Privacy & Cookies Policy

Brand:OneStop Crypto ("we", "us", "our")
privacy@onestopcrypto.co.za | support@onestopcrypto.co.za

Responsible party: Eccentricity Capital (Pty) Ltd., registration # 2024/046775/07 (trading as OneStop Crypto).

We respect your privacy and process personal information in line with the Protection of Personal Information Act, 2013 (POPIA) and other applicable laws (including the Financial Intelligence Centre Act (FIC Act) where relevant). This notice explains what we collect, why, how long we keep it, who we share it with, your rights, and how to contact us.

1. What We Collect

1.1 Information You Give Us

When you open an account, request a quote, or engage our services, you may provide:

  • Identity data: Full name, date of birth, ID/passport number, nationality, photograph.
  • Contact data: Email address, mobile phone number, physical address.
  • Financial data: South African bank account details, proof of address, crypto wallet addresses, transaction history.
  • Communications: Records of correspondence (WhatsApp, Telegram, email, SMS).

1.2 Information We Collect Automatically

When you visit our website or interact with our platforms, we automatically collect:

  • Device & browser information: IP address, operating system, browser type, device identifiers.
  • Usage data: Pages viewed, links clicked, time spent, date/time stamps.
  • Cookies & trackers: See Section 7 for details.

1.3 Information from Third Parties

We may receive information from:

  • KYC/AML providers: Identity verification, sanctions screening, PEP checks.
  • Banks or crypto exchanges: Confirmations, transaction metadata.
  • Public records: Company registries, regulatory announcements, adverse media searches.

2. How We Use Your Information

We process personal information only for specified, explicit, and lawful purposes:

  • Performing the contract: Executing trades, settling transactions, providing quotes.
  • KYC/AML compliance: Verifying your identity and source of funds as required by the FIC Act and FSCA regulations.
  • Legal obligations: Reporting suspicious transactions, retaining records, cooperating with law enforcement.
  • Legitimate interests: Fraud prevention, risk management, improving our services, and marketing (subject to your rights).
  • With your consent: Sending promotional communications (you may withdraw consent any time).

3. Lawful Bases (POPIA Condition 2)

We rely on the following legal grounds:

  • Consent: Where you have given explicit consent (e.g., marketing emails).
  • Contractual necessity: To deliver the trading services you requested.
  • Legal obligation: Compliance with FIC Act, Tax Administration Act, FSCA rules.
  • Legitimate interests: Fraud detection, service improvement (balanced against your privacy rights).

4. What We Share and With Whom

We do not sell your personal information. We may share it with:

  • Service providers: Cloud hosting (AWS), KYC/AML screening, payment processors—under strict data processing agreements.
  • Regulators: FSCA, Financial Intelligence Centre (FIC), SARS—when legally required.
  • Law enforcement: In response to valid court orders, subpoenas, or lawful requests.
  • Professional advisors: Lawyers, auditors, compliance consultants—under confidentiality obligations.
  • Business transfers: If we merge, sell assets, or restructure, your data may be transferred (you will be notified).

5. Retention (How Long We Keep Your Data)

We retain personal information only as long as necessary for the purposes outlined, or as required by law:

  • Active accounts: For the duration of the relationship.
  • After account closure: Minimum 5 years (FIC Act requirement for financial records).
  • Longer retention: If subject to litigation, ongoing investigation, or regulatory hold.
  • Marketing data: Until you unsubscribe or withdraw consent.

After the retention period, we securely delete or anonymize your data.

6. Security Safeguards

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: TLS 1.3 for data in transit; AES-256 for data at rest.
  • Access controls: Role-based permissions, multi-factor authentication (MFA), regular access reviews.
  • Infrastructure: AWS af-south-1 (South Africa) with redundancy and DDoS protection.
  • Monitoring: Intrusion detection, security logging, and regular audits.
  • Staff training: All personnel complete data protection and security awareness training.

No system is 100% secure. If a breach occurs, we will notify affected individuals and the Information Regulator as required by law.

7. Cross-Border Transfers

Your data is primarily stored and processed in South Africa (AWS af-south-1). If we transfer data internationally (e.g., to service providers in the EU or USA), we ensure:

  • The recipient country has adequate data protection laws, or
  • We use Standard Contractual Clauses (SCCs) or similar safeguards.

8. Cookies & Analytics

We use cookies and similar technologies to:

  • Essential cookies: Enable core functionality (session management, security).
  • Analytics cookies: Understand usage patterns (Google Analytics, Vercel Analytics)—no PII is shared.
  • Marketing cookies: Track conversions and ad performance (if you consent).

You can manage cookies via your browser settings. Blocking essential cookies may affect site functionality.

9. Your Rights (POPIA Chapter 3)

You have the following rights regarding your personal information:

  • Right of access: Request a copy of the personal information we hold about you.
  • Right to correction: Request correction of inaccurate or incomplete data.
  • Right to deletion: Request deletion (subject to legal retention requirements).
  • Right to object: Object to processing for direct marketing or legitimate interests.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to withdraw consent: For processing based on consent (e.g., marketing).

To exercise these rights, email privacy@onestopcrypto.co.za or support@onestopcrypto.co.za. We will respond within 30 days.

10. Children

Our services are not intended for individuals under 18. We do not knowingly collect information from minors. If we discover we have collected data from a child, we will delete it promptly.

11. Third-Party Links and Messaging Platforms

Our website may link to third-party sites (e.g., exchanges, wallets). We are not responsible for their privacy practices—please review their policies.

We communicate via WhatsApp and Telegram. These platforms have their own privacy policies. We encourage you to review them.

12. Direct Marketing

We may send you promotional messages about new services, market updates, or special offers if:

  • You have given consent, or
  • You are an existing client and we have a legitimate interest (you may opt out any time).

To unsubscribe, click "Unsubscribe" in any email, or contact support@onestopcrypto.co.za.

13. Updates to This Policy

We may update this policy from time to time to reflect changes in law, our practices, or new features. Material changes will be communicated via:

  • Email notification
  • Prominent notice on our website
  • In-app or platform message

Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or wish to exercise your rights, contact us:

Complaints: If you are not satisfied with our response, you may lodge a complaint with the Information Regulator: