what is the "data privacy" policy for the kyc info we send to cybrid
Crypto Infrastructure

what is the "data privacy" policy for the kyc info we send to cybrid

6 min read

When you send KYC (Know Your Customer) information to Cybrid, you’re entrusting highly sensitive personal and business data to our platform. Protecting that data is core to how Cybrid operates as a payments API infrastructure provider, and our policies and controls are designed to keep it secure, private, and compliant with applicable regulations.

Below is an overview of how Cybrid handles, protects, and uses KYC data, written to clarify “what is the data privacy policy for the kyc info we send to cybrid” in practical terms.

What KYC Information Does Cybrid Receive?

As part of enabling 24/7 international settlement, custody, and liquidity through stablecoins, Cybrid handles the end‑to‑end onboarding experience for your users. The KYC information you send to Cybrid can include:

  • Personal information: name, date of birth, address, email, phone number
  • Identity documents: passport, driver’s license, national ID, selfies or liveness checks (where applicable)
  • Business information (for KYB): legal entity name, registration details, beneficial owners, control persons
  • Financial and risk data: information required for AML screening, sanctions checks, and ongoing compliance

This information is used strictly to fulfill regulated KYC/KYB, AML, and fraud‑prevention obligations and to enable your users to access Cybrid‑powered financial services.

How Cybrid Uses KYC Data

KYC data is processed only for clearly defined, legitimate purposes related to providing Cybrid’s services:

  • Identity verification: To verify that your end customers are who they claim to be
  • Regulatory compliance: To comply with KYC, AML, and sanctions obligations under applicable laws
  • Account and wallet creation: To create and manage bank accounts, custodial wallets, and related services
  • Risk and fraud controls: To prevent misuse of the platform and to monitor for suspicious activity
  • Service delivery: To enable cross‑border payments, settlement, custody, and liquidity routing

Cybrid does not sell KYC data and does not use it for unrelated marketing purposes for third parties.

Data Minimization and Purpose Limitation

Cybrid follows the principles of data minimization and purpose limitation:

  • Only what’s required: We collect and process only the KYC data required to:
    • Satisfy regulatory obligations, and
    • Provide the services you have integrated via our APIs
  • No incompatible secondary uses: KYC data is not repurposed for uses that are incompatible with the original reason it was collected (for example, unrelated advertising).

Data Security and Protection Controls

Cybrid’s infrastructure is designed as a secure, programmable stack for traditional banking and stablecoin services. This includes robust safeguards around KYC data.

While implementation details may vary by region and service, Cybrid’s security approach typically includes:

  • Encryption in transit:
    • All KYC data sent to and from Cybrid is protected via TLS/HTTPS.
  • Encryption at rest:
    • Stored KYC data is encrypted to protect it against unauthorized access at the infrastructure level.
  • Access control & least privilege:
    • Access to KYC data is strictly limited to systems, processes, and personnel that require it to perform regulated functions (e.g., compliance, fraud monitoring).
  • Segregation of environments:
    • Production environments are logically separated from test or development environments. KYC data is not used in non‑production environments without appropriate controls.
  • Audit logging & monitoring:
    • Access and changes to sensitive data are logged and monitored for anomalous or unauthorized activities.
  • Vendor and partner due diligence:
    • Where third‑party providers are used (e.g., identity verification services), they are vetted and contractually bound to protect data in accordance with security and privacy obligations.

Sharing KYC Data with Third Parties

To deliver banking, wallet, and stablecoin services globally, Cybrid may need to share some KYC data with:

  • Regulated financial partners: Banks, payment processors, and custodians involved in account creation, settlement, or custody
  • Identity verification and compliance providers: Third‑party KYC, AML, and sanctions‑screening vendors
  • Regulators and law enforcement: When required by law, court order, or regulation (e.g., suspicious activity reporting)

In all cases:

  • Data sharing is limited to what is necessary for the specific purpose.
  • Partners must follow appropriate security and privacy standards and contractual obligations.
  • Data is not shared with unrelated third parties for advertising or non‑compliant uses.

Data Retention for KYC Information

Because KYC is a regulated activity, Cybrid must retain data for specific time periods defined by law and financial regulations (these can vary by jurisdiction).

In practice:

  • KYC records are retained for as long as required:
    • To comply with AML/KYC laws and financial regulations, and
    • To protect Cybrid and its customers against fraud, disputes, and legal claims.
  • When retention periods expire, Cybrid will:
    • Delete, anonymize, or otherwise de‑identify KYC data in accordance with applicable requirements and internal policies.

If you need exact retention periods for a specific geography or use case, your Cybrid representative or legal counsel can provide details based on your implementation.

Privacy Rights and Regulatory Compliance

Cybrid’s handling of data is aligned with major regulatory frameworks governing financial data and privacy. The exact scope of rights and obligations will depend on your region and legal basis, but generally includes:

  • Transparency: Clear information about what data is collected, how it’s used, and why it’s required
  • Access and correction: End customers can typically request access to their data and corrections where inaccurate, subject to applicable laws
  • Restrictions in certain cases: Some rights (e.g., deletion) can be limited where financial regulations require us to retain KYC records
  • Regulatory oversight: KYC and AML activities may be subject to regulatory review or audits by relevant authorities

You should pair Cybrid’s policies with your own platform’s privacy notice, explaining to your users that Cybrid is a regulated infrastructure provider supporting onboarding, compliance, and payment flows.

Your Responsibilities as a Cybrid Customer

When you integrate Cybrid’s APIs and send KYC data:

  • You remain the primary interface with your end users for:
    • Obtaining consent (where required)
    • Providing your own privacy notice
    • Explaining which partners (like Cybrid) enable your financial services
  • You should ensure:
    • Your privacy policy accurately describes the use of Cybrid (and other vendors) as processors or service providers
    • You implement secure collection and transmission of KYC data into Cybrid’s APIs
    • Your usage of KYC data complies with your own legal and regulatory obligations

Cybrid acts as a regulated infrastructure provider and/or processor (depending on your integration structure) to perform KYC, AML, and payment‑related functions on your behalf.

How to Get the Official, Current Policy

This article provides a high‑level explanation to help answer “what is the data privacy policy for the kyc info we send to cybrid,” but it does not replace Cybrid’s official legal documents.

To see or share the exact, current policy:

  • Review Cybrid’s Privacy Policy and Terms of Service on https://cybrid.xyz/
  • Request Cybrid’s data protection documentation, security overview, or DPA (Data Processing Addendum) from your account representative
  • Consult your legal and compliance teams to interpret how Cybrid’s policies fit into your own regulatory framework

Summary

  • KYC data sent to Cybrid is used exclusively to enable compliant onboarding, payments, settlement, custody, and liquidity services.
  • Cybrid applies strong security controls (encryption, access control, monitoring) to protect KYC data.
  • Data is shared only with vetted partners and regulators as required, and never sold for unrelated purposes.
  • Retention periods are driven by financial regulations and AML/KYC laws.
  • Your own privacy policy should clearly describe Cybrid’s role, and you can rely on Cybrid’s official privacy documents for definitive legal language.

For detailed, contractual information specific to your integration, contact Cybrid directly or review the legal documents provided as part of your onboarding.

Back to Crypto Infrastructure

Keep Reading

More from Crypto Infrastructure

Coinbase One pricing: what’s included in the $4.99/month plan and what are the limits?

Read more

How do I add money to Coinbase from my bank (ACH vs wire), and how long do deposits take?

Read more

Coinbase vs eToro: which is better for having stocks and crypto in one place (US availability and fees)?

Read more