HomeGrowbit
Sign inGet started
Legal · Growbit

Privacy Policy

How Growbit collects, uses, shares and protects your personal information — aligned with the EU General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act.

Effective 2026-05-20 · Last reviewed 2026-05-20

1. Introduction

Growbit is operated by Alegra Capital (Lie) Ltd., an asset management company licensed by the Liechtenstein Financial Market Authority (the "FMA"). We take the protection of your personal data seriously and process it in accordance with the EU General Data Protection Regulation ("GDPR"), the Liechtenstein Data Protection Act and FMA guidance applicable to financial institutions.

This Privacy Policy explains what personal data we collect when you use the website growbit.one, our mobile applications, our APIs and our other related services (collectively, the "Services"), why we collect it, how we use and protect it, with whom we share it, and what choices you have. It supplements our Terms of Service and Risk Disclosure.

2. Data Controller

The data controller responsible for your personal data is:

Alegra Capital (Lie) Ltd.
Vaduz, Principality of Liechtenstein
Email: privacy@growbit.one

You may contact our Data Protection Officer (DPO) at dpo@growbit.one for any privacy-related queries.

3. Data We Collect

3.1 Information you give us

  • Identification data: full legal name, date of birth, nationality, country of residence, residential address, government ID / passport image, selfie or video selfie for liveness checks, tax identification number where required.
  • Contact data: email, phone number, preferred language, time zone.
  • Financial data: source of funds, source of wealth, occupation, employer, expected trading volume, declared net worth, investment experience.
  • Payment data: bank account / IBAN, card details where applicable, crypto wallet addresses you use to deposit or withdraw, blockchain transaction hashes.
  • Communications: messages exchanged with our support, KYC and compliance teams, voice-call audio (when recorded with notice), screen-share sessions you initiate or accept.

3.2 Information we collect automatically

  • Device & technical data: IP address, device identifiers, operating system, browser, screen resolution, language, time zone, cookies.
  • Usage data: pages visited, features used, click and scroll events, in-product session duration, trading and order activity, login timestamps.
  • Security & fraud data: sign-in attempts, 2FA events, anti-fraud signals, behavioural biometrics, sanctions / PEP screening matches.

3.3 Information from third parties

  • KYC & sanctions providers (identity verification, document authenticity, watch-list screening).
  • Payment processors and banks that confirm a transfer or chargeback.
  • Blockchain analytics firms that score on-chain transactions for AML risk.
  • Affiliates and introducing partners who refer you to Growbit.
  • Public sources such as company registers, court filings and sanctions lists where required for compliance.

4. Why We Process It

  • to open and operate your account and execute your transactions;
  • to comply with KYC, AML, CFT, tax-reporting (FATCA / CRS) and sanctions obligations;
  • to prevent and detect fraud, money laundering, market manipulation and other illicit activity;
  • to provide customer support, including chat, voice and screen-share assistance;
  • to provide regulatory reporting to the FMA and other competent authorities;
  • to send transactional notifications (deposits, withdrawals, KYC status, security events);
  • to send marketing communications where you have opted in or where permitted by applicable law;
  • to improve and develop the Services through product analytics and aggregate research;
  • to defend against legal claims and to enforce our Terms.

5. Legal Basis

We process your personal data based on the following GDPR legal bases:

  • Art. 6(1)(b) – necessity for the performance of the contract you have with us (your client agreement);
  • Art. 6(1)(c) – compliance with our legal obligations (AML, sanctions, tax, financial-services regulation);
  • Art. 6(1)(f) – legitimate interests (security, fraud prevention, network and information security, product analytics in pseudonymised form);
  • Art. 6(1)(a) – your consent (marketing email, optional cookies, voluntary disclosure of additional data);
  • Art. 9(2)(g) – substantial public interest, for special-category data processed during sanctions and PEP screening, to the extent it is necessary.

6. Recipients & Sharing

We share personal data only with parties that have a legitimate need and under appropriate safeguards. Recipient categories include:

  • Service providers acting on our behalf as processors: hosting and cloud infrastructure (EU-based), identity-verification, sanctions-screening, blockchain-analytics, email and SMS delivery, voice telephony, customer-support tools, payment processors, banks, custodians and liquidity providers.
  • Regulators and authorities where required by law (FMA, FIU, tax authorities, courts, law enforcement).
  • Auditors and professional advisors (external auditors, lawyers, accountants) bound by confidentiality.
  • Counterparties in a corporate transaction in the event of a merger, acquisition, restructuring or asset sale, under appropriate safeguards.
  • Affiliated entities within the Alegra Capital group, where necessary for the purposes set out above.

We do not sell your personal data.

7. International Transfers

Personal data is primarily stored on infrastructure located within the European Economic Area (EEA). Where we transfer personal data outside the EEA (for example to a service provider hosted elsewhere), we do so only where an adequate level of protection exists, including under European Commission adequacy decisions and Standard Contractual Clauses (SCCs), supplemented by technical and organisational measures (encryption in transit and at rest, access controls, pseudonymisation where feasible). You may request a copy of the transfer mechanism by contacting dpo@growbit.one.

8. Cookies & Tracking

We use cookies and similar technologies to authenticate your session, remember preferences, secure the Services and measure performance. You can manage non-essential cookies through your browser settings or in our cookie banner. The following categories are used:

  • Strictly necessary (session authentication, CSRF tokens, language preference) – cannot be disabled;
  • Performance & analytics (anonymised page-view and error metrics) – disabled by default until consent;
  • Functional (chat / support widgets);
  • Marketing (only with explicit consent and only outside the authenticated trading product).

9. Retention

We retain personal data only as long as it is necessary for the purposes for which it was collected, and as required by applicable law. In particular:

  • KYC, transaction and account records – at least 10 years after the end of the client relationship, in line with applicable AML rules;
  • Tax records – up to 10 years from the end of the relevant tax year;
  • Support communications – up to 3 years after the last interaction;
  • Marketing preferences – until you opt out;
  • Server logs – up to 12 months unless required for a longer period to investigate a security incident.

10. Your Rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you and obtain a copy;
  • request rectification of inaccurate data;
  • request erasure of data ("right to be forgotten"), subject to overriding legal retention obligations;
  • request restriction of, or object to, certain processing;
  • request data portability of data you have provided to us;
  • withdraw consent at any time without affecting prior lawful processing;
  • lodge a complaint with the Liechtenstein Data Protection Authority (Datenschutzstelle) or your local supervisory authority.

To exercise your rights, contact privacy@growbit.one. We will respond within one month, with a possible two-month extension for complex requests.

11. Security

We apply technical and organisational measures designed to protect your data against unauthorised access, loss, alteration or disclosure. These include end-to-end TLS in transit, encryption at rest, bcrypt password hashing, mandatory two-factor authentication for staff, role-based access control, intrusion detection, full audit logging of administrative actions, and segregated client funds in line with FMA rules. No system is perfectly secure; you must also take reasonable steps to protect your account (strong passwords, 2FA, device hygiene).

12. Children

The Services are not directed to persons under 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us so we can delete it.

13. Automated Decisions

We may use automated tools to assist with KYC, sanctions screening, fraud detection and risk-based transaction monitoring. Automated outputs are reviewed by trained staff before any decision that produces legal effects (e.g. account closure, refusal of a transaction). You have the right to obtain human intervention, express your point of view and contest such decisions by contacting privacy@growbit.one.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal or regulatory changes. Material changes will be notified to you by email or in-product banner. The "Effective" date at the top of this page indicates when the latest version took effect. Continued use of the Services after a change constitutes acceptance of the revised policy.

15. Contact & DPO

General privacy enquiries: privacy@growbit.one
Data Protection Officer: dpo@growbit.one
Postal: Alegra Capital (Lie) Ltd., Vaduz, Principality of Liechtenstein.
Questions about this document? Email legal@growbit.one. For account or transaction queries use support@growbit.one.