1. About this Privacy Policy
1.1 What this document is
This Privacy Policy describes how Wield collects, uses, shares, and protects your personal data when you use the Service. It is written to be clear about what happens to your information, so you can decide whether you are comfortable using the Service.
Wield is committed to limiting personal data collection to what the Service needs, processing it for the specific purposes set out below, and giving you meaningful control over it.
1.2 Who is responsible for your data
Vipas Ventures MB is the controller of your personal data for the purposes of the EU General Data Protection Regulation ("GDPR") and the Data Fiduciary for the purposes of the Indian Digital Personal Data Protection Act, 2023 ("DPDP Act"). Both frameworks apply to your use of the Service: GDPR because Wield is established in Lithuania, and the DPDP Act because Wield processes the personal data of individuals located in India.
Where the two frameworks impose different standards, this Privacy Policy is written to the stricter of the two.
1.3 Contact
- Data protection inquiries and rights requests: dpo@wieldhq.com
- Grievance Officer (under the DPDP Act and Consumer Protection (E-Commerce) Rules, 2020): grievance@wieldhq.com
- Postal: Vipas Ventures MB, Konstitucijos pr. 12, LT-09308 Vilnius, Lithuania
2. What personal data Wield collects and when
Wield collects personal data in stages. Each stage corresponds to a specific use of the Service, and Wield collects only what that stage requires.
2.1 When you interact with the Wield bot, channels, or website
When you start a conversation with the Wield Telegram bot, join a Wield Telegram channel, or visit wieldhq.com, Wield receives the following:
- From Telegram: Your Telegram user ID and username (if set), and your first/last name as set in your Telegram profile
- From your device or browser: Your IP address, device type, browser type, and basic interaction data with the Service (such as which messages you sent to the bot and which pages you visited on the website)
- What you tell the bot: Information you provide voluntarily in response to bot prompts, including your country of residence and whether you wish to receive further information
2.2 When you provide your email address
To create an account, the bot will ask for your email address. Your email is used for account-related communications (purchase confirmations, payment notifications, and notices required by these Terms or by law).
2.3 When you purchase Platform Access
Before you can complete a purchase, you will be asked to confirm your name and country of residence. Your payment is then processed by NOWPayments as a USDT transfer on the Tron blockchain (TRC-20). NOWPayments handles the payment transaction directly. Wield receives confirmation that the payment succeeded, the amount, the sender wallet address used for the payment, and the on-chain transaction hash. Wield does not see, store, or have access to your wallet private keys or any secret cryptographic material.
2.4 When you use the Platform
While you use the Platform, it records the market views you express, the resulting analytics computed against market data, and operational metadata (timestamps, session information).
2.5 When Wield engages you under the Contributor Agreement
If Wield engages you under the Contributor Agreement, Wield will collect the information needed to verify your identity and pay your Service Fees through Xflow. This is collected and verified through Wield's Identity-Verification Provider (see Section 4.1):
- Permanent Account Number (PAN), together with an image of your PAN card
- Full legal name as it appears on your PAN card and bank account
- A government-issued photo identity document (passport, Aadhaar, or driving licence) sufficient to verify identity and address. Where you use Aadhaar, Wield and its Identity-Verification Provider store only a masked Aadhaar or a verification reference, and never retain your full Aadhaar number
- Bank account number, IFSC, and account type (savings/current)
- Any other identity information the Identity-Verification Provider or Xflow reasonably requires to satisfy customer due diligence obligations under applicable law
2.6 When you contact Wield
When you contact Wield (by email, through the bot, or otherwise), Wield retains the content of that communication and any associated metadata (such as your contact identifier and the date) for the purposes of responding to your inquiry and maintaining a record of the interaction.
2.7 What Wield does not collect
Wield does not collect:
- Special categories of personal data under GDPR (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation), except where you voluntarily provide such information in a communication
- Full Aadhaar numbers (where Aadhaar is used for identity verification, Wield stores only a masked Aadhaar or a verification reference, never the full number)
- Wallet private keys, seed phrases, or any other secret cryptographic material (these are never transmitted to Wield or NOWPayments by the blockchain protocol)
- Data from third-party sources about you, except where NOWPayments or Xflow informs Wield of the result of their own due diligence on you
3. Why Wield processes your data
Wield processes your personal data only for the purposes set out below, each on a specific legal basis under GDPR and DPDP Act.
| Purpose | Personal data used | Legal basis (GDPR) | DPDP Act basis |
|---|---|---|---|
| Providing the Service to you (interaction, Platform use, account management) | Section 2.1–2.4 data | Performance of contract (Article 6(1)(b)) | Specified purpose: provision of service (§4) |
| Processing your payment for Platform Access | NOWPayments transaction data and sender wallet address from Section 2.3 | Performance of contract | Specified purpose |
| Facilitating INR Service Fee payments under the Contributor Agreement | Section 2.5 data; transmission to Xflow | Performance of contract | Specified purpose |
| Verifying your identity before paying Service Fees | Section 2.5 identity, ID-document, and banking data; transmission to the Identity-Verification Provider | Legal obligation (Article 6(1)(c)) / performance of contract | Legal compliance / specified purpose |
| Complying with anti-money-laundering and tax obligations | Identity and payment-related data | Legal obligation (Article 6(1)(c)) | Legal compliance |
| Detecting and preventing fraud, including chargeback abuse | Behavioural and transaction data | Legitimate interests (Article 6(1)(f)) — Wield's interest in protecting the Service from fraud, balanced against User's interests | Legitimate use under §7 |
| Responding to your inquiries and complaints | Communication content and identifiers | Performance of contract / legitimate interests | Specified purpose / legitimate use |
| Improving the Service through aggregate analysis | Platform activity data and operational metadata, primarily in aggregate or de-identified form | Legitimate interests | Legitimate use |
| Sending marketing communications about Wield (where you have opted in) | Email address and preference data | Consent (Article 6(1)(a)) — withdrawable at any time | Consent (§6) |
| Defending or pursuing legal claims | Records relevant to the specific matter | Legitimate interests | Legitimate use |
Wield does not use your personal data for any purpose outside this table. If Wield's purposes change, this Privacy Policy will be updated and you will be notified before the change takes effect.
4. Who Wield shares your data with
Wield shares your data only with the entities listed below, and only for the purposes described.
4.1 Service providers and sub-processors
NOWPayments Ltd. ("NOWPayments") — a company incorporated in Seychelles that operates a non-custodial cryptocurrency payment gateway, processing Platform Access payments in USDT on the Tron network (TRC-20). NOWPayments receives the payment-related data necessary to process the transaction, including the sender wallet address and transaction hash, and may collect any additional information you provide directly on its checkout interface. NOWPayments acts as a separate controller with respect to its own anti-fraud and regulatory obligations and as a processor on Wield's behalf for the payment transaction itself. NOWPayments' privacy practices are at https://nowpayments.io/doc/privacy_policy-v1_2_2.pdf.
Xflow Payments Private Limited ("Xflow") — Xflow processes INR Service Fee payments to Contributors under the Contributor Agreement. Xflow receives the identity, address, PAN, and bank/UPI information required to process the cross-border payment, generate the eFIRA, and satisfy its own customer due diligence obligations under the Reserve Bank of India's regulatory framework. Xflow acts as a separate controller with respect to its regulatory obligations and as a processor on Wield's behalf for the payment transaction.
Identity-Verification Provider — Wield uses a third-party identity-verification provider to verify Contributor identity and collect the customer due diligence information described in Section 2.5 before Service Fees are paid. The provider receives the identity, ID-document, and related information you submit, verifies it, and returns the verification result to Wield. The provider acts as a processor on Wield's behalf for this verification, and as a separate controller with respect to its own regulatory obligations. The current provider is listed at wieldhq.com/privacy/sub-processors.
Telegram (Telegram FZ-LLC and its affiliates) — The Wield bot operates through Telegram. Your Telegram identity (user ID, username) is necessarily visible to Telegram as the delivery infrastructure for the bot. Telegram acts as a separate controller for its own service. Telegram's privacy practices are at https://telegram.org/privacy.
Amazon Web Services EMEA SARL ("AWS") — Wield hosts the Wield web application, its proprietary engine, and associated databases on AWS infrastructure. AWS processes personal data on Wield's behalf as a processor, in AWS data centres in the Mumbai region of India (ap-south-1). AWS acts solely on Wield's instructions for the hosting service; AWS does not access or use the personal data Wield stores in AWS for any other purpose. AWS's published sub-processor list is at aws.amazon.com/compliance/sub-processors. AWS's privacy practices are at aws.amazon.com/privacy.
Cloudflare, Inc. ("Cloudflare") — Wield uses Cloudflare for content delivery, DNS, web application firewall, and protection against denial-of-service attacks and abusive bots for both the wieldhq.com website and the web application. Cloudflare processes connection metadata (including IP address and request data) through its global edge network for the duration of each connection, and may store limited logs for security purposes. Cloudflare acts as a processor on Wield's behalf for these services. Cloudflare's privacy practices are at cloudflare.com/privacypolicy.
Transactional email provider — Wield uses a transactional email service to send account-related communications (purchase confirmations, payment notifications). The current provider will be listed at wieldhq.com/privacy/sub-processors.
4.2 Wield's professional advisers
Wield may share personal data with its accountants, auditors, and legal advisers where necessary for Wield to receive professional advice, in each case under confidentiality obligations.
4.3 Authorities, where required by law
Wield may disclose personal data to law enforcement, regulators, courts, or other authorities where Wield is required to do so by applicable law, court order, or binding regulatory direction. Where lawful and operationally possible, Wield will inform you before such disclosure.
4.4 In connection with a corporate transaction
If Wield is involved in a merger, acquisition, restructuring, sale of assets, or insolvency, your personal data may be transferred to a successor or acquirer. Any such transfer will be subject to this Privacy Policy or a successor privacy policy that provides equivalent protection.
4.5 Wield does not sell your personal data
Wield does not sell your personal data to third parties for advertising or any other purpose. Wield does not share your personal data with advertising networks, data brokers, or for purposes of profiling you for the benefit of third parties.
5. International data transfers
5.1 Where your data is processed
Wield is established in Lithuania (EU). Because Wield serves Indian resident individuals, Wield's own backend processing takes place in India, in AWS data centres in the Mumbai region (ap-south-1). Keeping User data in the same country as the User reduces latency, keeps personal data within India's regulatory regime, and aligns with where the actual business activity happens.
For the purposes of GDPR, the transfer of personal data from Wield (the EU Controller) to AWS in India is a transfer outside the European Economic Area. Wield relies on the following legal mechanisms for this transfer:
- Performance of your contract with Wield (Article 49(1)(b) GDPR), as processing in India is necessary to provide the Service to Indian Users
- Standard Contractual Clauses included in AWS's GDPR Data Processing Addendum
- Technical and organisational measures including encryption of data at rest and in transit, and access controls
Other sub-processors process personal data as follows:
- India: Xflow processes Service Fee payment data in India, where it is established. AWS processes Wield's backend data in India, as described above.
- Seychelles and globally: NOWPayments processes payment data in jurisdictions including Seychelles and as set out in its published privacy practices. Cloudflare processes connection metadata through a global edge network that includes edge nodes outside India and outside the European Economic Area, including in the United States; the operational data Cloudflare processes is limited to what is needed to deliver content and protect the Service from attack.
- Telegram: Telegram may process bot interaction data in jurisdictions outside India and outside the European Economic Area.
5.2 The legal basis for these transfers
Wield relies on the following mechanisms for transfers outside the European Economic Area:
- Performance of your contract: Transfers to Xflow are necessary for Wield to deliver the Service Fee payment part of the Service to you, and accordingly are permitted under Article 49(1)(b) GDPR
- Standard Contractual Clauses (SCCs): Where applicable and required, Wield has Standard Contractual Clauses in place with its sub-processors, in the form approved by the European Commission, supplemented by appropriate technical and organisational measures
- Adequacy decisions: Where the European Commission has decided that a destination country provides adequate protection, that decision provides the legal basis for the transfer
You may request a copy of the relevant transfer mechanism documentation by emailing dpo@wieldhq.com.
5.3 Indian regulatory framework
Under the Indian DPDP Act, cross-border transfers of personal data are generally permitted to all countries except those notified by the Indian Government as restricted. As of the effective date of this Privacy Policy, the Government has not notified any restricted country list. If such restrictions are issued, Wield will comply with them.
6. How long Wield keeps your data
Wield retains your personal data only for as long as it is needed for the purpose for which it was collected, plus any period required by applicable law.
| Category | Retention period |
|---|---|
| Account information (name, email, Telegram identity) | For the duration of your use of the Service, plus 5 years following the end of the relationship |
| Platform activity data (market views, analytics, session history) | For the duration of your use of the Service, plus 2 years following the end of the relationship |
| Payment records (excluding wallet private keys and secret cryptographic material, which Wield never holds) | 10 years from the date of the transaction, as required by Lithuanian accounting and tax law |
| Customer due diligence records (PAN, bank/UPI, address) | 5 years following the end of the relationship, as required under EU and Lithuanian anti-money-laundering law |
| Communication and support records | 3 years from the date of the communication |
| Marketing-related preferences and consent records | Until you withdraw consent, plus 90 days |
| Records associated with an actual or threatened legal claim | Until the claim is resolved and the relevant limitation period has expired |
After the applicable retention period, Wield will delete or anonymise the data, except where continued retention is required by law.
If you exercise your right to erasure (Section 7), Wield will erase personal data not required to be retained for legal compliance.
7. Your rights and how to exercise them
You have the following rights with respect to your personal data. Some rights apply specifically under GDPR, some under the DPDP Act, and many are recognised by both.
7.1 Right of access
You may obtain confirmation of whether Wield is processing your personal data, and a copy of the data Wield holds about you, along with information about the processing.
7.2 Right to correction
You may ask Wield to correct personal data that is inaccurate or to complete data that is incomplete.
7.3 Right to erasure ("right to be forgotten")
You may ask Wield to erase your personal data where: (a) the data is no longer needed for the purpose for which it was collected; (b) you withdraw consent (where consent was the legal basis); (c) you object to processing based on legitimate interests and Wield does not have overriding grounds; (d) the data has been unlawfully processed; or (e) erasure is required for compliance with a legal obligation.
Wield is not required to erase data where retention is necessary for: (a) exercising the right of freedom of expression and information; (b) compliance with a legal obligation; (c) the establishment, exercise, or defence of legal claims; or (d) certain archiving, scientific, historical, or statistical purposes.
7.4 Right to restrict processing
You may ask Wield to restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data or have objected to its processing.
7.5 Right to data portability
For personal data you have provided to Wield and that Wield processes by automated means on the basis of your consent or for the performance of a contract, you may ask Wield to provide a copy in a structured, commonly used, machine-readable format, or to transmit it to another controller where technically feasible.
7.6 Right to object
You may object to Wield's processing of your personal data based on legitimate interests, including profiling. Where you object, Wield will stop the processing unless it can demonstrate compelling legitimate grounds that override your interests, or the processing is needed for the establishment, exercise, or defence of legal claims.
You may object at any time to processing for direct marketing purposes; where you do, Wield will stop using your data for marketing.
7.7 Right to withdraw consent
Where Wield relies on your consent as the legal basis for processing (currently, only for marketing communications), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
7.8 Right not to be subject to automated decision-making
Wield does not make decisions that produce legal or similarly significant effects on you based solely on automated processing.
7.9 Right to nominate (under DPDP Act)
Under §14 of the DPDP Act, you may nominate another individual who, in the event of your death or incapacity, may exercise your rights with respect to your personal data on your behalf. Contact dpo@wieldhq.com to make a nomination.
7.10 Right to grievance redressal
Under §13 of the DPDP Act and the Consumer Protection (E-Commerce) Rules, 2020, you may submit a grievance to Wield's Grievance Officer at grievance@wieldhq.com. The Grievance Officer will acknowledge receipt within 48 hours and resolve the grievance within 30 days.
7.11 Right to complain to a regulator
You have the right to lodge a complaint with a regulator if you believe Wield's processing of your personal data infringes your rights.
- Under GDPR, you may complain to the State Data Protection Inspectorate of Lithuania (Valstybinė duomenų apsaugos inspekcija), at https://vdai.lrv.lt/en, or to the data protection authority of the EU Member State where you reside, where you work, or where the alleged infringement took place.
- Under the DPDP Act, you may complain to the Data Protection Board of India once the Board is operational, after first raising the matter with Wield's Grievance Officer.
7.12 How to exercise your rights
To exercise any of these rights, email dpo@wieldhq.com with the details of your request. Wield will respond within 30 days of verifying your identity. There is no fee for exercising these rights, except where a request is manifestly unfounded or excessive, in which case Wield may charge a reasonable fee or refuse to act.
Wield will need to verify your identity before acting on a rights request, to make sure the data is not disclosed to or modified for someone other than you.
8. Cookies and similar technologies
8.1 What cookies are
A cookie is a small text file stored on your device by your browser when you visit a website. Cookies allow the website to recognise your device, remember information about your visit, and operate certain features.
8.2 What cookies Wield uses
The wieldhq.com website uses the following categories of cookies:
- Strictly necessary cookies: Required for the website to function. These include cookies needed for security, session management, and remembering your cookie preferences. They also include cookies set by Cloudflare, which Wield uses to protect the site from bots and denial-of-service attacks (such as
__cf_bmfor bot management andcf_clearancefor security challenges). These do not require consent. - Functional cookies: Remember your preferences and settings to improve your experience. These require consent.
- Analytics cookies: Help Wield understand how visitors use the website in aggregate, so Wield can improve it. These require consent.
Wield does not use advertising or behavioural-targeting cookies.
8.3 Managing cookies
When you first visit the wieldhq.com website, you will see a cookie consent banner allowing you to accept, reject, or customise non-essential cookies. You can change your cookie preferences at any time through the "Cookie Preferences" link in the website footer or by clearing cookies in your browser settings.
The full list of specific cookies Wield uses, including the third-party providers and the duration of each cookie, will be listed at wieldhq.com/cookies as the website launches.
9. Marketing communications
Wield will send you marketing communications only if you have opted in to receive them.
You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing dpo@wieldhq.com. Account-related communications (purchase confirmations, payment notifications, notices required by these Terms or by law) are not marketing and will continue to be sent regardless of your marketing preferences.
10. Children's data
The Service is offered only to individuals aged 18 and over. Wield does not knowingly collect personal data from anyone under 18. If Wield becomes aware that personal data of a person under 18 has been collected, Wield will delete it as soon as reasonably possible.
If you are a parent or guardian and believe a child has provided personal data to Wield, contact dpo@wieldhq.com.
11. Data security
Wield uses appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, and destruction. These include:
- Encryption of personal data in transit and at rest where reasonably implementable
- Access controls limiting which Wield personnel can access which categories of data
- Logging and monitoring of access to personal data
- Regular review of security measures and prompt remediation of identified vulnerabilities
- Contractual security commitments from sub-processors
No system is completely secure. Wield commits to applying reasonable, current-standard measures and to notifying you in the event of a breach as set out in Section 12.
12. Data breach notification
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, Wield will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 GDPR.
Where the breach is likely to result in a high risk to your rights and freedoms, Wield will also notify you directly, without undue delay, in clear and plain language.
Wield will notify the Indian Data Protection Board of personal data breaches in accordance with the requirements of the DPDP Act and any rules made under it.
13. Changes to this Privacy Policy
Wield may update this Privacy Policy from time to time. The version in effect is always available at wieldhq.com/privacy. The "Document version" and "Effective date" at the top of this document indicate the current version.
Where Wield makes material changes that affect how your personal data is processed, Wield will notify you in advance — by email, through the Wield bot, or by a notice on wieldhq.com — and give you a reasonable opportunity to review the changes before they take effect. Continued use of the Service after the effective date of a change constitutes acceptance of the updated Privacy Policy.
14. About Wield
Wield is a trading name of Vipas Ventures MB, incorporated under the laws of the Republic of Lithuania.
- Registration code: 306998929
- Registered office: Konstitucijos pr. 12, LT-09308 Vilnius, Lithuania
- Public verification: https://www.registrucentras.lt/jar/p_en/ (search code 306998929)
- Operating domain: wieldhq.com
For questions about this Privacy Policy or about Wield's processing of your personal data:
- Data protection contact: dpo@wieldhq.com
- Grievance Officer: grievance@wieldhq.com
End of Privacy Policy, version 1.4.