← Back to home

Privacy Policy

Last updated: March 22, 2026

1. Who We Are

Fazen Pay (“we”, “us”, “our”) is a crypto-native banking platform providing IBAN-backed EUR accounts, SEPA transfers, virtual cards, and self-custody crypto wallets. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

2. Data We Collect

We collect the following categories of personal data:

  • Identity data: Full name, date of birth, nationality, government-issued ID documents (collected during KYC verification via our partner Sumsub).
  • Contact data: Email address, phone number.
  • Financial data: IBAN, transaction history, card usage, crypto wallet addresses and balances.
  • Technical data: Device type, operating system, IP address, app version.
  • Security data: Hashed PINs (argon2id), biometric authentication preferences (stored on-device only, never transmitted).

3. How We Use Your Data

  • To provide and maintain your account and banking services.
  • To process SEPA transfers, card transactions, and crypto operations.
  • To verify your identity as required by EU anti-money laundering regulations (AMLD5/6).
  • To comply with MiCA (Markets in Crypto-Assets Regulation) requirements.
  • To detect and prevent fraud, unauthorized access, and money laundering.
  • To send transactional notifications (e.g., transfer confirmations, security alerts).
  • To improve our services and resolve technical issues.

4. Legal Basis (GDPR Art. 6)

  • Contract performance: Processing transactions, maintaining accounts.
  • Legal obligation: KYC/AML compliance, tax reporting, regulatory requests.
  • Legitimate interest: Fraud prevention, service improvement, security.
  • Consent: Marketing communications (opt-in only).

5. Third-Party Processors

We share data with the following categories of processors, all bound by data processing agreements:

  • Striga Technology OUE — Banking-as-a-service provider (IBAN issuance, SEPA processing, card issuance). Licensed EMI in the EU.
  • Sumsub — Identity verification (KYC/AML checks).
  • Privy Inc. — MPC wallet custody infrastructure (key sharding, no raw private keys stored).
  • Railway / Vercel — Infrastructure hosting (EU/US regions).

6. Data Security

We implement industry-standard security measures:

  • PIN hashing with argon2id (no plaintext storage).
  • JWT-based session management with automatic token rotation.
  • AES-256 encryption for data at rest.
  • TLS 1.3 for all data in transit.
  • MPC (Multi-Party Computation) for crypto custody — no single point of failure.
  • Velocity limits and real-time fraud monitoring on all transactions.

7. Data Retention

We retain your personal data for as long as your account is active, plus a minimum of 5 years after account closure as required by EU anti-money laundering regulations. Transaction records are retained for 10 years in accordance with applicable financial reporting obligations.

8. Your Rights (GDPR)

As an EU data subject, you have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Request erasure, subject to legal retention requirements (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Lodge a complaint with your national data protection authority.

To exercise your rights, contact us at privacy@fazenpay.com.

9. Cookies

Our website uses only essential cookies required for functionality (session management, security tokens). We do not use tracking cookies or third-party advertising cookies. No cookie consent banner is required under ePrivacy Directive Art. 5(3) for strictly necessary cookies.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

11. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@fazenpay.com.