DATA PRIVACY POLICY OF ABROAD FINANCIAL TECHNOLOGIES LTD
Effective Date: February 1, 2025
Last Updated: October 25, 2025
This Privacy Policy explains how Abroad Financial Technologies Ltd (“Abroad”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information. By accessing or using our services, you acknowledge that you have read and understood this policy and consent to the processing of your data as described herein.
1. Overview
This Privacy Policy explains how Abroad Financial Technologies Ltd (“Abroad”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data in compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Abroad provides technological infrastructure (APIs) that connects digital wallets, fintech companies, and financial institutions, enabling payment, conversion, and liquidity operations using both blockchain and traditional finance rails.
We operate globally from the United Kingdom, with partnerships in Colombia (through Traguatan S.A.S.) and Brazil (through a licensed local partner). Abroad acts as Data Controller for all personal data processed under its infrastructure.
2. Data Processing Scope
Abroad does not directly serve retail consumers but processes data for compliance, transaction verification, and operational security related to its B2B clients and their users. This includes:
Identity verification (KYC and KYB) via withpersona.com.
Transaction monitoring and risk analysis (AML/CFT and KYT compliance).
Integration with licensed financial entities for fund custody and settlement.
3. Data Controller
Abroad acts as the data processor for our clients (digital wallets and other payment service providers) with the technology that we process. Our clients are the data controllers who determine the purposes and means of processing personal data.
If you are a user of a digital wallet or payment service provided by one of our clients, please refer to their privacy policy for details on how they collect, use, and store your personal data.
4. Information We Collect
As a payment infrastructure provider, we do not collect personal data directly from end-users (such as consumers). However, we collect the following types of information from our clients:
Client and Service Provider Information: Business name, contact details, account information, and other administrative data related to our relationship with the client.
Payment Information: Transaction details, including payment amounts, timestamps, and blockchain-related data required to facilitate payments.
Technical Data: Information related to the interactions between our platform and the client’s system, such as IP addresses, device identifiers, and blockchain transaction identifiers.
Financial and transactional data (wallet addresses, transaction history, risk indicators.
Behavioral and risk profiling (source of funds, transactional patterns, KYT alerts)
Verification data: identity information and screening lists processed through withpersona.com.
5. How We Use Your Data
We use the information we collect solely for the following purposes:Since we do not process personal data directly from end-users, any personal data required for the execution of payments is processed and managed by our clients.
To provide payment infrastructure services to our clients, enabling the execution and distribution of payments via blockchain technology.
To ensure the secure operation and functionality of our payment platform, including transaction processing and troubleshooting.
To communicate with our clients about service updates, improvements, and support-related matters.
We process personal data strictly for legitimate and clearly defined purposes, including: Verifying identity and assessing risk profiles (KYC, AML, and KYT procedures), Monitoring and understanding user transaction behavior, Enabling client compliance with regulatory obligations, Detecting, preventing, and responding to fraud or illicit activities, Enhancing, maintaining, and improving our platform and services, Providing technical support and client communications.
Since we do not process personal data directly from end-users, any personal data required for the execution of payments is processed and managed by our clients.
6. Legal Basis for Processing Your Data
Under the GDPR, we process personal data based on the following legal basis:
Contractual Necessity: The processing of data is necessary for the performance of our contract with our clients, who are responsible for determining how personal data is used.
Legal Obligation: We may need to process certain data to comply with legal obligations, such as anti-money laundering (AML) regulations, fraud prevention, or regulatory reporting requirements.
Legitimate Interests: We may process certain data for purposes of ensuring the security and proper functioning of our services, in alignment with the legitimate interests of both our clients and us, for instance: service performance, fraud prevention, and risk monitoring
7. Data Retention
We retain transaction-related data for as long as necessary to fulfill the purposes for which it was collected, including meeting legal, regulatory, or contractual obligations. Once data is no longer necessary for these purposes, it is securely deleted or anonymized in accordance with our data retention policies.
8. Data Sharing
We do not share personal data with third parties except in the following circumstances:
10. Your Data Protection Rights
With Our Clients: We share transaction data with our clients (digital wallets, payment service providers) to facilitate payments and provide the requested services.
With Service Providers: We may engage third-party service providers to support our infrastructure, such as cloud hosting or IT security services. These providers will only process data in accordance with our instructions and are required to maintain confidentiality and security.
For Legal and Regulatory Compliance: We may share data when required by law, regulation, or legal process, such as responding to subpoenas, court orders, or other legal requests.
Personal data may be shared with:
withpersona.com (identity verification provider).
Licensed financial institutions integrated via Banking-as-a-Service.
Authorities, when required by law or regulation.
Cross-border transfers follow Standard Contractual Clauses (SCCs) and equivalent safeguards.
9. International Transfers
As part of providing our services, personal data may be transferred outside of the European Economic Area (EEA) or the United Kingdom. If data is transferred internationally, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) or other legal mechanisms required by the GDPR or UK GDPR and Data Protection Act 2018 to protect your data.
10. Your Data Protection Rights
As our role is limited to processing data on behalf of our clients, individuals seeking to exercise their rights under the GDPR should contact the data controller (our client) directly.However, if you are a customer of Abroad, and you believe we have data on you, you may contact us directly to make a request related to your rights under data protection laws. These rights include:Personal data may be shared with:
Right of Access: You have the right to request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure: You can request the deletion of personal data under certain circumstances.
Right to Restriction of Processing: You can request a restriction on the processing of your data.
Right to Data Portability: You may request to receive your data in a structured, commonly used format.
Right to Erasure: You can request the deletion of personal data under certain circumstances.
For more information, or to exercise any of these rights, please contact your digital wallet provider or payment service provider directly.
11. Data Protection and Rights
Individuals may request: access, correction, deletion, restriction, or portability of their data by contacting legal@abroad.finance.
All requests will be handled in line with GDPR timelines and standards.
Cross-border transfers follow Standard Contractual Clauses (SCCs) and equivalent safeguards.
9. International Transfers
As part of providing our services, personal data may be transferred outside of the European Economic Area (EEA) or the United Kingdom. If data is transferred internationally, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) or other legal mechanisms required by the GDPR or UK GDPR and Data Protection Act 2018 to protect your data.
10. Your Data Protection Rights
As our role is limited to processing data on behalf of our clients, individuals seeking to exercise their rights under the GDPR should contact the data controller (our client) directly.However, if you are a customer of Abroad, and you believe we have data on you, you may contact us directly to make a request related to your rights under data protection laws. These rights include:
Right of Access: You have the right to request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure: You can request the deletion of personal data under certain circumstances.
Right to Restriction of Processing: You can request a restriction on the processing of your data.
Right to Data Portability: You may request to receive your data in a structured, commonly used format.
Right to Object: You may object to the processing of your personal data.
Data Protection Officer
(Global):Tannia Valenzuela
📧 legal@abroad.finance
For more information, or to exercise any of these rights, please contact your digital wallet provider or payment service provider directly.
11. Data Protection and Rights
Individuals may request: access, correction, deletion, restriction, or portability of their data by contacting 📧 legal@abroad.finance.
All requests will be handled in line with GDPR timelines and standards.
12. Security
We implement appropriate technical and organizational measures to ensure the security of the personal data processed on our platform, including data encryption, secure servers, and access controls. However, as a service provider, we rely on our clients to ensure that personal data is processed securely on their end.
13. Cookies
We use cookies and similar technologies to provide and improve our services, analyze usage, and ensure the security of our platform. You may manage cookie preferences through your browser settings and check our Cookies Policy.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any updates will be posted on this page with the effective date. We encourage you to review this policy regularly to stay informed about how we are protecting your data.
15. Final Notes
By using our services (directly or via a client platform), you consent to the processing, transmission, and analysis of your personal data by Abroad and our verified service providers, in accordance with this policy.
16. Validity
This data privacy policy is effective as of October 21, 2025 and applies to all Services performed from the date of their publication and thereafter.This data privacy policy may be modified from time to time by ABROAD and such modifications shall be deemed applicable to the Services performed after the corresponding modification.
Disclaimer: Applicable Jurisdiction for Users in Colombia
For more information, or to exercise any of these rights, please contact your digital wallet provider or payment service provider directly.
Individuals may request: access, correction, deletion, restriction, or portability of their data by contacting legal@abroad.finance.
All requests will be handled in line with GDPR timelines and standards.
If you reside in Colombia or access our services from within Colombian territory, please note that the processing of your personal data is governed both by this Privacy Policy and by the Personal Data Processing Policy issued by Traguatan S.A.S., in accordance with Colombian data protection regulations, including Law 1581 of 2012, Decree 1377 of 2013, and any other applicable provisions.
Circular 01 of 2025 reinforces the principles of demonstrated responsibility, risk management, and traceability in data processing, as well as the obligation to implement a Comprehensive Personal Data Management Program (PIGD).
By using our services, you provide your prior, express, and informed consent for your personal data to be processed under both policies. In case of any conflict between provisions, the Colombian legal framework will prevail for users located in Colombia.
Abroad Financial Technologies Ltd. acts as the Controller of personal data, while Traguatan S.A.S. acts as the Local Processor for operations in Colombia.
Data Protection Officer (DPO):
Tannia Valenzuela – 📧 legal@abroad.finance