Privacy Policy
Last updated: 5 May 2026
1. Operator
ComplyVASP is operated by an individual based in Singapore. For privacy-related inquiries, contact us at s27307571@gmail.com.
2. Data We Collect
When you sign in (via Google OAuth or email magic link), we collect:
- Name and email address
- Profile picture URL (Google sign-in only)
- Google account identifier (Google sign-in only)
We also store the following data generated during your use of the Service:
- VASP screening reports and due diligence reports you generate
- KYA agent configurations, permission grants, and audit logs
- API keys you create (stored as one-way hashes; the plaintext key is shown only once at creation)
- Rate limit and usage logs for quota management
3. Purpose of Collection
- To authenticate your account and maintain your session
- To associate screening reports and agent configurations with your account
- To manage usage limits per account tier and enforce API rate limits
- To provide programmatic access via API keys
- To respond to support inquiries
4. Third-Party Services
We use the following third-party services to operate ComplyVASP:
- Google OAuth — authentication
- Neon (PostgreSQL) — database hosting (US)
- Vercel — application hosting (US)
- Anthropic / Google Gemini / Perplexity / SerpAPI — AI and research features (VASP names and compliance-related queries are sent; no account personal data is sent)
- Etherscan API — on-chain data retrieval; wallet addresses you submit are sent to this service
- Chainalysis Public Oracle — wallet sanctions screening; wallet addresses are queried on-chain
- GLEIF API — LEI (Legal Entity Identifier) lookup; company names you submit are sent to this service
- Public blockchain RPCs (7 chains) — multi-chain balance and wallet checks; wallet addresses are queried
- OFAC SDN / OpenSanctions (UN, EU, UK) — sanctions data synced and stored locally; entity names you search are matched against this local database
- Google AdSense — advertising (may use cookies to serve relevant ads based on your visits to this and other websites)
5. Data Retention
Your account data and screening history are retained for as long as your account is active. You may request deletion at any time by emailing s27307571@gmail.com. We will action deletion requests within 30 days.
6. Your Rights (PDPA)
Under Singapore's Personal Data Protection Act (PDPA), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Withdraw consent and request deletion of your data
To exercise these rights, email s27307571@gmail.com.
7. Cookies & Sessions
We use an HTTP-only session cookie to maintain your login state. We may also use Google AdSense to display advertisements on this site. Google AdSense may use cookies and web beacons to serve ads based on your prior visits to this website or other websites. You may opt out of personalised advertising by visiting Google Ads Settings.
8. Governing Law
This policy is governed by the laws of Singapore, including the Personal Data Protection Act 2012 (No. 26 of 2012).
9. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance.