Unicorn Currencies Ltd and Unicorn Currencies Limited (together, "Unicorn Currencies," "we," "us," "our") provide cross‑border payment and multi‑currency account services in partnership with FCA‑authorised payment institutions (our "partnered service providers"). We act as data controller for the personal data described in this notice unless stated otherwise.
Registered office: Silverstream House, Fitzroy St, London W1T 6EB, UK
Contact: info@unicorncurrencies.com | +44 020 8064 0818
UK ICO Registration No.: ZB123456
FINTRAC MSB No.: C100000159
This Policy explains how we collect, use, disclose and safeguard personal data when you:
- • use our website, apps or APIs;
- • open or operate a Unicorn Currencies account;
- • use our free business tools; or
- • otherwise interact with us (e.g., phone, email, social media).
It applies to individuals anywhere in the world, but additional region‑specific disclosures (e.g., California, Canada) appear in Schedule B.
| Category | Examples | Source |
|---|---|---|
| Identity Data | Name, date of birth, government ID, selfie image | You / KYC providers |
| Contact Data | Address, email, phone, social handles | You |
| Financial Data | Bank account numbers, card PAN (tokenised), account balances | You / your bank |
| Transaction Data | Payment amounts, currency, FX rate, beneficiaries, invoices | Generated by service |
| Technical Data | IP address, device ID, browser type, cookies, crash logs | Your device / analytics vendors |
| Usage Data | Page views, tool interactions, API logs | Generated by service |
| Marketing Prefs | Opt‑in status, comms channels | You |
We do not intentionally collect children's data (under 18). If you believe we have done so, contact us immediately.
| Purpose | Legal Basis (UK GDPR art. 6) | Key Activities |
|---|---|---|
| Account creation & KYC | 6(1)(b) contract; 6(1)(c) legal obligation | Identity verification, sanctions screening, risk scoring |
| Payment execution | 6(1)(b) contract | Process FX trades, send/receive funds, generate confirmations |
| Compliance & fraud prevention | 6(1)(c) legal obligation; 6(1)(f) legitimate interests | AML/CTF monitoring, reporting to regulators, record‑keeping |
| Platform security | 6(1)(f) legitimate interests | Login authentication, 2FA, intrusion detection |
| Product analytics | 6(1)(f) legitimate interests; cookie consent (6(1)(a)) | Usage trends, feature improvement, debugging |
| Marketing | 6(1)(a) consent (where required); 6(1)(f) legitimate interests | Email updates, surveys, promotions (opt‑out anytime) |
Where we rely on legitimate interests, we balance your privacy rights and expect minimal privacy impact.
We share data only when necessary:
- • Partnered service providers – FCA‑authorised institutions that execute payments and safeguard funds.
- • KYC / fraud vendors – identity verification, sanctions and PEP screening, fraud‑signal platforms.
- • Banks & payment schemes – to route payments (SWIFT, SEPA, Faster Payments, card networks).
- • Analytics & infrastructure partners – AWS, logging, crash reporting, cookie analytics (pseudonymised where possible).
- • Authorities – FCA, FINTRAC, HMRC, law‑enforcement, courts, as legally required.
Cross‑border transfers are protected by UK IDTA / EU SCCs or adequacy decisions. A copy of relevant transfer safeguards is available on request.
We use:
- • Essential cookies – site login, session security.
- • Analytics cookies – aggregated usage stats (e.g., Google Analytics in COIP‑anonymised mode).
- • Marketing cookies – only if you consent (banner opt‑in).
See Cookie Notice at unicorncurrencies.com/cookies for details and consent controls.
| Data type | Retention period |
|---|---|
| KYC records & transactional data | 5 years after account closure (UK MLR 2017) |
| Marketing preferences | Until opt‑out + 30 days |
| Analytics logs | 26 months rolling window |
| Inactive leads (no account) | 12 months from last contact |
We may keep records longer if required for legal claims or regulatory orders.
- • Access – obtain a copy of your data.
- • Rectification – correct inaccurate data.
- • Erasure – request deletion (subject to legal obligations).
- • Restriction – pause processing in limited cases.
- • Portability – receive data in machine‑readable form.
- • Object – object to direct marketing or processing based on legitimate interests.
- • Withdraw consent – at any time for optional processing.
Exercise rights by emailing info@unicorncurrencies.com. We respond within 30 days. You may lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local regulator.
- • ISO 27001‑aligned ISMS; data encrypted in transit (TLS 1.3) and at rest (AES‑256).
- • Role‑based access controls & MFA for staff.
- • Annual penetration testing and 24 × 7 SOC monitoring.
- • Vendor due‑diligence and contractual data‑processing clauses.
We may update this Privacy Policy from time to time. We will notify you by email or in‑app notice and post the revised version with a new "Effective Date." Continued use of the Services after notice constitutes acceptance.
Questions, requests or complaints:
Privacy & Compliance Team
Unicorn Currencies Ltd | Unicorn Currencies Limited
Silverstream House, Fitzroy St, London W1T 6EB, UK
- • "personal data" – any information relating to an identified or identifiable individual.
- • "controller" – entity that determines the purposes and means of processing personal data.
- • "processor" – entity that processes personal data on behalf of a controller.
- • "legitimate interests" – a lawful basis where processing is necessary for a controller's reasonable interests, balanced against the data subject's rights.
California (CCPA)
We do not sell personal information. See additional rights at unicorncurrencies.com/privacy‑ccpa.
Canada (PIPEDA)
Personal data may be processed in the UK/EU; questions may be directed to our Privacy & Compliance Team above.
© 2022 Unicorn Currencies Ltd & Unicorn Currencies Limited – All rights reserved.