Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy describes how iBnk Vault LLC ("iBnk," "we," "us," or "our") collects, uses, shares, and protects your personal information when you access or use our crypto-to-fiat platform, website, mobile applications, and related services (collectively, the "Services").

iBnk Vault LLC is a company registered at 30 N Gould St, Sheridan, WY 82801, United States. If you have any questions or concerns about this Privacy Policy or our data practices, you may contact us at contact@ibnk.xyz.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Account Information

When you create an account with iBnk, we collect personal information that you provide directly to us, including:

• Full legal name
• Email address
• Phone number
• Date of birth
• Residential address
• Account credentials (passwords are stored in hashed form only)

2.2 Know Your Customer (KYC) Data

To comply with applicable anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, we collect identity verification information through our integration with the Bridge API. This may include:

• Government-issued identification documents (passport, driver's license, or national ID card)
• Proof of address documentation (utility bills, bank statements)
• Selfie or biometric facial verification data
• Tax identification numbers (SSN, TFN, or equivalent)
• Source of funds declarations where required by law

KYC verification is processed through the Bridge API, and certain identity data may be stored and processed by Bridge in accordance with their own privacy policy.

2.3 Transaction Data

When you use our Services to convert cryptocurrency to fiat currency or perform other financial transactions, we collect:

• Cryptocurrency wallet addresses
• Transaction amounts, dates, and timestamps
• Fiat currency bank account or card details used for withdrawals
• Transaction status and history
• Associated fees and exchange rates applied

2.4 Device and Usage Data

We automatically collect certain technical information when you access our Services, including:

• IP address and approximate geolocation
• Browser type and version
• Operating system and device type
• Unique device identifiers
• Pages visited, features used, and actions taken within the Services
• Referring URLs and exit pages
• Date and time of access, session duration, and frequency of use

2.5 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your interactions with our Services. This includes essential cookies required for the operation of the platform, as well as analytics cookies that help us understand how users engage with our Services. For more information, please refer to our Cookie Policy.

3. How We Use Your Information

3.1 Service Provision

We use your personal information to create and manage your account, provide access to our platform features, process your requests, and deliver customer support. This includes maintaining your account preferences, enabling dashboard functionality, and facilitating communication between you and our support team.

3.2 Transaction Processing

Your financial and identity information is used to execute crypto-to-fiat conversions, process withdrawals to your designated bank accounts or cards, calculate applicable fees and exchange rates, and generate transaction receipts and statements.

3.3 KYC and AML Compliance

We use your identity documents and personal data to verify your identity in accordance with applicable KYC regulations, screen against sanctions lists and politically exposed persons (PEP) databases, monitor transactions for suspicious activity, file regulatory reports as required by law, and maintain audit trails for compliance purposes.

3.4 Security and Fraud Prevention

We process your information to detect and prevent fraudulent activity, unauthorized access, and other security threats. This includes monitoring login attempts, analyzing transaction patterns for anomalies, verifying device authenticity, and enforcing our terms of service.

3.5 Communications

We use your contact information to send you transaction confirmations and receipts, security alerts and account notifications, service updates and maintenance notices, and, where you have opted in, promotional communications about new features or services. You may opt out of promotional communications at any time by following the unsubscribe instructions in those messages or by contacting us directly.

3.6 Legal Compliance

We may process your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including responding to subpoenas, court orders, or regulatory inquiries from financial authorities.

4. How We Share Your Information

4.1 Bridge API

We share your identity verification data and transaction information with Bridge, our infrastructure partner, to facilitate KYC verification, process crypto-to-fiat conversions, and comply with regulatory requirements. Bridge processes this data in accordance with their own privacy policy and applicable data protection laws.

4.2 Card Networks and Financial Institutions

When you initiate withdrawals or link payment methods, we share necessary transaction and identity data with card networks (such as Visa or Mastercard), banking partners, and payment processors to complete your transactions. These parties process your data solely for the purpose of executing the requested financial operations.

4.3 Regulatory and Law Enforcement Authorities

We may disclose your personal information to regulatory bodies, law enforcement agencies, or other governmental authorities when required by law, in response to valid legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4.4 Service Providers

We engage trusted third-party service providers who perform services on our behalf, such as cloud hosting, data analytics, customer support tools, and email delivery. These providers are contractually obligated to protect your information and may only use it for the specific purposes for which we engage them.

4.5 No Sale of Personal Data

iBnk does not sell, rent, or trade your personal information to third parties for their marketing purposes. We have not sold personal information in the preceding twelve months and have no intention of doing so.

5. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide you with our Services. When determining retention periods, we consider the nature and sensitivity of the data, the purposes for which it is processed, and applicable legal and regulatory requirements.

Financial transaction records and KYC documentation are retained for a minimum of five (5) years following the termination of your account or the completion of the last transaction, whichever is later, in accordance with applicable anti-money laundering regulations, including the Bank Secrecy Act (BSA) and Financial Crimes Enforcement Network (FinCEN) requirements.

Device and usage data collected for analytics purposes is generally retained for up to twenty-four (24) months, after which it is aggregated or anonymized. Security logs and fraud detection records may be retained for up to seven (7) years where necessary for ongoing investigations or legal proceedings.

Upon account deletion, we will remove or anonymize your personal information within thirty (30) days, except where retention is required by law or for legitimate business purposes such as resolving disputes, enforcing our agreements, or complying with regulatory obligations.

6. Your Rights and Choices

6.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to legal retention requirements.
• Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
• Restriction: You may request that we restrict the processing of your personal information in certain circumstances.
• Objection: You may object to the processing of your personal information for certain purposes.

To exercise any of these rights, please contact us at contact@ibnk.xyz. We will respond to your request within thirty (30) days or as required by applicable law.

6.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, disclose, and sell.
• The right to request deletion of your personal information.
• The right to opt out of the sale or sharing of your personal information. As stated above, iBnk does not sell your personal information.
• The right to non-discrimination for exercising your privacy rights.
• The right to correct inaccurate personal information.
• The right to limit the use and disclosure of sensitive personal information.

You may designate an authorized agent to submit requests on your behalf. To verify your identity when making a request, we may ask you to provide information that matches our records.

6.3 Australian Users (Australian Privacy Principles)

If you are located in Australia, your personal information is handled in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have the right to:

• Request access to the personal information we hold about you.
• Request correction of any inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information.
• Complain about a breach of the APPs, and we will investigate and respond to your complaint within thirty (30) days.
• Request that we not disclose your personal information to overseas recipients in certain circumstances.

If you are not satisfied with our response to a complaint, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC).

7. Data Security

We implement and maintain appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data both in transit (using TLS/HTTPS) and at rest (using AES-256 encryption).
• Strict access controls and role-based permissions ensuring that only authorized personnel can access personal information on a need-to-know basis.
• All communications between your browser and our servers are transmitted over HTTPS to prevent interception or tampering.
• Regular security assessments, vulnerability scanning, and penetration testing of our systems.
• Secure storage of authentication credentials using industry-standard hashing algorithms.
• Monitoring and logging of access to systems containing personal information for audit and incident response purposes.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users and relevant authorities in the event of a data breach as required by applicable law.

8. International Data Transfers

iBnk Vault LLC is based in the United States, and your personal information is primarily processed and stored on servers located in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

For users located in Australia, we take reasonable steps to ensure that any transfer of your personal information outside of Australia complies with the Australian Privacy Principles. Where we transfer your data to overseas recipients, we ensure that appropriate safeguards are in place, including contractual obligations requiring the recipient to handle your information in a manner consistent with the APPs.

By using our Services, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

9. Children's Privacy

Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect, solicit, or maintain personal information from anyone under 18 years of age. If you are under 18, you may not create an account or use our Services.

If we become aware that we have collected personal information from a person under the age of 18, we will take immediate steps to delete that information from our records. If you believe that we may have inadvertently collected information from a minor, please contact us at contact@ibnk.xyz so that we can investigate and take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our website with a revised "Last updated" date at the top of this page.

For significant changes that materially affect your rights or how we process your personal information, we will provide additional notice through email or a prominent notification within our Services prior to the changes taking effect. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the changes, you should discontinue use of our Services and contact us to request deletion of your account.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

iBnk Vault LLC
30 N Gould St
Sheridan, WY 82801
United States

Email: contact@ibnk.xyz

We will endeavor to respond to all inquiries within thirty (30) days of receipt.