Upsave: Save Smarter, Earn Better

This Privacy Notice sets forth the information that REXENTO SAS ("REXENTO" or the "Company") and UPSAVE ("UPSAVE" or the "Service") are required to provide under applicable data protection laws regarding the collection, processing, and storage of personal data through this website and related platforms (collectively, the "Site").

This Privacy Policy is designed to ensure transparency and compliance with data protection laws, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

1. Data Controller

For the purposes of data protection laws, REXENTO is the data controller responsible for processing your personal data. We ensure that we and our third-party service providers comply with applicable data protection laws.

2. Updates to This Privacy Notice

This Privacy Notice may be updated periodically. If we make substantial changes, we will post a prominent announcement on the Site and update this document accordingly.

3. Personal Data We Collect

We may collect and process the following types of personal data, as permitted under applicable laws:

Category	Information Collected
Personal Identification Information	Full name (including maiden name, if applicable) Email address
Transaction Information	Transaction details, including sender and recipient names, addresses, amounts, timestamps, and purposes
Correspondence	Information shared with our customer support team
Automatically Collected Data(with user consent, where required)	Online Identifiers: Geo-location, browser details, and IP address Usage Data: Authentication details, security questions, click-stream data, behavioral data, and tracking via cookies For more details on cookies, please refer to our Cookie Policy

4. Legal Basis for Processing Personal Data

We process your personal data based on:

Consent: Where you have given clear permission.
Contractual Necessity: To provide our services and fulfill agreements.
Legal and Regulatory Obligations: Compliance with anti-money laundering (AML), know-your-customer (KYC), and tax laws.
Legitimate Interests: To improve our services, prevent fraud, and ensure security.

5. How We Use Your Personal Data

Managing and maintaining your account.
Processing transactions.
Providing customer support.
Conducting analytics to improve our services.
Fulfilling legal and regulatory requirements, including KYC/AML compliance.
Performing identity verification and fraud prevention.
Notifying you about product updates and promotions (with your consent).

6. Automated Decision-Making & Profiling

We may use automated systems for:

Fraud detection and security monitoring.
Identity verification and risk assessments (e.g., KYC checks).

Users have the right to request human intervention if they believe an automated decision affects them significantly.

7. Disclosure of Your Information to Third Parties

We do not sell your personal data. However, we may share your data with:

Affiliates and legal/regulatory authorities as required.
Third-party service providers, including:
- Hosting providers (Vercel)
- Identity verification (Web3Auth)
- AML/KYC screening (Chainalysis)
- Data analytics (Google Analytics)
- Payment processors (Coinbase)
- Customer support (HubSpot)
- Transaction processors (Pimlico)

Third-party services are governed by their own privacy policies. We take appropriate safeguards to ensure data protection compliance.

8. International Data Transfers

Your personal data may be transferred outside the European Economic Area (EEA) or the United Kingdom (UK). When such transfers occur, we ensure compliance through:

Adequacy decisions (where applicable).
Standard Contractual Clauses (SCCs) with third-party providers.

You may request more details on data transfer mechanisms by contacting us.

9. Data Retention

We retain personal data based on:

Regulatory requirements: AML/KYC laws may require retention for a minimum of 5 years.
Operational needs: We retain transactional data for at least 7 years to comply with financial reporting laws.
User requests: If you delete your account, we may still retain data for legal and security purposes.

10. Your Rights

You have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data.
Right to Correction: Update inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data (subject to legal obligations).
Right to Restriction: Limit how we process your data.
Right to Object: Object to processing based on legitimate interests.
Right to Withdraw Consent: Withdraw consent where applicable.
Right to Data Portability: Request data in a structured format.
Right to Lodge a Complaint: File a complaint with a data protection authority.

To exercise these rights, please contact us at legal@upsave.io. We will respond within 30 days, subject to legal and identity verification requirements.

11. Security Measures

We implement strict security measures, including:

Data encryption and secure access controls.
Regular security audits and compliance monitoring.
Restricted access to personal data on a need-to-know basis.

12. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities as required by law.

13. Children's Data

Our services are not intended for individuals under 18 years of age, and we do not knowingly collect data from minors. If we become aware of such data, we will delete it promptly.

14. Contact Us

For privacy-related inquiries, contact our Privacy Officer:

Email: legal@upsave.io
Postal Address: UPSAVE - Délégué à la Protection des Données, Mitwit Nice Gare Thiers, 21 Av. Thiers, 06000 Nice, France