MiCA Whitepaper is now available — review our EU regulatory compliance documentation.Read Now
Barter Bridge is coming — unlock up to 120% of your crypto's value without sellingLearn More
Introducing Expo Bridge — Trade Finance Without BanksExplore
MiCA Whitepaper is now available — review our EU regulatory compliance documentation.Read Now
Barter Bridge is coming — unlock up to 120% of your crypto's value without sellingLearn More
Introducing Expo Bridge — Trade Finance Without BanksExplore
MiCA Whitepaper is now available — review our EU regulatory compliance documentation.Read Now
Barter Bridge is coming — unlock up to 120% of your crypto's value without sellingLearn More
Introducing Expo Bridge — Trade Finance Without BanksExplore
Legal · UK GDPR

Privacy Policy

How Lydia collects, uses, and protects your personal information across the Lydia ecosystem — including Lydia Wallet, USAD, BSW, Barter Bridge, and Expo Bridge.

Effective14 April 2026Last updated14 April 2026

1. Overview

Lydia Investment Holding Limited Company ("Lydia", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our websites, products, and services, including lydiacoins.com, the Lydia Wallet self-custody application, the USAD stablecoin, the BSW token, Barter Bridge, Expo Bridge, and any other online properties that link to this Policy (together, the "Services").

By using the Services you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

2. Who we are (Data Controller)

The data controller responsible for your personal information is:

We are the controller for personal information we collect directly from you through the Services. Where we engage third parties to process personal information on our behalf, those third parties act as our processors under appropriate written agreements. For any additional details about our business or this Policy, please contact us at privacy@lydiacoins.com.

3. Information we collect

We collect the following categories of personal information:

3.1 Information you give us

  • Account and contact details: name, email address, and any other information you submit through forms such as support enquiries, newsletter sign-ups, waitlists, applications (including the Expo Bridge application form), job applications, and feedback.
  • Identity verification (KYC): where required for regulated features (for example, crypto credit cards or certain on-ramp flows), you may be asked to provide government-issued identification, proof of address, selfies, and related documents. KYC is performed by a regulated third-party identity verification provider; we receive a verification result and a minimal set of identifiers from that provider, not the underlying raw documents, except where required by law. The provider processes your documents under its own privacy policy.
  • Payment information: when you purchase tokens or services, our payment processors collect card or bank details directly. We receive only transaction metadata such as success/failure status, masked card data, amounts, currency, and a transaction identifier.
  • Communications: correspondence with our team, including emails, support tickets, and community messages you voluntarily share with us.

3.2 Information collected automatically

  • Device and log data: IP address, device type, operating system, browser type and version, referring URL, pages viewed, timestamps, and error logs.
  • Cookies and similar technologies: see the Cookies section below.
  • Usage data: aggregated, privacy-preserving analytics about how the Services are used (e.g. feature engagement, load times, crash reports).

3.3 On-chain information

Lydia Wallet is a self-custody wallet. This means your private keys and recovery phrase are generated and stored on your device; we never see them, receive them, or hold them on your behalf. Public wallet addresses and the transactions associated with them are recorded on public blockchains and are, by design, visible to anyone. When you interact with the Services we may read public on-chain data (such as balances and transactions) through blockchain infrastructure providers in order to display it to you.

3.4 Information from third parties

  • Identity verification results from our KYC provider.
  • Transaction status data from payment processors.
  • Analytics data from privacy-preserving analytics tools.
  • Public information you choose to share via social platforms (for example, if you contact us through X, Telegram, Discord, or LinkedIn).

4. How we use your information and legal bases

We process your personal information for the purposes below, relying on the UK GDPR legal bases shown in brackets.

  • To provide the Services — create and maintain your account, deliver the Lydia Wallet and related products, process transactions, and respond to requests. (Legal basis: performance of a contract and our legitimate interests in operating the Services.)
  • To comply with legal and regulatory obligations — including anti-money laundering (AML), counter-terrorist financing (CTF), sanctions, tax, accounting, and record-keeping obligations. (Legal basis: legal obligation.)
  • To verify your identity where KYC is required. (Legal basis:legal obligation and performance of a contract.)
  • To prevent fraud, abuse, and security threats and to enforce our Terms. (Legal basis: legitimate interests in protecting Lydia, our users, and the integrity of the Services; and legal obligation.)
  • To improve the Services through aggregated analytics and product research. (Legal basis: legitimate interests in running and developing our business; or consent where required.)
  • To communicate with you about product updates, service messages, and (with your consent) marketing. (Legal basis: legitimate interests for service communications; consent for electronic marketing where required.)
  • To respond to lawful requests from regulators, law enforcement, courts, and other public authorities. (Legal basis: legal obligation or legitimate interests.)

5. Who we share your information with

We keep your personal information to a minimum and only share it where necessary. Categories of recipients include:

  • Identity verification provider — processes and stores identity documents where regulated features require KYC.
  • Technology providers — hosting, database, email, and blockchain-infrastructure providers that run the Services on our behalf. Most of these see only technical data such as server logs, IP addresses, and wallet activity.
  • Professional advisers — lawyers, auditors, and accountants, under confidentiality.
  • Regulators, law enforcement, and public authorities where we are required or permitted by law to share information.
  • Successors in a corporate transaction (merger, acquisition, or sale of assets), under appropriate safeguards.

We do not sell your personal information.

6. International data transfers

Because the Services are delivered globally, your personal information may be transferred to, stored in, or accessed from countries outside the United Kingdom, including the European Economic Area and the United States. Where we transfer personal information from the UK to a country that is not the subject of a UK adequacy regulation, we rely on appropriate safeguards, which typically include:

  • The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
  • The EU Standard Contractual Clauses where transfers originate from the EEA;
  • Other lawful transfer mechanisms available under the UK GDPR.

You can request a copy of the safeguards we use for a specific transfer by contacting us at privacy@lydiacoins.com.

7. How long we keep your information

We keep personal information only for as long as we need it for the purposes described in this Policy, and to meet our legal, accounting, and regulatory obligations. Typical retention periods include:

  • Account data: for as long as your account is active, and for a reasonable period afterwards to allow re-activation and to comply with our legal obligations.
  • KYC and AML records: generally retained for at least five (5) yearsafter the end of the customer relationship or completion of the occasional transaction, in line with UK AML legislation (and longer where required or permitted).
  • Transaction records and financial data: retained for the periods required by UK tax and accounting law (typically six years).
  • Support communications: retained for as long as needed to resolve the matter and for a reasonable period afterwards.
  • Server, security, and fraud-prevention logs: retained for the period needed to detect and investigate incidents, typically between 30 and 365 days.
  • Marketing data: retained until you withdraw consent or object, and for a short period afterwards to honour the opt-out.

When we no longer need your personal information we will delete or anonymise it. Public on-chain data (such as transactions broadcast to a blockchain) is outside our control and cannot be deleted by us.

8. How we protect your information

We implement technical and organisational measures designed to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These include encryption in transit (TLS), access controls, environment hardening, logging, and regular reviews of our security posture. Smart contracts in the Lydia ecosystem are audited by CertiK and additional independent reviewers.

Because Lydia Wallet is self-custody, the security of your recovery phrase and device is ultimately your responsibility. We will never ask you for your recovery phrase or private keys. Anyone who asks you for them is attempting to defraud you.

No method of transmission or storage is perfectly secure. If you believe your interaction with us is no longer secure, please contact us at privacy@lydiacoins.com.

9. Your rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access — to request a copy of the personal information we hold about you.
  • Right to rectification — to have inaccurate or incomplete information corrected.
  • Right to erasure — to request deletion of your personal information in certain circumstances.
  • Right to restriction — to ask us to limit how we use your personal information.
  • Right to data portability — to receive certain information in a portable, machine-readable format.
  • Right to object — to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Right not to be subject to solely automated decisions that produce legal or similarly significant effects on you. We do not currently make such decisions without human review.

You can exercise these rights by emailing privacy@lydiacoins.com. We may need to verify your identity before acting on your request, and we will respond within the timeframes set by applicable law (usually one month).

If you are unhappy with how we have handled your personal information, you can lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint. We'd appreciate the chance to address your concerns before you approach the ICO, so please get in touch with us first.

10. Cookies and similar technologies

We and our service providers use cookies, local storage, and similar technologies to operate the Services, remember your preferences, secure your session, and measure how the Services are used.

  • Strictly necessary — required for the Services to function (for example, authentication and security). These cannot be switched off.
  • Preferences — remember choices such as language and display settings.
  • Analytics — help us understand how the Services are used so we can improve them. We use privacy-preserving analytics configured to minimise data collection.

You can control cookies through your browser settings. Blocking some types of cookies may affect your experience of the Services.

11. Marketing communications

Where required by law, we will only send you direct marketing by email or other electronic means if you have consented. You can opt out at any time by clicking the unsubscribe link in any marketing email, adjusting your preferences, or emailing privacy@lydiacoins.com. Opting out of marketing will not stop service-related messages (for example, security alerts or transaction confirmations).

12. Children

The Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If you believe a child has provided personal information to us, please contact us and we will take steps to delete it.

14. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice (for example, by email or through the Services). We encourage you to review this Policy periodically.

15. Contact us

If you have questions about this Privacy Policy, our privacy practices, or would like additional information about our business, please get in touch:

We will be happy to provide further details on request, including information about our registered entity where relevant.

This Privacy Policy is provided in English. In the event of a conflict between a translated version and the English version, the English version prevails.