All In Fintech Limited (Company, we, us) is a New York corporation that complies with the American Data Privacy and Protection Act (ADPPA) and all other applicable privacy laws. This Policy explains how we collect, use, disclose, and safeguard your personal data when you access or use any Company product or service, including the KINGS UNITED Prepaid Card and the KINGS trading platform.
1 Personal Data We Collect
We collect the following categories of personal data:
| Category | Examples |
|---|---|
| Identifiers | Legal name, date of birth, nationality, passport or driver's license number, username, postal address, email, telephone number. |
| Financial & Transactional | Card balances, transaction history, payment method details, ATM withdrawals. |
| Device & Usage | IP address, browser type, operating system, referring URLs, pages viewed, time stamps. |
| Verification Data | Government ID images, selfie with ID, utility bills or bank statements used for address verification. |
| Marketing Preferences | Consent choices regarding promotional messages. |
Providing personal data is voluntary; however, refusal may prevent us from onboarding you, processing transactions, or providing customer support.
2 How We Collect Personal Data
| Channel | Source |
|---|---|
| Directly from you | Account applications, KYC forms, customer-service calls, surveys. |
| Automatically | Cookies, web beacons, server logs, device identifiers. |
| Third parties | Card scheme operators (Visa, Mastercard and UnionPay International), identity-verification vendors, brand partners, publicly available sources, fraud-prevention databases. |
3 Purpose & Legal Bases for Processing
We process personal data only when a legal basis exists under ADPPA or other applicable law:
| Purpose | Legal Basis (ADPPA § 101) |
|---|---|
| Account opening, KYC, AML compliance | Legal obligation § 101(b)(1) |
| Transaction processing, fraud prevention | Performance of contract § 101(b)(2) |
| Service improvements, analytics | Legitimate interests § 101(b)(3) |
| Marketing & promotions | Consent (opt-in) § 101(b)(5) |
| Responding to subpoenas or regulator requests | Legal obligation § 101(b)(1) |
4 Disclosure of Personal Data
We do not sell personal data. We share it only as described below:
| Recipient Type | Reason | Safeguards |
|---|---|---|
| Affiliates & Subsidiaries | Business operations & support | Intra-group data-processing agreements |
| Service Providers | Cloud hosting, identity verification, payment processing | DPA + security addendum |
| Regulators & Law Enforcement | AML, sanctions, court orders | Limited to what is legally required |
| Acquirers or Successors | Merger, acquisition, or sale of assets | Continuation of this Policy or notice to you |
We ensure that any third party located outside the U.S. is either (i) certified under an adequacy mechanism, or (ii) bound by Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent.
5 Data Retention & Deletion
- General Rule: We retain personal data for no longer than necessary for the purposes stated above and in accordance with legal, accounting, or reporting requirements.
- AML / KYC Records: Minimum five (5) years after the end of the customer relationship (or longer if required by a regulator).
- Deletion: When retention limits expire, data is securely destroyed or irreversibly anonymized.
- Account Deletion: You may request deletion at any time; we will complete the request within 30 days unless a legal exception applies.
6 Data Security
- Technical Measures: AES-256 encryption in transit and at rest, TLS 1.3 for web sessions, tokenized card data.
- Organisational Measures: Role-based access control, annual penetration testing, SOC 2 Type II audits, mandatory privacy training for staff.
- Incident Response: 72-hour breach notification to regulators and affected individuals where legally required.
7 Your Privacy Rights (U.S. Residents)
| Right | How to Exercise |
|---|---|
| Access / Portability | Submit a request to support@8.top |
| Correction / Rectification | Update via your account dashboard or contact us |
| Deletion | Same email; we will verify identity before processing |
| Opt-Out of Sale or Sharing | Not applicable—we do not sell data. |
| Opt-Out of Targeted Ads | Via cookie banner or browser settings. |
| Non-Discrimination | Exercising rights will not affect pricing or service quality. |
We respond to verified requests within 45 days (extendable once by 45 days where permitted).
8 International Transfers
- European Economic Area (EEA) Users: Transfers rely on SCCs and supplementary technical safeguards (encryption, pseudonymization).
- UK Users: Adequacy regulations apply; SCCs for onward transfers.
- Other Jurisdictions: We comply with local transfer restrictions on a case-by-case basis.
9 Cookies & Tracking Technologies
- Essential cookies are required for security and basic functionality.
- Analytics & Marketing cookies are deployed only with consent (opt-in banner).
- You may withdraw consent or adjust settings at any time through the cookie center or your browser.
10 Children's Privacy
We do not knowingly collect personal data from children under 13 (or the equivalent minimum age in any jurisdiction). If we learn that such data has been collected, we will delete it promptly.
11 Marketing & Communications
- Opt-In Consent. We send promotional emails or SMS only after obtaining your affirmative consent.
- Withdrawal. You may opt-out via the unsubscribe link in every email or by texting STOP to any SMS short code.
- Service Messages. Transactional or security alerts are not marketing and cannot be disabled.
12 Updates to This Policy
- We review this Policy at least annually and whenever material changes occur.
- Material changes will be announced via email or prominent notice on the Platform.
- Continued use after the effective date constitutes acceptance.
13 Applicable Language
The translated versions of this Policy are provided for convenience and to facilitate understanding of the English version only. The provision of translated versions of the Terms of Service, Privacy Policy, and Disclaimer is not intended to create a legally binding agreement and cannot replace the legal validity of the English version. In the event of any dispute or conflict, the English versions of the Terms of Service, Privacy Policy, and Disclaimer shall govern the relationship between the parties in all cases and shall prevail over any clauses in other languages.
14 Contact
For questions, please contact: support@8.top
Acknowledgement
By accessing or using any Company product or service, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.