Privacy Policy

This Privacy Policy ("Policy") describes how ASTRA GLOBAL HOLDING LTD ("Company", "ASTRA", "we", "our", or "us") collects, uses, stores, discloses, and protects personal information when users access or use:

• Website
• Any related applications, APIs, products, services, communications, or features (collectively, the "Services")

This Policy applies to all visitors, users, customers, partners, and other individuals interacting with the Services.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Company Information

ASTRA GLOBAL HOLDING LTD

Company number 16359197, and registered office address 61a Bridge Street, Kington, United Kingdom, HR5 3DJ

2. Scope of This Policy

This Privacy Policy explains:

• What information we collect
• How we use personal information
• How information may be shared
• Your privacy rights
• Our data protection and security practices
• How we comply with applicable laws and regulations

This Policy applies whether you access the Services through desktop, mobile device, API integration, third-party wallet connection, or other methods.

3. Information We Collect

We may collect, process, store, and use the following categories of information.

3.1 Personal Identification Information

We may collect:

• Full legal name
• Date of birth
• Nationality
• Residential address
• Email address
• Telephone number
• Government-issued identification documents
• Selfie or biometric verification data where legally required

3.2 Financial & Transaction Information

We may collect:

• Cryptocurrency wallet addresses
• Blockchain transaction identifiers
• Payment card details (processed through third-party providers)
• Bank account information
• Fiat currency transaction data
• Exchange and payment history
• Transaction metadata

3.3 Compliance & Verification Information

To comply with applicable laws and regulations, we may collect:

• KYC (Know Your Customer) documentation
• AML/CTF screening results
• Sanctions screening information
• Politically Exposed Person (PEP) status
• Source-of-funds or source-of-wealth documentation
• Fraud prevention and risk assessment information

3.4 Technical & Device Information

We automatically collect certain technical data, including:

• IP address
• Device identifiers
• Browser type and version
• Operating system
• Network information
• Log files
• Geolocation data (where permitted)
• Usage analytics and interaction data

3.5 Communications

We may retain records of:

• Customer support inquiries
• Emails and chat communications
• Feedback submissions
• Survey responses
• Marketing preferences

4. How We Collect Information

We collect information:

• Directly from users
• Through automated technologies
• From blockchain networks
• From third-party identity verification providers
• From payment processors and banking partners
• From fraud prevention and compliance databases
• Through cookies and analytics technologies

5. Purposes of Processing

We process personal information for legitimate business and legal purposes, including to:

Service Delivery

• Provide crypto on-ramp and related services
• Facilitate fiat-to-crypto transactions
• Authenticate accounts and users
• Enable wallet integrations

Compliance & Risk Management

• Conduct KYC/AML verification
• Prevent fraud, abuse, money laundering, terrorist financing, and unauthorized activity
• Comply with sanctions obligations
• Respond to lawful governmental or regulatory requests

Platform Operations

• Maintain and improve the Services
• Analyze usage and performance
• Monitor system security and stability
• Develop new products and features

Communications

• Provide customer support
• Send service-related notices
• Deliver security alerts
• Provide updates, promotions, or marketing communications where permitted

Legal & Regulatory Obligations

• Enforce agreements and policies
• Protect legal rights and interests
• Maintain compliance records
• Resolve disputes and investigations

6. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation ("GDPR") applies, we process personal data based on one or more of the following legal grounds:

• Performance of a contract
• Compliance with legal obligations
• Legitimate business interests
• Consent
• Protection against fraud and unlawful activity

7. Blockchain Transparency

Blockchain transactions are inherently public and immutable.

Information recorded on public blockchain networks may be permanently visible and cannot generally be deleted or modified by ASTRA GLOBAL HOLDING LTD.

Users acknowledge and accept the transparent nature of blockchain technology.

8. Cookies & Tracking Technologies

We use cookies, pixels, local storage, and similar technologies to:

• Authenticate users
• Remember preferences
• Improve performance
• Analyze usage trends
• Detect suspicious activity
• Deliver relevant content

Users may manage cookie preferences through browser settings; however, disabling cookies may affect platform functionality.

9. Sharing & Disclosure of Information

We may share information with trusted third parties where necessary, including:

Service Providers

• Cloud hosting providers
• Payment processors
• Banking partners
• Identity verification vendors
• Blockchain analytics providers
• Customer support systems

Legal & Regulatory Authorities

We may disclose information:

• To comply with applicable laws
• In response to subpoenas, court orders, or lawful requests
• To regulators, law enforcement, or tax authorities
• To prevent fraud or illegal activity

Corporate Transactions

Information may be transferred in connection with:

• Mergers
• Acquisitions
• Corporate restructurings
• Financing events
• Asset sales

We do not sell personal information to third parties.

10. International Data Transfers

Your information may be transferred to, stored in, or processed in jurisdictions outside your country of residence.

Where required, we implement appropriate safeguards for international transfers in accordance with applicable data protection laws.

11. Data Retention

We retain information for as long as reasonably necessary to:

• Provide the Services
• Fulfill contractual obligations
• Comply with legal and regulatory requirements
• Prevent fraud and abuse
• Resolve disputes
• Enforce agreements

Certain compliance-related records may be retained for extended periods where legally required.

12. Data Security

We implement commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information, including:

• Encryption technologies
• Access restrictions
• Security monitoring systems
• Internal confidentiality controls
• Secure infrastructure practices

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. User Rights

Subject to applicable laws, users may have rights to:

• Access personal information
• Correct inaccurate data
• Request deletion
• Restrict or object to processing
• Withdraw consent
• Request data portability
• Lodge complaints with supervisory authorities

Requests may be submitted to: [email protected]

We may require identity verification before fulfilling requests.

14. Third-Party Services & Integrations

The Services may contain links or integrations involving:

• Cryptocurrency wallets
• Exchanges
• Payment providers
• Blockchain protocols
• Analytics services
• External applications

We are not responsible for the privacy, security, or practices of third-party services.

Users should review applicable third-party policies separately.

15. Automated Decision-Making & Risk Screening

We may use automated systems and analytics tools to:

• Detect fraud
• Assess transaction risk
• Monitor suspicious behavior
• Conduct sanctions and compliance screening

These systems may result in temporary restrictions, transaction reviews, or account limitations.

16. Children's Privacy

The Services are not intended for individuals under the age of 18.

We do not knowingly collect personal information from minors.

17. Changes to This Privacy Policy

We reserve the right to modify or update this Policy at any time.

Updated versions will be published on the Services with a revised "Last Updated" date.

Continued use of the Services after updates constitutes acceptance of the revised Policy.

18. Contact Information

For privacy inquiries, legal notices, or data protection requests, contact:

ASTRA GLOBAL HOLDING LTD

Email: [email protected]