Privacy Policy

Atlas Wallet ("we," "us," or "our") respects your privacy and is committed to protecting your personal data in accordance with applicable data protection laws and regulations. This Privacy Policy explains how we collect, process, store, and share your personal information when you use our services, including a custodial crypto wallet service and the associated applications (“Wallet”). By accessing or using our services and Wallet, you acknowledge that you have read and understood this policy.

All terms, not defined herein and used in this Privacy Policy, shall have the meaning ascribed to them by the applicable data-protection legislation, including but not limited to the EU General Data Protection Regulation (GDPR) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), depending on your jurisdiction of service.

For the purposes of this Privacy Policy, the data controller responsible for processing your personal data depends on your location and the entity providing the Services to you:

• a. Users located within the European Union:

  The data controller is Grol Spółka z Ograniczoną Odpowiedzialnością, a company duly incorporated and existing in accordance with Polish laws (Polish Tax ID: 7011090950, KRS National Register No.: 0000974358) with a registered address at ul. Hoza 86, unit 210, post-code 00-682 Warsaw, Poland. The company is entered in the Virtual Currency Business Activity Register maintained by the Director of the Revenue Administration Chamber in Katowice on 13 June 2022 under the number RDWW-342.

• b. Users located outside the European Union (including Latin America and other international jurisdictions):

  The data controller is Zemoon Fintech Ltd., a company incorporated under the laws of Canada, with registration number ВС1398578 and registered address at Datatech Business Centre 1095 Mckenzie Ave., Suite 300 Victoria Вс V8p 2l5, Canada, and registered with FINTRAC as a Money Services Business under registration No. M23709431 since March 30, 2023. Zemoon Fintech Ltd. is authorized to conduct activities including foreign-exchange dealing, money transferring, and dealing in virtual currencies.

Both entities act as independent data controllers within their respective jurisdictions, each determining the purposes and means of processing personal data in compliance with applicable data-protection laws and regulatory obligations.

For inquiries or requests related to data protection, you may contact our Data Protection Officer at the email address indicated on our website or through the official support channel.

• a. Identity and Contact Data: Currently we ask our users to provide only email address to get access to our services. If the Wallet service is accessed via Telegram mini-application we may also collect a Telegram username, Telegram profile name, Telegram ID, phone number. However, we may additionally request, if required in accordance with applicable laws, your address of residence, date of birth, government-issued ID and proof of funds (e.g., for KYC compliance).
• b. Transaction Data: transaction history, cryptocurrency wallet addresses.
• c. Technical and Usage Data: IP address, device type (e.g., mobile, desktop), browser type, operating system, geolocation, cookies, logs (e.g., login times, service errors), and usage patterns (e.g., pages visited, features used).
• d. Marketing and Communication Data: preferences for receiving marketing materials, records of consent, and feedback.

We obtain your personal data through various methods, including:

• a. Direct Interactions: When you register for an account, complete identity verification, contact customer support, or interact with our Services.
• b. Third-Party Sources: If applicable, from external service providers, such as identity verification services, regulatory bodies, and partners that assist in compliance.

We process your personal data only for specified, explicit, and legitimate purposes, and only to the extent necessary to ensure proper provision of the Services, compliance with applicable law, and protection of our systems and Users.

Depending on your jurisdiction and the entity providing the Services, the legal basis for processing your personal data is determined in accordance with the EU General Data Protection Regulation or the Canadian Personal Information Protection and Electronic Documents Act, as applicable.

We rely on the following legal grounds for processing:

For processing based on legitimate interests, we conduct a balancing test to ensure our interests do not override your rights.

We may share your personal data with:

• a. Service Providers: we may share your personal data with trusted third-party providers who perform services necessary to ensure the proper provision of our services to our users in accordance with applicable laws (e.g., cloud hosting, fiat processing, identity verification). These providers are contractually bound to maintain the confidentiality and security of your data and act as data processors or equivalent service providers under the applicable data-protection laws, processing data only under our instructions pursuant to data-protection–compliant agreements. For functionalities such as purchasing digital assets with fiat currency or using integrated services, you may be redirected to third-party platforms. In such cases, your interactions are subject to the third-party’s privacy policies and terms, and we do not assume responsibility for their practices.
• b. Legal and Regulatory Authorities: when required by law (e.g., tax audits, court orders, or anti-money laundering obligations under European Union regulations or Polish law, or Canadian law).
• c. Business Partners or Affiliates: only with your explicit consent (e.g., joint promotions or integrated services).
• d. Corporate Transactions: in mergers, acquisitions, or asset sales, data may be transferred as part of due diligence.

If your data transferred outside the European Economic Area (EEA) or Canada, we will ensure the appropriate safeguards to be in place, which may be:

• a. EU Standard Contractual Clauses (SCCs): Used with third-country providers;
• b. Adequacy Decisions: For transfers to countries deemed "adequate" by the EU Commission or recognized under Canadian privacy legislation (e.g., PIPEDA);
• c. Binding Corporate Rules (BCRs): For intra-group transfers (if applicable);
• d. Explicit Consent: Where required, we obtain your consent for specific transfers;
• e. other approved transfer mechanisms under applicable data-protection laws.

For inquiries related to international data transfers:

Users located within the European Union may contact our Data Protection Officer at  hello@grolex.io.

Users located outside the European Union may contact our Privacy Office at privacy@zemoon.pro.

We implement technical and organizational measures to protect your data, including encryption to keep your data private while in transit, 2 Step Verification to help you protect your account. We restrict access to personal information. Sensitive application data is encrypted at rest.

Despite these measures, no system is entirely secure. We will notify you and relevant authorities of data breaches where required.

We retain your data only as long as necessary:

• a. Active Accounts: Until deletion is requested.
• b. Legal Obligations: Up to 5–10 years for tax, transaction, contractual or anti-fraud records, as required by applicable law.
• c. Marketing Data: Until consent is withdrawn or 2 years after last interaction.
• d. Cookies: Session cookies expire when you close the browser; persistent cookies up to 24 months.

Data is anonymized or securely deleted post-retention.

Users located within the European Union have specific rights under the EU General Data Protection Regulation and the Polish Data Protection Act.

You have the following rights, exercisable via making the relevant request to our email or via the request form located on our website:

• a. Access: Obtain a copy of your data.
• b. Rectification: Correct inaccurate data.
• c. Erasure ("Right to Be Forgotten"): Request deletion if data is no longer necessary.
• d. Restriction: Limit processing during disputes.
• e. Portability: Receive your data in a machine-readable format.
• f. Object: Object to processing based on legitimate interests.
• g. Withdraw Consent: For marketing or non-essential processing.

We respond within 30 days and may request verification of identity.

We use:

• a. Essential Cookies: Necessary for core functionality (e.g., login sessions).
• b. Analytical Cookies: Track usage via tools like Google Analytics (anonymized where possible).
• c. Marketing Cookies: Serve personalized ads (require prior consent).

Manage preferences via our Cookie Consent Banner or browser settings (e.g., Chrome, Firefox).

Our services are not directed to individuals under 18. If we inadvertently collect data from minors without parental consent, contact us immediately for deletion.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated by updating the “Last Updated” date on our website and, if required, via other notification methods. Your continued use of our Services after any such changes constitutes your acceptance of the updated Privacy Policy.

Users have the right to lodge a complaint with the competent data protection authority, depending on their location and the jurisdiction of the entity providing the Services.

For users located within the European Union:

You may lodge a complaint with the Polish supervisory authority: President of the Personal Data Protection Office (PUODO). Address: Stawki 2, 00-193 Warsaw, Poland. Website: https://uodo.gov.pl. Email: kancelaria@uodo.gov.pl

You also retain the right to seek judicial remedy under GDPR Art. 78–79.

For users located outside the European Union:

You may submit a complaint or inquiry to us directly via the contact details provided in this Privacy Policy, or with the relevant privacy authority in your jurisdiction, in accordance with applicable data-protection laws.