Privacy Notice

This Privacy Notice describes how Uphold collects, uses, and shares your Personal Data that we receive from you when you visit our website or app or which we otherwise receive or collect from you in the course of, or in connection with, the provision of our products and services and our business operations. It answers the following questions:

• Where does this Privacy Notice apply?
• How do we collect Personal Data about you?
• What Personal Data do we collect?
• How do we use your Personal Data, and on what legal basis do we collect your Personal Data?
• How do we keep your Personal Data safe?
• How do we share your Personal Data?
• Do we transfer your Personal Data outside of the UK, EU, and EEA?
• What does Uphold's real-time public reserve transparency mean for your Personal Data?
• What are your legal data privacy rights?
• How long do we retain your Personal Data?
• How do we protect children’s privacy?
• How do we use your Personal Data to inform you and market to you?
• How do we make changes to this Privacy Notice?
• Who can you contact if you have further questions or requests about your privacy?

Uphold Europe Limited ("we", “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Notice describes how Uphold collects, uses, and shares your Personal Data that we receive from you when you visit our website or app, or which we otherwise receive or collect from you in the course of, or in connection with, the provision of our products and services and our business operations. 

This Privacy Notice applies to individuals located in the United Kingdom and the European Economic Area (EEA), which includes the European Union (EU) member states.

For users located in the United Kingdom, the data controller is Uphold Europe Limited.

For users located in the EEA, the data controller is Uphold Digital Assets Europe Unipessoal Lda, a company incorporated in Portugal, which serves as Uphold’s main establishment within the EEA for the purposes of the EU General Data Protection Regulation (EU GDPR).

The Uphold Group is made up of several legal entities, including Uphold HQ Inc., Uphold Europe Limited, Uphold Digital Assets Europe Unipessoal Lda, Uphold Worldwide Ltd., Uphold International Equities Inc., and other affiliates.

Within the European Economic Area (EEA), Uphold Digital Assets Europe Unipessoal Lda (Portugal) acts as Uphold’s main establishment.

This Privacy Notice is issued on behalf of Uphold Europe Limited (for UK users) and UAB Uphold Europe (for EEA users). It applies only to Uphold operations and users in these regions. A separate Privacy Notice covers the United States, Canada, and the Rest of the World (ROW). It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data so you can understand our views and practices regarding your personal data and how we will treat it.

Where does this Privacy Notice apply?

This Privacy Notice applies to all of the services offered by the Uphold Group and services offered on third-party sites, such as advertising services. This Privacy Notice does not apply to services that have separate privacy notices that do not incorporate this Privacy Notice.

This Privacy Notice doesn’t apply to the information practices of other companies and organisations that advertise our services or to services offered by other companies or individuals, including products or sites that may include our Services or be linked from our Services.

This website and app may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How do we collect Personal Data about you?

We collect Personal Data about you both directly and indirectly. 

We collect information from and about you when you register with us or use our products, services or apps (our “Service”) or use our website or software applications, or access or use third-party services that use our Application Programming Interface (“API”). 

• When registering with us as a customer, we ask you for detailed information, which we will use to verify your identity and protect against fraud, among other reasons, as further described below.
• We gather Personal Data at other times when managing your Uphold account, such as from surveys, email communications during support or customer care, or during investigations.
• We collect information sent to us by your computer, mobile phone, or other device to improve your experience.
• When you use a location-enabled device with our Service, we may collect geographical location data or use various means to determine your location, such as sensor data from your device that may, for instance, provide data on nearby cell towers and Wi-Fi access spots.

As you interact with our website or software applications, we may collect technical data about your equipment, browsing actions, and patterns. We collect this information by using cookies, server logs, and other similar technologies. Cookies are small data files stored on your hard drive by a website. Cookies help us make our website and Service, and your use of them better by allowing us to recognise your browser and capture and remember certain information. Please see our Cookie Policy for additional information. You can also adjust your browser settings to disable cookies, but it may affect your ability to use the Service and our website. For users in the UK and the EEA, non-essential cookies (including those for advertising and analytics) are only set with your prior consent, in accordance with applicable data-protection and e-privacy laws in each region.

We may receive data from third parties about you. This may include technical data from analytics and advertising partners, such as Google, from identity verification providers, and other financial institutions.

What Personal Data do we collect?

Personal data, or personal information, means any information about an individual from which that person can be identified.  Uphold only collects - directly or indirectly - the Personal Data it needs to offer and support our Services and meet our legal and regulatory obligations, which may vary depending on our relationship with you and your use of the Services we offer.

Here is an overview of the Personal Data we collect directly or indirectly from or about you:

• Identity verification data: To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification. We may obtain information from affiliated and non-affiliated third parties, such as credit bureaus, identity verification services, and other screening services to verify that you are eligible to use our Services, and we will associate that information with the information we collected from you.
• As part of our identity verification process, Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision. Veriff’s privacy policy describes its collection, processing, storage, and use of your personal data in more detail. 
• Enhanced UK Verification: Uphold uses SumSub as a verification provider to conduct enhanced due diligence and identity verification where required under applicable laws and regulations. This process may include additional identity checks and risk assessments, and applies to customers in both the UK and the EEA.
• Use of AI and OCR Technology for Identity Verification and Data Processing: As part of our identity verification and onboarding process, we use Persona’s OCR and AI-powered Document AI to extract relevant data from submitted documents. Users are encouraged to review Persona’s Privacy Policy for more details on data processing and AI usage.
• Address verification data: We use Ekata to validate your physical address. Automated processes may be used to make a verification decision. Ekata’s privacy policy describes its collection, processing, storage, and use of your personal data in more detail.  In place of Ekata, we may use Trulioo to validate your physical address. Automated processes may be used to make a verification decision. Trulioo’s privacy policy describes its collection, processing, storage, and use of your personal data in more detail.  We additionally may require further address verification and validation through our partner, SumSub, by requesting that you provide us with documentation verifying your physical address, such as bank statements, utility bills, Internet/cable TV/house phone line bills, tax returns, council tax bill, and or government-issued certifications of residence. SumSub’s privacy notice describes its collection, processing, storage, and use of your personal data in more detail.
  
  Uphold uses Google Places Autocomplete, a feature provided by Google that offers suggestions for addresses and places as you type in search fields. When you use our platform, we may access Google Places Autocomplete to provide real-time suggestions for addresses and places as you type in search fields.
• Financial data: In addition to identity verification, Uphold may collect various information regarding your finances through third parties to be able to perform the transactions you request on the platform and to ensure compliance with regulatory requirements (e.g., anti-money laundering laws) and our own internal policies; for this to function, we must share certain elements of your Personal Data with these third parties. The information we receive from these third parties may include accounts you hold, balances, transactions, and a risk score. When linking your existing bank account to the Uphold platform, you may use Token.io, a third-party service, to connect through the Open Banking framework. Token.io may collect information about your bank account (including account details, transaction data, and balances), which is then shared with Uphold to facilitate this connection. The collection and transfer of this information is subject to Token.io's privacy policy.
• Regulatory compliance and screening data: We may collect Personal Data required to comply with anti-money laundering (AML), sanctions, and politically exposed person (PEP) screening obligations. This may include employment contracts, source of funds documents, or confirmation of beneficial ownership.
• Account activity data: We collect information about your transactions, payments from or to you, and your other activities on our site or Service, and other details of products and services you have purchased from us.
• Community and chat interactions: If you engage with Uphold through public or community channels (e.g., Discord or similar forums), we may process your username, contact details, and message content to improve engagement and support, in accordance with the GDPR.
• Application use data: We may collect data on your interaction and use of our Service. This includes visits to our website or app, sign-up activity, your bank account, credit card, and other payment details to enable you to enter into transactions on the Service, along with any additional information you may disclose to our user support team in order to resolve problems you report.
• Your device data: We collect and process your internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website or any of our software applications.
• Marketing and email data: We collect and process your preferences in receiving marketing from us, your email address, including hashed identifiers derived from email addresses for cross-device tracking for targeted advertising, and where you may have seen Uphold advertisements. We use Customer.io for all marketing and transactional communications.  Our email headers contain tracking pixels that collect the following information; 
  • Whether the email was opened
  • How long the email was open
  • How far down the email a recipient scrolls
  • Whether any links in the email were clicked
  • The recipient’s IP address
  • The recipient’s email client and device type
  • The recipient’s location
• Customer.io’s Privacy Policy describes the collection, processing, storage, and use of your personal data in more detail.

How do we use your Personal Data, and on what legal basis do we collect and process your Personal Data?

We only process your Personal Data when it is lawful for us to do so. Listed below are how we may use and process your Personal Data and the legal grounds we rely on to do so:

• Providing our Service to you: It may sound obvious, but we need your data to make Uphold work in the first place. Without your name, banking information, and other details, we simply could not offer you our products and services. 
• Service Provision via White Label Partners: We may offer our services through third-party partners who provide them under their own branding, commonly referred to as “white label” arrangements. While these services may appear to be offered by the partner, Uphold typically provides the underlying platform and infrastructure. For example for EasyBitcoin Uphold provides the regulated infrastructure and services for EasyBitcoin, a white-label partner operated with EasyGroup. Personal data collected through EasyBitcoin is processed by Uphold in accordance with this Privacy Notice, with Uphold remaining the data controller.
  
  To deliver these services, your Personal Data may be shared between Uphold and the partner. Depending on the nature of the relationship and the roles in determining the purposes and means of processing, Uphold and the partner may act as either independent controllers or joint controllers. When acting as joint controllers, we work together to define our respective responsibilities for compliance, including your rights and how to exercise them, as required under applicable laws.
  
  Uphold generally remains the primary point of contact for privacy-related inquiries and requests. You can reach us at [email protected].
  
  Our legal basis for processing in these arrangements includes the performance of a contract (to provide you with services) and our legitimate interests in expanding access to Uphold through reputable partners while maintaining data protection standards.
• Peer-to-Peer Transfers: When you send funds to another person, we may check whether the recipient’s email address is registered with Uphold to facilitate the transfer or, if not, to send them an invitation to join Uphold. Our legal basis for this processing is the performance of a contract (to provide the transfer service) and our legitimate interests in enabling and improving person-to-person payments.
• Identity verification: As a financial institution, it is essential that we are able to confirm the true identity of our users. There are rules and regulations across the globe that require us to identify our customers, including laws concerning anti-corruption, anti‐bribery, anti‐terrorism, and anti‐money laundering.
• Identity Verification & Automated Onboarding: We use OCR and AI-powered technology from Persona to extract and verify identity-related data from submitted documents. This helps streamline the onboarding process, improve accuracy, and enhance fraud prevention. Our legal basis is:
  • Legitimate Interest – Ensuring efficient onboarding, reducing errors, and preventing fraud.
  • Consent – Users provide explicit consent at the time of application, including when mobile carrier data is accessed via Prove.
• Automated decision-support tools: We may use automated systems, including machine learning, for fraud detection and identity verification. These tools assist our compliance and risk teams by flagging potentially suspicious activity or verifying documentation. All decisions that could have legal or similarly significant effects are subject to human review to ensure fairness and compliance with the UK and EU GDPR.
• AI-generated responses for community engagement: We may use AI-powered systems to generate responses in community channels (such as Discord) for engagement and education only. These interactions have no legal or significant effect. When using Discord, your data is processed under Discord’s own Privacy Policy. Our legal basis is legitimate interest.
• Fraud Prevention:  We use the personal information we collect in connection with providing you with our services to detect and prevent fraudulent activity. We share this information with Unit 21 and Sift, and Oscilar both all third-party service providers, to assist us with this effort. Unit 21 and Sift and Oscilar use various technologies to capture various device identifiers, such as canvas fingerprinting, and may use automated decision-making in order to detect and prevent fraudulent activity. For more information on the privacy practices of Unit  21, please review their Privacy Policy.  For more information on the privacy practices of Sift, please review their Service Privacy Notice, and for more information on the privacy practices of Oscilar, please refer to their privacy notice.
• Account Security: We use your phone number for our account two-factor authentication process.  This includes sending SMS or text messages (including by an automatic telephone dialing system) to any of the phone numbers provided by you or on your behalf in connection with your Uphold account.
• Address Verification: When you interact with our platform using Google Places Autocomplete, the following types of information may be collected and processed:
  • Search Queries: Information about your search queries, specifically the text you input into address or place search fields.
  • Location Data: Your device's geographical location, either provided by you or determined through GPS, IP address, or other methods, to refine autocomplete suggestions.
  • Usage Data: Data on how you use the autocomplete feature, including the frequency and timing of your searches.
• Keeping you informed: It is important for security and financial transparency that we keep you aware of your transactions and related activity at Uphold. We will send you emails with confirmations, invoices, technical notices, updates, security alerts, legal and support, and administrative messages.
• Investigations: Occasionally, we need to look at your account activity to check and protect against fraudulent, unauthorised, or illegal behaviour.
• Customer care: We strive to make sure you can easily use our products with no headaches, but sometimes you need help. Our customer care team will occasionally need access to your account data in order to fix any issues or answer your questions.
• Managing and improving our Service: We like to understand how our users engage and use Uphold in order to make sure Uphold is the best it can be.
• Use of Large Language Models (LLMs) for Customer Feedback: We use secure, pseudonymised data-analysis tools, including Snowflake’s Large Language Model (LLM) capabilities, to analyse open-ended customer feedback and identify themes such as product improvements or service issues. Outputs are aggregated only and not used for automated decisions. Our lawful basis for this processing is legitimate interests in understanding and enhancing customer experience.
• Behavioral Advertising and Analytics (including attribution statistics)*: For those who choose to consent (opt-in) to our targeted advertising cookies, this process includes combining different account, transactional, marketing, and cross-device tracking. When we apply these techniques, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. We may also use information from your mobile device, such as: browser type, device type and model, CPU, system language, memory, OS version, Wi-Fi status, timestamp and zone, device motion parameters, and carrier for advanced attribution and analytical purposes, including personalised or lookalike advertising.  For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page here.
• Opting Out of Targeted Advertising and Analytics
  If you would like to opt out of targeted advertising or analytics tracking, you can do so using the links below:
  • Targeted Advertising Opt-Out:
    • Facebook: Ad Preferences
    • Google: Ad Settings
    • AdRoll: Opt-Out | Privacy Policy
  • Analytics Opt-Out:
    • Ahrefs: Privacy Policy
    • AppsFlyer: Opt-Out | Privacy Policy
    • Google Analytics: My Activity
  • Additionally, you can opt out of some of these services through industry opt-out portals
    • Digital Advertising Alliance
    • Network Advertising Initiative
    • Your Online Choices (EU)

For more information, see our Cookie Policy.

• Communicating with you: We want you to be aware of product updates, news, events, and promotions, and, if you consent, we will send you information, including regular personalised emails, to keep you up to date with all things Uphold. 
• Business operations: We may need to use your Personal Data for our business operations, including internal training and administration, legal compliance, to enforce our legal rights, to protect third-party rights, and in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.
  
• Website and software applications: We use data analytics to improve our website and software applications, activities and operations, products/services, events, etc. 
• Third parties: If you (i) use our Service and/or platform by (a) using an application (whether directly or by authorising an application to use our Service and/or platform), (b) using a link provided by a third-party, or (c) any third party integrations or (ii) if you partner with us in a program or other business arrangement where a third-party intermediary is involved all such third parties may receive information about your account, your use of the Service, transaction history or even the ability to take actions on your behalf. When you authorise an application or third-party integration via the Uphold platform, you will be notified of what Personal Data will be shared with these third parties. Information collected by these applications or third-party integrations is subject to their terms and policies and is required by contract by Uphold to maintain the confidentiality and security of your Personal Data.
  

The primary legal grounds upon which we collect and process your Personal Data are: 

• through obtaining your consent at the time of collection,
• due to the necessity of doing so to perform the services as requested,
• to comply with our legal obligations as controller of your Personal Data, and to pursue our legitimate interests (e.g., to provide you with access to our services; to improve our services, to detect and prevent fraudulent activity within our services, etc.).

Note that we may process your Personal Data for more than one lawful basis depending on the jurisdiction in which you reside and the specific purpose for which we are using that data.

How do we keep your Personal Data safe?

We take your privacy very seriously and work hard to protect your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We have implemented multiple security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

We protect your Personal Data by maintaining physical, electronic, and procedural safeguards, incorporating tested security technologies, in compliance with applicable laws. We may use network safeguards such as firewalls and data encryption, enforce physical access controls, and authorise limited access to Personal Data only for those people (employees, agents, contractors, and other third parties) who have a business need to know or who require access to fulfill their job responsibilities. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. Those with access to your Personal Data are carefully screened, periodically re-evaluated, and are required to keep all your Personal Data confidential.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent your data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

How do we share your Personal Data?

We sometimes share your information internally between employees and contractors of the Uphold Group (including those based outside the United Kingdom), in particular in connection with activities undertaken jointly or in common with such group members, and/or provide IT and system administration services, and undertake management reporting.

We may disclose your personal data to our partner and affiliate Optimus Cards UK Limited (FRN: 902034) (“Optimus”), which provides e-money services in the UK. Optimus will hold your information on its own account and process it in accordance with its own privacy policy, which may be updated from time to time. You can read Optimus’ privacy policy here.

We may share your search queries and relevant information with Google to enable the provision of the Google Places Autocomplete service. Google’s use of this data is governed by its own privacy policies and terms of service.

Under the ‘Travel Rule,' we are legally required to share certain personal information—such as your name, address, and transaction details—with other financial institutions involved in virtual asset transfers. This is necessary to comply with regulations and help prevent financial crime.

We do not sell, trade or otherwise transfer your Personal Data to third parties other than third parties who assist us in operating our Service, third parties who assist us in facilitating certain programs and other business arrangements for which you have expressly agreed to participate, management and reporting, maintaining compliance with relevant laws (including compliance with relevant anti-corruption, anti-bribery, anti-terrorism, and anti-money laundering laws), conducting our business or supporting our users, or providing you with applications or services integrated via our API. We require that those third parties agree to keep this information confidential and secure on the same conditions and protection levels we provide to you as a user, in accordance with applicable data privacy laws, including the UK GDPR. A complete list of our sub-processors can be viewed here.

We may also share your information with certified and authorised law enforcement officials when required to comply with the law, enforce our terms or policies, or protect the rights, property, or safety of Uphold, our users, or others.

Finally, in the event of the sale or transfer of ownership of Uphold, your Personal Data would be shared with the new owners.

Do we transfer your Personal Data outside of the UK, EU, or EEA?

Yes, in certain cases, your Personal Data may be transferred to countries outside the United Kingdom (UK), the European Union (EU), or the European Economic Area (EEA).

Uphold HQ Inc., an affiliate of Uphold Europe Limited, is based in the United States and performs essential operational functions. In addition, many of our service providers and group entities are located outside the UK and EEA. As a result, your Personal Data may be processed, stored, or accessed from countries such as the United States.

To ensure your data remains protected when transferred internationally, Uphold implements appropriate safeguards that comply with applicable data protection laws, including:

• For transfers from the EEA: Uphold uses the European Commission’s Standard Contractual Clauses (SCCs) and applies any supplementary measures recommended by the European Data Protection Board (EDPB).
• For transfers from the UK: We rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, as applicable, in line with the UK Data Protection Act 2018 and guidance from the Information Commissioner’s Office (ICO).

Transfers from the EEA are overseen by Uphold Digital Assets Europe Unipessoal Lda, our main establishment in Portugal.

Additionally, by accepting this Privacy Notice, you expressly consent to the transfer of your Personal Data between Uphold Europe Limited, Uphold HQ Inc., and our affiliates and third-party service providers, to the extent necessary to fulfill regulatory, compliance, or contractual obligations.

We ensure that any such transfers maintain an adequate level of protection in accordance with the UK and EU GDPR. This includes contractual commitments and technical and organisational  safeguards to protect your information.

If you would like more information about these international data transfer mechanisms or request a copy of the relevant safeguards, please contact us at [email protected].

What does Uphold's real-time public reserve transparency mean for your Personal Data?

As part of our transparency, we publish our holdings and transactions on our Transparency Page. Transaction data on our public ledgers doesn't include personal information. The amount, asset class, and time-stamp of all transactions conducted using our Service are a permanent part of the publicly-accessible Reservechain™ and Reserveledger™. Only users who are party to the transaction can access Personal Data associated with their transactions.

What are your legal data privacy rights?

Under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), you may, in certain circumstances, have the following rights regarding your Personal Data:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
• Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object when we are processing your personal data for direct marketing purposes.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios. 
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
• Withdraw consent at any time where we are relying on consent to process your personal data.
• Right not to be subject to a decision based solely on automated processing, including profiling, where that decision produces legal or similarly significant effects concerning you. You also have the right to request a review of such decisions by a human and to express your point of view.
• Right to seek compensation: if you suffer material or non-material damage as a result of unlawful processing of your personal data, you may have the right to seek compensation through the courts in your country of residence under the UK GDPR or the EU GDPR, as applicable.
• Right to lodge a complaint with a supervisory authority: If you have concerns about how we handle your Personal Data, you have the right to lodge a complaint with a data protection authority in your country of residence, place of work, or where you believe a data protection breach has occurred.
  • In the United Kingdom, you can contact the Information Commissioner’s Office (ICO): www.ico.org.uk
  • In the EU/EEA, you may contact your local data protection authority. A full list of supervisory authorities is available on the European Data Protection Board (EDPB) website:
    https://edpb.europa.eu/about-edpb/board/members_en
  • In Portugal, Uphold has appointed Uphold Digital Assets Europe Unipessoal Lda as its main establishment in the EEA. If you are located in Portugal, you can contact the Comissão Nacional de Proteção de Dados (CNPD): www.cnpd.pt
    

To exercise one of the above rights, please contact Uphold by emailing [email protected], or by post at:

• UK: Suite A, 6 Honduras Street, London, England, EC1Y 0TH
• EU & EEA: Uphold Digital Assets Europe Unipessoal Lda, Rua do Alecrim 26, 1200-018 Lisbon, Portugal.
  

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Your marketing preferences can be updated on the Uphold Platform under your user settings or through any Newsletter via the “Unsubscribe” link.  

For all other Data Privacy inquiries, please submit your request through our standard customer support process by contacting our Support Team. Please be advised that Uphold does not process requests received by a privacy automated service (bot).  All requests must come directly from the individual to the email address noted above.

How long do we retain your Personal Data?

Uphold maintains reasonable procedures to help ensure that your Personal Data is reliable for its intended use, accurate, complete, and current.

• We (or our service providers) will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including to satisfy legal, accounting, or reporting requirements. This includes compliance with the General Data Protection Regulation (GDPR) and other applicable laws, such as those related to anti-money laundering (AML), counter-terrorist financing (CTF), and economic sanctions regulations, including those enforced by the Office of Foreign Assets Control (OFAC). Our legal and regulatory obligations require that we retain customer data for a period of 10 years after the end of the customer relationship, or longer where required to comply with sanctions screening, enforcement actions, or government investigations
• When it is no longer necessary to retain your Personal Data, we will securely delete it, subject to applicable law and regulations.
• In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
• If you request that we stop sending you marketing materials, we will continue to keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
• Should you make a Data Subject request through our standard customer support channel, we will retain the minimum required amount of data in order to keep a record of your request and the action we took to resolve it.  

How do we protect children’s privacy?

We do not knowingly solicit or collect information from individuals under 18. If we become aware that a child under the age of 18 has provided us with Personal Data, we will close the account and restrict their information. If you believe that we might have collected Personal Data from a child under 18, please contact us using the information below.

How do we use your Personal Data to inform you and market to you?

In compliance with applicable laws, and with your consent where required, we may send you personalised marketing information, including by email, and such information may include product and service updates, industry news, our events, activities, and offers, information about our business and personnel, and tips. We may combine your Personal Data, such as age, transaction history, and account usage, to improve the value and specificity of these communications.

You can ask us to stop sending you marketing messages or information at any time by following the “unsubscribe” link on any marketing message sent to you or by updating your contact preferences directly on the Uphold Platform. Please note, it may take up to 10 days for this to take effect. 

Data Protection of using digital assets and blockchains

Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis, which can lead to the re-identification of transacting individuals and the revelation of Personal Data, especially when blockchain data is combined with other data.

As blockchains are decentralised or third-party networks that are not controlled or operated by the Company, we are not able to erase, modify, or alter Personal Data on such networks.

How do we make changes to this Privacy Notice?

This version was last updated on the date indicated above, and historic versions are archived and can be obtained by contacting us. We may update this Privacy notice from time to time as we deem necessary or appropriate in our sole discretion. If there are any material changes to this Privacy Notice, we will notify you by email, by means of a notice on the Uphold Platform, or as otherwise required by applicable law. We encourage you to review this Privacy Notice periodically to be informed regarding how we are using and protecting your information and to be aware of any policy changes. Any changes to this Privacy Notice take effect immediately after being posted or otherwise detailed by us.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

Who can you contact if you have further questions or requests about your privacy?

You can direct any questions or complaints about the use or disclosure of your Personal Data to us by contacting us as set out below. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data as soon as possible.

If you have any questions regarding this Privacy Notice or wish to contact us, you can email us at [email protected]. This email address also serves as the point of contact for our Data Protection Officer. Alternatively, you may reach us by mail at one of the addresses listed below.

United Kingdom: Uphold Europe Limited
Suite A, 6 Honduras Street, London EC1Y 0TH, United Kingdom

EU & EEA: Uphold Digital Assets Europe Unipessoal Lda
Rua do Alecrim 26, 1200-018 Lisbon, Portugal

All Data Subject Requests should be submitted to our Customer Support Team.