Page 1: Preface and Scope
Welcome to Dataras. We are committed to protecting your personal information and data privacy while providing advanced smart financial services.
This Privacy Policy (hereinafter referred to as the “Policy”) applies to all natural or legal persons (“Users”) who visit, register, or use Dataras websites, applications, API services, and other platform products. This Policy explains how we collect, use, store, transfer, disclose, and protect your personal information.
By using our services, you acknowledge and consent to our processing of your information in accordance with this Policy. If you do not agree to this Policy, please do not use our services.
If you are a User residing in jurisdictions with special data protection laws, such as the European Economic Area (EEA) and California, you have specific data subject rights, which we will protect accordingly.
Page 2: What Information We Collect
When you use Dataras services, we may collect the following categories of information:
1. Identity Information
Name, gender, date of birth, nationality
Government-issued ID (passport/ID card/driver’s license)
Photo, signature, address, phone number
2. Account and Authentication Information
Username, email address, device fingerprint
KYC verification results and audit history
Multi-factor authentication information (e.g., Google Authenticator)
3. Financial and Transaction Information
Bank account or cryptocurrency wallet address
Investment behavior, deposit/withdrawal history, API call logs
Tax status and reporting status (e.g., W-8BEN)
4. Device and Behavioral Data
IP address, browser type, device type, and operating system
Page visit behavior, clickstream, log records
5. Data Required for Legal Compliance
Blacklist screening, PEP status, sanctions list comparison (e.g., OFAC)
User complaints, reports, and legal correspondence records
Page 3 Page: Information Collection Methods
We collect your data in the following ways:
Actively provided: Information you provide when registering an account, completing identity verification, filling out forms, submitting support tickets, or interacting with customer service;
Automatically collected: Device and behavioral data collected using technologies such as cookies, SDKs, server logs, and behavioral tracking scripts;
Third-party sharing: Information provided by authorized KYC service providers, banks, on-chain data service platforms (such as Chainalysis), or partners;
Legal access: When we receive compliance requests from judicial authorities, regulators, or government departments, we will collect and retain necessary records in accordance with the law.
We collect data only for necessary, lawful, reasonable, and explicit purposes. We do not process data beyond our scope and adhere to the principle of minimization.
Page 4: How We Use This Information
Dataras collects your information to provide more secure, compliant, personalized, and intelligent investment services, including but not limited to the following:
Authentication and security
KYC/AML audits and risk scoring
Preventing fraud, abuse, and impersonation
Service operations and optimization
Matching you with appropriate trading models and products
Analyzing user behavior and improving product performance
Multilingual and localization adaptation
Compliance and auditing
Complying with regulatory requirements such as the US SEC, FinCEN, and the European GDPR and MAS
Generation of compliance reports, tax forms, and contract traceability
User communication and support
Handling your customer service requests
Sending transaction notifications, service updates, or platform announcements
We do not use user information for any unauthorized commercial marketing, advertising, or data resale.
Page 5: Cookies and Tracking Technology Description
We use cookies and other tracking technologies to enhance the platform experience. Primary uses include:
Maintaining login status and session persistence
Identifying abnormal behavior and risk devices
Providing a multilingual interface and preference memory
Analyzing page visit behavior and model interaction
Users may refuse certain cookies through their browser settings, but this may limit some functionality. We do not use third-party advertising cookies.
The tracking tools we use include, but are not limited to, Google Analytics, AWS Cloudwatch, OpenTelemetry, and Firebase (anonymous statistics only). All of them comply with data encryption and log isolation standards.
Page 6: How We Share Your Information
We only share your information in the following circumstances, and we will ensure that the recipients fulfill their data protection obligations:
Authorized partners: including identity verification service providers, payment clearing institutions, data hosting providers, etc.
Affiliates: when necessary for cross-border services, risk management, system integration, etc.
Legal requirements: when legally required by judicial authorities, regulatory agencies, or law enforcement agencies;
Asset restructuring/mergers and acquisitions: If significant changes are involved, the platform will notify users in advance, and users can opt out.
We will not sell, rent, trade, or disclose your personal data to any third party without your authorization. All sharing activities will be logged, encrypted, and permissioned.
Page 7: Data Storage and Encryption Protection
Dataras utilizes a distributed architecture and high-standard security mechanisms to ensure the secure transmission and storage of user data globally:
Data storage locations include: the United States (AWS East/West), Singapore (Financial Data Center), and Frankfurt, Germany (EU Compliance Node);
All user data is stored using AES-256 encryption, and database access requires permission management and identity authentication;
The communication layer uses TLS 1.3 to ensure data transmission security;
Critical fields (such as ID card number and bank card number) are encrypted and decrypted using multiple encryption methods;
The platform implements regular penetration testing, third-party compliance audits (such as SOC 2), and disaster recovery drills.
We retain operation logs and access records for at least five years to meet audit and traceability requirements.
Page 8: User Data Rights
In accordance with applicable laws (such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), users as data subjects have the following legal rights:
1. Right of Access
You have the right to request access to a copy of your personal data held by us at any time and to be informed of the purpose and scope of its processing. 2. Right to Correction
If you discover that the information you provide is incorrect, you have the right to request that we correct inaccurate or incomplete data.
3. Right to Deletion (Right to Be Forgotten)
To the extent permitted by law, you may request that we delete certain information we have collected (e.g., if you close your account or no longer use our services).
4. Right to Restrict Processing
In certain circumstances (e.g., during a dispute or pending verification), you may request that we temporarily suspend the processing of your personal data.
5. Right to Data Portability
You may request that we export certain information you have provided (e.g., account details, transaction history) in a structured format for transfer to another platform.
6. Right to Withdraw Consent
If you have authorized us to process certain data (e.g., non-essential cookies), you may withdraw that consent at any time.
7. Opt Out of Automated Decision-Making/Profiling
If the platform makes decisions that significantly impact you based on algorithms (e.g., risk ratings, model recommendations), you may request a manual review.
To exercise any of these rights, please contact us at [email protected] and we will respond within 15 business days.
Page 9: Children’s Information, Cross-Border Transfers, and Data Retention
1. Privacy Protection for Minors
Dataras does not provide any services to minors under the age of 18. If we become aware that a minor has registered an account or submitted personal information, we will immediately delete the relevant data and close the account. If you are a guardian and discover that a minor is using the platform, please contact us immediately.
2. Cross-Border Data Transfers
Because Dataras has servers and technical partners in multiple countries, your information may be transferred and processed in countries/regions such as the United States, Europe, and Asia. For all cross-border transfers, we will:
Ensure equivalent data protection standards;
Execute Standard Contractual Clauses (SCCs) with the recipient;
Conduct Data Impact Assessments (DPIAs) and conduct ongoing compliance monitoring.
If you are a resident of the EEA, the United Kingdom, or Switzerland, you may request a copy of the data transfer safeguards we employ. 3. Data Retention Period
We retain your information only for the period necessary to fulfill the following purposes:
Account operations and compliance audits: at least 5 years;
Transaction records and financial information: no less than 7 years;
Data during legal disputes: frozen according to the statute of limitations;
Inactive account information: can be destroyed upon request after 12 months.
Data destruction will be performed through physical, irreversible deletion and key isolation.
Page 10: Policy Updates, Dispute Resolution, and Contact Information
1. Changes to the Privacy Policy
Dataras reserves the right to modify this Privacy Policy at any time. We will notify you prior to any modification by:
Prominently posting a notice of the change on the platform homepage;
Notifications via email or app (if you have subscribed);
Clearly marking the “Effective Date.”
Continued use of the Service after any changes constitutes acceptance of the new Privacy Terms. If you disagree, please cease use and request account cancellation.
2. Dispute Resolution
If you have any objections to the content of this Policy or our data processing practices, we encourage you to first contact us (see contact information below). If negotiations fail:
European users may file a complaint with their local data protection authority (DPA);
US users may file a complaint with the Federal Trade Commission (FTC);
All users may choose to file a lawsuit in New York court or to arbitrate in accordance with these Terms of Service.
