This Privacy Policy describes Kasta policies and procedures on the collection, use, and disclosure of User’s information when they use the Services and/or access the Platform. This Privacy Policy is also intended to inform the User about their privacy rights.

All capitalized terms used in this Privacy Policy or in any notice given in connection with this Privacy Policy have the same meaning as in the Terms of Use, unless expressly defined otherwise herein.

This Privacy Policy is based on the requirements of European Union General Data Protection Regulation 2016/679 (“GDPR”) on the protection of individuals in relation to the processing of any information that relates to an identified or identifiable living individual (“Personal Datа”). Kasta App is operated by KASTA CCHS Ltd., with their registered address at 12 B "Tsar Ivan Asen II" Street, Sofia, Bulgaria, and registration number 206754233 (referred for the purposes of this Privacy Policy as the “Company” or “Kasta”). The Company is the Personal Data controller within the meaning of the GDPR.

The Company collects Personal Data and uses this Personal Data only for the purposes of offering, providing and/or improving the Services, unless a reasonable assessment is made that this Personal Data shall also be processed for additional purposes. Users will be informed if the Personal Data is processed for additional purposes.

By accessing, registering an Account with Kasta App and/or expressing interest in the Services in any way, the User explicitly accepts and agrees to provide the Company, its parent companies, subsidiaries and/or affiliates with the required Personal Data. By using the Services, the User agrees to the current Privacy Policy.

The Company processes Personal Data on its own behalf, or jointly with other parties, such as banks, payment providers, know-your-customer (“KYC”) providers, crypto custodians, customer relationship management (“CRM”) tools, and other similar services.

This document contains the following information:

  • Personal Data that the Company collects and how it is used;
  • Purpose for the collection of Personal Data
  • How IP address and cookies are used;
  • Sharing of Personal Data with third parties;
  • Transmission of personal information outside of the European Union;
  • What rights User’s have;
  • Security measures to protect User Personal Data;
  • Retention of Personal Data

1. Type of information collected

The Company collects User’s Personal Data necessary for the identification and for the performance of the contractual and regulatory obligations of the Company. This information may include any or all of the following:

  1. Name, date and birthplace, personal identification number (if applicable), citizenship, mailing address, telephone number, e-mail address;
  2. Identification documents (for example, passport or state issued ID);
  3. Photo or video as required by KYC provider procedure;
  4. Data regarding User’s professional activities, or employment status;
  5. Purpose for establishing the Account, real and expected volume of transactions, financial information, source of funds/wealth;
  6. Data related to payments, including credit or debit card number, bank account and other payment information;
  7. Digital Assets wallet addresses;
  8. Usage Data such as: User’s Internet Protocol (IP) address, browser type, browser version, pages visited, links clicked on, the time and date of User’s visit, time spent on those pages, Services viewed or searched for, page response times, unique device identifiers and other diagnostic data, mobile network information, type of mobile device used, mobile device unique ID, operating system;
  9. Data related to the use of cookies or other tracking data (if applicable);
  10. Information about the Orders made and/or executed by the Users, including the quantity of the relevant Digital Assets and other information related to the Transactions;
  11. Information about the User's location;
  12. Data from QR or other barcodes scanned by the User's camera phone.

2. Purpose of the collection of Personal Data

Kasta collects and processes Personal Data for the following purposes:

  1. Verification of the User’s identity;
  2. To provide, maintain and improve the Services, including monitoring the usage of our Services; provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of Services;
  3. To manage User's Account and provide access to different Service functionalities;
  4. For the performance of a contract including the execution of product purchase contracts or compliance requirements related to those contracts;
  5. To contact Users by email, telephone, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or information related to the functionalities, products or contracted services, including the security updates;
  6. To provide Users with news, special offers and general information about other goods, services and events which the Company offers now or may offer in the future.
  7. To manage User's customer service requests;
  8. For business transfers including evaluation or completion of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data is among the assets transferred;
  9. For data analysis including but not limited to identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services, products, marketing and the User’s experience;
  10. For compliance with Company’s legal obligations;
  11. For targeting, modeling, or advertising purposes.

3. Categories of third parties receiving Personal Data

In accordance with the requirements of the GDPR, the Company has the right to disclose Personal Data that it processes to the following categories of recipients:

  1. To natural persons to whom the Personal Data relates;
  2. To Third parties, individuals, legal entities, public bodies, institutions and agencies, in fulfillment of legal or contractual obligations or on another valid legal basis, such as detection, prevention or other acts of fraud, technical security or security issues;
  3. To banks, or similar payment or financial service providers;
  4. To persons who maintain equipment and software used for processing User’s Personal Data;
  5. To service providers to monitor and analyze the use of the Service and to other service providers;
  6. For business transfers including the negotiations, merger, sale of Company’s assets, financing, or acquisition of all or a portion of our business with another company;
  7. With other entities Groupsuch as the Company’s parent companies, licensors and/or affiliates or any other subsidiaries, joint venture partners or other companies that the Company controls or that are under common control;
  8. With our business partners to offer User certain products, services or promotions;
  9. Users who choose to share personal information or otherwise interact in public may have this information viewed by other Users who may publicly distribute this information;
  10. With professional consultants such as auditors, lawyers, tax and financial advisors etc.;
  11. For any other purpose with Users consent.

4. Transfer of Personal Data to a third country or international organizations

The Personal Data is processed at the Company’s offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of User’s state, province, country or other governmental jurisdiction where the Personal Data protection laws may differ, from those from User’s jurisdiction. This may include protections less than would be found in The European Union or The European Economic Area. Users consent to this Privacy Policy represents agreement to this transfer.

The Company will take all steps reasonably necessary to ensure that the transferred Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of the Personal Data will take place to an organization or a country unless there are adequate controls in place for the security of Personal Data.

5. Retention of the Personal Data

The Company will retain the Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. The Company will retain and use the Personal Data collected to the extent necessary to comply with our legal obligations and applicable laws, to resolve disputes, and enforce our policies. Usage Data, including the types of data listed in 1(viii), is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or the Company is legally obligated to retain this data for longer time periods.

Personal Data for which there is no explicit legal obligation for storage will be deleted after achieving the purposes for which the Personal Data was collected and processed.

6. Security measures for Personal Data protection

The protection of information and Personal Data is a top priority of the Company, but no method of transmission over the Internet, or method of electronic storage is 100% secure, and the Company cannot guarantee its absolute security. The Company constantly implements and updates technical and organizational measures to ensure Personal Data protection. The Company regularly executes reviews of all procedures and rules for Personal Data collection, storage and processing.

7. What are User’s rights in connection with the processing of Personal Data by the Company

Users have the following rights with regard to their Personal Data:

  1. To receive information about their Personal Data which the Company collects. The Company will provide information and/or access to Personal Data collected or processed if a User requests such information to Company’s support services;
  2. To request that Personal Data be corrected when it is inaccurate or should be supplemented in view of the purposes of processing. For Personal Data that Users can not correct through their Account, a request can be submitted in accordance with the procedure described in this Privacy Policy;
  3. To request deletion of Personal Data in the following circumstances: when it is no longer needed for the purposes for which they were collected or processed; if explicit consent was required and withdrawn; if there no longer exists a legal or contractual basis for processing the Personal Data or through a judicial order or a change in the relevant regulations. It is not possible to request the immediate deletion of Personal Data in every circumstance, for example if there is a regulatory obligation to maintain the Personal Data;
  4. To request limitation of the processing of Personal Data where the processing may violate applicable regulations but the User only wishes to limit the processing of that Personal Data;
  5. To request the transfer of Personal Data. The right to portability applies to Personal Data where the processing is based on the Users explicit consent or contractual obligation and the processing is carried out in an automated manner;
  6. To object to the Company about the processing of Personal Data. As per the requirements of the GDPR, the Company will answer within one month, whether it considers the objection justified and within the regulatory requirements;
  7. To withdraw consent to the processing of Personal Data if the processing was based solely on the User’s consent;
  8. To send a complaint to the competent Personal Data protection authority in case the User believes their rights have been violated. A list of all national and regional Personal Data protection authorities in the EU is available on this website: website-https://edpb.europa.eu/about-edpb/about-edpb/members_en

8. Automated decisions

The Company may make automated decisions about the User. This means that the Company may use technology that can evaluate the User’s personal circumstances and other factors to predict risks or outcomes. This is needed for the efficient running of the Service and to ensure decisions are fair, consistent and based on the right information. Where an automated decision is made about a User, the User has the right to ask that the decision be manually reviewed.

9. Cookies

Cookies and pixel tags to monitor and observe the use of the Service. “Cookies" are small text files created and stored on a hard drive by internet browser software, which hold relevant information about the web page. Most internet browsers allow Users to disable cookies, however this may reduce website function. “Pixel tags” are small blocks of code on a webpage. They can include information such as the IP address, the time the pixel was viewed and the type of browser being used. Cookies will be applicable within Kasta App only when an integrated web browser is needed to view certain content or display an ad within the Kasta App. In this case the Cookies policy of the respective connected website is applicable.

10. Children’s privacy

The Service does not address anyone under the age of 18. The Company does not knowingly collect personally identifiable information from anyone under the age of 18. If the Company becomes aware that Personal Data was collected from anyone under the age of 18 without verification of parental consent, the information will be removed.

11. Changes to Privacy Policy

This Privacy Policy may be updated from time to time. Users are advised to review this Privacy Policy periodically for any changes. If required, email or a prominent notice in this respect will be sent.

Changes to this Privacy Policy are effective when this page is updated.

If Users do not agree with the revised content, they should stop the use of the Services immediately. Continuing to use the Services is acceptance of changes to the Privacy Policy.

12. Unsubscribe

The email address provided when subscribing to Kasta’s communication/social channels and/or during the opening of an Account, or otherwise, may be used to send information and updates related to the Services, Orders and/or Transactions, and less frequently for news about the Company and/or the products the Company offers. Users can unsubscribe from receiving emails not specifically related to the Services, their Orders and/or Transactions by clicking the appropriate button at the end of each email.

Unsubscribing from marketing emails will have no effect on functionality emails such as a password reset or Transaction confirmation.

13. Submitting a request

Users may submit requests to the Company based on their rights described in this Privacy Policy by contacting the Company at the address given in this Privacy Policy. If the relevant information provided is incomplete and / or incorrect, it may not be possible to fulfill the request.

14. Contact us

For any questions about this Privacy Policy, please contact us at email: info@kasta.io and/or 12 B "Tsar Ivan Asen II" street, Sofia, Bulgaria.


Enjoy quick, secure, and convenient digital payments and swaps today.

If it isn't available in your region yet,

join our waitlist