Privacy Policy
Effective:
Last reviewed and updated:
Introduction
Stabyl Inc. and its affiliate companies (together "Stabyl," "we," "us," or "our") are committed to protecting and respecting your privacy. When you sign up for, access, or use the Stabyl platform at www.stabyl.com, our APIs, or any related applications (collectively, the "Services"), you accept and consent to the practices described in this Privacy Policy.
We take the processing of your information seriously and will use it strictly in the manner described herein. For the purposes of this Privacy Policy, "information" refers to any confidential and/or personally identifiable data related to users of the Stabyl Services, including institutional clients, API integrators, and individual representatives.
This Privacy Policy, our Terms and Conditions, our Data Policy, and any other documents referenced herein outline the basis on which any personal data we collect from you, or that you provide to us, will be processed and used. Please read these carefully to understand our procedures and practices regarding your personal data. Your information will not be sold or rented to third parties for marketing purposes without your prior consent. In our pursuit of better service and enhanced quality, we may under limited circumstances share necessary information with third parties and partners under strict conditions.
In one minute: what you need to know
Your question | Our answer |
|---|---|
What data do you collect? | Name, contact details, ID documents, wallet addresses, transaction history, business info, and technical data like IP address. |
Why? | To verify your identity, process stablecoin transactions, prevent fraud, and comply with laws (AML, sanctions, tax). |
Do you sell my data? | No. Never. |
Do you share my data? | Only with service providers (identity verification, banking partners, analytics) and regulators when required by law. |
Where is my data stored? | Mostly in the US, but we use safeguards for international transfers. |
How long do you keep it? | Typically, 5 years after account closure (AML requirements). |
Can I delete my data? | Yes, but legal obligations may override deletion in some cases. |
How do I make a privacy request? | Email team@stabyl.com with subject “Privacy Request”. |
What information do we collect
We collect only what we need to serve you and follow the law.
Identity & contact
Your name, business name, email, phone, and physical address.
Verification (KYC)
Government ID (passport, driver's license), corporate documents, proof of address (utility bill, bank statement).
Financial & transaction
Bank account numbers, wallet addresses, transaction history, settlement records.
Business information
Legal entity name, registration number, beneficial owners, and authorised signatories.
Technical & usage
IP address, browser type, device fingerprints, click data, timestamps, and error logs.
Cookies & tracking
We use cookies for security, analytics, and functionality. You can opt out of non-essential cookies via our Cookie Settings tool.
Sensitive information
We do not collect biometric, health, genetic, or precise location data unless required by law (with your explicit consent).
Information from third parties
We may receive data from identity verification providers, sanctions databases, banking partners, and blockchain analytics firms.
How we collect it
Directly from you: registration forms, KYC uploads, support tickets, emails.
Automatically: via cookies, server logs, and device fingerprints.
Via API: if you connect your systems to ours.
From third parties: verification services, financial partners, regulatory databases.
Why we use your data (legal basis)
We rely on four legal grounds depending on the activity:
Basis | Meaning | Example |
|---|---|---|
Contract | Needed to provide our service | Creating your account, processing a transaction |
Legal obligation | Required by law | AML checks, sanctions screening, tax reporting |
Legitimate interest | Our business need, balanced against your rights | Fraud prevention, security monitoring, service improvement |
Consent | You gave us permission | Marketing emails (not service-related), non-essential cookies |
We do not sell your personal information.
How we use your information
To create and manage your account
To verify your identity (KYC) and screen for sanctions
To process stablecoin and fiat transactions
To detect and prevent fraud, money laundering, or terrorist financing
To improve our services and fix technical issues
To send you transaction notifications and service updates
To comply with court orders, subpoenas, and regulatory requests
To monitor security and investigate suspicious activity
When we share your information
We do not sell your data. We share it only in these specific situations:
With our service providers
Companies that help us run our service: payment processors, identity verification, cloud hosting, fraud detection, and customer support platforms. They can only use your data for the specific task we hire them for.
With your counterparties
When you transact with another user, we may share your name and business details. We do not share your wallet addresses or bank account numbers unless required by law.
With API partners (if you authorise it)
If you connect a third-party platform to your Stabyl account via our API, we share only what you allow. You can revoke access anytime.
With regulators and law enforcement
When required by law, court order, or to investigate illegal activity (fraud, sanctions violations, money laundering).
In a business sale
If Stabyl is acquired or merged, your data may transfer to the new owner. We'll notify you first.
Where does your data go (international transfers)?
Stabyl Inc. is based in the United States. Your data may be stored or processed in countries other than where you live, including the US.
For UK and Nigerian users: We use standard contractual clauses and safeguards approved by the UK ICO and Nigeria NDPC.
For Canadian users: Your data may be accessed by service providers outside Canada (including the US) and may be subject to foreign laws.
By using our services, you consent to this international transfer.
How we protect your data?
We take security seriously:
Encryption: TLS for data in transit, AES-256 for data at rest
Access controls: Only employees who need your data can see it
Monitoring: Intrusion detection, vulnerability scans, penetration tests
Incident response: We have a written plan and test it regularly
But no system is 100% secure. You share data at your own risk.
If there's a breach
We will notify:
UK: ICO within 72 hours + affected users
Nigeria: NDPC + affected users
Canada: OPC + affected users if risk of significant harm
US: Applicable state laws
How long do we keep your data?
We keep your data only as long as needed for legal or business reasons.
Jurisdiction | Retention period |
|---|---|
Nigeria | 5 years after account closure |
United Kingdom | 5 years after the business relationship ends |
United States | 5–7 years (varies by state) |
Canada | 5 years after the relationship ends |
After that, we delete or anonymise your data.
Cookies & tracking
We use cookies for:
Strictly necessary – security, fraud prevention (cannot be disabled)
Performance & analytics – how you use our site (you can opt out)
Functionality – remembering your preferences (opt out available)
Marketing – only with your explicit consent
Manage cookies: Use our Cookie Settings tool (website footer) or your browser settings.
Cookies & tracking
Our services are not for anyone under 18. We do not knowingly collect data from minors. If we discover we have, we will delete it immediately. Please contact us if you believe a minor has signed up.
Your privacy rights (by country)
Depending on where you live, you may have the following rights:
Right | What it means |
|---|---|
Access | Ask what data we hold about you |
Correction | Fix inaccurate or incomplete data |
Deletion | Ask us to delete your data (exceptions apply for legal obligations) |
Restriction | Limit how we use your data (UK, Nigeria) |
Portability | Get a copy of your data in a machine-readable format |
Objection | Object to processing based on our legitimate interests (UK, Nigeria, Canada) |
Opt-out of sale | Not applicable – we don't sell data. California residents have this right. |
Withdraw consent | Anytime, without affecting past lawful processing |
Appeal | If we refuse your request (UK, Nigeria) |
Our services are not for anyone under 18. We do not knowingly collect data from minors. If we discover we have, we will delete it immediately. Please contact us if you believe a minor has signed up.
How to exercise your rights
Email: team@staybl.com with subject line "Privacy Request"
Post:
Stabyl Inc.: Privacy Team
131 Continental Dr, Suite 305
Newark, Delaware 19713
United States
If there's a breach
We will verify your identity (may ask for ID). Then we respond within:
UK / Nigeria: 1 month (may extend to 3 months for complex requests)
Canada: 30 days (may extend by 30 more)
California: 45 days (may extend by 45 more)
No fee unless your request is repetitive or excessive.
Changes to this policy
We may update this policy.
Material changes (new data uses, expanded sharing) – we will email you 30 days in advance.
Minor changes (clarifications, typos) – we update the "Last Reviewed" date.
Continued use after changes means you accept them.
Legal details
This policy, together with our Terms & Conditions, is the full agreement about how we handle your data.
If any part of this policy is found invalid, the rest remains in effect.
Contact us
General privacy questions or requests:
Email: team@stabyl.com
Post:
Stabyl Inc. – Privacy Team
131 Continental Dr, Suite 305
Newark, Delaware 19713
United States