1. Data Protection Commitment
EarnVault is committed to protecting your personal data in compliance with applicable data protection laws including GDPR, CCPA, and DIFC Data Protection Law.
2. Data Controller
EarnVault acts as the data controller for personal data collected through the platform.
3. Lawful Basis for Processing
- Contract: Processing necessary to provide our services (account management, transactions)
- Legal obligation: KYC/AML compliance, financial record keeping
- Legitimate interest: Fraud prevention, security, platform improvement
- Consent: Marketing communications, optional data collection
4. Technical Security Measures
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Private keys encrypted with user password — zero-knowledge architecture
- Automated fraud detection with 8 detection rules
- Single-device enforcement to prevent unauthorized access
- Two-factor authentication (Email OTP, TOTP, Biometrics)
- VPN and proxy detection
- Rate limiting on all API endpoints
- Comprehensive audit logging of all administrative actions
5. Data Subject Rights
You can exercise your rights directly in the app:
- Right to access: Request data export via Settings > Data & Privacy
- Right to erasure: Request account deletion via Security > Manage Account
- Right to portability: Data export provided in JSON format
- Right to rectification: Update your profile in Account Info
6. Data Breach Notification
In the event of a data breach, we will notify affected users within 72 hours and report to relevant authorities as required by law.
7. International Transfers
Your data may be processed on servers located in different jurisdictions. We ensure appropriate safeguards are in place for international data transfers.
8. Contact
Data Protection Officer: support@earnvault.com