Last updated: 2026-06-10 — draft: to be reviewed for GDPR compliance before commercial launch.
FiatDock is operated by a sole trader registered in Portugal, acting as the data controller (GDPR) for the limited data described below. Contact: osama@fiatdock.com. Identity verification (KYC) and payment processing happen entirely at Transak, which acts as an independent controller for that data under its own privacy policy.
Session and order data only: order IDs, statuses, amounts and currencies, the customer identifier you choose (customerId), an email if you pass one, receiving wallet addresses, callback URLs and referral codes. Plus technical logs (IP, timestamps) for security and abuse prevention. Data reaching us from the Provider via webhooks (order status and amounts) is used solely to operate the service and track your orders.
We do not collect or see identity documents, selfies or any KYC data (handled directly by the licensed Provider), card or bank account details, or wallet private keys.
We process data on the bases of contract performance (operating the service, tracking orders), legitimate interest (security, abuse prevention) and legal obligation (accounting records). We never use your data for marketing without your explicit consent, never share it with third parties beyond the licensed Provider to the extent needed to execute your own transaction, and never sell it.
Plainly: this site sets no cookies beyond what is strictly essential — no analytics cookies, no advertising trackers, no third-party embeds on content pages.
Order records are kept for the legally required accounting periods in Portugal, then archived or deleted. As an EU data subject you have the rights of access, rectification, erasure, restriction, portability and objection (within legal limits) via osama@fiatdock.com, and the right to lodge a complaint with the Portuguese supervisory authority (CNPD).
Encryption in transit, signature verification on all incoming and outgoing notifications, least-privilege access, and continuous monitoring with alerts. There are no funds and no identity documents on our systems to steal in the first place.