Back to Zlatcoin

Privacy Policy

Last updated: 14 April 2026

1. Introduction

Zlatcoin is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Zlatcoin platform. This policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Serbian data protection law.

Data Controller

ALEKSANDAR ZLATKOVIĆ PR AGENCIJA ZA VEB PORTALE SEBN OBRENOVAC

PIB: 108083132  ·  Matični broj: 63200859

Miloša Obrenovića 135/2, Obrenovac, Beograd-Obrenovac, Republika Srbija

Contact: [email protected]

2. Data We Collect

CategoryData PointsPurpose
Account DataName, email address, OAuth identifierAccount creation and authentication
KYC DataGovernment ID document, selfie photograph, date of birthIdentity verification, AML compliance
Financial DataZLC balance, transaction history, subscription planService provision, billing
API CredentialsEncrypted exchange API keys (AES-256-GCM)Exchange integration (stored encrypted, never transmitted)
Usage DataIP address, browser type, pages visited, timestampsSecurity, analytics, fraud prevention
Payment DataBilling address, last 4 digits of card (via Stripe)Subscription billing (full card data held by Stripe, not us)

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6: (a) Contract performance — processing necessary to provide the Service you have requested; (b) Legal obligation — processing required to comply with AML/KYC regulations; (c) Legitimate interests — processing for fraud prevention, security, and service improvement; and (d) Consent — for optional communications such as newsletters, which you may withdraw at any time.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. KYC documents are retained for a minimum of 5 years following account closure, as required by AML regulations. Transaction records are retained for 7 years for accounting and tax compliance purposes. You may request deletion of your account and associated data, subject to our legal retention obligations.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of third parties:

  • Supabase — cloud database and authentication provider (data stored in EU region)
  • Stripe — payment processing (subject to Stripe's Privacy Policy)
  • Crypto.com — exchange integration (only when you explicitly connect your API key)
  • Law enforcement — when required by applicable law or court order

6. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data (subject to legal retention requirements)
  • Right to restriction — limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Security

We implement appropriate technical and organizational measures to protect your personal data, including AES-256-GCM encryption for sensitive credentials, HTTPS-only communication, rate limiting, and access controls. No system is completely secure, and we cannot guarantee absolute security of your data.

8. Contact

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer at: [email protected]