NOAH Inc.

Crypto Services Privacy Policy

Effective Date: 3/1/2025

1. Introduction

NOAH’s, Inc. (“NOAH”, “we,” “us,” or “our”) is committed to protecting the privacy of our users, clients, and partners (collectively, “Participants”). We strive to safeguard your data and provide high-quality professional services (“Services”) to all our Participants. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our Services, including our Crypto Services outlined here. including our Know Your Customer (KYC) and Know Your Business (KYB) verification processes.   

2. Information We Collect

To comply with legal obligations and provide our services, we may collect the following documentation and information:

  • Basic Personal Information
    • Full Name
    • Residential Address
    • Date of Birth
    • Nationality
    • Country of Residence
    • Gender
    • Phone number
    • Email address
  • Identity Verification Information
    • Government-issued identity document, e.g. passport, driver’s license, or state identification card, Social Security number, employment information (e.g. company name)
    • Proof of address (utility bills, bank statements)
    • Utility bills
    • Photographs and/or videos
  • Electronic Identification Information (“EIDV”)
    • Facial recognition data or biometric information (where applicable and with explicit consent). 
  • Organization Information (if you are working with us on behalf of an organization, entity, business, or institution)
    • Organization (e.g. institution or business) name and registration details
    • Personal identification information for all material beneficial owners of your business
    • Company address
    • Ownership information
    • Tax identification numbers
    • Financial statements
    • Beneficial ownership information.
    • Company directors and officers information.
  • Financial Information
    • Bank Account Numbers
    • Investment and financial experience
    • Tax Identification Number
    • Income/net assets/wealth verification statements
  • Technical Information:
    • Access information
    • IP address
    • Device information
    • Browser type
    • Usage data
    • Cookies and similar tracking technologies.
  • Crypto Services Information
    • Bank information (account numbers, routing numbers)
    • Proof and availability of funds
    • Financial statements
    • Cryptocurrency wallet information, if you ask us to work with your cryptocurrency assets
    • Your payment preferences
    • Transaction logs
  • Information from Third-Party Sources:
    • Verification Provider Information: We collect the results of KYC/KYB verification performed by third-party service providers on the Basic Personal Information, Identity Verification Information, and Organization Information you provide us. These results inform us whether the documents and information you have provided are current, legitimate, and accurate.
    • Public Database Information: We obtain information about you from public database, such as the UN Sanctions List, US ITA Consolidated Screening List, and the SEC EDGAR, including your name, address, email address, phone number, gender, national ID number and nationality/country of residence, date of birth, job role, public employment profile, listing on any sanctions or watchlists maintained by public authorities and any other data as necessary
    • Blockchain Data: We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amount, and wallet addresses, and other information sourced directly from blockchain explorers.
    • Blockchain Analytics: We may parse, investigate, and analyze public Blockchain Data, and wallets and transactions you provide us, using blockchain analytics tools offered by companies like Elliptic and Chainalysis.
    • Credit bureaus: We may obtain information about your financial trustworthiness by contacting credit bureaus. This information may include: your credit score, a full credit report, outstanding loans or unpaid debt obligations, etc.

3. How We Use Your Information

We use your information to:

  • Register you (and your institution) with Crypto Services: We are legally required to verify you as an individual using your Basic Personal Information, and Identity Verification Information. We perform KYC/AML checks with this information for all Participants to ensure their compliance with domestic and international regulations, and anti-money laundering (AML) and counter-terrorism financing (CTF) laws. We may also use Public Database Information and other Information from Third-Party Sources when assessing you. If you are working with or on behalf of an institution, we will verify your Organization Information, and your employment at that institution.
  • Verify your assets: If you have asked NOAH to work with your assets, we will verify the legitimacy and ownership of your wallets. This includes verifying your Financial Information, potentially using Information from Third-Party Sources. For cryptocurrency assets, we will verify Blockchain data using Blockchain Analytics.
  • Verify your clients and customers: We may perform the same checks on your clients and customers, and their assets, that we perform on you and your business to verify and validate them. We will only investigate this information to the extent required to operate with your clients and customers.
  • Service Provision: We may use your Basic Personal Information, Organization Information, Financial Information, Technical Information, and Crypto Services Information in order to provide you with relevant, high-quality Services. This can include finding counterparties or searching for opportunities that may best fit your needs.
  • Customer Support: We may provide communication and support using your Basic Personal Information, Identity Verification Information, Financial Information, Technical Information, and Crypto Services Platform. This includes support regarding your use of the platform, transaction questions, and other relevant inquiries you may have.
  • Security and Fraud Prevention: To protect against fraud, unauthorized access, and other illegal activities, we may use your Financial Information and Crypto Services Information to track suspicious activity, recognize patterns of illegal activity, and detect and act on violations of our policy. 
  • Compliance: We may access, read, preserve and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities. For example,
    • Civil, commercial, criminal, or consumer protection matters: were we are in receipt of a court order to disclose information for the purposes of court proceedings or regulatory inquiries (e.g. orders or mandatory requests under the Irish Competition and consumer Protection Act 2014, US federal and state consumer protection and privacy laws, subpoenas from any court with jurisdiction, and/or Singapore Criminal Procedure Code 2010).
    • Corporate and taxation matters: obligations such as the Irish Companies Act 2014 and the Taxes Consolidation Act 1997, and the IRS.
    • Regulatory matters
  • Research and Innovation: We are dedicated to delivering best-in-class crypto services. To ensure this, we analyze your Crypto Services Information and Financial Information and Technical Information, platform usage data, enabling us to optimize our processes, improve our technical platform, strengthen security, and expand our financial toolset. 
  • Marketing and Communication: To send you updates and promotional materials (with your consent where required).
  • Risk Assessment: To assess the risks associated with providing our services, we analyze your Basic Personal Information, Identity Verification Information, Financial Information, Technical Information, Organization Information, and Information from Third-Party Sources.

4. Sharing Your Information

We may share the Information we collect in this Policy’s “Information We Collect” section with:

  • Third-Party Service Providers: Third-party vendors who assist us with KYC, AML/CTF, and KYB, blockchain data analysis, and other services.
    • Trusted Identity Verifiers: We use trusted third-party vendors, including Onfido and Idenfy, to process your information as part of our KYC/KYB processes. These service providers may operate outside your home country and store your information in secure datacenters distributed across the world.
  • Financial Institutions: To facilitate transactions and comply with regulatory requirements.
  • Professional Advisors and Industry Partners: With your consent, we may contact partners in our network to provide you with optimal or new services.
  • Authorities and Regulators, and Law Enforcement: We may be required by law to send your information to When required by law or to comply with legal obligations:
    • Respond in compliance with applicable law or regulations, court orders, legal process, or government requests
    • Comply with our reporting and information sharing obligations with industry partners, if you have consented to sharing your information with our partners.
    • Detect, investigate, prevent, or take action against fraud and other illegal activity or security and technical issues
    • Protect the rights, property, and safety of our other Participants, us, or our Affiliates, including to prevent death or imminent bodily harm.
  • Linked Third Party Websites: We use third-party services to store your information. All data and information services we use follow the highest security standards, including ISO27001 and SOC 2 Type 2 Audits. We also work with third-party vendors for:
    • Tax Reporting
    • Telecommunications (to communicate with you)
    • CTF/AML (for User screening and transaction monitoring)
    • Security services (for investigating fraud and security incidents)
    • Payment processing companies (to process transactions on our behalf)
    • Document repositories
    • Customer support
  • Other parties with your consent.

5. Data Security

We implement appropriate technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction. We use highly secure online platforms to store your information. At minimum, these platforms adhere to ISO27001 standards, and/or regularly conduct and report SOC 2 Type 2 Audits.

6. International Data Transfers

As we operate globally, we, our Affiliates, and third-party partners and service providers may transfer, store, and process your personal information throughout the world, including Ireland, Germany, Singapore, the UK, the US, and the Philippines. Your information may be transferred to and processed in countries outside your jurisdiction. We take appropriate measures to ensure that your information is protected in accordance with applicable laws.  

We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of European Personal Data to third countries, including from EU operating entities to us, in the United States. For a copy of the Standard Contractual Clauses, please contact crypto@noahsinc.net.

In addition, we may rely on certain exemptions provided for under data protection law for our international transfers. We also rely on adequacy decisions from the European Commission where available and exemptions provided for under data protection law. For example, because we provide Services globally, we need to share information with our Affiliates and to data centers outside the EEA in order to develop, offer, and improve our Services (Article 49(1)(b) GDPR). In addition, we may rely on certain exemptions for sharing personal information with law enforcement outside of the EEA in emergency situations (Article 49(1)(f) GDPR).

EU-US, UK-US, and Swiss-US Data Privacy Framework

NOAH complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (together referred to as the “Data Privacy Frameworks”) and the DPF Principles as set forth by the U.S. Department of Commerce.

In the context of an onward transfer, NOAH has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as a service provider, partner and/or other third party to help us provide our Services on our behalf (as described in Section 4 of this policy). NOAH remains liable under the DPF if any such third party processes personal data in a manner inconsistent with the DPF, unless NOAH can prove that we are not responsible for the event giving rise to the damage. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, visit https://www.dataprivacyframework.gov  

In compliance with the Data Privacy Frameworks, NOAH commits to resolve all DPF Principles-related complaints about our collection and use of your personal information.  EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the relevant Data Privacy Frameworks should first contact NOAH at crypto@noahsinc.net. 

The Federal Trade Commission has jurisdiction over NOAH’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

7. Data Retention

We retain your personal information as needed to provide our Services, comply with legal obligations, and protect the interest of our Participants and us. Retention requirements vary by country, but we maintain internal policies based on usage requirements. This includes considerations such as when the information was collected or created, whether it is necessary in order to continue offering you our Services, whether we are required to hold the information to comply with our legal obligations, including AML/KYC compliance or other financial regulatory obligations, or information preservation requirements. We also keep certain information where necessary to protect the safety, security, and integrity of our Services, Participants, and us. Our trusted third-party electronic identity verification providers collect and retain information, including biometric information, for the period required for financial regulatory compliance or otherwise as required by applicable law. 

We delete information that is no longer needed for the purposes above when you close your account, or when you request deletion of your information. 

8. Your Rights

Depending on where you live, you may be able to exercise certain privacy rights related to your personal information. For any of your privacy rights and choices referenced below, requests relating to your personal information can be made by contacting using the methods listed in our Contact Us section below. The table below lists your rights regarding your personal information. Certain rights may be subject to additional legal qualifications; please read the details listed with each of your rights. 

Right ToDetailsHow to Exercise
Access and portabilityYou can request a copy of your information in a portable format.Submit a request to us using the methods listed in our Contact Us section.
RectificationYou can request that we correct any inaccurate or incomplete information by contacting us.
Deletion/erasureYou can request that we delete your information (subject to legal obligations). We will retain or delete information associated with your NOAH account as described in this policy’s Data Retention section.
Object to or restrict processingYou can object to the processing of your information. In this case, we may be required to stop providing our Services to you.
Withdraw your consentTo the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. The lawfulness of our processing before you withdraw your consent will not be affected by such withdrawal.
Lodge a complaintIf you reside in the EEA, Switzerland, or the UK, you have the right to lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country or state. In the UK, the relevant data protection authority is the Information Commissioner’s Office, Wycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5AF, +44 (0303) 123 1113, email: casework@ico.org.uk. In Ireland, the relevant data protection authority is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, +353 017650100 / + 353 1800 437737, email: info@dataprotection.ie
Reject automatic decision-makingYou have the right not to be subject solely to automated decision-making that significantly affects you, and you may request human review of such decisions. Our KYC, AML/CTF, and KYB processes have a human “in the loop” to make final decisions.
Non-discriminationWe will not discriminate against you for exercising any of your rights provided to you under law.This automatically applies to you.

9. Specific Jurisdictional Information

Certain jurisdictions provide specific legal protections, including:

  • European Union (GDPR):
    • Legal Basis: We process your personal information based on legal obligations (KYC/KYB), contractual necessity, legitimate interests, and consent (where applicable).
    • Data Subject Rights: Residents of the EU have the rights outlined in the “Your Rights” section of this Privacy Policy and can lodge a complaint with a supervisory authority.
    • Data Transfers: We implement Standard Contractual Clauses or other appropriate safeguards for international data transfers.
    • Data Retention: Data is retained as long as legal requirements dictate, and as long as needed for the services that are provided.
  • California (CCPA/CPRA):
    • Consumer Rights: California residents have the right to know, delete, and opt-out of the sale of their personal information.
    • “Sale” under CCPA/CPRA is defined broadly, and we confirm that we do not sell your personal information as the term is defined.
    • Sensitive Personal Information: We provide notice regarding sensitive personal information and how it is used.
  • Other Jurisdictions:
    • We comply with applicable data privacy laws in all jurisdictions where we operate, including but not limited to, Canada (PIPEDA), Australia (Privacy Act), and other relevant regulations.

10. Changes to This Privacy Policy

We’re constantly trying to improve our Services, so we may need to update this Privacy Policy from time to time. We post any changes we make to our Privacy Policy on this page and, where appropriate, we will provide you with reasonable notice of any material changes before they take effect or as otherwise required by law. The date the Privacy Policy was last updated is identified at the top of this document. We may provide additional “just-in-time” disclosures or information about how we collect or use your information in the context of specific Services; these in-product notices may supplement or clarify our privacy practices or may provide you with additional choices about how we use your information.   

11. Contact Us

If you have any questions or concerns about this Privacy Policy, or would like to submit a request regarding one of your privacy rights listed in the “Your Rights” section, please contact us at info@noahsinc.net, or crypto@noahsinc.net.