This Privacy Policy ("Policy") explains how TrueHold ("TrueHold," "we," "us," "our") collects, uses, discloses, and protects personal data when you use our websites, mobile apps, application programming interfaces, and other online services that link to this Policy (collectively, the "Platform"), and when you use our products and services, including our non-custodial crypto card and related features (the "Services").
By using the Platform or Services, you agree to this Policy. Please read it carefully. We update this Policy from time to time and will notify you of material changes where required. Your continued use of the Services after an update means you accept the revised Policy.
Non-custodial by design: We do not request or store seed phrases or private keys. Prior to spend, your digital assets remain in wallets you control. We may process public wallet addresses and on-chain allowances/permits that you authorize.
This Policy should be read together with our Terms of Service and Cookies Policy.
KYC/AML & sanctions providers, fraud/risk tools, payment/issuer partners, analytics and cloud hosting may provide/confirm data to meet legal, security, and operational needs. We do not receive data from data brokers for the purpose of selling it.
Important: We do not collect or store your seed phrases or private keys. We do not enable staff access to sign transactions on your behalf.
If you decline to provide information we need by law or to enter into/perform a contract (e.g., KYC), we may be unable to provide some or all Services.
We process Personal Data based on:
We may use automated checks (e.g., fraud or sanctions screening, device risk assessments) to protect users and comply with laws. Where required, you may request human review of a decision that produces legal or similarly significant effects.
We may share Personal Data with:
We do not sell your Personal Data. For regions that define "share" for cross-context behavioral advertising, we obtain consent where required and honor your choices.
Third-party websites and services linked from our Platform have their own privacy terms. Review those before using them.
We may process and store data outside your country. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses/UK IDTA, adequacy decisions) and implement technical/organizational measures to protect your data.
We use cookies, local storage, pixels, and SDKs to run and improve the Platform. Except for strictly necessary cookies, we set them only with your consent. See ourCookies Policyfor details and controls.
We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, monitoring, and vendor due diligence. No system is 100% secure; we maintain incident response processes and will notify you and/or regulators of data breaches as required by law.
Help protect your account: use strong authentication, secure your devices, and never share wallet seed phrases or private keys with anyone—including TrueHold.
We retain Personal Data only as long as necessary for the purposes in this Policy, including:
When data is no longer needed, we delete or irreversibly anonymize it, subject to legal holds.
Depending on your location, you may have the right to:
We will verify your identity before acting on a request. We may decline or charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests as allowed by law.
The Services are not directed to individuals under 18. We do not knowingly collect Personal Data from children. If you believe a child has provided data to us, contact us and we will take appropriate action.
We rely on the legal bases in Section V and use SCCs/IDTA or adequacy for international transfers. You may contact your supervisory authority if you believe your rights were infringed.
We do not sell Personal Data. Where "sharing" for cross-context behavioral advertising applies, we do so only with consent and provide opt-out controls. You have rights to know, delete, correct, and limit use of sensitive Personal Data (where applicable).
We process based on contract, legal obligation, and legitimate interest, and honor LGPD data subject rights.
(If we publish more detailed local addenda, they will supplement this Policy.)
We may update this Policy to reflect changes in our practices, technologies, or laws. We will post the updated Policy with a new "Last updated" date and notify you of material changes where required.
Questions, requests, or complaints about this Policy or your Personal Data?
Email:hello@truehold.xyz
Please include: your full name, country/region, the right you wish to exercise, and details of your request. We'll respond within applicable statutory deadlines (e.g., 30 days under GDPR, extendable where permitted).