Privacy Policy

This Privacy Policy explains how Fiatly ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use the Service. We are committed to handling your data responsibly and in compliance with applicable privacy laws.

Identity and contact information: name, email address, and phone number provided at checkout or when contacting support.

Payment data: payment method details are collected and processed directly by our payment partner Wert. We do not store your card numbers or banking credentials.

Wallet addresses: the blockchain wallet address you provide to receive the NFT. Wallet addresses are public by nature on the blockchain.

Device and usage data: IP address, browser type, operating system, referring URLs, pages visited, and interaction events, collected automatically via server logs and analytics tools.

Transaction data: records of NFT purchases, order identifiers, blockchain transaction hashes, and timestamps.

To process and fulfill NFT purchases, deliver purchased tokens to your wallet, and send order confirmations.

To comply with legal and regulatory obligations, including AML/KYC requirements administered by our payment partner.

To detect, investigate, and prevent fraud, unauthorized transactions, and other misuse of the Service.

To provide customer support and respond to inquiries.

To analyze usage patterns and improve the functionality, performance, and user experience of the Service.

Where you have given consent or where permitted by applicable law, to send you relevant marketing communications about new collections and features.

Payment partner (Wert): we share transaction details and wallet addresses with Wert to facilitate payment processing and NFT delivery via their NFT Checkout product.

KYC/AML providers: Wert and its sub-processors conduct identity verification and sanctions screening as part of the payment flow.

Analytics services: we use privacy-respecting analytics tools to understand aggregate usage patterns. These providers may receive pseudonymous usage data.

Law enforcement and regulators: we disclose information when required by applicable law, court order, or regulatory request.

We do not sell your personal data to third parties.

We retain transaction records and associated personal data for a minimum of five years to meet financial record-keeping and AML regulatory obligations.

Support communications are retained for two years. Analytics data is retained in aggregated or pseudonymized form.

You may request deletion of your personal data subject to our legal retention obligations.

We implement technical and organizational security measures including encryption in transit and at rest, access controls, and regular security reviews to protect your data.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and we encourage you to use strong, unique passwords and secure your own devices.

Depending on your jurisdiction, you may have rights to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data (subject to legal obligations); object to or restrict certain processing; and receive a portable copy of your data.

To exercise any of these rights, contact us via the support channels listed on the Service.

We use cookies and similar technologies for essential functionality, user preferences, analytics, and performance monitoring. You can control cookie preferences through your browser settings or our cookie consent banner.

See our Cookie Policy for detailed information on the specific cookies we use.

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities.

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will promptly delete it.

The Service may contain links to third-party websites, NFT creator pages, or external platforms whose privacy practices we do not control. We encourage you to review their privacy policies before providing any information.

If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.

California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and how it is used, the right to request deletion, and the right to opt out of the sale of personal information.

We do not sell personal information. To submit a CCPA request, contact us through the support channels listed on the Service.

In the event of a security breach affecting your personal data, we will notify affected users and relevant supervisory authorities as required by applicable law and within the timeframes prescribed by those laws.

We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with an updated effective date. We encourage you to review this policy periodically.

To exercise your privacy rights or ask questions about this policy, please reach us through the support channels listed on the Service.