Zelt LTDA ("Zelt", "we", "our", or "us") is committed to protecting your personal information. This Privacy Policy describes how we collect, use, share, and safeguard personal data when you access our website, APIs, dashboard, or card services (collectively, the "Services").
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our Services.
1. Information We Collect
We collect information you provide directly and information generated automatically when you use our Services.
1.1 Information You Provide
- Identity data: full name, date of birth, nationality, government-issued ID (passport, driver's license, national ID).
- Contact data: email address, phone number, and mailing address.
- Financial data: bank account details, stablecoin wallet addresses, and transaction history.
- Business data (for corporate clients): company name, registration number, beneficial ownership information, and KYB documentation.
- Biometric data: facial geometry or liveness detection data used solely for identity verification by our KYC provider. This data is not stored by Zelt.
1.2 Information We Collect Automatically
- Device and usage data: IP address, browser type, operating system, pages visited, and session duration.
- Transaction data: card transaction records, authorization events, merchant details, amounts, and timestamps.
- Log data: API request logs, error reports, and authentication events.
1.3 On-Chain Data
Stablecoin transactions executed on public blockchains (Ethereum, Solana, Tron, Polygon) are recorded on immutable public ledgers. Zelt does not control or delete on-chain records. Your wallet address may be publicly visible on these networks.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To provision and manage your card program, process payments, and operate your account.
- Identity verification & compliance: To perform KYC/KYB checks, verify eligibility, and comply with applicable AML/CFT regulations and sanctions screening.
- Fraud prevention & security: To detect, investigate, and prevent unauthorized access, fraudulent transactions, and abuse of our Services.
- Customer support: To respond to inquiries, resolve disputes, and provide technical assistance.
- Legal obligations: To comply with applicable laws, respond to regulatory requests, and fulfill reporting obligations.
- Service improvement: To analyze usage patterns and improve our Services. We do not sell your personal data.
- Communications: To send operational notifications. Marketing communications are sent only with your consent.
3. How We Share Your Information
We do not sell your personal data. We share information only in the following circumstances:
3.1 Service Providers
We engage trusted third-party providers to deliver our Services, including identity verification (Sumsub), blockchain analytics and AML monitoring (Chainalysis), digital asset custody (Fireblocks), cloud infrastructure, and payment network operators. All providers are bound by data processing agreements.
3.2 Card Network Partners
If you use a card issued under a partner's program, that partner may have access to cardholder data under their own privacy policy. Zelt is not responsible for how partners handle data they independently control.
3.3 Regulatory & Legal Disclosure
We may disclose your information to government authorities, financial regulators, law enforcement agencies, or courts when required by law or to protect the rights and safety of Zelt, our users, or third parties.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.
4. Data Retention
We retain your personal data for as long as necessary to provide our Services and comply with our legal obligations:
- Account data is retained for the duration of your relationship with Zelt and for a minimum of 5 years after account closure to comply with AML/CFT record-keeping requirements.
- Transaction records are retained for a minimum of 7 years as required by applicable financial regulations.
- KYC documentation may be retained for up to 10 years depending on jurisdictional requirements.
- Inactive accounts with no activity for more than 5 years will have personal identifiers removed.
5. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to our legal retention obligations.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on our legitimate interests.
- Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at privacy@zelt.finance. We will respond within 10 business days.
6. Security
We implement industry-standard technical and organizational measures to protect your personal data, including:
- AES-256 encryption for data at rest.
- TLS 1.3 for all data in transit.
- Multi-party computation (MPC) custody for digital assets.
- Role-based access controls and audit logging.
- PCI-DSS compliance for card data.
- Regular security assessments and penetration testing.
No system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify you and applicable regulators as required by law.
7. International Data Transfers
Zelt operates globally. Your data may be transferred to and processed in countries other than your country of residence. We ensure that such transfers are protected by appropriate safeguards to maintain a level of data protection equivalent to that in your jurisdiction.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website. Your continued use of our Services after the effective date of any update constitutes your acceptance of the revised Policy.
9. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us: