Global Privacy Policy

Entity Information

• Data Controller: iBnk Vault LLC (Wyoming, USA)
• Technical Processor: Intellifusion Pty Ltd (Australia)
• Service Scope: Global travelers in APEC economies and APEC-based merchants

Core Statement

iBnk values privacy and commits to secure handling of personal information per GDPR, U.S. federal/state laws, and Australian Privacy Act 1988.

Key Definitions

• Personal Data: Information identifying individuals (name, address, email, ID numbers, IP address)
• Data Subject: Individual to whom data relates
• Data Controller: Entity determining processing purposes (iBnk Vault LLC)
• Data Processor: Entity processing data on behalf of controller (Intellifusion Pty Ltd, vendors)

Information Collected

Direct Collection

Identity data, contact information, financial details, location data, employment information, transaction history, usage patterns, marketing preferences, account data, and social media profiles.

Third-Party Sources

Payment processors, identity verification vendors, advertisers, and marketing partners provide additional data.

Communications & Payments

Direct contact information collected when users reach out; stablecoin and fiat payment options available.

Data Usage Purposes

Legal bases include consent, contract performance, legal obligations, and legitimate interests. Uses encompass service provision, payment processing, fraud prevention, AML/CTF compliance, support, improvement, security, and personalization.

Data Sharing

Information shared with vendors, financial institutions, identity services, API partners, law enforcement (when required), and in merger/acquisition scenarios.

Security Measures

• • Access controls limiting personnel
• • Employee training on best practices
• • Regular data backups
• • Incident response procedures
• • Encryption for data in transit and at rest

Note: No system is completely secure.

Data Retention

Personal information retained only as long as necessary; periods vary by data type and purpose.

User Rights

• • Access personal data held
• • Correct inaccurate information
• • Request deletion (subject to regulatory limits)
• • Restrict processing
• • Receive portable data formats
• • Object to processing
• • Request human review of automated decisions

Legal Constraints

Financial services obligations limit deletion capability for AML compliance, financial records (typically 7 years), and fraud prevention data.

California Privacy Rights (CCPA/CPRA)

Residents may request knowledge of collected data, deletion (with exceptions), opt-out of sharing, correction, sensitive data use limitations, and non-discrimination assurances.

International Data Transfers

• U.S.: Complies with BSA, GLBA, AML, KYC requirements
• Australia: Follows Privacy Act 1988 and Australian Privacy Principles
• APAC: Adheres to PDPA, PDPO, APPI, PIPA, DPDPA regulations
• Framework: Uses adequacy decisions, Standard Contractual Clauses, encryption, access controls, and regular audits

Data Localization

Infrastructure maintained for territory-specific requirements while ensuring global service consistency.

Age Restrictions

Services not directed at individuals under 18; inadvertent minor data collection triggers deletion procedures.

Policy Updates

Changes communicated via website updates; users encouraged to review regularly.