Privacy Policy

Avin is a financial technology company that provides a multi-region account covering currencies, allocated metals, and curated crypto custody. Banking, custody, and money-transmission services are delivered through licensed partners in each region we operate in.

For privacy purposes, Avin is the controller of the personal data you provide to us, and our regulated partners are controllers of the data required to deliver their regulated services.

We collect only the categories of data we actually need:

• Identity & verification: name, date of birth, nationality, government ID, address, and selfie — required by financial regulation (KYC).
• Account & transaction data: balances, transfers, conversions, card activity, and asset holdings, to operate your account and produce statements.
• Device & security signals: device identifiers, IP, app version, and behavioural signals used to detect fraud and unauthorized access.
• Communications: messages you send to support and our responses, retained for quality and dispute resolution.
• Optional inputs: goals, preferences, and prompts you share with the AI Assistant or AI Trader, used only to deliver those features to you.

• We don't sell your data.
• We don't run advertising networks or share your transactions with advertisers.
• We don't train third-party AI models on your personal data.
• We don't use your data to manipulate engagement against your interest.

• Contract: to open and operate your account and deliver the services you request.
• Legal obligation: KYC, AML, sanctions screening, tax reporting, and other obligations required by financial regulation.
• Legitimate interest: securing the service, preventing fraud, and improving reliability — balanced against your rights.
• Consent: for optional features such as analytics, marketing communications, and the AI Assistant. You can withdraw consent at any time in-app.

We share data only with the parties required to deliver your account: regulated partner banks, custodians, vault operators, card schemes, payment networks, and identity-verification providers. Each is bound by contract and applicable law to use the data only for the agreed purpose.

We may disclose data to regulators, courts, or law-enforcement when legally compelled. We push back on requests that overreach.

Avin operates across the US, EU, and UAE. Where data crosses borders, we rely on legally approved mechanisms (such as Standard Contractual Clauses) together with technical controls — encryption in transit and at rest, access limits, and audit logging.

We retain personal data for as long as your account is active and for the period required by applicable financial regulation after closure — typically five to ten years depending on region. Support transcripts and security logs are retained for shorter, documented periods. Where retention is legally required, the period and basis are surfaced in-app.

We protect data with end-to-end encryption in transit, encryption at rest, device-bound credentials, biometrics, role-based access, hardware-backed key management, and continuous monitoring. Our security practices are summarized on the Security page.

Depending on your region, you can:

• Access the personal data we hold about you.
• Correct inaccurate or outdated data.
• Export your data in a portable format.
• Restrict or object to certain processing.
• Delete data we are not legally required to retain.
• Withdraw consent for optional features at any time.

You can exercise these rights from inside the app or by writing to privacy@avin.app.

Avin accounts are for adults only. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact privacy@avin.app and we'll remove it.

If we materially change how we use your data, we'll notify you in-app before the change takes effect, and update the date at the top of this page.

For privacy questions or to reach our Data Protection Officer, write to privacy@avin.app.