Privacy Policy
Start

Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) explains how Dasbanq Inc. and GAMOLITE Consultoría Empresarial y Financiera S.R.L. (collectively, “we,” “us,” or “the Company”) collect, process, use, store, and share personal data when you visit https://dasbanq.com (the “Website”) or use our financial and virtual asset bridging services (the “Services”).

Please read this Policy carefully. By using the Website or Services, you acknowledge that you have read and understood this Policy and agree to the processing of your personal data as described herein.

1.1 Data Controllers

The data controllers responsible for your personal data are:

  • Dasbanq Inc., a corporation incorporated under the laws of the State of Wyoming, United States, responsible for website operations, platform technology, and general user data.
  • GAMOLITE ConsultorĂ­a Empresarial y Financiera S.R.L., a company registered in Bolivia and licensed with the Unidad de Investigaciones Financieras (UIF) of Bolivia as a Proveedor de Servicios de Activos Virtuales (PSAV), responsible for all client onboarding, KYB/AML/CFT data processing, transaction data, and regulatory data.

For data processed in connection with regulated financial services and AML/CFT compliance, GAMOLITE is the primary data controller. For data processed in connection with Website usage, analytics, and marketing, Dasbanq Inc. is the data controller.

1.2 Contact for Privacy Matters

For questions about this Policy or to exercise your data rights, contact us at:

  • Email: privacy@dasbanq.com
  • Address: GAMOLITE ConsultorĂ­a Empresarial y Financiera S.R.L., Manzana 40, Office 1405, Santa Cruz de la Sierra, Bolivia

2. Definitions

”AML/CFT” means anti-money laundering and countering the financing of terrorism.

”Beneficial Owner” or “UBO” means a natural person who ultimately owns or controls a Client entity at the applicable ownership threshold (25% standard; 10% for high-risk clients).

”Biometric Data” means personal data resulting from specific technical processing relating to physical, physiological, or behavioral characteristics that allows or confirms unique identification, including facial recognition and liveness check data.

”Blockchain Analytics Data” means data derived from screening virtual asset wallet addresses and transaction histories, including risk scores, cluster data, and exposure flags.

”Client” means a business entity onboarded to use GAMOLITE's Services.

”Digital Onboarding Record” means the complete electronic compliance file for a Client, containing KYB documents, UBO data, screening results, and approval records.

”GDPR” means the General Data Protection Regulation (EU) 2016/679.

”KYB” means Know Your Business — the client identification and verification process.

”Personal Data” has the meaning given in the GDPR: any information relating to an identified or identifiable natural person.

”Processing” has the meaning given in the GDPR.

”ROS” means Reporte de Operación Sospechosa — a suspicious activity report filed with UIF Bolivia.

”SAR” means Suspicious Activity Report filed with FinCEN (United States).

”Travel Rule Data” means originator and beneficiary information collected and transmitted for virtual asset transfers at or above USD 1,000 pursuant to FATF Recommendation 16.

”UIF” means the Unidad de Investigaciones Financieras of Bolivia.

3. Legal Bases for Processing Personal Data

We process personal data on the following legal bases:

Legal BasisDescriptionExamples of Processing
Legal ObligationProcessing required to comply with applicable law, including Bolivia Law No. 170, UIF Administrative Resolution 019/2025, the U.S. Bank Secrecy Act, FATF Recommendations, OFAC sanctions regulations, and Supreme Decree No. 5384.KYB identity verification; UBO identification; sanctions screening; blockchain analytics screening; Travel Rule data collection; ROS/SAR filing; 10-year record retention; regulatory reporting.
Contract PerformanceProcessing necessary to perform our contract with you or to take steps at your request prior to entering into a contract.Account creation; transaction processing; customer support; fee billing.
Legitimate InterestsProcessing necessary for our legitimate interests where not overridden by your rights.Fraud prevention; security monitoring; platform improvement; risk management.
ConsentProcessing based on your freely given, specific, informed, and unambiguous consent.Marketing communications; optional analytics cookies; social media integrations.

Where processing is based on legal obligation (including all AML/CFT and regulatory compliance processing), you do not have the right to withdraw consent or object to such processing. These obligations are mandated by law and cannot be waived by either party.

4. Categories of Personal Data We Collect

4.1 Website Usage Data

When you visit the Website, we automatically collect:

  • IP address and approximate geographic location
  • Device type, operating system, browser type and version
  • Pages visited, time spent, referring URL
  • Session identifiers and cookie data

4.2 Account and Registration Data

When you register or contact us, we collect:

  • Full name, business name, email address, telephone number
  • Login credentials (password stored in hashed form only)
  • Communication records (emails, support tickets, contact form submissions)

4.3 KYB/AML Compliance Data (Mandatory — Legal Obligation)

As a regulated PSAV under Bolivian law, GAMOLITE is required by law to collect and retain the following data for all Clients and their Beneficial Owners. This data cannot be refused without disqualifying you from using the Services:

  • Full legal name (entity and all UBOs), trading names, and aliases
  • Registered address, principal place of business, and all operating addresses
  • Incorporation/formation documents and fiscal identification numbers
  • Identity documents for all UBOs: passport, national identity card, or equivalent government-issued photo ID
  • Beneficial ownership structure: percentage holdings, control relationships, organizational chart to level of natural persons
  • Source of funds declaration and supporting documentation (bank statements, audited financials, tax returns)
  • Trade documentation (invoices, bills of lading, supplier contracts, proof of delivery)
  • Power of Attorney documentation for each identified UBO
  • Sanctions screening results with timestamps (OFAC SDN, PEP databases, adverse media)
  • Risk classification (Low / Medium / High) and rationale
  • All compliance approvals, exceptions, and escalation records

4.4 Biometric and Liveness Check Data

For Clients using the 72-hour fast-track provisional onboarding process, GAMOLITE collects Biometric Data for identity verification purposes via a liveness check conducted using Persona or equivalent biometric verification technology. This includes:

  • A real-time facial image captured during the Zoom video interview
  • A biometric comparison result confirming or denying match with the submitted government-issued ID photo
  • A Persona verification session ID and timestamp
  • Result: PASS or FAIL

Biometric Data is processed solely for identity verification purposes and is not used for any other purpose. Biometric Data is retained for the duration of the client relationship and for 10 years thereafter in accordance with our regulatory retention obligations.

4.5 Transaction Data

For each transaction, we collect and retain:

  • Originator identity (Client name, account details, wallet address if applicable)
  • Beneficiary identity and wallet address or bank account details
  • Transaction amount, currency, asset type (USDC/USDT), and blockchain network
  • Transaction timestamp, reference number, and blockchain transaction hash
  • Blockchain analytics risk score and screening result
  • Sanctions screening result at time of transaction
  • Travel Rule data (originator and beneficiary information for transfers at or above USD 1,000)
  • Any holds, blocks, alerts, or exceptions applied to the transaction

4.6 Blockchain Analytics Data

GAMOLITE screens all virtual asset wallets using Chainalysis KYT or Elliptic blockchain analytics tools. This generates:

  • Wallet risk score (0–10 scale)
  • Exposure categories (e.g., sanctions exposure, dark market, mixer/tumbler activity)
  • Historical transaction cluster data
  • Wallet ownership attribution (where determinable)

Blockchain analytics data is processed as a legal obligation under GAMOLITE's AML/CFT compliance program and is shared with regulatory authorities upon request.

4.7 Travel Rule Data

For virtual asset transfers at or above USD 1,000, GAMOLITE collects and transmits originator and beneficiary information pursuant to FATF Recommendation 16 (revised June 2025). This data includes names, account identifiers, wallet addresses, and jurisdictional information. Travel Rule data is transmitted to counterparty VASPs and is retained for 10 years.

4.8 Site Visit Report (SVR) Data

For high-risk clients, GAMOLITE's compliance officers conduct physical site visits. SVR records include:

  • Photographs of the business premises with GPS coordinates and date/time metadata
  • Observations of business activity, staff presence, and operational evidence
  • Compliance officer notes and risk assessment
  • Any UBO information verified or updated during the visit

5. How We Collect Personal Data

We collect personal data through the following means:

  • Directly from you: during KYB onboarding, via document uploads, digital onboarding records, account registration, and communications with our team.
  • During video interviews: Zoom calls conducted for onboarding and compliance verification, including liveness check sessions.
  • Automatically: via cookies, server logs, and analytics tools when you visit the Website.
  • From third-party verification services: identity verification results from Persona; sanctions and adverse media screening results from ComplyAdvantage; blockchain analytics results from Chainalysis or Elliptic.
  • From public sources: corporate registries, beneficial ownership registers, government databases, publicly available sanctions and PEP lists.
  • From blockchain networks: publicly recorded transaction data on Ethereum and TRON blockchains.

6. Automated Decision-Making

GAMOLITE uses automated systems in the following contexts:

  • Blockchain Analytics Hard Gate: Wallets with a risk score of 7.0/10 or above are automatically blocked without human intervention at the transaction level. This is a legally mandated control under GAMOLITE's AML/CFT program. The CCO reviews and documents any exception.
  • Sanctions Screening: Automated screening against OFAC SDN, consolidated sanctions lists, and PEP databases occurs for every transaction. Confirmed matches result in automatic transaction block or account freeze.
  • Value-Based Alert Generation: Alerts are automatically generated when transactions exceed risk-tier thresholds (USD 10,000 for high-risk clients; USD 50,000 for low-risk clients). These alerts route to compliance analysts for human review.

Where automated decisions have legal or similarly significant effects on you (such as a transaction block or account freeze), the decision is reviewed by a human compliance officer. You may request a review of such a decision by contacting compliance@dasbanq.com. However, where the decision is the result of a confirmed sanctions match or mandatory AML/CFT control, GAMOLITE's ability to reverse the decision may be constrained by law.

7. Cookies

7.1 What Are Cookies

Cookies are small data files stored on your device by a website. We use session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted). We use first-party cookies (set by us) and third-party cookies (set by service providers).

7.2 Types of Cookies We Use

Cookie TypePurposeCan Be Disabled
Essential CookiesRequired to operate the Website and provide requested services (e.g., login sessions, secure area access). Cannot be disabled without affecting core functionality.No
Functionality CookiesRemember your preferences, language settings, and login details to provide a personalized experience.Yes (via browser settings)
Analytics and Performance CookiesCollect anonymized data about Website traffic and usage patterns using Google Analytics. Used to improve Website performance. No individual user identification.Yes (via browser settings or Google opt-out plugin)
Targeted and Advertising CookiesTrack browsing behavior to serve relevant advertisements via third-party advertising networks.Yes (via youronlinechoices.com)
Social Media CookiesActivated when you use social sharing buttons or interact with social media content embedded on the Website.Yes (via social media account settings)

7.3 Disabling Cookies

You can disable non-essential cookies via your browser settings or the opt-out links above. Disabling essential cookies will affect the functionality of the Website. You can opt out of Google Analytics by installing the browser plugin at http://tools.google.com/dlpage/gaoptout

8. How We Use Your Personal Data

We use personal data for the following purposes:

  • Providing and managing the Services, including account activation, transaction processing, and customer support.
  • Fulfilling KYB/AML/CFT obligations: identity verification, beneficial ownership identification, sanctions screening, blockchain analytics, Travel Rule compliance, ROS and SAR filing, and regulatory reporting to UIF Bolivia and FinCEN.
  • Biometric identity verification (fast-track onboarding): confirming live identity against submitted ID documents.
  • Ongoing transaction monitoring: detecting suspicious activity, structuring, sanctions exposure, and AML/CFT risk indicators.
  • Site Visit Report documentation: recording physical verification of business premises and activity.
  • Risk assessment and management: classifying client and transaction risk; adjusting controls proportionately.
  • Security: protecting the Website and Services from fraud, unauthorized access, and abuse.
  • Legal compliance: responding to lawful requests from regulators, law enforcement, and courts.
  • Communications: sending transaction confirmations, compliance notifications, security alerts, and service updates.
  • Marketing (consent-based): sending promotional communications where you have consented. You may opt out at any time via the unsubscribe link in any marketing email.
  • Analytics: improving Website performance and user experience using anonymized usage data.

9. Sharing and Disclosure of Personal Data

9.1 General Principle — Confidentiality

All personal data you provide — including data concerning your business, transactions, clients, and beneficial owners — is treated as strictly confidential. We do not sell, rent, or share your personal data with third parties for their own commercial, marketing, or profiling purposes.

9.2 Mandatory Regulatory Disclosures

GAMOLITE is required by law to disclose personal data to the following authorities without your consent and, in certain circumstances, without notifying you:

  • Unidad de Investigaciones Financieras (UIF) Bolivia: ROS filings (within 48 hours of suspicion), beneficial ownership information, transaction records, and any information requested pursuant to Bolivia Law No. 170 and UIF Administrative Resolution 019/2025.
  • FinCEN (U.S. Financial Crimes Enforcement Network): SAR filings (within 30 days of suspicion) and any information requested pursuant to the U.S. Bank Secrecy Act.
  • OFAC (U.S. Office of Foreign Assets Control): Reports of confirmed sanctions hits, asset freeze notifications, and information requested in connection with OFAC licensing or enforcement.
  • Law enforcement agencies: Information disclosed pursuant to a valid court order, subpoena, search warrant, or other lawful process.
  • ASFI (Autoridad de SupervisiĂłn del Sistema Financiero): Information provided in connection with regulatory examinations or supervision of virtual asset activities.

GAMOLITE is prohibited by law (Bolivia Law No. 170, Article [tipping-off provision], and equivalent U.S. law) from informing you that a ROS or SAR has been filed, that you are the subject of a financial intelligence inquiry, or that information about you has been disclosed to a regulatory or law enforcement authority. This prohibition is absolute.

9.3 Third-Party Service Providers (Data Processors)

We share personal data with the following categories of third-party service providers who process data on our behalf:

Provider CategoryProvider / ToolData SharedPurpose
Identity VerificationPersonaGovernment ID photo, facial biometric, liveness check resultKYB identity verification; fast-track liveness check
Blockchain AnalyticsChainalysis KYTWallet addresses, transaction hashes, blockchain dataAML/CFT wallet risk scoring; automated hard gate
Sanctions & AML ScreeningComplyAdvantageClient names, UBO names, entity identifiersOFAC, PEP, and adverse media screening
VASP Rail PartnersBridge, 1Money, Rail, ConduitTravel Rule data (originator/beneficiary)Transaction execution; Travel Rule transmission
Banking PartnersDiameter Pay, SSB Bank, Portage Bank, Erebor BankOriginator/beneficiary name, account details, transaction amountFiat processing; wire transmission
Wallet InfrastructurePrivyWallet addresses, transaction dataMPC wallet management
Cloud HostingAWS (Amazon Web Services)All client and transaction dataSecure, immutable data storage with 10-year retention
AnalyticsGoogle AnalyticsAnonymized website usage dataWebsite performance improvement

All data processors are contractually bound to process data solely under GAMOLITE's instructions, in compliance with applicable data protection law, and to maintain adequate security and confidentiality. They may not use your data for their own independent purposes.

9.4 Travel Rule Counterparty VASPs

For virtual asset transfers at or above USD 1,000, originator and beneficiary information is transmitted to the counterparty VASP pursuant to FATF Recommendation 16. This is a mandatory legal requirement and does not constitute a sale or unauthorized disclosure of your data.

9.5 International Transfers

Your personal data may be transferred to and processed in countries outside Bolivia, the European Economic Area (EEA), the United Kingdom, or Brazil. Where such transfers occur, we ensure appropriate safeguards are in place, including: Standard Contractual Clauses (SCCs) approved by the European Commission; adequacy decisions; or equivalent mechanisms recognized by the UK Information Commissioner's Office (ICO) and Brazil's National Data Protection Authority (ANPD). Data stored on AWS is subject to AWS's data processing agreement and applicable transfer mechanisms.

10. Data Retention

10.1 Regulatory Retention Period — 10 Years

GAMOLITE is required by Bolivia Law No. 170, UIF Administrative Resolution 019/2025, and the U.S. Bank Secrecy Act to retain all AML/CFT records for a minimum of 10 years from the date of the transaction or the end of the client relationship, whichever is later. This retention obligation is mandatory and cannot be reduced or waived upon client request, even after account closure.

The following records are retained for 10 years:

  • Complete KYB/KYB documentation (identity documents, UBO records, beneficial ownership structure)
  • Biometric and liveness check data
  • All transaction records (originator, beneficiary, amount, asset, blockchain hash, timestamp)
  • Sanctions screening and blockchain analytics results
  • Travel Rule data (all originator and beneficiary information transmitted)
  • SVR photographs, notes, and compliance officer assessments
  • Digital Onboarding Records (all versions)
  • ROS and SAR workpapers and filing records
  • Compliance Exception Register entries
  • Compliance Committee meeting minutes

10.2 Website and Marketing Data

Website usage data is retained for 26 months (Google Analytics default). Marketing opt-in records are retained until you opt out plus 3 years for dispute resolution purposes. Account registration data is retained for the duration of your relationship with us plus 7 years.

10.3 Legal Hold

Data subject to a legal hold (litigation, regulatory investigation, or law enforcement request) is retained for the duration of the hold regardless of standard retention schedules. Only the CCO and CTO have authorization to delete data stored on AWS.

11. Data Security

GAMOLITE implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • AWS cloud storage with immutable audit trail configuration — data cannot be altered or deleted without CCO and CTO dual authorization
  • Role-based access controls limiting access to personal data to authorized personnel with a need-to-know
  • TLS encryption for all data in transit
  • MPC (Multi-Party Computation) key management for wallet infrastructure via Privy
  • Mandatory AML/CFT training for all staff with access to client data
  • Annual independent external security review

No data transmission over the internet or method of electronic storage is 100% secure. If you have reason to believe your account security has been compromised, please notify us immediately at security@dasbanq.com.

12. Your Data Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

12.1 Right to Access

You may request a copy of the personal data we hold about you. We will respond within one month. Note: data held under legal obligation (KYB records, ROS/SAR workpapers) may be subject to restrictions on disclosure.

12.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data. For AML/CFT records, corrections may be made only where they reflect genuine factual inaccuracies and do not compromise the integrity of the compliance record.

12.3 Right to Erasure

You may request erasure of personal data where it is no longer necessary for the purpose for which it was collected, where consent has been withdrawn, or where processing was unlawful. The right to erasure does not apply to data we are required to retain under legal obligation, including all AML/CFT records subject to 10-year retention.

12.4 Right to Data Portability

You may request your personal data in a structured, commonly used, machine-readable format. This right applies to data you provided directly and that we process on the basis of consent or contract.

12.5 Right to Object

You may object to processing based on legitimate interests. You may not object to processing based on legal obligation, including AML/CFT compliance processing.

12.6 Right to Restrict Processing

You may request restriction of processing in certain circumstances (e.g., while accuracy is contested). This right does not apply to legally mandated processing.

12.7 Right to Opt Out of Marketing

You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by contacting privacy@dasbanq.com. Opting out of marketing does not affect service communications or compliance-related communications.

12.8 Bolivia-Specific Rights

Clients based in Bolivia have additional rights under Bolivia Law No. 164 (Ley General de Telecomunicaciones, TecnologĂ­as de InformaciĂłn y ComunicaciĂłn). Requests under Bolivian data protection law may be directed to privacy@dasbanq.com or, in the case of unresolved disputes, to AGETIC (Agencia de Gobierno ElectrĂłnico y TecnologĂ­as de InformaciĂłn y ComunicaciĂłn).

To exercise any of your rights, please contact privacy@dasbanq.com, stating clearly: (a) the right you wish to exercise, and (b) the personal data to which your request relates. We may require identity verification before processing your request.

13. Advertising

We may engage third-party advertising networks to serve advertisements on the Website. These networks may collect information about your browsing behavior using tracking technologies, including cookies, to serve you advertisements relevant to your interests. You can opt out of interest-based advertising by visiting http://www.youronlinechoices.com/uk/your-ad-choices. Note that opting out does not mean you will stop seeing ads — it means the ads you see will be less targeted to your interests.

14. Policy on Children

The Website and Services are not directed at individuals under the age of 18, and GAMOLITE's services are available to business entities only. We do not knowingly collect personal data from minors. If you believe that a minor has submitted personal data to us, please contact privacy@dasbanq.com and we will promptly delete such data.

15. Third-Party Websites

The Website may contain links to third-party websites, applications, and platforms. This Policy does not cover the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party site you visit. We are not responsible for the content, privacy practices, or data handling of third-party sites.

16. User-Generated Content

If you submit feedback, comments, or other content to the Website, such content may be publicly visible. We recommend that you do not include personal data in any publicly posted content. Any personal data included in user-submitted content will be handled in accordance with this Policy.

17. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or legal obligations. We will provide notice of material changes via email (if you have an account with us) or via a prominent notice on the Website at least 14 days before the change takes effect. Your continued use of the Website or Services after the effective date constitutes acceptance of the updated Policy.

The version history of this Policy is available at https://dasbanq.com/en/privacy. The current version is v2.0, effective April 16, 2026.

18. Complaints

If you have a complaint about our data processing practices, please contact us at privacy@dasbanq.com. We will acknowledge your complaint within 5 business days and endeavor to resolve it within 30 calendar days.

If your complaint is not resolved to your satisfaction, you may contact:

  • In Bolivia: AGETIC (Agencia de Gobierno ElectrĂłnico y TecnologĂ­as de InformaciĂłn y ComunicaciĂłn), the Bolivian data protection authority.
  • In the European Union: your local Data Protection Supervisory Authority (for EEA residents).
  • In the United Kingdom: the Information Commissioner's Office (ICO) at ico.org.uk.
  • In Brazil: the Autoridade Nacional de Proteção de Dados (ANPD).
  • For AML/CFT-related complaints about GAMOLITE's regulated activities in Bolivia: UIF Bolivia.

19. Contact Information

Dasbanq Inc. — General and Website privacy matters:

  • Email: privacy@dasbanq.com
  • Website: https://dasbanq.com

GAMOLITE Consultoría Empresarial y Financiera S.R.L. — Regulated services, AML/CFT data, and Bolivia-specific inquiries:

  • Address: Manzana 40, Office 1405, Santa Cruz de la Sierra, Bolivia
  • Compliance email: compliance@dasbanq.com
  • Privacy email: privacy@dasbanq.com