The information we collect depends on the service type, account status, compliance requirement, and business scenario.

• Account and login information, including name, email, phone, credentials, account type, language preference, security settings, two-factor status, and account activity.
• Individual identity information, including identity documents, passport information, selfie or liveness data, address proof, occupation, tax information, source of funds, transaction purpose, and risk questionnaire data.
• Business verification information, including company name, registration details, business address, directors, shareholders, ultimate beneficial owners, controllers, authorized representatives, business background, website materials, operating evidence, uploaded files, and review status.
• Account and transaction information, including bank account applications, multi-currency account data, deposits, withdrawals, collections, remittance, FX exchange, crypto exchange, digital-asset transfers, card issuing and usage, acquiring orders, refunds, fees, balances, statements, reports, and transaction details.
• Digital-asset and on-chain information, including wallet addresses, networks, transaction hashes, address labels, Travel Rule information, KYT risk results, and blockchain transaction status.
• Device and technical information, including IP address, device model, operating system, browser, access time, page views, cookies, logs, sessions, errors, and security events.
• Communication and support information, including form messages, tickets, emails, calls, chats, notification preferences, complaints, disputes, and business context needed to support you.

We use information to operate accounts, provide services, manage risk, support users, and meet legal or contractual obligations.

• Create, authenticate, verify, and maintain your Oceafin account.
• Complete KYC, KYB, KYT, Travel Rule, sanctions screening, anti-fraud, anti-money laundering, and counter-terrorist financing reviews.
• Process requests for account opening, global remittance, collections, FX exchange, crypto exchange, MPC wallet, card issuing, fiat and digital-asset acquiring, and related services.
• Record orders, transactions, statements, reports, approvals, follow-up requests, refunds, disputes, support cases, and operational progress.
• Assess transaction risk, account risk, device risk, abnormal login, suspicious activity, and service misuse.
• Send account notices, transaction notices, review results, follow-up requests, security alerts, service updates, and support replies.
• Improve the website, app, dashboards, risk rules, support process, product experience, and operating efficiency.
• Meet contract, partner institution, audit, regulatory, legal, or dispute-resolution requirements.

We do not sell personal information. We may share information where necessary to provide services, complete compliance review, protect accounts and funds, or meet legal obligations.

• Banks, payment institutions, card issuers, acquirers, clearing networks, FX providers, and digital-asset service partners.
• Identity, business, sanctions, KYC/KYB, KYT, Travel Rule, chain analytics, and risk service providers.
• Cloud, storage, communication, customer support, email, SMS, security monitoring, log analysis, and technical operations providers.
• Auditors, accountants, legal and compliance advisers, regulators, courts, law enforcement, or other authorities where required by applicable law.
• Third parties authorized by you or necessary to complete a service request you initiated.

We may use cookies, pixel tags, local storage, and similar technologies to maintain sessions, remember language preference, measure site performance, detect abnormal access, improve security, and enhance service experience. You can manage or delete cookies in your browser settings, but some features may not work normally if cookies are disabled.

Oceafin services involve cross-border accounts, payments, compliance review, digital-asset transactions, cloud services, and customer support. Your information may be accessed, stored, or processed outside your country or region. We use contracts, access controls, encryption, audit, and least-privilege measures according to applicable law and business security needs.

We retain information according to business purpose, account relationship, contractual obligations, audit needs, regulatory requirements, and applicable law. KYC/KYB, transaction, accounting, risk, report, support, audit, and compliance records may be retained after account closure or service termination. When retention is no longer needed, we delete, anonymize, or otherwise process the information reasonably.

We use encrypted transmission, access control, authentication, two-factor authentication, log audit, permission separation, security monitoring, anomaly detection, and least-privilege practices. No internet or electronic storage method is absolutely secure. If you notice abnormal account activity, device loss, data exposure risk, or unauthorized transactions, contact us immediately.

Where applicable law allows, you may request access, correction, deletion, restriction, withdrawal of consent, account closure, or a copy of your personal information. We evaluate requests based on account status, identity verification, compliance obligations, audit requirements, disputes, and legal duties. Some records may not be immediately deleted due to anti-money laundering, transaction, accounting, risk, or regulatory obligations.

Oceafin services are intended for individuals, businesses, and merchants with full legal capacity. We may update this policy as business, product, partner, or legal requirements change. Questions about this policy, personal information handling, account security, or data-right requests can be sent to privacy@oceafin.com.