Privacy Policy

Last updated: May 25, 2026

1. Introduction

GreatX ("we," "us," or "our") operates the GreatX platform, a tokenized real estate investment platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, platform, and related services.

2. Information We Collect

We collect the following categories of information:

  • Identity Information: Full legal name, date of birth, nationality, government-issued ID (passport, driver's license), and photographs for KYC/AML verification.
  • Contact Information: Email address, phone number, physical address.
  • Financial Information: Bank account details, wallet addresses, investment history, accreditation status, source of funds documentation.
  • Technical Information: IP address, browser type, device identifiers, usage data, and cookies as described in our Cookie Policy.
  • KYC/AML Data: Identity verification results, watchlist screening results, risk assessments, and compliance documentation as required by applicable regulations.

3. How We Use Your Information

  • To verify your identity and comply with KYC/AML regulations (Reg D/S, VARA)
  • To process investments, yield distributions, and redemptions
  • To maintain and secure your account and wallet
  • To communicate platform updates, new property listings, and account activity
  • To detect and prevent fraud, unauthorized access, and money laundering
  • To comply with legal obligations and regulatory requirements
  • To improve our platform, services, and user experience

4. Third-Party Service Providers

We share information with trusted third-party service providers who assist in operating our platform:

  • BitGo: Institutional custody and wallet infrastructure for digital asset management.
  • Sumsub: Identity verification (KYC) and anti-money laundering (AML) screening.
  • Templum: Tokenization, compliance reporting, and alternative trading system services.
  • Scintilla: VARA-regulated investor onboarding and jurisdiction routing.

These providers are contractually obligated to protect your data and may only use it for the specific services they provide to us.

5. Data Retention

We retain your personal information for as long as your account is active and as required by applicable regulations. KYC/AML records are retained for a minimum of 5 years after account closure, as required by financial regulations. You may request deletion of non-regulatory data by contacting us.

6. Data Security

We implement industry-standard security measures including encryption at rest and in transit, multi-factor authentication, role-based access controls, and regular security audits. Digital assets are secured through BitGo's institutional-grade multi-signature custody infrastructure.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data. To exercise these rights, contact us at [email protected].

8. International Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the United Arab Emirates. We ensure appropriate safeguards are in place for all cross-border data transfers.

9. Contact Us

For questions about this Privacy Policy or our data practices, contact our Data Protection Officer at [email protected].