Privacy policy

1. Data we process

We collect: email, first and last name, organization identifier, KYC identity hash, technical audit logs. No private keys are ever stored server-side — sensitive sessions are protected by WebAuthn passkeys.

2. Purposes

• KYC/AML/sanctions compliance (legal retention: 5 years).
• Billing and accounting (legal retention: 10 years).
• Support and product improvement (12 months max).

3. Legal basis

Performance of contract (art. 6.1.b GDPR), legal obligation (KYC/AML), legitimate interest (security, fraud prevention).

4. Sub-processors

• HostMyServers (FR) — bare-metal hosting.
• Certified KYC/KYB partner (EU).

5. Your rights

Access, rectification, deletion, portability, objection, withdrawal of consent. Response window: 30 days. Contact: privacy@abyxo.app. Complaint to the CNIL: cnil.fr.