Privacy Policy

OneKey is a product of Keyone Solution Ltd., an International Business Corporation incorporated in the Federation of Saint Christopher and Nevis under the Nevis Business Corporation Ordinance Cap 7.01, Certificate of Incorporation No. C 63589.

Registered office: Unit 5, Long Stone House, PO Box 1200, Main Street, Charlestown, Nevis.

For all questions about this Privacy Policy or your personal data, write to us at info@onekey.help.

This Privacy Policy applies to the OneKey website, mobile application, Telegram mini-app and any related services (together, the “Services”). It explains what information we collect, why we collect it, who we share it with, and what rights you have over it.

OneKey is a non-custodial service. Your private keys remain on your device and we never have technical access to your funds. This Policy describes only the information we do receive — primarily around identity verification, card issuance and customer support.

We collect the following categories of information:

• Identity data (KYC). When you apply for a card, our regulated card issuer collects your full name, date of birth, nationality, residential address, government-issued identity document (passport or national ID) and a live selfie. This is required to comply with anti-money-laundering (AML) and know-your-customer (KYC) laws.
• Contact data. Email address, phone number and any other contact details you provide when you sign up or write to support.
• Wallet data. Your public blockchain addresses and transaction hashes for the deposits you make to fund the card. We never receive your seed phrase, private keys or wallet password.
• Card and transaction data. Card identifiers (last four digits, masked PAN), top-up amounts, merchant name and category, transaction time, location and amount in the local currency.
• Device and usage data. IP address, device model and OS, language, app version, crash logs, and basic interaction analytics that help us improve the product.

We use the information we collect to:

• provide, maintain and improve the Services;
• verify your identity and meet our KYC, AML and counter-terrorism financing obligations;
• issue and manage your virtual card and process your transactions;
• detect, prevent and investigate fraud, abuse and security incidents;
• respond to your support requests and notify you about service issues;
• send you essential service messages (you cannot opt out of these);
• comply with applicable laws and respond to lawful requests.

We do not sell your personal data and we do not use it for behavioural advertising.

We share your data only with parties that need it to provide the Services:

• Card issuer and payment networks (e.g. our regulated card-issuing partner and Visa) — to issue your card and process payments.
• KYC / identity verification provider — to verify your identity documents and selfie. They process the data as our sub-processor under contractual obligations.
• Cloud and infrastructure providers — to host the Services and store data securely.
• Analytics and crash-reporting providers — to monitor app stability and usage in aggregated, pseudonymous form.
• Law enforcement, regulators and courts — when we are legally required to do so.

Because OneKey is non-custodial, there are several things we cannot access, recover or disclose, even if compelled:

• your private keys, seed phrase or wallet password;
• the balance of any wallet beyond what you have shared with us;
• your activity on chains or dApps you use outside OneKey.

Keep your seed phrase safe. If you lose it, no one — including us — will be able to recover your funds.

We keep personal data only as long as we need it for the purposes set out in this Policy, or as required by law. As a regulated financial product, KYC and transaction records are typically retained for at least 5 years after the end of the customer relationship, in line with applicable AML legislation.

Support tickets and contact information are kept for up to 3 years from your last interaction. Crash and analytics logs are kept for up to 12 months in identifiable form.

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• request deletion of your data, subject to legal retention obligations;
• object to or restrict certain processing;
• receive your data in a portable, machine-readable format;
• lodge a complaint with your local data protection authority.

To exercise any of these rights, write to us at info@onekey.help. We will respond within 30 days.

We use industry-standard safeguards to protect your data: encryption in transit (TLS 1.2+) and at rest, scoped access controls, audit logging and regular security reviews. KYC documents are stored encrypted by our identity provider with strict access controls.

No system is perfectly secure. If you believe your account or data has been compromised, contact us immediately at info@onekey.help.

OneKey is operated from Nevis, and our service providers may be located in the European Economic Area, the United Kingdom, the United States and other jurisdictions. Where we transfer personal data internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) to ensure your data is adequately protected.

The Services are not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, contact us and we will remove it.

Our website uses a small number of strictly necessary cookies and local storage entries to remember your theme preference and to detect sessions. We do not use third-party advertising cookies. Analytics, where enabled, is aggregated and pseudonymous.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, if the changes are material, notify you in the app or by email. Continued use of the Services after changes take effect means you accept the updated Policy.

Questions, requests or complaints about this Privacy Policy should be sent to:

Keyone Solution Ltd.
Unit 5, Long Stone House, PO Box 1200, Main Street, Charlestown, Nevis
Email: info@onekey.help