Privacy statement
Welcome to the Aivora Privacy Statement (hereinafter referred to as the "Privacy Statement"). Before providing us with any information about yourself or any other individual, please take a few minutes to read this document carefully.
I. Introduction We respect your privacy and are committed to safeguarding your personal data. We approach our data protection responsibilities with the highest level of seriousness (see Section 3 below for further details).
II. Purpose This Privacy Statement outlines how we collect and process your personal data, as well as the reasons and methods for such collection and processing. For more details, refer to the relevant content in Section 3 below: When you use any of our products, services, or applications (collectively referred to as "Services"), visit or use our Aivora.com website (hereinafter referred to as the "Website") or mobile application (hereinafter referred to as the "Application"). This Privacy Statement applies to all personal data processing activities we conduct within our Services and Application. This Privacy Statement informs you of your privacy rights and explains how data protection principles under applicable privacy laws protect your privacy. Whenever we collect or process your personal data, we strongly recommend reviewing this Privacy Statement, along with any additional notices or policies we may provide from time to time, to fully understand why and how we use your data. This Privacy Statement complements other notices and policies and is not intended to supersede them. In the event of any conflict between this Privacy Statement and other notices or policies, the terms of this Privacy Statement shall prevail. Our Services, Website, and Application are not designed for individuals under the age of 18, and we do not knowingly collect data relating to minors.
III. About Aivora Data Controller The controller of your personal data is the legal entity that determines the "means" and "purposes" of any processing activities involving your data. Aivora, a company incorporated under the laws of the British Virgin Islands (BVI), is the controller responsible for processing your personal data. Complaints If you have any concerns regarding the processing of your personal data, please contact us via email at support@aivora.com. Our Responsibilities and Yours in Case of Changes We periodically review our Privacy Statement. The last update date is noted above. We encourage you to check for updated versions of the Privacy Statement periodically. Additionally, if there are significant changes to this Privacy Statement, we will notify you in an effective manner to ensure you are aware of these updates. The personal data we hold about you must remain accurate and current. If your personal data changes during your engagement with us, please notify us promptly. Third-Party Links This Website and any applicable web browsers, applications, or application programming interfaces (hereinafter referred to as the "Application") required to access the Services may include links to third-party websites, plug-ins, and applications (hereinafter referred to as "Third-Party Websites"). Clicking these links or enabling these connections may allow third parties to collect or share data about you. We do not control these Third-Party Websites and are not responsible for their privacy statements or policies. When you leave our Website or Application, we recommend reviewing the privacy statement or policy of each Third-Party Website you visit or use.
IV. What Data We Collect About You Personal Data Personal data, or personal information, refers to any information relating to an identified or identifiable living individual. This encompasses information you provide to us, information we collect about you automatically, and information we obtain from third parties. A "data subject" is an individual who can be identified, directly or indirectly, through personal data. This typically involves an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual. We collect the following types of information from you: Identity Data: Full name, maiden name, username or similar identifier, date of birth, biometric information (including visual images of your face), national ID card, passport, driver’s license, Username, avatar, profile picture,or other identification documents Contact Data: Country of residence, email address or telephone number, proof of address documents (if applicable) Financial Data: Bank account details, payment card details, virtual currency accounts, stored value accounts Transaction Data: Details of transactions between you and us, and any additional details of transactions you perform using the Services, Website, or Application Technical Data: Internet connection data, Internet Protocol (IP) address, operator and carrier data, login data, browser type and version, device type, category, and model, time zone settings and location data, language data, application version and SDK version, browser plug-in types and versions, operating system and platform, diagnostic data (such as crash logs and other data we collect for technical diagnostics), and other information stored on or accessible from your device that you permit us to access when visiting the Website or using the Services or Application Profile Data: Username and password, user identification code, information about whether you have an Aivora Application account and its associated email, your requests for products or services, your interests, preferences, and feedback, and other information generated through your communications with us (e.g., information from requests submitted to our customer support team) Usage Data: Information about how you use the Website, Services, Application, and other products we offer, including device download time, installation time, interaction type and duration, event time, name, and source Marketing and Communications Data: Your preferences for receiving marketing from us or third parties, your communication preferences, and your survey responses As outlined in the "Identity Data" section above, we also collect visual images of your face, which we use in collaboration with our subcontractors (see the "Disclosure of Your Data" section below) to verify your identity for onboarding and fraud prevention purposes. This data is classified as special category data.
V. How We Collect Your Data We use various methods to collect your information, including the following: Direct Interactions. You may provide us with your Identity Data, Contact Data, Financial Data, Profile Data, and Marketing and Communications Data through direct interactions with us, such as by completing forms, submitting your visual image via the Services, email, or other means. This includes personal data you provide when you: Visit our Website or Application; Apply for our Services; Create an account; Use any of our Services; Request marketing information, such as subscribing to our newsletter; Participate in competitions, events, or surveys, including through social media channels; Or provide feedback or contact us Automated Technologies or Interactions. When you engage with our Website or Application, we automatically collect Technical Data about your device, browsing actions, and patterns. We gather this personal data using cookies, server logs, and other online identifiers. We also collect Transaction Data and Usage Data. If you visit other websites that use our cookies, we may receive Technical Data and Marketing and Communications Data about you. You can learn more about our use of cookies through our Cookie Preference Settings. Social Media Widgets and Similar Links. Our Website may feature links, social media plug-ins, "widgets," tweets, "share," and "like" buttons connected to platforms such as Facebook, X (Twitter), Instagram, Threads, Discord, LinkedIn, Reddit, and Telegram.
VI. How We Use Your Data Lawful Basis We will only process your personal data when permitted by applicable law. This means we must ensure a lawful basis exists for such processing. We typically process your personal data under the following circumstances: Performance of a Contract: Processing necessary to perform a contract to which you are a party or to take steps at your request prior to entering such a contract; this is the basis we rely on to deliver our Services Legitimate Interests: Our (or a third party’s) interests, provided your interests and fundamental rights do not override these interests when we rely on this basis Compliance with Legal Obligations: Processing your personal data when required to comply with a legal obligation Consent: Your freely given, specific, informed, and unambiguous indication of agreement to the processing of your personal data, expressed through a statement or clear affirmative action; in certain cases, this consent must be explicit, and we will seek it accordingly Purposes for Which We Use Your Personal Data Below, we present in table format how we intend to use your personal data and the lawful bases we rely on for doing so. Where relevant, we have also identified our legitimate interests. Please note that we may process your personal data on more than one lawful basis, depending on the specific purpose. If you require details about the specific lawful basis for processing your personal data, please contact us.
Purpose and/or Activity
Categories of Personal Data
Lawful Basis for Processing
Registering you as a new customer
• Identity Data • Contact Data • Financial Data
• Performance of a Contract
Performing and complying with anti-money laundering (AML) requirements
• Identity Data • Contact Data • Financial Data • Transaction Data • Technical Data • Profile Data
• Compliance with Legal Obligations
Processing and delivering our Services and any Application features, including executing, managing, and processing your instructions or orders
• Identity Data • Contact Data • Financial Data • Transaction Data • Technical Data
• Performance of a Contract
Preventing abuse of our Services and activities
• Identity Data • Contact Data • Financial Data • Transaction Data • Technical Data • Marketing and Communications Data
• Legitimate Interests: Ensuring the security and integrity of our Services by detecting and preventing fraud and unauthorized activities, thereby protecting our business and customers
Managing our relationship with you, including requesting reviews, inviting you to participate in surveys, or updating you on company and product developments
• Identity Data • Contact Data • Profile Data • Transaction Data • Marketing and Communications Data
• Performance of a Contract • Consent (where required)
Keeping our records up to date and researching how customers use our products/services
• Identity Data • Contact Data • Profile Data • Transaction Data • Technical Data • Marketing and Communications Data
• Legitimate Interests: Maintaining accurate customer records to provide effective services, make informed business decisions, and improve our products by understanding customer interactions • Consent (where required)
Managing, processing, collecting, and transferring payments, fees, and charges
• Identity Data • Contact Data • Financial Data • Transaction Data
• Performance of a Contract
Complying with applicable laws and handling complaints, including: • Managing risks and preventing crime, including AML, counter-terrorism financing, sanctions screening, fraud, and other background checks • Detecting, investigating, reporting, and preventing financial crime broadly And • Ensuring your account’s security to address requests regarding information and/or account changes
• Identity Data • Contact Data • Financial Data • Transaction Data • Technical Data • Profile Data • Usage Data • Sensitive Data (also known as Special Category Data*) provided directly by you or obtained from third parties and/or public sources: - Data revealed through identity verification (KYC) or other background checks (e.g., from media reports or public registers) - Data collected via facial scans during identity verification - Data incidentally disclosed in photo ID documents, though we do not intentionally process such personal data
• Compliance with Legal Obligations • Performance of a Contract • Legitimate Interests: Ensuring we do not process proceeds of crime, assist in illegal or fraudulent activities, enhance our systems for addressing financial crime, and effectively resolve complaints * Special Category Data: Processed based on substantial public interest grounds under Seychelles’ Anti-Money Laundering and Countering the Financing of Terrorism Act, EU AML Directives, UK AML frameworks, etc.
Enabling you to participate in prize draws, competitions, or surveys
• Identity Data • Contact Data • Profile Data • Usage Data • Marketing and Communications Data
• Performance of a Contract • Consent (where required)
Collecting market data to study customer behavior, including preferences, interests, and usage of our products/services, to inform marketing campaigns and grow our business
• Identity Data • Contact Data • Profile Data • Usage Data • Marketing and Communications Data
• Legitimate Interests: Understanding our customers to enhance our products and services
Managing and protecting our business, Website, Application, and social media channels, including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting
• Identity Data • Contact Data • Financial Data • Technical Data • Transaction Data • Usage Data
• Legitimate Interests: Operating our business, providing administrative and IT services, ensuring cybersecurity, preventing fraud, and managing business reorganization or group restructuring
Delivering relevant Website content and advertisements to you, and measuring or understanding the effectiveness of the advertising we provide
• Identity Data • Contact Data • Profile Data • Usage Data • Technical Data • Marketing and Communications Data
• Legitimate Interests: Studying how customers use our products/services, developing them, growing our business, and shaping our marketing strategy • Consent (where required)
Using data analytics to enhance our Website, products/services, marketing, customer/user relationships, and experiences
• Technical Data • Usage Data • Marketing and Communications Data
• Legitimate Interests: Identifying customer/user types for our products and services, keeping our Website current and relevant, growing our business, and informing our marketing strategy • Consent (where required)
Making suggestions and recommendations about goods or services that may interest you
• Identity Data • Contact Data • Technical Data • Usage Data • Profile Data • Marketing and Communications Data
• Legitimate Interests: Developing our products/services and growing our business • Consent (where required)
Using services of social media or advertising platforms, some of which use received personal data for their own purposes, including marketing
• Technical Data • Usage Data
• Consent
Using services of financial institutions, crime and fraud prevention agencies, and risk measurement firms, which process received personal data for their own purposes as independent controllers
• Identity Data • Contact Data • Financial Data • Transaction Data • Technical Data • Usage Data
• Legitimate Interests: Conducting business in the financial services market and actively contributing to crime and fraud prevention
We may also share personal information with the following parties or in these circumstances:
Affiliates: Personal data we process and collect may be transferred among Aivora companies as part of our normal business operations and to provide Services to you. Third Parties: We engage other companies and individuals to perform functions on our behalf. Examples include data analysis, marketing assistance, payment processing, content transmission, and assessing and managing credit risk, CTF/AML service providers (for transaction monitoring), and security service providers (for investigating fraud and security incidents). Third-party service providers may only access personal information necessary for their functions and are prohibited from using it for other purposes. They must process personal information in accordance with our contractual agreements and only as permitted by applicable data protection laws. Under applicable law, third parties (i.e., other data controllers) may also share your personal data when you exercise your data portability rights. We may share your Contact Data with carefully selected third parties for marketing purposes to offer tailored information about products, services, promotions, and events that may interest you, but only if you have explicitly consented to receive marketing updates. When you use third-party services (e.g., linking your Aivora account to a bank account) or websites accessed via our Services, the providers of those services or products may receive information about you from Aivora, you, or others. Please note that when you use third-party or Aivora-affiliated services not governed by this Privacy Statement, their own terms and privacy policies will apply to your use of those services and products.
Third-Party Independent Controllers
Within the scope of Services provided by Aivora, certain third-party service providers may act as independent data controllers, processing your personal data for their own purposes, which may include but are not limited to:
Complying with legal or regulatory obligations under applicable law
Preventing criminal activity, fraud (including impersonation fraud), money laundering, or other illegal activities by cross-referencing data with records of confirmed or suspected illegal activities; for this, service providers may employ machine learning to analyze AML/counter-terrorism financing trends, statistical analysis, and analytics
Enhancing the effectiveness and quality of their anti-fraud services
Onboarding users as their own clients or customers
Using financial institution services for fiat currency transactions—user identification required to respond to data subject requests
Establishing, exercising, or defending legal claims (if applicable)
Service providers rely on the lawful bases for data processing outlined in their respective privacy statements, accessible on their websites. Your personal data will not be processed beyond the time necessary for these purposes and will be retained according to the service providers’ retention schedules.
Legal Authorities or Legal Requirements: We may share your information with courts, law enforcement agencies, regulators, attorneys, or other third parties: (a) to comply with legal obligations; (b) to establish, exercise, or defend legal or equitable claims; (c) to respond to law enforcement and regulatory requests, including (1) when legally required or compelled by subpoena, court order, search or seizure warrant, or similar legal process, or (2) under international law enforcement requests pursuant to Mutual Legal Assistance Treaties (MLAT) or letters rogatory; (d) to comply with one or more "travel rules" requiring us to transfer your information to another financial institution, regulator, or industry partner; (e) when we determine in good faith that disclosing personal information is necessary to protect the rights, property, or safety of our customers, Aivora, or others, including to prevent imminent bodily harm or significant financial loss; (f) to investigate breaches of our Terms of Use or other applicable policies; or (g) to detect, investigate, prevent, or address fraud, credit risk, other illegal activities, or security and technical issues, report suspected illegal activities, or assist law enforcement in investigating suspected illegal or wrongful conduct. All such disclosures are governed by applicable data protection laws and our internal governance and legal review processes to ensure compliance with relevant privacy frameworks.
Automated Decision-Making What is Automated Decision-Making? Automated decision-making refers to decisions made automatically by software algorithms, without human intervention, that may affect you. For instance, we use automated decision-making for new customer onboarding or anti-fraud monitoring. Why is Automated Decision-Making Important to You? Depending on the context, using your personal data may result in automated decisions with legal or similarly significant effects on you (including profiling). How Do We Protect Your Interests in Automated Decision-Making? We implement appropriate safeguards to protect the rights and interests of individuals subject to automated decision-making. You have the right to object to such decisions affecting you. For more details or to exercise this right, please contact us. Marketing We may use your Identity Data, Contact Data, Technical Data, Transaction Data, Usage Data, and Profile Data to assess what we believe you may want, need, or find interesting. This informs our decisions about which products, services, and offers may be relevant to you. You will receive marketing communications from us if you have requested information and consented to marketing, or if you have purchased products from us and have not opted out of receiving such communications. We will use your Marketing and Communications Data for these activities. Third-Party Marketing We will seek your consent before sharing your personal data with any third party for marketing purposes. Opting Out You may opt out of marketing communications at any time by using the opt-out link in any marketing message we send you. You can also log in and unsubscribe from marketing messages via notifications. Opting out of marketing communications does not affect service-related messages directly tied to your use of our Services (e.g., maintenance updates or changes to terms and conditions). Cookies You can configure your browser to refuse all or some cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, note that some parts of the Services or Website may become inaccessible or malfunction. For more information about the cookies we use, see our Cookie Preference Settings. Change of Purpose We will only use your personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for another purpose compatible with the original one. If you wish to understand how processing for a new purpose aligns with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and explain the lawful basis permitting us to do so. Business Sale or Transfer During or in negotiations for any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding involving all or part of our shares, business, or assets, we may need to process your data. This will be based on our legitimate interests in conducting such transactions or to fulfill our legal obligations.
VII. Disclosure of Your Data We may share your personal data with our third-party service providers, agents, subcontractors, other related organizations, and our group companies and affiliates (as described below) to perform tasks on our behalf and deliver Services and the Application to you. When engaging third-party service providers, we require them to respect the security of your personal data and process it in compliance with applicable law. We transfer your personal data to the following entities: Companies and organizations assisting us in processing, verifying, or refunding your transactions/orders and providing requested Services Identity verification agencies for necessary verification checks Fraud or crime prevention agencies to combat crimes such as fraud, money laundering, and terrorism financing Any person to whom we lawfully transfer, or may transfer, our rights and obligations under the terms and conditions of any Services Any third party resulting from a reorganization, sale, or acquisition of our group or affiliates, provided the recipient uses your information for the same purposes for which it was originally provided to or used by us Regulatory and law enforcement agencies, whether inside or outside the Republic of Seychelles, where permitted or required by law Specific Note on Blockchain Use The blockchain technology used in certain Services operates on a decentralized network, recording transactions in an immutable and transparent manner. This ensures the integrity and security of data stored on the blockchain. However, it also means that once data is added to the blockchain, it is nearly impossible to remove or delete.
VIII. International Transfers (Cross-Border Data Flows) Many of our external third parties are located outside the Republic of Seychelles, so their processing of your personal data involves transferring it beyond the Republic of Seychelles. Whenever we transfer your personal data outside the Republic of Seychelles, we ensure at least one of the following safeguards is in place to provide a comparable level of protection: The country or region receiving your personal data is deemed by the European Commission to offer an adequate level of protection for personal data (note third-party website links) Specific contracts approved by the European Commission, the Information Commissioner, or other competent authorities, which provide safeguards for personal data processing, known as "standard contractual clauses" For more information on the specific mechanisms we use when transferring your personal data outside the Republic of Seychelles, please contact us.
IX. Data Security While sharing data over the internet involves inherent risks, we have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, damaged, or accessed, altered, or disclosed in an unauthorized or unlawful manner. Access to your personal data is restricted to employees, agents, contractors, and other third parties with a legitimate business need, who process it only on our instructions and are bound by confidentiality obligations. Based on the risks associated with processing your personal data, we apply the following appropriate security measures: Organizational measures (including but not limited to employee training and policy development) Technical measures (including but not limited to physical protection of data, pseudonymization, and encryption) Ensuring ongoing availability, integrity, and accessibility (including but not limited to appropriate backups of personal data) We have procedures in place to address any suspected personal data breaches and will notify you and any relevant regulators when legally required.
X. Data Retention When determining the appropriate retention period for personal data, we consider its amount, nature, and sensitivity, the potential risk of harm from unauthorized use or disclosure, the purposes of processing, whether those purposes can be achieved by other means, and applicable legal, regulatory, tax, accounting, or other requirements. Here are some example factors we typically consider when deciding how long to retain your personal data: In the event of a complaint If we reasonably believe there is a prospect of litigation in our relationship with you, or if we deem it necessary to retain information to defend against potential future legal claims (e.g., email addresses, content, chat logs, and correspondence may be retained for up to 10 years after our relationship ends, depending on the statute of limitations in your country) Compliance with applicable legal and/or regulatory requirements for certain types of personal data: Under the Anti-Money Laundering and Countering the Financing of Terrorism Act, we must retain your personal data for at least 7 years after our relationship with you as a customer ends; in some cases, this period may be extended under applicable law When needed for purposes such as audits In line with relevant industry standards or guidelines Based on our legitimate business needs to prevent abuse of our activities, retaining customer data during and for a period after activities to prevent misuse Note that you may request deletion of your data in certain cases: see Your Legal Rights below for details. We will fulfill such requests only when the conditions are met.
XI. Your Legal Rights We are obligated to inform you of your rights, which depend on the reasons for processing your personal data. For more information or to exercise these rights, please contact us. You may: Request access to your personal data Request correction of information you believe is inaccurate or completion of information you believe is incomplete (we must verify the accuracy of any new data you provide) Request erasure (cancellation or deletion) of your personal data; however, we may not always be able to comply due to specific legal reasons, which we will communicate to you, and please refer to the "Specific Note on Blockchain Use" section above Object to the processing of your personal data where we rely on legitimate interests (or those of a third party) and your particular situation leads you to object on this basis, believing it impacts your fundamental rights and freedoms; in some cases, we may demonstrate compelling legitimate grounds overriding your rights and freedoms; you may also object to processing for direct marketing purposes Request a review of a decision made solely by automated means without human intervention (see Section 6 above for details) Request restriction of processing your personal data, allowing you to ask us to suspend processing in cases such as: you want us to verify data accuracy; our use is unlawful; you need us to retain data we no longer require for establishing, exercising, or defending legal claims; or you object to our use, but we need to confirm overriding legitimate grounds Request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format (where technically feasible); this applies only to automated data you consented to us using or data used to perform a contract with you Withdraw consent at any time where we rely on it for processing; this does not affect the lawfulness of prior processing, and withdrawal may prevent us from providing certain products or services, which we will inform you of at the time Lodge a complaint with the Seychelles Information Commission or your local data protection authority and seek damages in court for any perceived infringements Generally No Fee Required Accessing your personal data (or exercising other rights) is typically free. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded or excessive. Timeframe for Responding to Legitimate Requests Given the privacy laws we adhere to, we aim to respond to legitimate requests within one month. Note that when exercising rights related to your personal data, we may request specific details to verify your identity.
Last updated