Privacy Policy

Last reviewed February 2026 — version 1.0. This document forms part of the legal framework governing your use of the PEL1 crypto compliance platform.

Information we collect

PEL1 collects only the information needed to deliver a compliant crypto AML and KYC service. This includes personal identifiers (name, date of birth, nationality, residential address), identity documents (passport, driving licence or national ID, biometric selfie, recent proof of address), on-chain data you submit (wallet addresses, transaction CSVs, exchange receipts), source-of-funds documentation (bank statements, salary slips, business accounts) and account telemetry such as IP address, browser fingerprint and timestamps used for security.

How we use your information

We use your data to verify your identity, screen your wallet against sanctions and analytics providers, calculate an AML risk score, generate your solicitor-ready compliance pack, route crypto-to-GBP conversions through regulated partner exchanges, and meet our legal obligations under the UK Money Laundering Regulations 2017. We do not sell or share your data with advertisers or unrelated third parties.

Lawful bases

We rely on the following UK GDPR lawful bases: contract (delivering the service you signed up for), legal obligation (AML/KYC record-keeping), legitimate interest (fraud prevention, platform security), and consent (optional marketing communications, which you may withdraw at any time).

Storage, retention and encryption

All documents are encrypted at rest in Emergent Object Storage with TLS-protected transmission. KYC and transaction records are retained for five years after the end of our customer relationship, as required by UK AML regulations. After this period the records are permanently deleted unless an extended retention period is required by law.

Your rights

You have the right to access, rectify, port or erase your personal data, restrict or object to certain processing, and lodge a complaint with the UK Information Commissioner's Office (ICO). To exercise any of these rights, contact privacy@pel1.example. We will respond within 30 days. Note that AML record-keeping obligations may limit our ability to fully erase records during the statutory retention window.

International transfers

Where data is transferred outside the UK or EEA (for example to a US-based blockchain analytics provider), we rely on UK adequacy regulations or the UK International Data Transfer Addendum to ensure equivalent protection.

Contact

Data protection enquiries: privacy@pel1.example. PEL1 is registered with the Information Commissioner's Office.

PEL1 is committed to maintaining and reviewing its legal policies at least annually. Material updates are notified to active customers by email and via in-app notification. If you have feedback on any policy, please contact legal@pel1.example.