What information we collect

Personal Information: When you register on our platform, we collect the following personal information: full name, email address, phone number, date of birth, country of residence, and address. This information is necessary to create your account, conduct the identity verification (KYC) process, and ensure the security of your investments.

Financial Information: To provide investment services, we collect information about your financial transactions, including deposit and withdrawal amounts, cryptocurrency wallet addresses, transaction history, and income data. We may also request documents confirming the source of funds in accordance with Anti-Money Laundering (AML) requirements.

Technical Information: Automatically collected information includes IP address, device and browser type, operating system, visit times, viewed pages, and actions on the platform. We use cookies and similar technologies to improve site functionality and personalize the user experience. Verification Information: As part of the KYC procedure, we collect copies of identity documents (passport, driver's license), documents confirming address of residence, and a selfie for identity confirmation. This information is processed using advanced recognition technologies and stored in encrypted form.

How we use your information

Provision of Services: The main purpose of collecting personal data is to provide quality investment services. We use your information to create and manage your account, process deposits and withdrawals, accrue interest, provide access to investment plans, and ensure the functioning of the affiliate program.

Security and Compliance: Your data is used to conduct identity verification procedures, monitor suspicious transactions, prevent fraud, and ensure compliance with international AML and KYC standards. We analyze behavior patterns to identify potential security threats and protect user funds.

Communication and Support: We use your contact information to send important notifications about your account status, changes in the terms of service, technical updates, and to respond to support requests. We may also send educational materials and information about new platform features.

Service Improvement: Analysis of user behavior and feedback helps us improve the platform's functionality, develop new products, and optimize the user interface. We use aggregated and anonymized data for research and analytics.

Legal basis for data processing

Performance of a contract: The processing of personal data is necessary for the performance of the investment services agreement concluded between you and our company. Without processing this data, we cannot provide you with access to our services.

Compliance with legal obligations: We are required to process certain personal data to comply with legal requirements in the financial services sector, including KYC, AML procedures, and the tax laws of various jurisdictions.

Legitimate interests: In some cases, we process data based on our legitimate interests, including ensuring the security of the platform, preventing fraud, improving services, and conducting marketing research. In doing so, we always consider the balance between our interests and your privacy rights.

Consent: For certain types of processing, such as marketing communications or the use of additional analytical tools, we request your explicit consent. You can withdraw your consent at any time through your account settings.

Disclosure of information to third parties

Service Providers: We may share personal data with trusted service providers who assist us in delivering our services. This includes cloud computing providers, identity verification services, payment processors, and analytics service providers. All service providers are bound by strict contractual obligations to protect confidentiality.

Regulatory bodies: In the event of a request from authorized government agencies, courts, or regulatory organizations, we may disclose personal data in accordance with applicable law. We strive to notify users of such requests unless prohibited by law.

Security Partners: To ensure the security of the platform and prevent fraud, we may exchange information with specialized security services and databases for combating fraud in the financial sector.

Corporate transactions: In the event of a merger, acquisition, or sale of company assets, personal data may be transferred to the new owner. We are committed to notifying users of any such changes and ensuring the preservation of the level of data protection.

International data transfers

Global Infrastructure: Our platform uses a global IT infrastructure, which may require the transfer of personal data to countries outside the European Union. We ensure an adequate level of data protection for all international transfers.

Protection Mechanisms: For international data transfers, we use standard contractual clauses approved by the European Commission, Privacy Shield certification (where applicable), and other recognized protection mechanisms. We regularly assess the adequacy of protection in the recipient countries.

Servers and Storage: The main servers with personal data are located in jurisdictions with a high level of data protection. Backup copies may be stored in other regions, but always with the use of encryption and other security measures.

Security measures

Technical Protection: We apply modern technical security measures, including data encryption during transmission and storage (AES-256), multi-factor authentication, regular security system updates, and real-time threat monitoring. Access to personal data is restricted and controlled by an access management system.

Organizational Measures: All employees with access to personal data undergo privacy training and sign non-disclosure agreements. We conduct regular security audits and penetration testing to identify and eliminate vulnerabilities.

Physical Security: Servers and equipment are located in certified data centers with access control, video surveillance, fire suppression systems, and backup power. Physical access to the equipment is strictly limited and documented.

Incident Response: We have a security incident response plan that includes procedures for detection, containment, investigation, and notification of data security breaches. In the event of a serious incident, we will notify affected users and regulatory authorities in accordance with legal requirements.

Your rights regarding personal data

Right of access: You have the right to receive information about what personal data we process, for what purposes, to whom we transfer it, and how long we store it. You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to rectification: If your personal data is inaccurate or incomplete, you have the right to request its correction or completion. We undertake to make corrections within a reasonable time and to notify third parties to whom inaccurate data has been transferred.

Right to erasure: In certain circumstances, you may request the deletion of your personal data ("the right to be forgotten"). However, this right may be limited by legal requirements for the retention of financial records and the need to prevent fraud.

Right to restriction of processing: You may request the restriction of the processing of your personal data in cases where you contest the accuracy of the data, believe the processing is unlawful, or the data is no longer needed by us but is required by you for the defense of legal claims.

Right to portability: You have the right to receive the personal data you have provided to us in a structured format and to transmit it to another data controller. This right applies to data processed on the basis of consent or a contract.

Right to object: You may object to the processing of your personal data based on our legitimate interests, including profiling. We will stop processing unless we can demonstrate compelling legitimate grounds.

Data retention periods

Active accounts: The personal data of active users is stored as long as the account remains active and we continue to provide services. Data necessary for the functioning of the account is retained for the entire period of use of the platform.

Inactive accounts: After closing an account or ceasing to use the services, we store personal data for the period necessary to comply with legal obligations, resolve disputes, and prevent fraud. This period is usually 7 years from the last activity.

Financial records: Data on financial transactions are stored in accordance with financial legislation requirements, usually for at least 5-7 years. This includes information on deposits, withdrawals, interest accruals, and affiliate payments.

Verification documents: Documents provided as part of the KYC procedure are stored for the period established by anti-money laundering regulatory requirements, typically 5 years after account closure.

Contacts and policy updates

Contact Information: For all questions related to the processing of personal data, you can contact our data protection officer at: privacy@trustinvest.com. We are committed to responding to your request within 30 days.

Filing complaints: If you believe that your personal data protection rights have been violated, you can file a complaint with the data protection supervisory authority in your country. We also encourage you to contact us directly first so that we can resolve the issue.

Changes to the policy: We may periodically update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. We will notify you of significant changes by email or through notifications on the platform.

Effective date: This Privacy Policy is effective from June 15, 2025, and supersedes all previous versions. Your continued use of our services after this date signifies your acceptance of the updated policy.