Last Updated: 10 February 2026
At Edgen, your privacy is not merely a legal requirement; it is a cornerstone of the trust and relationship we build with you. Edgen (“Edgen”, “we”, or “us”) is deeply committed to protecting the privacy and security of our global user base. This Privacy Policy serves as a comprehensive, high-transparency disclosure regarding how we collect, use, disclose, and safeguard your information when you interact with our websites, mobile applications, and other online products and services (collectively, “Services”).
This policy is integrated into and forms a vital part of our Terms of Service. In an era of evolving digital threats and complex regulatory landscapes, we aim to provide you with a clear understanding of our data practices. By accessing our Services, you acknowledge that you have read and understood the data practices described herein.
We process various categories of personal data depending on the nature of your interaction with our platform, the features you utilize, and the regulatory requirements of your jurisdiction. To provide a transparent overview, these categories include:
● Account and Identity Information: This includes fundamental details required to establish and maintain a secure account, such as your full legal name, primary email address, unique username, and an encrypted hash of your password. We also process security-related metadata, including two-factor authentication (2FA) token seeds, public PGP keys for secure communication, and a granular, chronological history of login/logout records (including timestamps and device identifiers) to monitor and ensure account integrity and prevent unauthorized takeovers.
● Payment and Financial Data: To facilitate transactions and maintain our ledger, we process payment-related details. While we utilize secure, PCI-DSS compliant third-party gateways for credit card processing (meaning we do not store full primary account numbers or CVVs), we may process partial card information, billing addresses, and public cryptocurrency wallet addresses. This data is essential for reconciling transactions, managing refunds, and maintaining a transparent financial audit trail.
● Biometric Data and Security Protocols: During our initial onboarding and identity verification phase, we may utilize facial recognition or fingerprint analysis software. This process compares your "live" image or video (a "liveness check") against the provided government identification to verify that the person accessing the account is the rightful owner.
○ Note on Device-Level Biometrics: If you enable biometric login features supported by your mobile operating system (such as Apple’s FaceID or Android’s Fingerprint Unlock), these identifiers are stored and processed exclusively within your device’s hardware-level secure enclave. Edgen does not receive, transmit, or store your raw biometric templates; we only receive a cryptographic token from your device confirming a successful match.
● Technical Usage and Device Metadata: We automatically collect technical data regarding the hardware and software used to access the Edgen ecosystem. This includes your device’s unique hardware identifier (e.g., IDFA for iOS or AAID for Android), IP address, browser type and version, operating system, time zone settings, language preferences, and mobile network information. Furthermore, we collect detailed telemetry regarding your navigation of our app—such as which features are most frequently used, the duration of specific sessions, clickstream data, and diagnostic crash reports to help us identify and fix bugs in real-time.
● Communications and Support History: We maintain comprehensive records of any communication you have with our team. This includes the full text of customer support tickets, transcripts of live chat sessions, email correspondence, and any feedback or survey responses you provide. These records are used to improve our service quality, train our staff, and provide a reference for resolving disputes.
We employ a multi-faceted approach to data collection to ensure accuracy, security, and service continuity across our platforms:
● Direct Interaction: The vast majority of data we process is provided voluntarily and directly by you. This occurs when you register for an account, complete verification forms, subscribe to our newsletters, participate in promotional contests, or contact our support desk for assistance.
● Automated Collection Technologies: As you navigate our Services, we utilize industry-standard automated technologies to capture usage patterns and secure your session.
○ Cookies: Small text files placed on your device to remember your preferences and login state.
○ Web Beacons and Pixels: Small graphic images that allow us to determine whether a specific action (like opening an email or visiting a specific page) was performed.
○ Server Logs: Automatic recordings of your IP address, browser type, and the time of your request.
● Third-Party Sources and Strategic Partners: We may occasionally receive supplementary information from external sources. This includes identity verification services (to confirm the validity of ID documents), credit bureaus (where applicable for risk assessment), and marketing partners who provide referrals. We conduct due diligence to ensure that any third party sharing data with us has a valid legal basis to do so.
We are committed to the principle of data minimization and process your data only when we have a valid legal justification:
● Contractual Necessity: Much of our processing is essential to fulfill our contract with you. Without processing your account details, payment information, and communication history, we would be unable to provide the core services of the Edgen platform, process your instructions, or offer technical support.
● Legitimate Interests: We process usage and device data to pursue our legitimate business interests, provided these interests do not override your fundamental privacy rights. Specifically, this includes enhancing the user experience, performing "A/B testing" to optimize interface design, protecting our infrastructure from malicious cyber-attacks, and conducting internal market research to guide our product roadmap.
● Legal and Regulatory Compliance: We may process verification data to comply with global AML/KYC standards, satisfy tax reporting obligations to relevant authorities, and respond to valid subpoenas, warrants, or requests from law enforcement agencies.
● Vital Interests and Public Task: In extreme cases, we may process data to protect the vital interests of a user (e.g., in a medical emergency) or to perform a task in the public interest, such as preventing large-scale financial crime.
● Explicit Consent: For activities that do not fall under the above categories—such as sending you third-party marketing offers or using certain non-essential tracking pixels for advertising attribution—we will request your explicit, opt-in consent. You retain the absolute right to withdraw this consent at any time through your account settings.
In strict alignment with Apple App Store and Google Play requirements, we provide a streamlined, transparent process for users to terminate their relationship with us and exercise their "Right to be Forgotten."
● The In-App Deletion Mechanism: You can initiate a permanent account deletion request directly through the Settings or Profile section of the Edgen mobile app. Clicking "Delete Account" will initiate an automated workflow designed to purge your personal identifiers from our systems.
● Manual and Email Requests: If you are unable to access the app, you may submit a formal deletion request via email to [email protected]. Our team will verify your identity before proceeding to ensure unauthorized deletions do not occur.
● Technical Implications and "Regulatory Hold": Upon processing a deletion request, Edgen will remove your personal data from our primary production databases. However, users should be aware of the following:
○ Legal Retention: To comply with financial regulations, tax laws, and anti-money laundering statutes, we are legally mandated to retain certain transaction records and identity verification documents for a specific period (typically 7 years) after the account is closed.
○ Archival Backups: For disaster recovery purposes, data may persist in encrypted off-site backups for a limited period (typically up to 90 days) until those backups are rotated and overwritten. During this "sunset" period, your data is isolated and is not used for any active processing.
To maintain the security of our platform and protect our users from sophisticated financial crimes, we utilize automated systems to assess risk and detect potential terms of service violations.
● The Logic of Automation: Our proprietary algorithms analyze a variety of data points in real-time, such as sudden changes in login location, transaction velocities that deviate from your historical norms, and discrepancies in identity verification documents. If these patterns match known indicators of fraud, money laundering, or account hijacking, our system may take defensive action.
● Consequences and Human Oversight: Automated decisions may result in your account being temporarily restricted, transactions being flagged for review, or certain features being disabled. We recognize the significant impact these actions can have. Consequently, every user has the right to request a manual review of an automated decision. Our compliance team will investigate the flag, and if the restriction was a "false positive," we will restore your access promptly. You may request such a review by contacting our support team at any time.
Edgen does not, and will never, sell your personal data to third parties for their own commercial gain. We only share information in the following strictly controlled scenarios:
● Affiliate Operations: We share data with our corporate affiliates and subsidiaries to provide a seamless, unified experience across the suite of Edgen products and to ensure consistent security protocols.
● Strategic Service Providers (Data Processors): We engage highly specialized third-party vendors to perform essential platform functions. These include:
○ Infrastructure: Cloud hosting and data storage providers (e.g., Amazon Web Services).
○ Finance: Secure payment processors (e.g., Stripe) and banking partners.
○ Security: Identity verification services and fraud prevention vendors.
○ Marketing & Analytics: Tools used to analyze app performance (e.g., Google Analytics, Mixpanel). These partners are contractually bound by "Data Processing Agreements" to use your data only for the specific tasks we assign them and are prohibited from using your data for any other purpose.
● Law Enforcement and Legal Protection: We may disclose your data if we have a good-faith belief that such disclosure is legally required to comply with a valid legal process, prevent imminent physical harm or financial loss, or to protect the legal rights, property, and safety of Edgen, our employees, and our users.
● Corporate Evolution: In the event that Edgen undergoes a corporate restructuring, merger, acquisition, or sale of assets, your personal data may be among the assets transferred to the acquiring entity. We will ensure that the successor entity maintains privacy protections at least as stringent as those described in this policy.
Edgen’s technical infrastructure is distributed across multiple global regions to ensure low-latency access and high availability. This means your personal data may be transferred to, and processed in, countries other than the one in which you reside. These jurisdictions may have data protection laws that are different from—and in some cases, less protective than—those of your home country.
When we transfer data from the UK or the European Economic Area (EEA) to countries that have not received an "adequacy decision" from relevant regulatory bodies, we implement rigorous safeguards to ensure your data remains protected. This typically involves the execution of Standard Contractual Clauses (SCCs). These are standardized legal terms approved by the European Commission and the UK Information Commissioner’s Office that obligate the data importer to provide the same high level of protection as required by the GDPR and UK Data Protection Act.
Edgen provides professional financial and technical services intended exclusively for an adult audience. Our Services are not directed at, nor intended for, individuals under the age of 18 (or the legal age of majority in your specific jurisdiction).
We believe you should have full transparency and control over your digital footprint. Depending on your location and applicable law, you may exercise the following rights:
● Right of Access (Subject Access Request): You have the right to request a clear, machine-readable copy of all personal data we hold about you.
● Right to Rectification: You can request that we immediately correct any inaccurate, outdated, or incomplete information in our records.
● Right to Erasure ("Right to be Forgotten"): You can request the deletion of your data, subject to the regulatory retention requirements described in Section 4.
● Right to Restrict or Object to Processing: You have the right to object to our processing of your data for direct marketing purposes (which is an absolute right) or to request that we limit the processing of your data while a legal dispute is being resolved.
● Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format so that you can easily transfer it to another service provider.
● Right to Withdraw Consent: Where we rely on your consent to process data, you have the right to withdraw that consent at any time without penalty.
● Right to Lodge a Complaint: You have the right to contact and lodge a formal complaint with your local Data Protection Authority (DPA) if you believe our data processing activities infringe upon your rights.
We adhere to the principle of storage limitation. We do not keep your data longer than is strictly necessary for the purposes for which it was originally collected. Our specific retention schedule is governed by the following logic:
● Active Account Data: We retain your core profile and account data for as long as your account remains active.
● Post-Closure Operational Data: Following account closure, we retain identity and transaction data for 7 years. This duration is dictated by international statutes of limitations for financial disputes and global anti-money laundering regulations.
● Technical and Security Logs: System logs used for security analysis are typically retained for 3 years, allowing us to investigate historical security trends and perform deep-forensic analysis if a breach is discovered after the fact.
● Marketing Suppression Lists: If you opt-out of marketing, we retain your email address on a "suppression list" indefinitely. This is necessary to ensure we respect your choice and do not inadvertently send you marketing materials in the future.
Edgen has appointed a Data Protection Liaison (and where applicable, a Data Protection Officer) to oversee our privacy program and ensure ongoing compliance with global data laws. If you have any questions regarding this policy, wish to exercise any of your rights, or have a specific concern about how your data is being handled, please do not hesitate to reach out.
Email: [email protected]
Response Time Guarantee: We aim to acknowledge all privacy-related inquiries within 72 hours and provide a substantive response or resolution to all valid requests within 30 calendar days.
By continuing to use the Edgen platform, you acknowledge that you have read, understood, and agreed to the comprehensive data practices outlined in this Privacy Policy.