Back

    MegaRouter Privacy Policy

    Last updated: April 28, 2026

    PRIVACY POLICY

    MegaRouter ("MegaRouter", "we", "us", "our", "ours") is committed to protecting your privacy in accordance with the applicable data protection laws.

    This Privacy Policy ("Policy") describes our current policies and practices in relation to the collection, handling, use and disclosure of personal information through websites at https://megarouter.com, any associated mobile applications and APIs (collectively, the "Platform") and any related services (collectively, the "Services") or when you otherwise interact with us. It also deals with how you can complain about a breach of the privacy laws, how you can access the personal information we hold about you and how to have that information corrected. You must read this Policy carefully to familiarize with how we collect, use and disclose your data.

    All persons and/or users who access our Platform and/or use our Services shall be users of the Platform. For the convenience of wording in this Privacy Policy, the users are referred to as 'you' or any other applicable forms of the second-person pronouns whereas you and we are referred to as both parties, and individually as a party or one party.

    We encourage you to read the Policy carefully before proceeding further as it forms part of our Service Agreement.

    By opening an account with us and using our Platform and Services, you acknowledge that you are aware about the terms of this Policy.

    THE DATA WE COLLECT

    We collect and process various categories of personal data (which identifies a natural person or relates to an identifiable natural person) ("Personal Data") at the start of and for the duration of our relationship with you. Some categories of Personal Data are kept beyond the termination of our relationship where so required and there is a legitimate purpose for doing so. We limit the collection and processing of information to what is necessary to achieve one or more of the lawful bases identified in this Policy.

    When you register an account and/or use our Platform and/or Services with us, we may ask you for the information we need to verify your identity and support such Services provided on the Platform in order to facilitate the provision of Services to you. This can include a broad range of information such as:

    • Personal information:This may include full name, residential address, age, gender, signature, e-mail address, mobile number, date of birth, nationality, passport number, driver's license details, national identity card details, photographs, employment information, utility bills, and /or financial information. We may also ask you to provide evidence of your identity such as asking for a copy of your passport or driving licence, and proof of residence and/or proof of income. We are required to ask for this information to comply with anti-money laundering (AML) legislation to ensure we safeguard against and report any suspicious activities;
    • Content and Biometric Information: We collect and maintain information from the content you provide to our Services, including but not limited to chats and voice recordings, and, where we have your consent, use those recordings to derive a digital model of speech characteristics that may be considered Biometric Information in some places. This Biometric Information will be used to provide our Services, analyze and improve our Services (unless you opt out), and for any other purpose with your prior consent;
    • Logging information: We collect log information about your use of the Platform, including the type of browser you use, app version, access times, pages viewed, your IP address, any other network identifiers, and the page you visited before navigating to our Platform;
    • Device information: We collect information about the computer, mobile device and/or network you use to access our Platform, including the hardware model, operating system and version, unique device identifiers, and mobile network information;
    • Activities on the Platform: We collect records of your activities on our Platform, including, any content you post, your account details, the time, browsing behavour (such as pages viewed and links clicked), the page you visited before nevigating to our Services, and information about your activity on specific pages (such as mouse movements, keystrokes, and items you have viewed);
    • Location information: In accordance with your device permissions, we may collect information about the approximate location of your device to ensure platform security and comply with applicable regulatory requirements;
    • Information Collected by Cookies and Other Tracking Technologies: We use different technologies to collect information, including cookies and web beacons and similar technologies. These technologies help us improve our Services and communications, see which areas and features are popular, count visits, and track clicks. You may be able to adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services;
    • Transaction Information. Transaction information as you use our Services, including deposit snapshots, account balances, order activity and distribution history such as dates and amounts paid for the Services, bank account number, identification data of e-wallet, amount of currency and cryptocurrency during transaction, account statement;
    • Financial Information. Your Digital Asset wallet address, Account balances, and purchase and transaction history; and
    • Information collected in accordance with the requirements of the laws.Results from Politically Exposed Persons (PEP) Screening & Sanction screening, any additional Personal Data required for proving Source of Funds (e. g. employment contract, certificate of inheritance, etc.), data on the management structure and business activity, etc.

    HOW DATA IS COLLECTED

    We collect your Personal Data in the following manner:

    • Information you provide to us directly when contacting us;
    • Information you provide to any of our affiliates including parent companies, subsidiaries, and companies under common control and ownership;
    • Information we receive from third parties, such as third-party service providers, such as where you log into your MegaRouter account through a third-party platform;
    • Information acquired by us during the course of our relationship and dealings with you;
    • Information collected through the use by you of our website, platforms and applications;
    • Information gathered from publicly available sources; and
    • Information you share when you interact with us on social media platforms.

    THE LAWFUL BASES FOR THE PROCESSING OF YOUR DATA

    The purposes for which your Personal Data is collected and processed include the following:

    Contractual necessity

    This lawful basis applies to most of our processing activities in relation to Personal Data belonging to our customers/clients. It applies both during the pre-contractual stages of our relationship (when you are signing up or request information about our Services) as well as once the contractual agreement(s) are in place.

    Compliance with a legal obligation to which we are subject

    We are subject to other legal obligations, which may require us to process Personal Data. For example, we are required to retain information in accordance with record-keeping requirements under applicable legislation. Further we may need to carry out certain investigations, customer due diligence, and reporting for the purposes of anti-money laundering (including counterterrorist and proliferation financing) legal and/or regulatory requirements.

    Legitimate interests of MegaRouter or a third party

    We may also process your Personal Data where it is in our legitimate interests (or the interests of a third party) to do so, provided that those interests override your interests or fundamental rights or freedoms. We will always carry out a legitimate interests assessment to ensure that we balance your rights with our interests. There may be cases where your interests and fundamental rights could override our legitimate interests. This may happen in cases where Personal Data are processed in circumstances where you do not reasonably expect further processing. We will always need to (i) identify a legitimate interest (ii) show that processing is necessary to achieve it, and (iii) balance it against your interests, rights and freedoms. Some non-exhaustive examples of situations where we may seek to pursue legitimate interests are:

    • for marketing purposes;
    • for the exercise, establishment or defence of legal claims; and
    • to prevent fraud.

    Consent

    We may process your information in circumstances after giving you notice and/or getting your consent. Non- exhaustive examples of when we may need your consent are:

    • to enable a feature on a mobile device application; or
    • to enable us to place cookies and similar technologies in accordance with our Cookie Policy.

    USE OF YOUR PERSONAL DATA

    We may use the personal information that you provide, or which is collected by us in accordance with this Policy and relevant laws, to:

    • provide you with our Services;
    • verify your identity and carry out checks that we are required to conduct by applicable laws and regulations, including without limitation, "know your client", anti-money laundering, fraud, sanctions and politically exposed person (PEP) checks;
    • contact you on matters related to your account, including, to respond to your questions, request any additional information or documentation;
    • provide you with notices related to your account, general updates, market updates and other marketing materials, including, the Services offered by MegaRouter - we will give you the option of electing not to receive these communications and you can unsubscribe at any time by notifying us that you wish to do so;
    • tailor the products and Services offered through the Platform to you, including without limitation, to perform any suitability or appropriateness assessments for using our Services and/or products;
    • enable us to manage your ongoing requirements and our relationship with you, for example, to process payments, troubleshoot a problem, prevent or investigate illegal or potentially illegal activities - we may do so by electronically unless you tell us that you do not wish to receive electronic communications;
    • customise and improve our Platform;
    • monitor and analyse Services trends, usage and activities, improve our Services, generate de-identified data and develop new products and services, including but not limited to training our AI models;
    • assess your risk score according to parameters determined by us;
    • Detect, investigate and help reduce risks of fraud, prevent security incidents and other malicious, deceptive, fraudulent and/or illegal activities, help protect the rights and property of MegaRouters and others, and comply with our legal and financial obligations;
    • enforce and/or defend our rights;
    • meet our internal policy requirements;
    • market our products to you;
    • maintain administrative records relating to our business;
    • set up security measures to secure your account, including without limitation, to carry out two-factor authentication;
    • comply with any lawful requests from regulatory authorities or law enforcement agencies as required by applicable laws; and
    • for any other purposes that are compatible with the original purpose for which we collected your data.

    INCOMPLETE AND INACCURATE INFORMATION

    If you do not provide us with some or all of the information that we ask for, we may not be able to verify your identity and as such you may not be able to open a trading account with MegaRouter and use our Platform.

    You can provide and update your information at any time by visiting the "Account" page in our Platform. We recommend that you update your profile in your account regularly, to ensure that the functions offered to you are appropriate for your current circumstances. You may have to update such information upon our request, if we consider the information provided as untrue, incorrect, incomplete and/or inconsistent with other information provided by you at any time. You acknowledge that we may rely upon such information and that you are responsible for any damages or losses which may result from any inaccuracies, including without limitation, the inappropriateness of our Services to you.

    SHARING OF INFORMATION

    We will not share the personal information we hold about you except in the following circumstances, when there is a lawful basis to do so and where appropriate safeguards are in place to protect your rights:

    • between and among MegaRouter's internal corporate entities and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership; and
    • with professional advisors, vendors, consultants, and other service providers, such as AI model providers, transaction service providers, IT hosting companies, legal advisors, banks, other financial institutions and credit reference agencies who need access to such information to carry out work on our behalf;
    • in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of MegaRouter by another company;
    • in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by regulatory, governmental and/or public authorities to meet national security, regulatory and/or law enforcement requirements;
    • if we believe your actions are inconsistent with our Service Agreement or policies, or to protect the rights, property, and safety of MegaRouter or others; and/or
    • when we have obtained your consent or you direct us to do so.

    We also disclose de-identified information that cannot reasonable be used to identify you.

    SECURITY AND INTEGRITY OF INFORMATION

    We strive to ensure the security of your personal information and information that we collect related to you or your activities on our Platform. We protect your personal information by using data security technology and using tools such as firewalls and data encryption. We also require that you use a personal username and password every time you access your account online. As set out in MegaRouter's terms of use, you must not share your password with anyone else.

    Where it is necessary for us to share your personal information with a third party, we will ensure that third parties only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

    We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions.

    We have also put in place procedures to deal with any suspected data security breach. In the event of a data breach, we will promptly assess the scope and impact of the breach, mitigate the risks, and notify you andany applicable regulator of a suspected breach where we are legally required to do so.

    DATA RETENTION

    We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security.

    We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. We will not retain your Personal Data in a form which permits the identification of the data subject for longer than needed for the legitimate purpose or purposes for which we originally collected it, including for the purpose of satisfying any legal, accounting or reporting requirements.

    To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    In some circumstances we will anonymize your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

    We are obligated to retain Personal Data about you and your transactions for such time until the retention of your Personal Data is no longer necessary for any business or legal purpose, i.e. in order to comply with anti-money laundering and countering the financing of terrorism and other obligations applicable to us.

    Once collected, we may retain your data related to financial transactions for up to 8 years following the date of your last transaction or the date you close your account (whichever is the later). This time limit may be additionally extended if a reasonable ground exists.

    The Personal Data storage period is set based on the below principles:

    • Usually, we keep data during the course of the provision of Services, during the validity of the contract and 10 years after the expiration of the contract or legal relationships, while executing the requirements set forth in legal acts related to document archiving and in order to declare, execute or defend the legal claims.

    At the end of the retention period, we will securely delete or destroy data retained, and require our sub-processors or third-party suppliers to do likewise.

    YOUR RIGHTS

    You have certain rights and protections regarding the processing of your personal information. For example, in certain circumstances you have the right to:

    • Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
    • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
    • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
    • Request the transfer of your personal information to another party.

    Users (as data subjects) also have the right to complain about the use of their personal information to the supervisory authority where you reside. Contact details for your data protection authority can be found using the links below:

    USE OF THIRD PARTY LINKS

    Occasionally, at our discretion, we may include or offer third party products or services on our Platform. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Platform and welcome any feedback about these sites.

    EXISTENCE OF AUTOMATED DECISION-MAKING

    You have a right not to be subject to a decision based solely on automated processing (i.e., by computers and without human intervention), including profiling, which produces legal effects concerning you or similarly significantly affects you.

    However, this right does not apply when the decision:

    • is necessary for entering into, or performance of, a contract between you and us;
    • is required or authorised by law; or
    • is based on your explicit consent.

    Although certain third parties may use automated decision-making tools or software, we do not use automatic decision-making or profiling when processing Personal Data. If this changes, we will confirm this with you and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for you.

    COOKIES

    We use technology to collect anonymous information about the use of our platform. For example, when you browse our Platform, our service providers log your server address, the date and time of your visit, the pages and links accessed and the type of browser used. It does not identify you personally and we only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our Services.

    QUESTIONS AND COMPLAINTS AND HOW TO CONTACT US

    We welcome your questions and comments about privacy. If you have any concerns or complaints, please submit a support request from MegaRouter's website, email us at business@megarouter.com. Your complaint will be considered by us through our internal complaints resolution process and we will try to respond with a decision within 30 days of you making the complaint.

    CONFIDENTIALITY

    Employees and / or authorized persons must comply with the principle of confidentiality and keep confidential any information relating to the Personal Data with which they have become aware in the course of their duties, unless such information is public in accordance with applicable laws or regulations Employees and / or authorized persons must also comply with the principle of confidentiality at the end of the labor relations and / or contract under which the person has acted. The obligation of confidentiality shall also apply after the Employee and / or the authorized person change the position in the Company. The principle of confidentiality also implies that persons who process Personal Data are prohibited from disclosing them without the Company's written permission.

    CHANGES TO THIS POLICY

    The Policy will be reviewed from time to time to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. Any personal information held will be governed by our most current Policy.

    LIMITS TO YOUR RIGHT TO INFORMATION

    Your right to information is limited in certain cases. The requirements to give information do not apply insofar as:

    • the provision of information to you proves impossible or would require disproportionate effort on our part in order to provide. This is provided that we take appropriate steps as controller to protect your rights as a data subject, your freedoms and your legitimate interests, including by making information publicly available (as this Policy intends to do);
    • obtaining or disclosure is expressly laid down by applicable laws which we are subject and which provides appropriate measures to protect your legitimate interests;
    • the Personal Data must remain confidential subject to an obligation of professional secrecy regulated by applicable laws (such as statutory obligations of secrecy); or
    • you already have the information.

    RESIDENTS WITHIN THE EUROPEAN ECONOMIC AREA (EEA)

    If you are a resident of the EEA, you may have certain data protection rights. "GDPR" means the European Union General Data Protection Regulation (EU) 2016/679. Information that you provide may be transferred or accessed by entities around the world as described in this Policy. In cases where we intend to transfer Personal Data to third countries or international organisations outside of your country of residence that are not subject to an adequacy decision and further safeguards are required, MegaRouter puts in place appropriate technical, organizational and contractual safeguards, to ensure that such transfer is carried out in compliance with applicable data protection rules.

    We process Personal Data subject to the GDPR on one or more of the following legal bases:

    • Contractual necessity: To comply with our contractual obligations to you under our User Agreement, including to provide you with our Services and customer support services, and to optimize and enhance the Platform.
    • Legitimate interest: Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. This may specifically involve research and development, direct marketing, personalizing your user experience, fraud prevention, network and information security or creating aggregated, de-identified and/or anonymized data.
    • Consent: Where we have your specific consent to carry out the processing for the purpose in question.
    • Compliance with legal and regulatory obligations: Including "know your customer" obligations based on applicable anti-money laundering and anti-terrorism requirements, suspicious activity reporting, financial crime and fraud prevention, responding to requests from public authorities, complying with economic and trade sanctions requirements, performing customer due diligence, performing audit and risk assessments, preparing tax reports, fulfilling our retention obligations and handling legal claims.

    If you are accessing or using the Platform and/or Services from within the EEA, you may have the following rights under the GDPR, subject to certain exceptions:

    • Right of Access: You have the right to obtain confirmation from us as to whether or not we process Personal Data from you and you also have the right to at any time obtain access to your Personal Data stored by us.
    • Right to Correction: If we process your Personal Data, we use reasonable measures to ensure that your Personal Data is accurate and up-to-date for the purposes for which your Personal Data was collected. If your Personal Data is inaccurate or incomplete, you have the right to require us to correct it.
    • Right to Deletion: In some cases, you may request us to delete your Personal Data. Please note that under certain circumstances (such as for the purposes of compliance with a legal obligation to which we are subject, public interest, public health or scientific and historical research), we have the right to retain your Personal Data even if you ask us to delete it.
    • Right to Restriction of Processing and Right to Object: In some cases, you can lodge an objection to the processing of your Personal Data and ask us to limit the processing of your Personal Data. Similarly, in some cases, we have the right to refuse your request even if you raise objections or ask us to restrict the processing of your Personal Data.
    • Right to withdraw Consent: In some cases, you may withdraw your consent in respect of collection and processing of your Personal Data. If there are other legitimate reasons, we also have the right to continue using or processing without your permission. Withdrawal of consent does not affect lawfulness of processing based on consent before such withdrawal.
    • Right to Data portability: You may have the right to receive the personal information concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller.
    • Right to lodge Complaint: If you reside in the EEA and have a concern about our processing of your Personal Data that we are not able to resolve through our internal resolution process, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
    • Right relating to automated decision-making: Where we make decisions about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, you have the right to request human intervention, to express your point of view and to contest the decision.

    We will assess all requests and complaints we have received and provide you with timely responses. We may ask you to provide a valid copy of the identity document so that we can fulfill our security obligations and prevent unauthorized data disclosure. We have the right to charge you a reasonable administrative fee if your request for access to data is clearly unfounded or out of our obligation, or if you request us to provide additional copies of your Personal Data.

    To facilitate with the Services provided to users located in the EEA, we request explicit consent for the transfer of Personal Data from the EEA to countries outside of the EEA where the transfers are necessary to provision of Services to you and/or to optimize and enhance our Platform. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use our Platform and Services. You will still retain the ability to withdraw assets in your Accounts opened with us however, all other functionalities will be disabled.