Privacy Policy
Last updated: 30 June 2025
1. Who We Are
STANDARD DIGITAL EXCHANGE LLC ("SDE", "we", "our", "us") is a licensed Money Services Business (MSB) registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under registration no. M23197879. Our registered office: Standard Digital Exchange LLC 16192 coastal hwy - Lewes, Delaware 19958 - United States. Email: privacy@sdeexchange.fr
2. Scope of this Policy
This Privacy Policy explains how we collect, use, disclose and safeguard personal information when you:
- visit our public website and landing pages;
- create and use an SDE account via our web application (desktop or mobile browser);
- interact with our customer support or marketing communications.
It applies to all customers and visitors worldwide, unless a more specific local notice is provided.
3. The Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identification & KYC | Full name, date & place of birth, address, nationality, government-issued ID, selfie/liveness images, proof of business registration, sanctions-list results | You; our KYC provider Checkin.com |
| Contact | Email, phone number | You |
| Account & Transaction | Default currency, wallet balance, beneficiaries, amounts, reference numbers, uploaded invoices or transfer proofs, transaction status logs | Generated through your use of the service |
| Regulatory & Risk | AML/CTF risk scores, watch-list results, audit logs | We generate or receive from third-party screening tools |
| Device & Usage | IP address, browser type/version, operating system, referral URL, time-stamp, clickstream data, session cookies, analytics events | Your device; cookies/SDKs |
| Marketing Preferences | Opt-in/opt-out flags, communication history | You |
We do not knowingly collect data from children under 18 and the service is not directed to them.
4. Why We Use Your Data & Legal Bases (GDPR)
| Purpose | Legal Basis |
|---|---|
| Create and administer your account, process remittances, display balances and receipts | Contract (Art. 6 (1)(b)) |
| Perform mandatory identity verification, ongoing AML/CTF screening, transaction monitoring, record-keeping | Legal obligation under PCMLTFA and other regulations (Art. 6 (1)(c)) |
| Detect and prevent fraud or misuse, ensure network and information security | Legitimate interests (Art. 6 (1)(f)) |
| Provide customer support, send service notices | Contract / Legitimate interests |
| Improve and personalise features, conduct analytics (e.g., Core Web Vitals, UX events) | Legitimate interests |
| Send newsletters or promotional offers | Consent (Art. 6 (1)(a)); you may withdraw at any time |
| Comply with court orders, law-enforcement requests | Legal obligation |
5. Sharing & International Transfers
We only disclose personal information:
- To service providers who act on our instructions (cloud hosting at IONOS EU, KYC provider Checkin.com, email/SMS OTP gateways, analytics, payment partners).
- To financial institutions and correspondent banks to complete your remittance instructions.
- To regulators and law-enforcement (e.g., FINTRAC, police) when legally required.
- Within our corporate group for internal administration and consolidated reporting.
Where data is transferred outside the European Economic Area or Canada, we rely on adequacy decisions (e.g., Canada's adequacy under GDPR) or implement Standard Contractual Clauses and equivalent safeguards.
6. Retention
- KYC and transaction records: minimum 5 years after the last transaction, as mandated by the PCMLTFA.
- Account data: for as long as the account remains active and up to 2 years after closure, unless longer retention is required for legal, accounting or security reasons.
- Cookies & analytics logs: 13 months or as specified in our Cookie Notice (see § 10).
After expiry, data is securely deleted or anonymised.
7. Security Measures
We apply technical and organisational measures aligned with ISO 27001 and OWASP best practices, including:
- TLS 1.3 encryption in transit and AES-256 encryption at rest;
- segregated production environments on IONOS with strict IAM controls;
- multi-factor authentication for all back-office users;
- continuous monitoring, vulnerability management and audited access logs;
- data-loss-prevention and event logging retained for at least 365 days.
Despite our efforts, no internet transmission is ever 100% secure; please protect your credentials and notify us of any suspected breach immediately.
8. Your Rights (EU/UK & Similar Jurisdictions)
You can exercise the following rights, free of charge, by contacting us:
- Access and receive a copy of your personal data;
- Rectification of inaccurate or incomplete data;
- Erasure ("right to be forgotten") where legally permissible;
- Restriction or objection to certain processing;
- Data portability to another provider;
- Withdraw consent at any time (affects future processing only);
- Lodge a complaint with your local supervisory authority (e.g., CNIL, ICO) or the Office of the Privacy Commissioner of Canada.
We will respond within one month, extendable by two further months for complex requests.
9. Automated Decision-Making
SDE performs automated risk scoring as part of AML/CTF checks. Decisions that may affect your ability to transact are always reviewed by trained compliance officers. You have the right to request human intervention and to contest any decision.
10. Cookies & Similar Technologies
Our site uses:
- Strictly necessary cookies for session management and security (cannot be refused).
- Performance & analytics cookies (e.g., Google Analytics 4) to measure traffic and improve features – placed only after consent via our cookie banner.
- Functionality cookies to remember language preferences (Weglot).
See our separate Cookie Notice for details and opt-out options.
11. Third-Party Links
Our services may contain links to third-party sites (e.g., XE.com exchange-rate pages). We are not responsible for their privacy practices. Please review their policies.
12. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical or business changes. If we make material changes, we will notify you via email or prominent in-app notice at least 30 days before they take effect. The "Last updated" date indicates the latest revision.
13. Contact Us
For any privacy question, request or complaint:
- Data Protection Officer (DPO) Email: dpo@sdeexchange.fr
If you feel your concerns have not been addressed, you may contact FINTRAC or the relevant data-protection authority in your jurisdiction.
By using SDE services, you acknowledge that you have read and understood this Privacy Policy.