Wello Privacy
Policy

Last updated: February 28, 2025

Privacy Policy

This Privacy Notice (“Notice”) describes how Wello (“Wello”, “we”, “us”, “our”, “ourselves”) collects and processes your Personal Data (“you”, “your”) through our websites and applications or other services (collectively, together with the Website and the Apps, our “Service”). By using the Services provided by us, you are consenting to the collection, storage, processing, and transfer of your Personal Data as described in this Privacy Notice.

This Privacy Notice applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you.

For any questions or concerns, contact us at support@wellowallet.com or through our online form.

1. Our Relationship with You

Your right to privacy and the protection of your personal data is important to us. Wello is committed to the best practices in privacy, and we will only collect data when it’s strictly necessary to provide our services. Wello is a stablecoin-based money transfer platform that enables users to send and save money globally. Wello aims to transform global money transfers, making them cheaper, faster, and easier.

By using Wello’s Services, including visiting our website, downloading and using one of our mobile applications, using our ramp and fiat-related services, interacting on social media, participating in our surveys or user interviews, you acknowledge the use, disclosure, and procedures outlined in this Privacy Notice.

Wello operates through two legal entities. In this regard, the controller of your personal data is the legal entity that determines the “means” and the “purposes” of any processing activities that it carries out.

  • SyberLabs Limited : the Self-Custodial Wallet and Services accessible on the Wello Wallet Mobile Application.
  • BonByte Technology Sp. z o.o.: Primarily responsible for Wello Ramp and fiat-related services including and not limited to payment processing and fiat currency conversion.

The following sections provide further details as to how we process your Personal Data through Wello as Data Controller. This Privacy Notice does not apply to the Personal Data we process as a 'Data Processor' on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the 'Data Controller' responsible for your Personal Data, and we merely process your information on their behalf in accordance with our customer’s instructions. If you want to know more about our customers' privacy practices, you should read their privacy policies and direct any questions you have to them.

2. Collection and Use of Your Personal Data

“Personal Data” is information that may identify an individual or relates to an identifiable individual. This includes information you provide voluntarily to us, information which is collected or created automatically in the natural course of provision of our services, or otherwise when you contact us. Following best practices in privacy such as data minimisation, we endeavour to collect only the amount of Personal Data that is necessary to provide our services to our users.

If you are using our self-custodial wallet services

When you create a Wello account, you will be prompted to create a wallet. As part of this process, we collect and store the public key or public address of the wallet created during account registration. This public key allows us to associate the wallet with your Wello account.

We do not collect, store, or have access to your private key or any other sensitive wallet access information. Your private key is encrypted and stored securely on your device, and you are solely responsible for its retention and security.

This data collection allows us to provide and manage your use of the Self-Custodial Wallet and associated services. It is essential that you back up your private key, as we cannot recover access to your wallet if this information is lost.

All Personal Data that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such Personal Data. 

Below, we present a table that outlines the Personal Data the Services uses and the purposes for processing that information.

If you are using our ramp and fiat-related services

As a user of our ramp and fiat-related services, we’ll ask you to provide us with some additional information about yourself. This information is either required by law to verify your identify and comply with Know your Customer (“KYC’) obligations, necessary to provide the requested ram and fiat-related services. Failure in providing the data required implies that Wello will not be able to offer our Services to you.

Below, we present a table that outlines the Personal Data our Services uses and the purposes for processing that information.

If you are visitor on our website

When you use our website, read our blog, request customer support, participate in our community forum or campaigns, you may provide your Personal Data. Below, we present a table that outlines the Personal Data that our website uses and the purposes for processing that information.

Sign-In Using Third-Party Accounts

We offer you a seamless sign-up and login experience through third-party services, such as Google and Apple. You can easily register or log in to our services using your existing account credentials from these platforms.

When you choose to register or log in using a third-party account, we may access certain profile information from the provider. The specific data we receive can vary depending on the platform, but it typically includes your name, email address, and any other information you have authorized the third-party platforms to share. By continue to use your third-party account to log in, you acknowledge and consent to our access and use of the information provided by the third-party service.

Marketing and Promotional Communications

We may use your email address to send you marketing and promotional newsletters, updates, and offers. This processing is based on your consent, which you can withdraw at any time.

You can easily unsubscribe from our marketing and promotional communications by clicking the "unsubscribe" link in any email we send or by contacting us directly using the details provided in the "Contact Us" section. Please note that withdrawing your consent does not affect the lawfulness of any processing based on consent prior to its withdrawal.

Additionally, you may still receive essential transactional service-related communications, such as those related to your account or necessary administrative messages even if you opt-out from marketing communications.

Biometric Authentication (Face ID & Fingerprint Scan)

We offer optional biometric authentication (such as Face ID or fingerprint recognition) as a secure and convenient method for logging into your account. If you choose to enable biometric authentication, your biometric data is processed directly on your device using its built-in security features on the mobile operating system. You can choose to enable or disable biometric authentication at any time through your device settings or within our app’s security settings. Your biometric authentication information is never transmitted to our servers or any third party.

Personal Data collected automatically from you:

In certain circumstances, we may collect personal data automatically from you when you use our Services, in accordance with applicable laws. This may include device, log, and usage data, which helps us enhance your experience, provide customer support, improve the performance of our sites and services, and safeguard your account by detecting unauthorized access and preventing fraud.

Location Data. We may collect location data, which includes information about your device's location. This data can be either precise or imprecise, depending on your preferences and the settings of your device. The types of location data we collect vary based on the device you use to access our services. For example, we may use GPS and other technologies to collect geolocation data that helps us determine your current location (such as your IP address).

You have the option to opt out of sharing this information with us. You can do so by either refusing access to location data or by disabling the Location setting on your device. Please note that if you choose to opt out, you may not be able to use certain features or aspects of our services that rely on location data.

Device Data. Depending on the device you use, this may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider, mobile carrier, operating system, and system configuration details, language preferences.

Log and Usage Data. When you access or use our services, our servers automatically collect service-related, diagnostic, usage, and performance data, which is recorded in log files. This log data may include your IP address, device information, browser type, settings, and details about your activity within the services (such as timestamps, pages and files viewed, searches performed, and features used). It may also include device event data like system activity, error reports (such as "crash dumps"), and hardware settings.

Our legal basis for processing this data is our legitimate interest in improving our services, ensuring the security of our services, and maintaining a safe environment for our users, including fraud monitoring and prevention.

Aggregated and Anonymized Data

We also use aggregated or anonymized data to improve our Services. This involves analyzing general usage trends, gathering feedback, and conducting research without identifying individual users. For example, we may create overall usage reports for specific regions without containing Personal Data.

We will not use your Personal Data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest to do so.

3. How We Share Your Data

Information about our customer is an important part of our business and we are not in the business of selling our customer’s Personal Data to others. We may transfer personal data to our service providers or third parties in connection with Wello’s operation of its business, as certain features on Wello rely on various third-party products and services (collectively “Third Party Services”), such as processing of KYC verification, payment processing, cloud storage, analytics and improvement of website-related services and features, and performance of maintenance services. 

Third-party service provider only must process the Personal Data in accordance with our contractual agreements and only as permitted by applicable data protections laws. 

We may also share Personal Data with the following persons or in the following circumstances:

  • Affiliates: Personal data that we process and collect may be transferred between companies, Services, and employees affiliated with us (collectively, our “Affiliates”) as a normal part of conducting business and offering our Services.
  • Business transfers: As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the user consents otherwise). Also, in the unlikely event that Wello or substantially all of its assets are acquired, users' information will be one of the transferred assets.
  • Legal Authorities: We may be required by law or by Court to disclose certain information which might cover Personal Data or any engagement we may have to relevant regulatory, law enforcement and/or other competent authorities. We will disclose Personal Data to legal authorities to the extent we are obliged to do so according to the law. We may also need to disclose Personal Data in order to enforce or apply our legal rights or to prevent fraud.
  • Protection of Us and Others: We will share Personal Data outside of Wello if we have a reasonable belief that access, use, preservation, or disclosure of the information is reasonably necessary to comply with any applicable law, regulation, legal process, or enforceable governmental request; to cooperate with law enforcement; to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of Wello, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction, and with regulatory agencies and law enforcement to comply with lawful requests.

Our services may enable you to connect with various third-party services, decentralized applications, and other external platforms (referred to as "Third Party Platforms"). These Third Party Platforms acts as independent data controller and processing of your personal data will be subject to their privacy notice and policy. If you choose to interact with these Third Party Platforms, your Personal Data including your wallet address or payment card information may be disclosed to those Third Party Platforms. This Privacy Notice does not cover the privacy practices of these Third Party Platforms, including any websites linked through our services. A link to a third-party site does not imply endorsement by us or our affiliates. Your use of these Third Party Platforms and their handling of your Personal Data will be governed by their respective terms and privacy policies, and not by this Privacy Notice.

5. International Transfers of Personal Data

We maintain servers in Frankfurt and Singapore, and your information may be processed on servers located outside of your country of residence. Additionally, we may transfer your personal data to our Affiliates, third-party partners, and service providers located in various countries around the world.

In instances where we process your personal data on servers outside your country or transfer it to third countries or international organizations beyond your country of residence, we implement appropriate technical, organizational, and contractual safeguards to ensure that your personal data remains protected. This includes, but is not limited to, the use of Standard Contractual Clauses. These measures ensure that any such transfers comply with applicable data protection laws and maintain an adequate level of protection for your personal data as outlined in this Notice.

6. Data Security

We recognize that information security is a crucial component of data privacy. We are committed to making sure your information is protected in accordance with applicable laws and our data privacy policies. Although no data transmission, including over the Internet or through any website, can be guaranteed to be entirely secure, we employ a range of commercially reasonable physical, technical, and procedural measures to protect personal data from unauthorized access, use, disclosure, alteration, or destruction.

The information you provide to us is stored on secure servers managed by us or our trusted service providers. Access to and use of this information are governed by our internal security policies and standards, or those agreed upon with our service providers, all in alignment with industry best practices.

To further protect your information, it is important that you safeguard your account password. We recommend using a unique password for your account that is not used for other online accounts and ensuring that you sign off when you have finished using our services.

We use industry-standard security measures to protect your data, including but not limited to:

  • Encryption: All sensitive data is encrypted both in transit (TLS 1.2/1.3) and at rest (AES-256).
  • Tokenization: Payment details are replaced with secure tokens to ensure sensitive data is never exposed.
  • Access Controls: Strict access policies limit data access to authorized personnel only.
  • Regular Audits: We conduct regular security assessments and comply with PCI-DSS standards to maintain a secure environment.
  • In certain cases, we may share your data with trusted third-party providers, such as payment processors or fraud prevention services, to facilitate transactions. However, we ensure that all third parties adhere to stringent data protection standards, safeguarding your privacy.

7. Data Retention

We keep your Personal Data to enable your continued use of our services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice as may be required by law such as for tax and accounting purposes, compliance with Anti-Money Laundering laws, or to resolve disputes and/or legal claims or as otherwise communicated to you. 

When we have no ongoing legitimate business or legal requirement to retain your Personal Data, we will either delete or anonymise such information, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

8. What Privacy Rights Do You Have?

Subject to applicable law, as outlined below, you have a number of rights in relation to your privacy and the protection of your Personal Data. These rights may be limited in some situations - for example, where we can demonstrate we have a legal requirement to process your Personal Data.

  • Right to access: you have the right to obtain a copy of the Personal Data that we hold about you as well as certain information related to its processing.
  • Right to correct: you can request the rectification of your Personal Data which are inaccurate, and also add to it. You can also change your Personal Data in your account at any time.
  • Request to erase your personal data: you may request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes for which it was collected. Please note that personal data may still need to be retained for compliance with applicable legal obligations.
  • Right to object: you can object, for reasons relating to your situation, to the processing of your personal data. For instance, you have the right to object where we rely on legitimate interest or where we process your data for direct marketing purposes.
  • Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your personal data by us, provided there are valid grounds for doing so. We may continue to process your personal data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
  • Right to withdraw your consent: You have the right to withdraw your consent and request us to stop collecting, using or and/or disclosing your personal data for any or all of the purposes listed above at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter. Please note that we will respond to such withdrawal request within ten (10) business days; 
  • Right to portability: You can also request us to provide your information in a structured way so you can send it to another service provider.

Privacy Rights in Your Account Settings

You can easily access, review, and update the information associated with your account at any time by logging into your account settings. If you wish to terminate your account, you can do so directly through the same settings.

Upon your request of account termination, we will deactivate or delete your account and Personal Data from our active databases. However, please note that we may retain certain information after our business relationship with you ends for purposes such as fraud prevention, investigations, enforcing legal terms, or complying with applicable legal obligations.

Submit Request via Email or Online form

Alternatively, to exercise your rights, you can contact us via email at support@wellowallet.com or submit a request using our online form.

We will respond to as quickly as possible. If we are unable to respond within 30 days, we will inform you in writing of the timeline for our response. If we cannot fulfill your request, we will explain the reasons (unless prohibited by applicable laws).

If you have any questions or concerns about how we collect and process your Personal Data, or if you wish to withdraw your consent for any processing, please contact us. Where we act as a processor, you should contact the data controller, your service provider, to exercise any of your rights.directly to exercise your rights.

9. Children

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that Personal Data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any Personal Data we may have collected from children under age 18, please contact us using the contact information below.

10. Contact Information

Our support team is available to direct any questions related to your Personal Data. You can contact us at support@wellowallet.com or through our online form, and we will ensure your inquiry reaches the appropriate team to address any concerns regarding the collection and processing of your Personal Data.

10. Conditions of Use, Notices and Revisions

If you choose to use our Services, your use and any dispute over privacy is subject to this Privacy Notice and our Terms of Use. If you have any concerns about privacy at Wello, please contact us with a thorough description, and we will try to resolve it. You also have the right to contact your local Data Protection Authority.

We reserve the right to update and revise this Notice at any time. We occasionally review this Privacy Notice to make sure it complies with applicable laws and conforms to changes in our business. If we do revise this Privacy Notice, we will update the “Last Updated” date at the beginning of this Notice so that you can tell if it has changed since your last visit and will do our best to notify you. 

Please review this Privacy Notice regularly to ensure that you are aware of its terms. Your continued use of our Services after an amendment to our Privacy Notice constitutes your acceptance to the revised or amended terms.