Legal document
Version 2025 — In force
Privacy
Policy
Your data belongs to you — not to us. Here is exactly how we collect it, why we use it, and for how long we retain it.
PentrraWallet collects only the data strictly necessary to provide its services. Depending on your profile:
- Identity: full name, email address, phone number.
- KYC: official identity document, biometric verification selfie — required to activate virtual cards.
- Financial: transaction history, top-up methods used, account balances and movements.
- API (developers): generated API keys, call logs, configured webhooks and transaction volumes.
- Business: company name, business registration, administrator identities, sub-account structure.
- Technical: IP address, browser, operating system, connection and activity logs.
Your data is used exclusively to operate the services you use. We issue two types of virtual payment cards:
Simple Virtual Card
100% virtual prepaid card for online purchases — advertising platforms, subscriptions, marketplaces and any website accepting card payments worldwide.
NFC Virtual Card
100% virtual prepaid card with online and in-store payments via Apple Pay and Google Pay. The card stays virtual — your phone becomes the payment instrument.
- Create, activate and manage your virtual payment cards (simple or NFC).
- Process top-ups via USDT TRC20, MonCash, Natcash, Mobile Money, Moov Money and PayPal.
- Verify your identity (KYC/AML) as required by applicable financial regulations.
- Enable API integration for developers and business accounts.
- Detect and prevent fraud, abuse and illegal activities.
- Notify you of important events related to your account.
We never sell, rent or use your data for advertising purposes. Your financial data is accessible only to you.
Depending on the top-up method chosen, specific data is collected to process your transaction:
Available methods
USDT TRC20
MonCash
Natcash
Mobile Money
Moov Money
PayPal
- USDT TRC20: blockchain address and transaction hash — automatic processing after network confirmation.
- MonCash, Natcash, Mobile Money, Moov Money, PayPal: payment proof and transaction reference — manual processing by our team.
- No banking data or credit card numbers are stored on our servers — we have no access to any of your external accounts.
For USDT: any deposit to an incorrect or expired address is permanently and irreversibly lost. Always verify the address before sending.
We implement rigorous technical and organisational measures to protect your data against unauthorised access, loss or disclosure:
- SSL/TLS encryption for all communications between your device and our servers.
- Irreversible password hashing (bcrypt) — we never know your password in plain text.
- Access to personal data restricted to expressly authorised personnel only.
- Infrastructure hosted in certified datacenters with redundancy and 24/7 monitoring.
- Regular, encrypted and tested backups.
Despite our efforts, no system is infallible. In the event of a data breach affecting you, you will be notified within a maximum of 72 hours.
Your data is never sold or shared for commercial purposes. It may only be transmitted in the following strictly limited cases:
- Payment network: data required to issue, activate and process your virtual cards.
- Payment processors: to process top-ups according to the selected method.
- Legal obligations: in response to a court order, regulatory injunction or AML/CTF obligation.
- Platform protection: in the event of proven fraud, illegal activity or a characterised security threat.
No data is ever sold, rented, exchanged or shared for commercial or advertising purposes.
Identity verification is mandatory to access the full features of the platform. Submitted documents:
- Are transmitted in encrypted form to our accredited KYC verification provider.
- Are accessible only to specifically authorised KYC personnel.
- Are retained in compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) legal obligations.
- Are never shared for any purpose other than mandatory legal verification.
Your identity documents are protected to the same standards as banking data.
We use only the cookies strictly necessary for the secure operation of the platform:
- Session: maintain your active and secure login session across pages.
- Security: protection against CSRF attacks and detection of fraudulent behaviour.
- Preferences: remember your display settings (theme, language, UI preferences).
We do not use any advertising cookies, third-party tracking tools or retargeting pixels.
In accordance with applicable data protection regulations, you have the following rights:
- Access: obtain a complete copy of all personal data we hold about you.
- Rectification: correct any inaccurate or incomplete information about you.
- Erasure: request deletion of your data, subject to legal retention obligations.
- Portability: receive your data in a structured, commonly used and machine-readable format.
- Objection: object to certain processing activities in cases provided for by law.
To exercise any of these rights, contact us via our contact form.
We retain your data only for as long as necessary — no longer:
- Account data: duration of active account + 5 years after closure (legal financial obligations).
- KYC documents: as required by applicable AML and CTF regulations.
- Technical logs: rolling 12 months.
This Privacy Policy may be updated to reflect changes in law, regulations or our services. In the event of a material change, you will be notified by email or via a visible message on the platform, before the change takes effect. The current version is always available on this page.
For any question regarding this policy or to exercise your rights, our team responds within 72 business hours:
We always prefer to resolve matters amicably. Contact us before taking any formal action.
PentrraWallet