Privacy Policy

1. Introduction

Restabilise Ltd (“ReStabilise”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit our website (restabilise.com), use our platform, or engage with our stablecoin issuance, redemption, custody and related services (collectively, the “Services”). It also informs you about your privacy rights and how the law protects you under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.1 Data Controller

ReStabilise is the data controller and is responsible for your personal data.

1.2 Contact Details

If you have any questions about this Privacy Policy or our data protection practices, please contact our Data Protection Officer (DPO):

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk). We would appreciate the chance to deal with your concerns before you approach the ICO.

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Given our regulatory obligations as a stablecoin issuer and custodian, we collect, use, store and transfer a wide variety of data, which we have grouped together as follows:

  • Identity Data: First name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, photographic identification (passport, national ID, driving license), and biometric data (such as facial recognition scans used for “liveness” checks during onboarding).
  • Corporate & UBO Data: For institutional clients, we collect details of directors, authorised signatories, and Ultimate Beneficial Owners (UBOs), including their identity and contact data, as required by anti-money laundering (AML) laws.
  • Contact Data: Billing address, registered corporate address, email address and telephone number.
  • Financial Data: Bank account details (Sort Code, Account Number, IBAN, BIC/SWIFT), fiat deposit and withdrawal history, tax identification numbers, and documentation proving the source of funds and source of wealth.
  • Blockchain & Cryptoasset Data: Public wallet addresses (e.g., ERC-20 addresses), public keys, on-chain transaction hashes, token balances, and network metadata associated with your interactions with our smart contracts.
  • Transaction Data: Details about payments to and from you, including fiat-to-stablecoin minting requests, redemption requests, and custody services.
  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Services.
  • Usage Data: Information about how you use our website, platform and Services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.

3. How Is Your Personal Data Collected?

We use different methods to collect data from and about you, including through:

Direct Interactions

You may give us your identity, contact, and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes data you provide when you:

  • Apply for our Services;
  • Create an account on our platform;
  • Request the minting or redemption of our stablecoins;
  • Request custody services;
  • Request marketing to be sent to you; or
  • Give us feedback or contact us.

Automated Technologies or Interactions

As you interact with our website, we automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

Third Parties or Publicly Available Sources

We receive personal data about you from various third parties and public sources, including:

  • Identity and Verification (KYC/KYB) Providers: to identify and verify our customers.
  • Transaction Monitoring and Blockchain Analytics Providers: to screen fiat accounts and cryptoasset wallet addresses for risk and illicit activity.
  • Payments Partners: confirming the receipt or dispatch of fiat funds.
  • Public Blockchains: immutable ledgers (e.g., Polygon, Ethereum) which broadcast your public wallet address and transaction history.
  • Public Registers: Companies House, electoral registers, and global sanctions lists (e.g., OFAC, UN, HM Treasury).

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Below is a description of the ways we use your personal data, and the legal bases we rely on.

To register you as a new client

Including conducting KYC/KYB and sanctions screening

Data: Identity, Contact, Corporate/UBO

Lawful Basis: Performance of a contract; Compliance with legal obligation (UK Money Laundering Regulations)

To process and deliver your requests

Including minting stablecoins, redeeming stablecoins, and providing custody services

Data: Identity, Contact, Financial, Transaction, Blockchain

Lawful Basis: Performance of a contract

To monitor transactions for fraud, money laundering, and illicit activity

Including wallet screening and Travel Rule compliance

Data: Identity, Financial, Transaction, Blockchain

Lawful Basis: Compliance with legal obligation; Legitimate interests (preventing fraud)

To manage our relationship with you

Notifying you about changes to our terms, privacy policy, or FCA disclosures

Data: Identity, Contact, Profile

Lawful Basis: Performance of a contract; Compliance with legal obligation

To administer and protect our business and website

Including troubleshooting, data analysis, testing, system maintenance, and security logs

Data: Identity, Contact, Technical

Lawful Basis: Legitimate interests (IT services, network security); Compliance with legal obligation

5. The Blockchain: Important Notice Regarding Your Data

As an issuer of cryptoassets (our stablecoins), our Services inherently interact with public Distributed Ledger Technology (DLT) or blockchains. You must be aware of the following privacy implications:

  • Public and Immutable: Blockchains are decentralised, public ledgers. Transactions broadcast to the blockchain, including your public wallet address and the amount of stablecoins transacted, are permanently recorded and visible to anyone globally.
  • Pseudonymity vs. Anonymity: While your wallet address is a cryptographic string (pseudonymous), it is not entirely anonymous. It can potentially be linked to your real-world identity through forensic analysis by us, our vendors, law enforcement, or third-party data aggregators.
  • Limitation of Rights: Because the blockchain is immutable, we cannot alter, erase or restrict the processing of personal data once it has been broadcast to a public network. Your “Right to Erasure” (Right to be Forgotten) does not apply to data stored on the blockchain itself, only to the off-chain data held within our internal proprietary databases.

6. Disclosures of Your Personal Data

We may share your personal data with the parties set out below for the purposes outlined in Section 4:

  • Safeguarding and Payments Partners: to facilitate the receipt and transfer of your fiat funds for stablecoin subscriptions and redemptions, and the safeguarding of the backing assets for our stablecoins.
  • Compliance & Analytics Vendors: Third-party service providers acting as processors who provide identity verification, AML/KYC screening, and transaction monitoring.
  • IT & Cloud Infrastructure Providers: Providers of cloud hosting, secure databases, and infrastructure architecture.
  • Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Regulators & Law Enforcement: The Financial Conduct Authority (FCA), HM Revenue & Customs (HMRC), the National Crime Agency (NCA), and other authorities who require reporting of processing activities, suspicious activity reports (SARs), or specific transaction data under the Travel Rule.

7. International Data Transfers

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK (such as the International Data Transfer Agreement or Addendum) which give personal data the same protection it has in the UK.

Note on Blockchain Transfers: By its nature, blockchain technology involves a globally distributed network of nodes. Broadcasting a transaction to the blockchain inherently transfers the public data (wallet address, transaction amount) globally. By using our Services, you acknowledge and accept this global distribution.

8. Data Security

We have put in place robust measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. This includes:

  • Encryption of data at rest and in transit.
  • Hardware Security Modules (HSMs) and strict Key Management Systems for cryptographic materials.
  • Role-based access controls ensuring data is only accessible to employees, agents, contractors and other third parties who have a strict business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

Specifically, under the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended), we are legally required to retain your basic identity, contact, financial and transaction data for a period of five (5) years after our business relationship with you ends.

Technical and usage data will be retained in accordance with our internal data retention policies, typically not exceeding 24 months unless required for security auditing purposes.

10. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it and its erasure is within our legal/regulatory and control capability.
  • Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request restriction of processing of your personal data in the following scenarios: if you want us to establish the data’s accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party (Data Portability).
  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact our DPO at privacy@restabilise.com.

11. Changes To This Privacy Policy

We may update this Privacy Policy from time to time as we may deem necessary or as may be required by law or regulation. The most current version will be posted on our website and you are deemed to have accepted its terms on your first use of the Services or by continuing to use them. We encourage you to review this policy with reasonable regularity.

12. Acknowledgment

By using our Services, you acknowledge that you have read, understood and agree to be bound by this Privacy Policy.