Privacy Policy

1. Information We Collect

Clova Financial Inc. ("Clova," "we," "us") collects information necessary to provide our crypto and gift card exchange services. This includes:

• Account Information: Name, email address, phone number, and government-issued ID for KYC/AML compliance.
• Transaction Data: Crypto wallet addresses, gift card details, transaction amounts, timestamps, and payout methods.
• Device & Usage Data: IP address, browser type, device model, operating system, and app interaction data for security and analytics.
• Cookies & Local Storage: Session tokens, preferences, and analytics identifiers stored locally on your device.

2. How We Use Your Information

• To process crypto trades and gift card exchanges
• To verify identity and comply with KYC/AML regulations
• To detect and prevent fraud, money laundering, and unauthorized access
• To send transaction notifications and account alerts
• To improve our services, UI/UX, and develop new features
• To comply with legal obligations and regulatory requirements

3. Data Sharing & Third Parties

We do not sell your personal data. We share information only with:

• Payment processors to facilitate fiat payouts
• Blockchain networks for on-chain transaction verification
• Identity verification providers (e.g., Onfido, Jumio) for KYC
• Regulatory authorities when required by law
• Analytics tools (Google Analytics, Mixpanel) with anonymized data only

4. Data Security

We employ industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, multi-signature cold storage for crypto assets, role-based access controls, continuous security monitoring, and regular third-party penetration testing. Despite these measures, no system is 100% secure — we recommend enabling 2FA on your account.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. KYC data is retained for a minimum of 5 years after account closure per regulatory requirements. Transaction logs are retained for 7 years.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal retention requirements)
• Object to or restrict processing of your data
• Data portability — receive your data in a structured, machine-readable format

To exercise these rights, contact us at privacy@clova.cc. We respond within 30 days.

7. Cookies

We use essential cookies for authentication and security, and analytical cookies to understand usage patterns. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect app functionality.

8. Children's Privacy

Clova is not available to individuals under 18 years of age. We do not knowingly collect data from minors. If we discover such data, we delete it immediately.

9. International Data Transfers

Your data may be transferred to and processed in jurisdictions outside your country of residence. We ensure appropriate safeguards (Standard Contractual Clauses, adequacy decisions) are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or in-app notification at least 30 days before taking effect. Continued use of Clova after changes constitutes acceptance.

11. Contact Us