Privacy Policy
Learn how Kotsu collects, uses, stores, and protects your personal information while providing secure financial services. We prioritize your digital safety above all.
1. Introduction
At Kotsu, we understand that privacy is a fundamental human right. As a leading provider of modern financial infrastructure, our commitment to security and compliance is at the core of everything we build.
This Policy describes how we collect, use, and protect your information when you use our platform, APIs, or website. By using Kotsu, you agree to the practices described herein. We adhere to global standards including GDPR, CCPA, and regional financial regulations.
2. Information We Collect
Personal Information
- Full legal name
- Date of birth
- Government ID numbers
- Proof of address
Financial Information
- Wallet balances
- Transaction history
- Bank account details
- Linked card tokens
Technical Data
- IP address & location
- Browser fingerprint
- API call logs
- Error reports
3. How We Use Your Information
Account Management
Providing access to your dashboard and processing transactions.
KYC Verification
Performing mandatory identity checks for financial compliance.
Fraud Prevention
Detecting and preventing unauthorized access or illicit activities.
Compliance
Meeting AML/CFT regulations and responding to legal requests.
4. Sharing of Information
We do not sell your personal data.
We only share information with partners essential to providing our services.
- Banking Partners
- IMTO Providers
- KYC Vendors
5. Data Retention
Active Accounts
We retain your data for as long as your Kotsu account remains active to provide ongoing services.
Post-Termination (7-10 Years)
Due to financial regulatory requirements (AML/CFT), we may retain transaction data for up to 10 years after account closure.
Marketing Data
Email preferences and analytics data are removed within 30 days of an unsubscribe request.
6. Data Security
AES-256 Encryption
All sensitive data is encrypted at rest and in transit using industry-standard protocols.
Secure APIs
Access to our systems is strictly controlled via OAuth2 and hardware security modules (HSM).
Access Controls
Internal access to user data is granted only on a need-to-know basis with multi-factor authentication.
7. Your Rights
Right to Access
Request a full copy of all personal data we hold about you.
Right to Correction
Update or fix any information that is inaccurate or incomplete.
Right to Deletion
Request that we delete your data (subject to legal retention periods).
Right to Manage
Control your communication preferences and data sharing settings.
We use essential cookies to maintain your session and ensure platform security. Analytic cookies help us understand how you interact with our services to improve UX. We also use tracking to detect and prevent fraudulent account creation.
Your Privacy Matters
Have questions about our privacy practices? Our legal and security teams are here to help you understand your data journey.
Ready to move money the way it should work?
Join thousands of users who have switched to KOTSU.
