Your privacy matters to us. This policy explains what personal data mbo.finance collects, how we use it, and what rights you have over it. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
mbo.finance Ltd is the data controller responsible for your personal data. We are a financial technology company registered in the United Kingdom, operating the platform at mbo.finance.
If you have any questions about how we handle your data, contact us at support@mbo.finance.
2. What data we collect
2.1 Account information
- Full name and email address
- Password (stored as an encrypted hash — we never see your actual password)
- Date of account creation
2.2 Identity verification (KYC) data
- Date of birth and nationality
- Residential address
- Phone number
- Government-issued ID document (type, number, expiry date)
- Photos of identity documents (front and back)
- Source of funds declaration
2.3 Financial data
- Wallet balances in each currency
- Transaction history (amounts, currencies, dates, recipients)
- Cryptocurrency holdings
2.4 Technical data
- IP address at time of login
- Browser and device information
- Session data
2.5 Communications
- Emails you send to our support team
- Records of email notifications we send you
3. How we use your data
We use your personal data for the following purposes:
- Account management — creating and managing your account, authenticating your identity on login
- Providing services — processing transfers, conversions and crypto transactions
- Identity verification — complying with KYC and AML legal obligations
- Security — detecting and preventing fraud, unauthorised access and suspicious activity
- Communications — sending transaction confirmations, security alerts and service updates
- Legal compliance — meeting our obligations under UK financial regulations
- Customer support — responding to your queries and resolving issues
4. Legal basis for processing
Under UK GDPR, we process your data on the following legal bases:
- Contract performance — processing necessary to provide the services you signed up for
- Legal obligation — KYC/AML verification required by UK financial regulations
- Legitimate interests — fraud prevention, security monitoring, improving our services
- Consent — marketing communications (where applicable)
5. Who we share your data with
We do not sell your personal data. We may share it with:
- Service providers — email delivery (Hostinger SMTP), hosting infrastructure
- Regulatory authorities — where required by law, such as HMRC or law enforcement agencies
- Anti-fraud services — to detect and prevent financial crime
- Professional advisers — lawyers and accountants bound by confidentiality obligations
All third parties are required to handle your data securely and in accordance with applicable data protection law.
6. How long we keep your data
- Account data — for the duration of your account plus 6 years after closure
- KYC documents — 5 years after the end of the business relationship (required by UK AML regulations)
- Transaction records — 6 years (required by UK financial regulations)
- Login and security logs — 12 months
- Support communications — 3 years
After these periods, your data is securely deleted or anonymised.
7. How we protect your data
We implement industry-standard security measures to protect your personal data:
- All data is transmitted over encrypted HTTPS connections (TLS)
- Passwords are hashed using bcrypt — we never store plain text passwords
- Identity documents are stored in a restricted directory not accessible to the public
- Database access is restricted to authorised personnel only
- Login alerts are sent for every new sign-in to your account
8. Your rights under UK GDPR
As a UK data subject, you have the following rights:
Right of access
Request a copy of all personal data we hold about you
Right to rectification
Ask us to correct inaccurate or incomplete data
Right to erasure
Request deletion of your data (subject to legal retention requirements)
Right to restrict processing
Ask us to limit how we use your data in certain circumstances
Right to data portability
Receive your data in a structured, machine-readable format
Right to object
Object to processing based on legitimate interests
To exercise any of these rights, contact us at support@mbo.finance. We will respond within 30 days.
9. Cookies
mbo.finance uses only essential cookies required for the platform to function:
- Session cookie — keeps you logged in during your visit. Expires when you close your browser or log out.
We do not use tracking cookies, advertising cookies or any third-party analytics that profile your behaviour.
10. International data transfers
Your data is primarily stored and processed within the United Kingdom and European Economic Area. Where data is transferred outside these regions (for example, for email delivery), we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email and by posting the updated policy on this page. The date at the top of this page indicates when it was last updated.