Legal
Privacy Policy
Last updated: 1 January 2025 · New Funds Club
1. Data We Collect
When you use the NFC Capital Portal we collect:
Account Data
- Email address, password hash, and role;
- Full name, phone number, country, display name, and alias;
- Profile photo (if uploaded);
- Telegram user ID and username (if connected via Mini App);
- Linked crypto wallet addresses and networks.
Identity Verification Data (KYC)
- Government-issued ID (passport, national ID card);
- Proof of address documents;
- Selfie / liveness check (where required).
Financial Data
- Deposit and withdrawal transaction records;
- Contract and return history;
- Wallet balance movements and ledger entries.
Technical Data
- IP address and user agent on login and key actions;
- Session tokens (stored in cookies/session storage);
- Audit log entries for all sensitive actions.
2. How We Use Your Data
We use your personal data to:
- Operate and provide the Platform services;
- Verify your identity and comply with AML/KYC obligations;
- Process deposits, withdrawals, and contract activations;
- Send transactional notifications (contract updates, return postings, security alerts);
- Investigate fraud, security incidents, and breaches of our Terms;
- Meet legal and regulatory obligations;
- Improve Platform functionality and user experience.
We do not use your personal data for unsolicited marketing without your explicit consent.
3. Data Sharing
We do not sell your personal data. We may share data with:
- Service providers — hosting, database, and email services that process data on our behalf under data processing agreements;
- Regulatory authorities — where we are legally required to disclose data for AML, fraud, or tax compliance purposes;
- Law enforcement — where required by a valid legal order;
- Business transfers — in the event of a merger, acquisition, or asset sale, under appropriate confidentiality obligations.
4. Data Retention
We retain personal data for as long as your account is active. After account closure:
- KYC and financial transaction records are retained for a minimum of 5 years to comply with AML regulations;
- Audit logs are retained for 3 years;
- Account data may be pseudonymized after 12 months of inactivity.
5. Security
We implement industry-standard security measures including:
- Password hashing using bcrypt with cost factor ≥ 12;
- CSRF token protection on all state-changing requests;
- Rate limiting on authentication endpoints;
- Encrypted transmission via TLS/HTTPS;
- IP address and user agent logging on all sensitive actions.
No method of transmission over the internet is 100% secure. You are responsible for keeping your credentials confidential.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of the personal data we hold about you;
- Correct inaccurate personal data;
- Request deletion of personal data (subject to legal retention requirements);
- Object to processing or request restriction of processing;
- Data portability.
To exercise any of these rights, contact us at support@nfcapital.com. We will respond within 30 days.
7. Cookies
We use essential session cookies to authenticate you and maintain your login state. We do not use advertising or tracking cookies. See our full Cookie Policy for details.