Skip to main content
City Gate Capital
City GateCapital
Legal Document

Privacy Policy

We are committed to protecting your personal data. This policy explains what we collect, why we collect it, and how we keep it safe.

Effective: May 23, 2026·Last updated: May 23, 2026

1. Information We Collect

1.1 Information You Provide

When you open an account or use our services, we collect: full legal name, date of birth, nationality, government-issued identification documents (passport, national ID, driver's licence), residential address, email address, phone number, tax identification number, source of funds declarations, and any other information required for KYC/AML compliance under applicable law.

1.2 Information Collected Automatically

We automatically collect: IP address, device identifiers, browser type and version, operating system, referring URLs, pages visited, session duration, click-stream data, transaction metadata (amounts, timestamps, counterparty identifiers), geolocation data (where permitted), and biometric authentication data stored locally on your device.

1.3 Information from Third Parties

We receive information from identity verification providers, credit reference agencies, fraud prevention databases, sanctions screening services, correspondent banking partners, and publicly available sources including company registries and regulatory databases.

2. How We Use Your Information

2.1 Service Delivery

We use your information to open and maintain your account, process transactions, issue payment instruments, provide customer support, send account notifications, and deliver the features described in our Terms of Service.

2.2 Legal and Regulatory Obligations

We are required by law to verify your identity (KYC), screen against sanctions lists, monitor for suspicious activity (AML), report certain transactions to financial intelligence units, and retain records for the periods mandated by applicable law — typically 5–7 years after account closure.

2.3 Security and Fraud Prevention

We analyse transaction patterns, device signals, and behavioural data to detect and prevent fraud, unauthorised access, money laundering, terrorist financing, and other financial crime. This processing is necessary for the performance of our contract with you and our legitimate interests in protecting the platform.

2.4 Product Improvement

We use aggregated and anonymised data to improve our products, develop new features, conduct research, and generate internal analytics. This data cannot be used to identify you individually.

4. How We Share Your Information

4.1 Service Providers

We share data with carefully vetted third-party processors including cloud infrastructure providers, identity verification vendors, payment processors, card scheme operators, fraud detection services, and customer support platforms. All processors are bound by data processing agreements requiring them to protect your data.

4.2 Regulatory and Law Enforcement

We disclose information to financial regulators, tax authorities, law enforcement agencies, and courts when required by law, court order, or regulatory mandate. We will notify you of such disclosures where legally permitted to do so.

4.3 Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. Period.

5. International Data Transfers

5.1 Transfer Mechanisms

City Gate Capital operates globally. Your data may be transferred to and processed in countries outside your home jurisdiction, including countries that may not provide the same level of data protection as your home country. Where we transfer data from the EEA or UK, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms.

5.2 Safeguards

All international transfers are subject to appropriate technical and organisational safeguards including encryption in transit and at rest, access controls, and contractual protections. You may request a copy of the relevant transfer mechanism by contacting [email protected].

6. Data Retention

6.1 Retention Periods

We retain your personal data for as long as your account is active and for a minimum of 5 years after account closure, or longer where required by applicable law. Transaction records are retained for 7 years in most jurisdictions. Biometric data is deleted within 90 days of collection unless you have consented to longer retention.

6.2 Deletion

After the applicable retention period, we securely delete or anonymise your data. You may request early deletion of data that is not subject to legal retention obligations by contacting [email protected].

7. Your Privacy Rights

7.1 Rights Available to You

Depending on your jurisdiction, you may have the right to: access a copy of your personal data; correct inaccurate data; request deletion of data not subject to legal retention; restrict or object to certain processing; receive your data in a portable format; withdraw consent; and lodge a complaint with your local data protection authority.

7.2 Exercising Your Rights

To exercise any of these rights, contact [email protected] with your full name, account email, and a description of your request. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

7.3 Supervisory Authorities

If you are located in the EEA, you have the right to lodge a complaint with your national data protection authority. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk. We would, however, appreciate the opportunity to address your concerns before you contact a regulator.

8. Security

8.1 Technical Safeguards

We protect your data using 256-bit AES encryption at rest, TLS 1.3 in transit, hardware security modules (HSMs) for key management, multi-factor authentication for all staff access, zero-trust network architecture, and regular penetration testing by independent security firms.

8.2 Incident Response

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by applicable law.

9. Cookies

9.1 Cookie Use

We use cookies and similar tracking technologies for authentication, security, performance monitoring, and analytics. For full details, please see our Cookie Policy at citygate.capital/cookie-policy.

10. Contact & Data Controller

10.1 Data Controller

City Gate Capital Ltd is the data controller for personal data processed in connection with our services. Registered address: City Gate Capital Ltd, International Financial Centre, London, United Kingdom.

10.2 Privacy Contact

For all privacy-related enquiries, requests, or complaints, contact our Data Protection Officer at: [email protected]. We aim to respond to all requests within 5 business days.

10.3 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

Privacy Questions?

Our Data Protection Officer is available to answer any questions about how we handle your data.

[email protected]