← EurosiaPay

Privacy Policy

How we collect, process, and protect your data — under GDPR and MiCA.

Effective 1 January 2026 · Last reviewed June 2026

1. Data controller

The data controller is Eurosia Systems OÜ, registered in Estonia, registry no. 16523847.

Data Protection Officer: info@eurosiapay.com.

2. What data we collect

  • Identity data: name, date of birth, nationality, government ID, selfie/liveness for KYC.
  • Contact data: email, phone, residential address.
  • Transactional data: deposits, withdrawals, payments, merchant details, blockchain transaction hashes.
  • Device & usage data: IP address, device identifiers, operating system, in-app activity for fraud and security.
  • Communications: support tickets, chat logs, recorded calls (where permitted).

3. Why we process it

  • To create and operate your EurosiaPay account.
  • To comply with AML/CFT, KYC, MiCA, Travel Rule and tax laws.
  • To detect and prevent fraud, money-laundering and abuse.
  • To provide customer support and product communications.
  • To improve the service and statistical reporting (aggregated).

4. Legal bases (GDPR Art. 6)

  • Performance of a contract — to deliver the EurosiaPay service.
  • Legal obligation — financial supervision, AML, tax.
  • Legitimate interests — fraud prevention, security, and improvement, balanced against your rights.
  • Consent — for optional marketing or non-essential cookies.

5. Sharing

We share data only with: (a) our regulated banking, EMI, custody, Travel Rule and KYC partners; (b) auditors, regulators and law enforcement when legally required; (c) cloud and analytics providers bound by data-processing agreements.

International transfers are protected by EU Standard Contractual Clauses or equivalent safeguards.

6. Retention

Account and transactional records are retained for at least 5 years after account closure, in line with EU AML obligations. Marketing data is deleted within 12 months of last interaction or upon withdrawal of consent.

7. Your rights

  • Access, rectification, erasure (subject to legal retention).
  • Restriction and objection to processing.
  • Data portability for data you provided.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.

8. Security

We use end-to-end TLS, encryption at rest, MPC custody, hardware security modules, and continuous monitoring. Access is restricted on a need-to-know basis and subject to audit logs.

9. Contact

Privacy queries: info@eurosiapay.com.

If you have questions about this document, contact info@eurosiapay.com or write to Eurosia Systems OÜ, Tornimäe tn 7, 10145 Tallinn, Estonia.