Kotsu

Privacy Policy

Learn how Kotsu collects, uses, stores, and protects your personal information while providing secure financial services. We prioritize your digital safety above all.

Last updated Jun 2026

1. Introduction

At Kotsu, we understand that privacy is a fundamental human right. As a leading provider of modern financial infrastructure, our commitment to security and compliance is at the core of everything we build.

This Policy describes how we collect, use, and protect your information when you use our platform, APIs, or website. By using Kotsu, you agree to the practices described herein. We adhere to global standards including GDPR, CCPA, and regional financial regulations.

2. Information We Collect

Personal Information

  • Full legal name
  • Date of birth
  • Government ID numbers
  • Proof of address

Financial Information

  • Wallet balances
  • Transaction history
  • Bank account details
  • Linked card tokens

Technical Data

  • IP address & location
  • Browser fingerprint
  • API call logs
  • Error reports

3. How We Use Your Information

Account Management

Providing access to your dashboard and processing transactions.

KYC Verification

Performing mandatory identity checks for financial compliance.

Fraud Prevention

Detecting and preventing unauthorized access or illicit activities.

Compliance

Meeting AML/CFT regulations and responding to legal requests.

4. Sharing of Information

NO DATA SALE POLICY

We do not sell your personal data.

We only share information with partners essential to providing our services.

  • Banking Partners
  • IMTO Providers
  • KYC Vendors

5. Data Retention

  1. Active Accounts

    We retain your data for as long as your Kotsu account remains active to provide ongoing services.

  2. Post-Termination (7-10 Years)

    Due to financial regulatory requirements (AML/CFT), we may retain transaction data for up to 10 years after account closure.

  3. Marketing Data

    Email preferences and analytics data are removed within 30 days of an unsubscribe request.

6. Data Security

AES-256 Encryption

All sensitive data is encrypted at rest and in transit using industry-standard protocols.

Secure APIs

Access to our systems is strictly controlled via OAuth2 and hardware security modules (HSM).

Access Controls

Internal access to user data is granted only on a need-to-know basis with multi-factor authentication.

7. Your Rights

Right to Access

Request a full copy of all personal data we hold about you.

Right to Correction

Update or fix any information that is inaccurate or incomplete.

Right to Deletion

Request that we delete your data (subject to legal retention periods).

Right to Manage

Control your communication preferences and data sharing settings.

8. Cookies & Tracking

We use essential cookies to maintain your session and ensure platform security. Analytic cookies help us understand how you interact with our services to improve UX. We also use tracking to detect and prevent fraudulent account creation.

Your Privacy Matters

Have questions about our privacy practices? Our legal and security teams are here to help you understand your data journey.

Ready to move money the way it should work?

Join thousands of users who have switched to KOTSU.