1. Introduction
YieldGuard ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store and protect your information when you visit yieldguard.finance or use any of our applications, smart‑contract interfaces or related services (together, the "Services"). It also sets out your rights and how the law protects you.
By accessing or using the Services you acknowledge that you have read and understood this Policy.
2. Who We Are
YieldGuard will be incorporated as YieldGuard GmbH in Hachenburg, Germany. Our registered office address is in the process of being established and will be published as soon as operations commence. Until then, we can be contacted at privacy@yieldguard.finance.
We have not yet appointed a Data Protection Officer under Article 37 GDPR. A dedicated privacy contact will be announced before public launch.
3. Scope of this Policy
This Policy applies worldwide and to anyone who accesses the Services. Access is designed for persons over the minimum age required by applicable law (typically 18 years). Our Services are primarily intended for professional or institutional investors but can be browsed by the general public.
4. The Data We Collect
At pre‑launch we aim to minimise data collection. We plan to process only:
| Category | Examples | Source |
|---|---|---|
| Account / KYC Data | Full name, date of birth, nationality, ID documents, proof of address, selfie/liveness images | You, via our partner Sumsub KYC portal |
| Wallet & Transaction Data | Public blockchain address, on‑chain transaction metadata, holdings of KYC_PASS NFT | Public blockchain; our smart contracts |
| Usage Data | IP address, browser type, referring pages, on‑site click‑stream | Automatically via servers and optional analytics |
| Communications Data | Emails, support tickets, survey responses | You |
We do not intentionally collect special‑category data (e.g., health, biometrics) except as included in identity documents for AML purposes.
5. How & Why We Use Your Data (Legal Bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Perform KYC/AML screening, issue KYC_PASS NFT, and comply with financial-crime regulations | Legal obligation (Art 6 (1)(c)) |
| Provide, operate and secure the smart‑contract vault and execute deposits/withdrawals | Contract performance (Art 6 (1)(b)) |
| Monitor transactions with Chainalysis, risk‑score the vault, and trigger safety controls | Legitimate interest (security & integrity) (Art 6 (1)(f)) |
| Analyse aggregated site usage and improve UX | Legitimate interest (Art 6 (1)(f)); where cookies are non‑essential we rely on consent (Art 6 (1)(a)) |
| Send operational or legal notices | Legal obligation / Legitimate interest |
| Send marketing newsletters (optional) | Consent (opt‑in, Art 6 (1)(a)) |
6. Sharing & Processors
We only share your data with:
- Sumsub Ltd. (EU/UK) – identity verification provider.
- Chainalysis Inc. (USA) – blockchain analytics and sanctions screening.
- Amazon Web Services (EU Central / Frankfurt & backup in USA) – hosting.
- FundRock Management Company S.A. (Luxembourg) – AIFM compliance oversight.
- Standard Chartered (Luxembourg) S.A. – token custody & cash‑flow monitoring.
- Professional advisers (lawyers, auditors, insurers) under confidentiality.
- Public authorities when legally required.
All vendors are bound by data‑processing agreements that meet Article 28 GDPR requirements.
7. International Transfers
Where we transfer personal data to countries outside the European Economic Area (EEA) that are not deemed to provide an adequate level of protection, we rely on:
- Standard Contractual Clauses approved by the European Commission, or
- The EU‑U.S. Data Privacy Framework certification (if applicable).
A copy of the relevant safeguards can be requested via privacy@yieldguard.finance.
8. Data Retention
| Data category | Retention |
|---|---|
| KYC / AML records | 10 years after account closure (EU 6AMLD) |
| Wallet address & on‑chain logs | Permanently stored on public blockchain; off‑chain mapping deleted 5 years after last activity |
| Support communications | 3 years |
| Analytics logs | 13 months |
We will anonymise or securely delete data once the relevant period expires.
9. Security Measures
We employ layered security including:
- TLS encryption in transit; AES‑256 at rest.
- Principle of least privilege IAM; weekly key rotation.
- 3‑of‑5 Safe multisig for contract admin keys.
- AWS KMS, YubiHSM and Ledger hardware devices for key custody.
- External audits, continuous monitoring, 24/7 PagerDuty incident response.
- Bug‑bounty programme and Nexus Mutual insurance cover.
10. Your Rights
Under GDPR you can:
- Request access, correction or deletion of your personal data.
- Object to processing or ask for restriction.
- Withdraw consent at any time (does not affect legality of prior processing).
- Receive your data in portable format.
To exercise a right, email privacy@yieldguard.finance. We will respond within 1 month. You may lodge a complaint with your local supervisory authority; in Germany this is Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland‑Pfalz (LfDI).
11. Cookies & Similar Technologies
We use only essential cookies by default (session ID, security). Non‑essential analytics cookies (e.g., Plausible) are set only after you grant consent through our cookie banner. You can withdraw consent at any time via the banner settings or your browser.
12. Automated Decision‑Making
KYC approval involves automated verification checks by Sumsub followed by human review. Risk‑scoring agents may flag wallets for deposit pause but final action requires multisig approval. We do not engage in fully automated decisions producing legal or similarly significant effects.
13. Children’s Privacy
The Services are not directed to children under 18. We do not knowingly collect data from minors. If you believe a child has provided us with personal data, please contact us.
14. Changes to this Policy
We may update this Policy to reflect changes in law or our practices. Material changes will be announced via an in‑app banner and email (if we hold your address). The “Effective date” at the top will be updated accordingly.
15. Contact
Questions, comments or requests should be sent to privacy@yieldguard.finance or to our postal address once published on this page.