1. Overview
  2. Autheo Validator Node Sale Supporting Site Policies (v1.0)
  3. Privacy Notice + KYC/AML

Privacy Notice + KYC/AML

Autheo Privacy Notice + KYC/AML Statement

Version 1.0 — Effective October 17, 2025

Contact: legal@autheo.com • https://www.autheo.com/nodesale

Overview

This Privacy Notice explains how Autheo LLC (“Autheo”, “we”, “us”) collects, uses, and shares personal information in connection with the Autheo Node Sale and validator operations. It also describes our identity and sanctions screening (KYC/AML) program. This Notice is incorporated by reference into the Node Sale Terms of Service and the Validator Node Purchase & License Agreement.

Who we are

Autheo LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA. For privacy questions: legal@autheo.com.

What we collect

A) Account & transactional data

  • Contact details (name, email), wallet address(es), transaction metadata (timestamps, amounts, on-chain tx IDs), license tier, purchase history, support tickets.

B) Technical data

  • Device/OS/browser info, IP address, approximate geolocation, pages viewed, referral URLs, and cookie identifiers (see “Cookies” below).

C) KYC/AML data (via Blockpass)

  • Identity documents, selfies/biometrics (for liveness/anti-fraud checks), date of birth, nationality, address, sanctions/PEP screening results, and verification decision logs.

  • Collected and initially processed by our provider Blockpass; Autheo receives verification outcomes, risk flags, and artifacts required for compliance/audit.

You must not submit someone else’s data. If you represent an entity, you confirm authority to provide data for required officers/beneficial owners.

Why we use your data (purposes & legal bases)

  • Contract performance: create/manage your account; process purchases and transfers; deliver validator onboarding and support.

  • Legal obligations: identity verification, sanctions screening, recordkeeping, responding to lawful requests.

  • Legitimate interests: protect the network and users (security monitoring, fraud prevention, abuse detection); product analytics to improve the sale experience.

  • Consent: optional marketing emails, non-essential cookies (where required).

How we share data

  • Vendors/Processors: identity verification (Blockpass), cloud hosting, analytics, email delivery, customer support tools. Vendors act under contract and only process data on our instructions.

  • Legal/Compliance: regulators, law enforcement, or counterparties when required by law or to enforce our terms, protect users, or investigate fraud/abuse.

  • Corporate events: business transfers (merger, acquisition) subject to this Notice or a successor notice with comparable protections.

We do not sell personal information. We do not share for cross-context behavioral advertising.

KYC/AML statement

  • Mandatory verification. Purchase and transfer of a Node License require KYC and sanctions screening through Blockpass.

  • Sanctions screening. We screen against applicable sanctions/PEP lists. If screening fails or cannot be completed, Autheo may deny the transaction.

  • Automated decisions. Blockpass and Autheo may use automated checks to flag risk; humans review final outcomes where required. You may contact us to request a human review of a denial.

  • Retention for compliance. KYC/AML records are retained up to 7 years after your last transaction or account closure, or longer if required by law or to resolve disputes.

Data retention

  • Account & transactional data: while your account is active and as needed for audits, tax, or legal claims (typically 7 years after last activity).

  • Technical logs: 90 days unless required for security investigations.

  • Marketing preferences: until you unsubscribe or request deletion.

International transfers

We operate in the United States. When personal data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses for EEA/UK data).

Security

We use administrative, technical, and physical safeguards proportionate to the data sensitivity, including encryption in transit, access controls, least-privilege practices, logging, and vendor due diligence. No system is perfectly secure.

Your choices and rights

  • Access/rectify/delete your personal data.

  • Object or restrict certain processing (where applicable).

  • Portability of data you provided (where applicable).

  • Opt out of marketing at any time (unsubscribe link or email us).

  • Appeal an automated denial (contact legal@autheo.com).

Region-specific disclosures

  • EEA/UK: You have GDPR rights; Autheo is the controller for sale operations. Our legal bases are listed above. You may lodge a complaint with your local data protection authority.

  • California (CPRA): We do not sell or share personal information as defined by CPRA. You may exercise rights to know, delete, correct, and limit sensitive data use (subject to exceptions).

To exercise rights, email legal@autheo.com. We may need to verify your request and identity.

Cookies & analytics

We use necessary cookies for security and session management, and (where permitted) optional analytics cookies to understand usage. You can manage preferences via your browser or our cookie banner. Disabling some cookies may affect site functionality.

Children

The Node Sale is not directed to anyone under 18. We do not knowingly collect personal data from children.

Links & third-party sites

Third-party sites and tools are governed by their own policies. We are not responsible for their practices.

Updates to this Notice

We may update this Notice from time to time. The “Effective” date above will change when updates are posted. Material changes will be highlighted on the Sale Site.

© 2025 AUTHEO Legal