> For the complete documentation index, see [llms.txt](https://help.getlfg.app/p/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.getlfg.app/p/agreements/regulatory-position-statement.md). # Regulatory position statement ## Introduction Thank you for reviewing our Privacy Policy and Regulatory Position Statement. We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, handle, use, and safeguard your personal data, your privacy rights, and how the law protects you when you use our software interface. **Who we are:** Layer Flow Gateway FZCO (“LFG”, “the Company”, “we”, “us”, or “our”), a company registered in the Dubai World Trade Centre (DWTC) free zone, UAE (Licence No. L-3426), acts as the sole data controller for the personal data processed in connection with our Services. **Contact:** (Data Privacy Team) - **Support:** This Privacy Policy explains how LFG collects, uses, shares, and protects personal data when you use our software platform, website, and related services (the “Services”). As outlined in our Terms of Service, our Services are purely non-custodial software tools and are strictly **not made available** to residents or entities within the United Kingdom, the European Union (EU), the European Economic Area (EEA), the United States, mainland China, Nigeria, and other prohibited jurisdictions. This Policy complies exclusively with **UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)** and applicable regional standards. We provide non-custodial software infrastructure that interoperates with user-controlled wallets. We do not hold private keys or seed phrases, and we do not initiate, transmit, or settle blockchain transfers. This Policy should be read directly in conjunction with our Terms of Service. ## 1. Scope & Eligibility 1.1 This Policy applies strictly to data processing involving users (businesses and individuals) who reside or operate within our approved operational jurisdictions as defined in our Global Availability Statement. 1.2 If your residency, incorporation, principal place of business, or operational footprint changes to a prohibited jurisdiction (including the UK, US, or any EU/EEA member state), you are no longer eligible to use the Services, and your data processing activities under this platform will be terminated. ## 2. Data We Collect To maintain a privacy-first, non-custodial software layer, we limit data collection to the absolute technical minimum required to operate our SaaS platform and prevent financial crime: * **Account Registration Data:** Name, email address, corporate/business registration documents (for KYB), and account credentials. * **Identity & Compliance Data:** Cryptographic verification data, compliance/sanctions screening metrics, and probabilistic risk flags processed via our integrated identity partners. * **Public Blockchain Data:** Public wallet addresses, token balances, transaction hashes, and timestamps. * **Technical Log Data:** IP addresses (used strictly for geo-fencing and fraud monitoring), device operating system, browser type, and software version data. *LFG explicitly guarantees that it does not collect, view, or store your wallet's private keys, seed phrases, or backup words. You maintain absolute, exclusive control over your cryptographic assets.* ## 3. Lawful Basis for Processing In accordance with Article 6 of the UAE PDPL, we process your personal data under the following lawful grounds: 1. **Contractual Performance:** To provision and maintain your software account and deliver SaaS functionality. 2. **Legal Obligation:** To comply with federal regulations, anti-money laundering (AML) protocols, and authorized cross-border Travel Rule pass-through data requirements. 3. **Consent:** Where you explicitly choose to enable optional platform integrations or third-party features. ## 4. How We Use Personal Data We use your data strictly to manage your SaaS account, enforce our geographic restrictions (geo-fencing), analyze indicative security risks, and pass through data to third-party providers at your explicit instruction (e.g., sending public addresses to integrated On/Off-Ramp providers). We do not engage in monetization, profiling, or selling of user data to third-party marketing networks. ## 5. Data Sharing and Third-Party Providers Because LFG operates purely as an interface, certain features rely on third-party service providers (e.g., Web3Auth for non-custodial MPC key generation, compliance screening partners, and licensed fiat on/off-ramp networks). Your data is only shared with these providers to execute instructions explicitly initiated by you. All processing is bound by strict confidentiality and data-handling agreements under the UAE PDPL. ## 6. Cross-Border Transfers Any transfer of personal data outside the UAE is handled strictly in accordance with Article 22 of the UAE Data Protection Law, utilizing appropriate technical and organizational safeguards (including standard contractual clauses and end-to-end data encryption) to ensure international data integrity. ## 7. Data Retention Periods * **Identity & Onboarding Logs (KYC/KYB):** Retained for a minimum of five (5) years post-account closure to fulfill global anti-financial crime and compliance record-keeping baselines. * **SaaS Transaction Logs & Metadata:** Retained for seven (7) years for internal organizational auditing and dashboard stability. * **System Backups:** Automatically overwritten or purged every ninety (90) days. ## 8. Data Security Measures LFG implements industry-standard technical controls to defend your information, including AES-256 encryption for data at rest, TLS 1.2+ for data in transit, role-based internal access controls, and strict multi-factor authentication (MFA) requirements for administrative systems. ## 9. Your Rights Under the UAE PDPL Subject to certain statutory limitations under UAE Federal Law, you possess explicit rights regarding your personal data: * **Right to Access:** You may request confirmation of processing and a machine-readable copy of your data records. * **Right to Rectification:** You can request immediate correction of inaccurate or incomplete information. * **Right to Erasure (Right to be Forgotten):** You may request deletion of data when it is no longer required for contractual, legal, or audit compliance. * **Right to Object/Restrict:** You may object to automated software processing or restrict specific data handling workflows. To exercise any of these rights, contact our privacy team at . ## 10. Support & Complaints If you have a concern or complaint regarding how your data is managed, please contact us at . We acknowledge all inquiries within five (5) business days and aim to provide a final resolution within thirty (30) days. If we cannot resolve your issue directly, you retain the legal right to escalate the matter to the **Emirates Data Office** (the central supervisory authority under the UAE PDPL). ## 11. Corporate Details & Jurisdiction The Services are governed exclusively by the laws of the United Arab Emirates. Any dispute arising out of this Privacy Policy or our data workflows shall be referred exclusively to the competent authorities and courts of Dubai, UAE. * **Corporate Address:** Layer Flow Gateway FZCO, Level 17, Sheikh Rashid Tower, Dubai World Trade Centre, Dubai, UAE. ## Plain-English Summary (Non-Binding) We collect the absolute minimum data required to run, secure, and geo-fence our non-custodial software platform. We have zero visibility over your private keys and cannot touch your funds. We share metadata only when you instruct us to (such as interacting with an on-ramp) or when strictly necessary for regulatory pass-through (like the Travel Rule). We operate out of Dubai and strictly adhere to UAE and international privacy standards. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://help.getlfg.app/p/agreements/regulatory-position-statement.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.