Previous version available on request
Translations
Privacy content is being localised across supported markets. The versions below are shown as placeholders for now and can be connected to dedicated translated notices later.
In this notice, "we", "our", and "us" refer to the relevant WiseVault company that provides your service. That company acts as the data controller for the personal data processed in connection with the relevant product, account, or customer relationship.
Where different entities provide different services, the applicable entity can be referenced in onboarding materials, contractual documents, or service-specific appendices.
This can include profile details, personal identifiers, contact information, financial information, identity documents, communications with support, vulnerability-related information, source-of-funds or source-of-wealth details, and guardian or child-related information where a service requires it.
This can include transaction data, device and browser information, permitted geolocation signals, website and app usage data, behavioural biometrics, and information stored on your device or made available through device permissions such as contacts where you choose to enable them.
We may receive information from financial institutions, connected persons, fraud prevention agencies, government or sanctions databases, analytics and advertising providers, and public sources that help us verify identity, assess risk, and provide services safely.
If you use social login or interact with WiseVault on social platforms, we may receive profile data made available by that service, information about those interactions, or public social information used for customer support, marketing, or due diligence where lawful.
WiseVault uses personal data to open and maintain customer relationships, move money safely, support customers, improve products, detect fraud, and comply with financial regulation.
We use personal data when it is necessary to open accounts, move money, maintain services, and fulfil the contract we have with you.
Financial services providers must process certain data to comply with anti-money laundering, fraud prevention, sanctions, tax, accounting, and regulatory rules.
We may use personal data to improve products, defend legal claims, secure systems, and operate the service responsibly where those interests are not overridden by your rights.
In some cases we rely on consent, such as optional marketing, certain cookies, or device permissions. You can withdraw consent where applicable.
Some processing, such as anti-fraud measures and certain financial crime controls, may be required in the substantial public interest under applicable law.
Eligibility, verification, and KYC checks
Legal obligation, contract necessity, substantial public interest
Provide products and services
Contract necessity
Customer support and service quality
Contract necessity, legitimate interests
Discoverability and account connections
Contract necessity, legitimate interests, consent where required
Account safety and fraud prevention
Legal obligation, legitimate interests, substantial public interest
Regulatory compliance and legal enforcement
Legal obligation, substantial public interest
Marketing and analytics
Legitimate interests, consent where required
Maintaining and improving services
Legitimate interests
Supporting vulnerable customers
Substantial public interest, legal obligation, contract necessity
WiseVault operates across markets and may transfer personal data internationally when services, support, fraud prevention, or infrastructure require it. Where local laws restrict transfers, we use lawful mechanisms such as adequacy decisions, standard contractual clauses, the UK addendum, or other recognised safeguards.
We keep personal data only for as long as necessary for the purposes explained in this notice, including legal, regulatory, fraud prevention, accounting, and dispute-handling requirements. Financial institutions often need to retain information after an account is closed, commonly for five to ten years depending on the applicable law. Data is deleted or anonymised when no longer required.
Encrypted communications in transit
Encryption at rest where appropriate
Secure infrastructure, patching, and hardening
Monitoring for malicious activity and suspicious behaviour
Responsible disclosure and vulnerability management
Access controls, staff training, and least-privilege practices
Physical, technical, and organisational safeguards
Independent audits and control frameworks where applicable
You can ask for access to the personal information WiseVault holds about you.
How to exercise it: Contact privacy@wise.com or use in-product support where available.
You can ask us to correct inaccurate or incomplete personal information.
How to exercise it: Update your profile directly where possible or contact support.
You can ask us to erase certain information, subject to legal and regulatory retention duties.
How to exercise it: Submit a privacy request for deletion review.
Where we rely on consent, you can withdraw it at any time without affecting earlier lawful processing.
How to exercise it: Change preferences or contact privacy support.
You can opt out of marketing communications and related profiling used for direct marketing.
How to exercise it: Use unsubscribe links or update communication settings.
You can ask for more information and human review where an automated decision significantly affects you.
How to exercise it: Raise the request through privacy or support channels.
You can object when we rely on legitimate interests, including some analytics or product improvement uses.
How to exercise it: Explain the concern so we can assess the request.
You can request restriction of processing in certain circumstances while a concern is reviewed.
How to exercise it: Submit a privacy request describing the relevant issue.
You can ask for certain data in a portable format where applicable by law.
How to exercise it: Request portability support through privacy@wise.com.
This notice may be revised for legal, operational, product, or best-practice reasons. If changes are significant, we will communicate them through appropriate channels such as the app, website, or direct communications where required by law.
12. Contact
If you have privacy questions, comments, or requests, contact privacy@wise.com. If you are not satisfied with how a concern is handled, you may also have the right to complain to a supervisory authority or relevant data protection authority.
These region-specific sections highlight disclosures or rights that can apply in addition to the main notice. Expand the panels below for the most relevant local provisions.
Where EEA data protection law applies, WiseVault provides the disclosures required by the GDPR, including the categories of recipients that may receive your data, the legal bases relied on, and the safeguards used for restricted transfers.
If you need more information about a specific transfer or recipient category, you can contact privacy@wise.com and request further details where legally permitted.
California residents may have rights to know, access, correct, delete, and limit certain uses of personal information under applicable California privacy laws.
WiseVault does not sell personal information in the ordinary meaning of the term. Where California law treats certain ad-tech sharing as sharing for cross-context behavioural advertising, California residents can exercise available opt-out rights through the methods we provide.
Where Indian privacy law applies, WiseVault may provide additional notices covering categories of data processed, lawful grounds or legitimate uses, complaint and grievance processes, and retention expectations.
Services or data uses that are specific to India can be highlighted separately where local law requires a distinct notice or consent flow.
Where Japanese privacy law applies, WiseVault may disclose the categories of jointly used data, the scope of joint users, management responsibility, and cross-border transfer arrangements in accordance with local requirements.
If you need more detail about overseas transfers or recipient categories relevant to Japan, please contact privacy@wise.com.
WiseVault may share information with fraud prevention agencies and use the information they provide to help verify identities, prevent financial crime, recover debt, and manage fraud risk.
If false or inaccurate information is provided and fraud is identified, details may be passed to fraud prevention agencies and law enforcement in line with UK legal requirements.
Where services are provided by the relevant Mexican entity, WiseVault may provide local transparency wording that explains processing purposes, transfer categories, rights-exercise methods, and local regulator-facing notices required under Mexican law.
Any Mexico-specific rights or disclosures can be expanded in a dedicated local annex as product availability evolves.
