Legal
Privacy Policy
Effective Date: May 1, 2026 · Jurisdiction: Montana, United States
This Privacy Policy explains how The Mandate Group collects, uses, and protects your personal information when you use our website or services. Please read it carefully. By using our services, you agree to the practices described herein.
01 Who We Are
The Mandate Group ("we", "us", "our") is a cryptocurrency facilitation company incorporated and operating under the laws of the State of Montana, United States. We facilitate the purchase and sale of cryptocurrencies on behalf of clients, leveraging a network of regulated liquidity partners.
Our registered contact for privacy matters is:
02 Information We Collect
We collect the following categories of personal information:
- Identity Data: Full name, date of birth, government-issued ID documents, selfies or biometric data collected during KYC verification.
- Contact Data: Email address, phone number, country of residence.
- Financial Data: Bank account details, IBAN, SWIFT/BIC codes, wallet addresses, transaction history, and source of funds documentation.
- Order Data: Details of buy and sell orders placed through our platform, including asset types, amounts, and settlement instructions.
- Compliance Data: Information collected during AML/KYC screening, including sanctions checks, PEP (Politically Exposed Persons) screening, and source of funds questionnaire responses.
- Technical Data: IP address, browser type, device information, and usage data collected when you visit our website.
- Communications: Records of correspondence between you and The Mandate Group.
03 How We Use Your Information
We use your personal information for the following purposes:
- To verify your identity and complete KYC / AML onboarding as required by law.
- To process, confirm, and settle your cryptocurrency orders.
- To communicate with you regarding your orders, account status, and compliance requirements.
- To detect, prevent, and report fraud, money laundering, and other financial crimes.
- To maintain records as required by applicable financial regulations.
- To improve our website, services, and client experience.
- To comply with legal obligations, court orders, or regulatory requests.
We will not use your personal information for unsolicited marketing purposes without your explicit consent.
04 AML / KYC Obligations
As a crypto facilitation business, The Mandate Group is subject to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) obligations. We are legally required to collect, verify, and retain certain personal information regardless of your consent preferences.
This includes but is not limited to:
- Collection and verification of government-issued identity documents.
- Screening against OFAC, EU, UN, and other applicable sanctions lists.
- Screening for Politically Exposed Persons (PEPs).
- Source of funds and source of wealth documentation.
- Ongoing transaction monitoring for suspicious activity.
- Filing of Suspicious Activity Reports (SARs) with relevant authorities where required.
Your KYC data is processed by our compliance partner Didit. Their processing of your data is governed by their own privacy policy in addition to ours.
05 Sharing Your Information
We do not sell your personal information. We may share it with the following parties:
- KYC / Compliance Partners: Didit and other identity verification providers to fulfil our legal obligations.
- Liquidity Partners: Regulated cryptocurrency exchanges and OTC desks necessary to execute your order.
- Payment Processors: Banks and payment service providers involved in fiat settlement.
- Regulatory Authorities: Law enforcement, financial regulators, or government agencies where required by law.
- Professional Advisors: Legal, accounting, and compliance advisors bound by confidentiality obligations.
- Service Providers: Technology and infrastructure providers (e.g. web hosting, email delivery) who process data on our behalf under strict data processing agreements.
All third parties are required to handle your data securely and in accordance with applicable law.
06 Data Retention
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including:
- KYC / AML records: Minimum of 5 years from the end of the business relationship, as required by AML regulations.
- Transaction records: Minimum of 5 years from the date of the transaction.
- General correspondence: Up to 3 years from the date of last contact.
- Website usage data: Up to 12 months.
After the applicable retention period, your data will be securely deleted or anonymised.
07 Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data, subject to our legal retention obligations.
- Right to Restriction: Request that we limit the processing of your data in certain circumstances.
- Right to Data Portability: Request your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
Please note that certain rights may be limited where we are required to retain or process data to comply with legal obligations, including AML/CTF regulations.
To exercise any of these rights, contact us at dan@the-mandate-group.com. We will respond within 30 days.
08 Cookies & Tracking
Our website uses minimal technical cookies necessary for the site to function. We do not currently use advertising or tracking cookies. If this changes, we will update this policy and obtain your consent where required.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of our website.
09 Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These include:
- Encrypted data transmission (HTTPS/TLS) across all web properties.
- Access controls limiting data access to authorised personnel only.
- Use of reputable, security-certified third-party service providers.
- Regular review of our data security practices.
No method of transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities as required by law.
10 Third-Party Services
Our website and services integrate with the following third-party providers, each with their own privacy policies:
- Didit — KYC / identity verification
- Web3Forms — Contact and order form submission
- Vercel — Website hosting and infrastructure
We encourage you to review the privacy policies of these providers. The Mandate Group is not responsible for the privacy practices of third-party services.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the effective date at the top of this page.
We encourage you to review this policy periodically. Continued use of our services following any changes constitutes your acceptance of the updated policy.
12 Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us: