Area (EEA). Where we transfer data internationally, we apply appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms to ensure adequate protection.
7. Data retention
We retain your personal data for as long as you hold an active account and for a minimum period of five (5) years after account closure, in compliance with financial services regulations. Transaction records may be retained for longer periods where required by applicable law.
8. Your rights
Subject to applicable law, you have the following rights regarding your personal data:
- Access — to receive a copy of the personal data we hold about you
- Rectification — to correct inaccurate or incomplete data
- Erasure — to request deletion, where there is no legal obligation to retain data
- Restriction — to limit how we process your data in certain circumstances
- Portability — to receive your data in a structured, machine-readable format
- Objection — to object to processing based on legitimate interests
- Withdraw consent — to withdraw any previously given consent at any time
To exercise any of these rights, contact us at privacy@bankton.org. We will respond within 30 days. Note that certain rights may be limited where we are required to retain data by law.
9. Cookies and tracking
Our website uses essential cookies required for site functionality (session management, security). We do not use third-party advertising or tracking cookies. You can control cookie settings in your browser. Disabling essential cookies may affect the functionality of the site.
10. Security
We implement technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.
11. Children
Our services are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact us immediately.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the BankTON platform or by email. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our services following any changes constitutes acceptance of the updated policy.
13. Contact us
For privacy-related questions or to exercise your rights, please contact:
Email: privacy@bankton.org
Telegram: @BankTON