Global Privacy
Policy

Yera Connect is owned and operated by YEAR TECH. We act as the data controller of your personal data when you use Yera Connect directly, and may act as a data processor, service provider, or independent controller when providing services to business customers.

If you visit our Website, contact us, create an account, complete verification, use wallet or transaction services, or connect a payment method, we generally process your personal data as a controller.

If you access Yera Connect through a third-party platform, merchant, integrator, partner, or business customer, that third party may also process your personal data under their own privacy policy. We are not responsible for the privacy practices of third parties operating independently from us.

"Personal data" means information that identifies, relates to, describes, or can reasonably be linked to an individual. We collect personal data through the following methods:

• Information you provide to us directly
• Information we collect automatically through your use of the Services
• Information generated through your transactions and activity
• Information received from third-party providers and partners
• Information derived from blockchain networks, compliance checks, and transaction monitoring

When you visit the Website or use the Services, we may automatically collect technical and usage information, including:

• IP address, device identifiers, browser type, operating system, device type
• Approximate location, time zone, pages viewed, links clicked, session duration
• Authentication data, login history, clickstream data, API usage data
• Error logs, security logs, cookie identifiers, analytics data
• Fraud prevention signals, network information, user agent information

We may use cookies, pixels, tags, SDKs, local storage, and similar technologies to operate the Website and Services.

• Operate the Website and remember your preferences
• Authenticate users and maintain sessions
• Detect fraud and abuse, improve security
• Analyse Website and Service usage and improve performance
• Support marketing and advertising, where permitted

Some cookies are necessary for the Website and Services to function. Others may be optional and subject to consent where required by law. See our Cookie Policy for more information.

We may create, use, and share anonymised or aggregated data that does not identify you, including aggregated transaction trends, usage statistics, fraud indicators, performance metrics, product analytics, research insights, and compliance trend data. Where data has been properly anonymised, it may not be treated as personal data under applicable law.

Where GDPR, UK GDPR, Swiss data protection law, or similar laws apply, we process personal data using one or more of the following legal bases:

The Website or Services may contain links to third-party websites, apps, wallets, exchanges, payment providers, merchants, or services. Third-party services collect and process your personal data independently under their own privacy policies. We are not responsible for third-party privacy practices. You should review the privacy policy of any third-party service before using it.

Crypto transactions may be recorded on public blockchain networks. Public blockchain data may include wallet addresses, transaction amounts, timestamps, transaction hashes, and other transaction metadata. Because blockchain networks are decentralised and public, we may not be able to delete, modify, or restrict access to information recorded on a blockchain.

We may use automated systems to support security, fraud prevention, compliance, sanctions screening, transaction monitoring, wallet screening, risk scoring, and onboarding decisions. These systems may determine whether to approve, reject, delay, review, suspend, or restrict an account, transaction, or service request.

Where required by law, you may have the right to request human review of certain automated decisions, express your point of view, contest a decision, or obtain more information about the logic involved.

We may process and store personal data in countries other than where you are located. Where applicable law requires safeguards for international data transfers, we use appropriate measures including:

• Adequacy decisions issued by relevant data protection authorities
• Standard contractual clauses and data processing agreements
• Transfer impact assessments
• Technical and organisational safeguards and contractual protections
• Other legally recognised transfer mechanisms

We use technical, organisational, administrative, and physical safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction:

• Access controls, authentication measures, and encryption where appropriate
• Logging and monitoring, network security controls, secure development practices
• Vendor due diligence, staff training, internal policies, and incident response
• Data minimisation practices, confidentiality obligations, and restricted access

No system is completely secure. You are responsible for keeping your account credentials, devices, wallets, private keys, and authentication methods secure. Notify us immediately if you suspect unauthorised access.

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy. Retention periods depend on:

• The type of personal data and purpose of processing
• Legal and regulatory requirements including AML, sanctions, and tax obligations
• Dispute limitation periods and fraud prevention needs
• Whether your account remains active
• Whether retention is required by a provider, regulator, or court

We may retain KYC, KYB, AML, transaction, compliance, and payment records for longer periods where required or permitted by law. When personal data is no longer needed, we may delete it, anonymise it, aggregate it, or securely retain it where required by law.

Depending on where you live and the applicable law, you may have the following rights:

To exercise your rights, contact us at privacy@yeraconnect.io. We may need to verify your identity before responding. Some rights may be limited by legal, regulatory, AML, or fraud prevention requirements.

You may opt out of marketing emails by using the unsubscribe link in any email or contacting us at privacy@yeraconnect.io. Even if you opt out of marketing, we may still send important non-marketing communications including service notices, transaction confirmations, account alerts, compliance requests, security notices, and legal updates.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies. You may manage cookie preferences through:

• Our cookie banner or preference centre
• Your browser settings
• Device settings
• Other available opt-out tools

Blocking cookies may affect Website or Service functionality. See our Cookie Policy for more information.

If you are in California or another US state with applicable privacy laws, you may have additional rights including:

• Know what personal information we collect, use, disclose, or share
• Access and correct personal information
• Delete personal information
• Opt out of certain sharing or targeted advertising
• Limit use of sensitive personal information, where applicable
• Receive information about categories of third parties to whom data is disclosed
• Not be discriminated against for exercising privacy rights

We do not knowingly sell personal information. Some analytics or advertising activities may be considered "sharing" or "targeted advertising" under certain US state laws. Where applicable, we will provide required opt-out mechanisms. Contact us at privacy@yeraconnect.io.

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under applicable data protection laws. Contact us at privacy@yeraconnect.io to exercise those rights. You may also have the right to lodge a complaint with your local data protection supervisory authority.

If we become aware of a personal data breach, we will assess the incident and take appropriate steps in accordance with applicable law. Where required, we may notify affected individuals, regulators, providers, partners, or other relevant parties. We may not provide notice where not legally required, where the incident does not create relevant risk, or where notice would compromise security, legal obligations, or investigations.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top. Where required by law or where changes are material, we may provide additional notice via email, Website notice, account notice, or dashboard notification. Your continued use of Yera Connect after an updated Privacy Policy becomes effective constitutes your acknowledgement of the updated policy.

If you have questions, concerns, complaints, or requests regarding this Privacy Policy or our handling of personal data, please contact us. Include enough information for us to identify you and understand your request.