Back to Home

Політика конфіденційності

Last updated: 10/04/2026  ·  Version 1.0

1. Introduction

This Privacy Policy explains how Blur collects, uses, stores, shares, and otherwise processes personal information and personal data in connection with our website, Telegram bot, Telegram mini application, mobile and web-based interfaces, wallet services, card services, customer support channels, compliance operations, and related products and services (collectively, the "Services").

This Privacy Policy is intended to provide clear and transparent information about how we process information relating to identified or identifiable individuals, including customers, prospective customers, authorised users, website visitors, business contacts, and persons contacting us for customer support or compliance-related matters.

Our Services may include crypto-funded payment functionality, wallet functionality, card issuance and card management features, balance display, funding and settlement functionality, digital wallet provisioning (including Apple Pay and other supported wallet solutions), payment processing features, transaction monitoring, customer support, security controls, and compliance-related checks. Users may be able to access certain features through our Telegram bot and embedded mini application, including viewing balances, funding or managing a card, requesting card issuance, and adding an eligible card to a supported digital wallet, subject to product availability, programme rules, legal restrictions, and partner requirements.

Because our Services may be made available globally, including to individuals located in the European Union and the United Kingdom, this Privacy Policy is designed to address the data protection requirements applicable to our Canadian operations and our international user base.

By using our Services, interacting with our website, Telegram bot, mini application, or other interfaces, submitting information to us, opening an account, requesting or using a card product, connecting a wallet, or contacting us in relation to the Services, you acknowledge that your information will be processed in accordance with this Privacy Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal data processed by us in connection with the provision and operation of our Services, including through our website, Telegram bot, Telegram mini application, and any other digital interfaces or platforms made available by the Company.

In particular, this Privacy Policy applies to personal data processed in connection with:

This Privacy Policy does not apply to personal data processed by third parties that are not controlled by the Company, including but not limited to:

Such third parties may process your personal data under their own privacy policies and legal terms. We recommend that you review those policies before using their services or interacting with them through our platform.

3. Applicable Privacy and Related Compliance Regimes

3.1 Canadian privacy framework

As a Canadian company, we process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to private-sector organisations that collect, use, or disclose personal information in the course of commercial activities.

In addition, certain Canadian provinces have enacted private-sector privacy laws that are recognised as substantially similar to PIPEDA, including the laws of Alberta, British Columbia, and Quebec. Where applicable, such provincial legislation may govern specific processing activities depending on the location of the individual and the nature of the processing.

Where we collect personal information through digital or technological means from individuals located in Quebec, we aim to ensure that this Privacy Policy is presented in a clear, accessible, and understandable manner, in line with applicable legal expectations.

3.2 GDPR and UK GDPR

As our Services may be made available to individuals located in the European Union and the United Kingdom, we may be subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR, including their extra-territorial application.

Where these laws apply, we process personal data in accordance with the core data protection principles, including lawfulness, fairness, and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability.

We also aim to provide privacy information in a clear and user-friendly format, including through layered notices within our website, Telegram bot, mini application, and other interfaces where relevant.

3.3 AML, sanctions, card scheme, and related compliance frameworks

We operate in an environment where privacy obligations interact with other legal and regulatory obligations, including obligations relating to anti-money laundering and counter-terrorist financing, sanctions compliance, fraud prevention, transaction monitoring, card programme and payment network requirements, dispute and chargeback handling, regulatory reporting, record retention obligations.

Accordingly, in some circumstances we may process personal data not only for service delivery, but also to comply with legal obligations, protect our systems and users, meet partner requirements, or prevent abuse, fraud, or other unlawful activity.

4. Categories of Personal Data We Process

The categories of personal data we process depend on the specific Services you use, the functionality you access (including via our website, Telegram bot, or mini application), your location, the applicable product tier, our legal and regulatory obligations, the behaviour and activity associated with your account, and the requirements imposed by our partners, including payment institutions, card issuers, and compliance service providers.

4.1 Account and profile information

In connection with account creation and ongoing use of our Services, we may process personal data necessary to identify and manage your account and maintain communication with you. This may include your name, username or account identifier, date of birth, country of residence, nationality, and contact details such as your email address or telephone number.

We may also process account-related metadata, including account status, internal reference numbers, preferred language, and communication preferences, in order to provide the Services and maintain user support.

4.2 Identity verification and compliance data

Depending on the nature of the Services used, applicable legal requirements, transaction thresholds, risk indicators, or partner requirements, we may process personal data for identity verification and compliance purposes. This may include information derived from government-issued identification documents, images or copies of such documents, and, where applicable, biometric verification elements such as selfie images or liveness checks.

We may also process information relating to your financial profile or transactional behaviour where required for compliance purposes, including source of funds or source of wealth information, screening results, sanctions and politically exposed person (PEP) checks, and other compliance-related assessments. Additional information may be generated internally, such as verification status, risk scores, compliance notes, case management records, adverse media checks, and enhanced due diligence outcomes. Such processing may occur both at onboarding and throughout the lifecycle of your account.

4.3 Card and payment programme data

Where you use card-related functionality, including virtual or physical cards and integrations with digital wallets such as Apple Pay or similar services, we process personal data necessary to issue, manage, and operate the card. This may include information relating to your card application, card status, tokenised identifiers, provisioning status for digital wallets, and operational data relating to card usage.

We may also process transaction-related data, including authorisation and settlement records, transaction amounts, merchant categories, and merchant descriptors, as well as data relating to declined, blocked, reversed, or disputed transactions. Information related to chargebacks, refunds, and dispute resolution may also be processed as part of the card lifecycle. Where possible, we seek to minimise the processing of sensitive payment data by relying on tokenisation and secure processing arrangements through regulated partners.

4.4 Wallet, crypto, and transaction data

Where you use wallet or crypto-related features, we process data associated with blockchain-based and off-chain transactions. This may include wallet addresses, whitelisted addresses, deposit and withdrawal instructions, transaction hashes, blockchain identifiers, timestamps, transaction values, and asset types.

We may also process internal records related to funding, withdrawals, settlement, liquidity operations, and reconciliation processes. In addition, we may process blockchain analytics data and risk signals, including indicators derived from transaction monitoring tools or compliance providers, to assess transaction risk, detect suspicious activity, and ensure compliance with applicable legal obligations.

4.5 Device, technical, and usage data

When you access or interact with our Services through our website, Telegram bot, mini application, or other interfaces, we may collect and process technical and device-related information. This may include your IP address, device identifiers, operating system, application or browser version, language settings, and device characteristics.

We may also process usage data such as session activity, login events, authentication records, and behavioural interactions with the Services. Technical logs, crash reports, and performance data may be collected to ensure system stability and improve service functionality. In certain cases, we may derive approximate geolocation information from technical data where relevant for security, compliance, or fraud prevention purposes.

4.6 Customer support and communications data

When you interact with us through customer support channels, we may process personal data contained in your communications. This may include support tickets, chat messages, email correspondence, complaint records, and dispute-related communications.

Where applicable and legally permitted, we may also process call recordings and internal notes created by support or compliance personnel. Such data is used to respond to your requests, resolve issues, improve service quality, and maintain records for compliance and audit purposes.

4.7 Marketing and preference data

Where permitted under applicable law, we may process personal data for marketing and communication purposes. This may include information relating to your subscription to newsletters or promotional materials, your communication preferences, and your interactions with marketing campaigns.

We may also process data relating to referral programmes, loyalty schemes, or promotional incentives, where such features are offered. You may opt out of marketing communications at any time in accordance with the instructions provided in such communications or within your account settings.

4.8 Cookies, SDKs, and similar technologies

We and our service providers may use cookies, software development kits (SDKs), pixels, local storage, and similar technologies to collect information about your interactions with our Services. These technologies may be used to support functionality, enhance security, analyse usage, and, where permitted, deliver marketing communications.

Such data may include identifiers, usage patterns, and technical information associated with your device or application environment. Where required by law, we will obtain your consent before using non-essential technologies that store or access information on your device.

5. Sources of Personal Data

We collect personal data from a variety of sources in order to provide our Services, comply with legal and regulatory obligations, ensure security, and maintain the proper functioning of our platform.

In many cases, personal data is collected directly from you when you interact with our Services. This includes situations where you register an account, use our website, Telegram bot or mini application, submit information during onboarding, initiate or complete transactions, request a card, contact customer support, or otherwise communicate with us.

We also collect certain information automatically through your use of the Services. This includes technical, device, and usage-related data generated when you access or interact with our website, application, or other interfaces. Such data may be collected through system logs, security monitoring tools, cookies, SDKs, and similar technologies, and is used for operational, security, and analytical purposes.

In addition, we may receive personal data from third parties involved in the delivery of our Services. This includes payment institutions, card issuers, programme managers, processors, liquidity providers, compliance and identity verification providers, transaction monitoring and blockchain analytics providers, customer support tools, and other technology or infrastructure partners. These parties may provide information necessary to enable transactions, perform compliance checks, prevent fraud, or support the operation of our Services.

We may also obtain data from blockchain networks and related analytical tools where this is necessary to process transactions, verify activity, or assess risk. Given the nature of distributed ledger technologies, certain transaction-related information may be publicly accessible and may be analysed using specialised tools.

Where required for compliance purposes, we may collect or receive information from publicly available sources and official databases, including sanctions lists, politically exposed person (PEP) registers, adverse media sources, fraud prevention databases, and regulatory or law enforcement data sources.

In connection with payment transactions, disputes, or chargebacks, we may also receive data from merchants, acquiring banks, payment processors, card networks, or dispute resolution entities. This information may be used to process transactions, investigate claims, or resolve disputes.

Finally, in the context of business accounts or corporate relationships, we may receive personal data from authorised representatives, directors, beneficial owners, or other individuals acting on behalf of a legal entity.

6. Purposes for Which We Process Personal Data

We process personal data for the purposes of providing, operating, and improving our Services, as well as complying with legal and regulatory requirements and ensuring the security and integrity of our platform.

6.1 Service provision

We process personal data to provide and operate our Services, including creating and managing user accounts, enabling wallet functionality, processing crypto funding and settlement, issuing and managing card products, supporting digital wallet integrations, processing payments and withdrawals, authenticating users, and delivering account-related communications such as notifications and statements.

6.2 Compliance and legal obligations

We process personal data to comply with applicable laws and regulatory requirements, including anti-money laundering and sanctions obligations, transaction monitoring, record-keeping, and responding to lawful requests from regulators, courts, and law enforcement authorities. We may also process data to meet requirements imposed by payment partners, issuers, and card programme providers.

6.3 Fraud prevention, risk management, and security

We use personal data to protect our Services and users by detecting and preventing fraud, identifying suspicious activity, managing risk, and ensuring platform security. This may include applying restrictions, conducting investigations, and responding to security incidents.

6.4 Customer support and dispute management

We process personal data to provide customer support, respond to inquiries, handle complaints, and manage disputes, including chargebacks and transaction-related issues.

6.5 Service improvement and analytics

We analyse personal data to monitor performance, improve functionality, enhance user experience, and support internal reporting and operational decision-making.

6.6 Marketing

Where permitted by applicable law, we may use personal data to send marketing communications, manage promotional or referral programmes, and understand the effectiveness of our communications. You may opt out of such communications at any time.

7. "No-KYC" or Simplified Onboarding Disclosures

Certain features of our Services may be offered with simplified onboarding or reduced data collection requirements, depending on the product design, user tier, and applicable regulatory framework. However, any reference to "No-KYC" or similar terminology should be understood in a limited and contextual sense.

Simplified onboarding does not mean that no personal data is collected, that compliance obligations do not apply, or that identity verification will never be required. Even where reduced onboarding is available, we may still process certain categories of data necessary to operate the Services, ensure security, and comply with applicable requirements. This may include technical and device-related information, transaction data, wallet addresses, blockchain-related metadata, card transaction information, as well as fraud prevention, sanctions screening, and risk assessment indicators.

In addition, we may require identity verification or additional information at any stage of the relationship where this is necessary to comply with applicable laws, regulatory obligations, or partner requirements, or where it is required for security or risk management purposes. This may occur, for example, where transaction thresholds are reached, unusual or potentially suspicious activity is detected, or where our payment partners, issuers, or service providers impose verification requirements.

Accordingly, access to certain features, transaction limits, or continued use of the Services may be subject to additional verification measures. The scope of data collected and the level of verification required may change over time based on legal, contractual, or operational considerations.

8. Automated Decision-Making and Profiling

We may use automated tools, rule-based systems, and risk scoring mechanisms to assess risk, detect fraud, monitor transactions and wallet activity, and support compliance and security processes. This may involve profiling based on transaction patterns, wallet behaviour, device and technical indicators, sanctions screening results, fraud alerts, and other behavioural or risk-related signals.

As a result of such processing, certain actions may be taken automatically or semi-automatically, including requesting additional information or verification, applying account or transaction restrictions, reviewing or declining card issuance, delaying or rejecting transactions, or, where necessary and permitted by law, suspending or closing an account.

Where required under applicable data protection laws, we will provide additional information about such processing and the rights available to you in relation to automated decision-making.

9. Blockchain-Specific Privacy Disclosures

Certain features of our Services may involve the use of blockchain or distributed ledger technologies that are public, decentralised, and not controlled by the Company.

Where you use wallet functionality, crypto funding, withdrawals, settlement, or blockchain-linked transactions, certain information may be recorded on a blockchain network. This may include wallet addresses, transaction hashes, timestamps, asset types, and transaction amounts. Depending on the context, such data may be publicly accessible.

Due to the nature of blockchain technology, records written to a blockchain are generally immutable or difficult to modify. As a result, we may not be able to delete, amend, or restrict access to data that has been recorded on a public blockchain. For this reason, we seek to minimise the use of personal data on-chain and, where possible, store user-identifying information off-chain under controlled environments.

We may retain off-chain records related to blockchain activity for operational, compliance, reconciliation, and support purposes. However, certain data subject rights, such as the right to erasure, may be limited where the relevant data is stored on a blockchain outside our control.

Where public keys, wallet addresses, transaction metadata, hashed values, or encrypted records can reasonably be linked to an identifiable individual, we may treat such data as personal data and process it in accordance with applicable data protection laws.

10. Card Ecosystem and Digital Wallet Disclosures

Our card-related Services operate within a broader payment ecosystem involving multiple independent entities, each of which may process personal data in connection with card issuance, payment authorisation, transaction processing, settlement, dispute handling, tokenisation, fraud prevention, and programme administration.

Depending on the structure of the card programme, your personal data may be processed by various participants in the payment chain, including the card issuer or BIN sponsor, programme manager, card processor, payment networks (such as Visa or Mastercard), merchant acquirers and processors, dispute resolution providers, and digital wallet or tokenisation providers.

Where you choose to add your card to a digital wallet, such as Apple Pay, Google Pay, or similar services, your card details may be replaced with a tokenised or device-specific identifier for transaction purposes. This means that, during payments, the underlying card number is not shared with merchants, thereby enhancing security and reducing exposure of sensitive payment data.

Each of these entities may act as an independent controller or processor of personal data in accordance with their own legal and regulatory obligations. We recommend that you review the privacy policies of such third parties to understand how your data is processed within the broader payment ecosystem.

11. Sharing of Personal Data

We may share personal data with third parties where this is necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, ensure security, and operate within the broader financial and technical ecosystem supporting our platform.

11.1 Programme and payment partners

We may share personal data with entities involved in the operation of our payment and card programmes, including:

These entities may process personal data as part of payment authorisation, settlement, fraud prevention, and programme administration.

11.2 Compliance and security providers

We may share personal data with third-party providers supporting our compliance and risk management functions, including:

11.3 Technology and support providers

We rely on various service providers to support the operation of our Services. These may include:

These providers process personal data on our behalf or in accordance with their own legal obligations, subject to appropriate contractual and technical safeguards.

11.4 Professional advisers and authorities

We may disclose personal data to:

where such disclosure is required or permitted by applicable law.

11.5 Corporate transactions

In the event of a merger, acquisition, financing, restructuring, or sale of assets, personal data may be disclosed to relevant parties as part of the transaction process, subject to appropriate confidentiality and data protection safeguards.

We do not sell personal data in the ordinary sense of selling user information for monetary consideration.

12. International Transfers of Personal Data

As a Canadian company with international users, partners, and service providers, we may process and transfer personal data across borders, including between:

Where required by applicable law, we use appropriate transfer mechanisms and safeguards. Depending on the circumstances, these may include:

Where personal data is transferred from the EU to Canada, such transfers may, where applicable, rely on the European Commission adequacy decision for commercial organisations in Canada. Where personal data is transferred from the UK, we assess whether UK transfer requirements are satisfied, including whether the relevant processing falls within the applicable adequacy framework or requires a separate transfer mechanism.

Where transfers involve jurisdictions not covered by adequacy, we seek to implement contractual and operational safeguards to provide an appropriate level of protection.

13. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods vary depending on the category of data and the purpose of processing. In general:

Retention may be extended where necessary to comply with law, to respond to investigations, to establish, exercise, or defend legal claims, to manage disputes, to enforce our contractual terms, to investigate fraud or abuse.

When retention is no longer required, we seek to delete, anonymise, or irreversibly de-identify data, unless such deletion is not feasible due to legal requirements or the nature of blockchain records.

14. Security Measures

We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

Such measures may include:

Where payment card data environments are involved, relevant programme participants or providers may operate in accordance with payment security standards, including PCI DSS-aligned requirements, where applicable.

No method of transmission or storage is completely secure. Therefore, while we take reasonable and proportionate steps to protect your information, we cannot guarantee absolute security.

15. Your Privacy Rights

Depending on your location and the laws that apply to you, you may have some or all of the following rights in relation to your personal data:

These rights are not absolute and may be limited where processing is necessary to comply with legal obligations, prevent fraud, protect security, retain records required by law, or where certain data is recorded on a blockchain beyond our practical control.

To exercise your rights, please contact us using the details set out in this Privacy Policy. We may request information necessary to verify your identity before responding.

16. Marketing Choices

Where we send marketing communications, you may opt out at any time by:

Even if you opt out of marketing communications, we may still send you service, security, legal, compliance, or account-related messages where necessary.

17. Children and Minors

Our Services are not intended for children, and we do not knowingly offer or provide our Services to individuals who are not legally permitted to use them under applicable law.

If we become aware that we have collected personal data from a child or minor in violation of applicable law or our programme rules, we may take steps to delete the data, restrict the account, or seek additional information from the parent, guardian, or user, as appropriate.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, partner arrangements, technology, or business operations.

When we make changes, we will publish the updated version on our website and update the "Last updated" date above. Where required by law or where changes are material, we may provide additional notice through the application, by email, or by other appropriate means.

Your continued use of the Services after an updated Privacy Policy becomes effective may be treated as acknowledgement of the updated Policy, to the extent permitted by law.