Open INit bot

Privacy Policy

May 29, 2025

Please read this Privacy Policy carefully.

This document explains how we collect, use, store, and protect your personal data when you use our services.

It also outlines your rights under applicable data protection laws and how you can exercise them.

By understanding this Policy, you can make informed decisions about your personal information and ensure your privacy rights are respected.

1. Introduction

The operator of the Website https://in1t.io and the Telegram Bot https://t.me/in1tbot (hereinafter referred to as “We”, “Us”, or the “Company”) places the highest importance on safeguarding your personal data when you use our Services.

For the purposes of this Privacy Policy, the “Company” refers to a group of legal entities, including but not limited to:

UAB CryptoBarrel, a company duly registered under the laws of Lithuania, with Registration No. 306696279 and registered address at Krivių g. 5, LT-01204, Vilnius, Lithuania.

Depending on your country of residence, the scope and purpose of your use of the Services, and the results of our internal classification procedures (including Know Your Customer (KYC) verification), one or more of the legal entities may act as the data controller for your personal data. The identity of your specific data controller will be communicated to you upon request or as determined during the KYC process.

This Privacy Policy describes how we collect, use, process, and share your personal data, the security measures we apply to protect it, and your rights under applicable law. It is prepared in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws applicable in the jurisdiction of the respective Company entity providing the Services.

By using our Services, you confirm that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with any part of this Policy, you must refrain from using our Services. All terms used in this Policy are consistent with those defined in our Terms of Use and other applicable policies.

Please note that when using our Telegram Bot, you may also share personal data with Telegram. For more information on how Telegram processes personal data, please refer to the Telegram Privacy Policy.

If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].

1.1 Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

  • “Company”, “We”, “Us”, or “Our” – refers to the relevant legal entity or entities within the group providing the Services to you, as identified in this Privacy Policy and during the onboarding process.
  • “Services” – means any products, features, technologies, content, or functionalities offered by the Company, including but not limited to access via the Website, Telegram Bot, APIs, and related communication channels.
  • “Website” – refers to the Company’s official website, currently available at https://in1t.io.
  • “Telegram Bot” – refers to the Company’s official bot available at https://t.me/in1tbot.
  • “User” or “You” – means any natural or legal person who accesses or uses the Services, whether as a registered account holder, legal entity representative, or otherwise.
  • “Personal Data” – has the meaning given in Article 4(1) of the General Data Protection Regulation (GDPR) and refers to any information relating to an identified or identifiable natural person.
  • “Processing” – has the meaning given in Article 4(2) of the GDPR and includes any operation or set of operations performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • “Data Controller” – has the meaning given in Article 4(7) of the GDPR and refers to the natural or legal person which determines the purposes and means of Processing Personal Data.
  • “Third Party” – means any natural or legal person, public authority, agency, or body other than the User, the Company, or persons who are authorised to process Personal Data on behalf of the Company.
  • “AML/CFT” – refers to anti-money laundering and counter-terrorist financing laws and regulations applicable to the Company.

2. Data Controller

The Company entity that provides the Services to you acts as the data controller of your personal data.

Under Article 4(7) of the General Data Protection Regulation (GDPR), a data controller is a natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

Details of the specific legal entity acting as your data controller including its name, registration number, and registered address will be provided in connection with the particular Service you use or upon request.

For any questions regarding how we process your personal data, please contact us at [email protected].

3. Sources of Personal Data

We collect personal data from the following lawful sources:

  • Directly from you – when you voluntarily provide information via our Website, Telegram Bot, forms, or other communication channels. This may include contact details, identification documents, residential address, and other information necessary for us to provide our Services.
  • Through your use of our Website and Telegram Bot – we may collect certain technical and usage data (e.g., IP address, device information, browsing activity) through cookies and similar technologies. For more details, please refer to our Cookie Policy.
  • From third-party sources – including trusted service providers, business partners, or publicly available databases, to the extent permitted by law. This may include verification data, contact details, or other relevant compliance-related information.

We collect personal data only from lawful sources and process it in accordance with the principles of lawfulness, fairness, transparency, and accountability as set out in the GDPR.

4. Legal Basis for Processing Your Personal Data

In accordance with the GDPR and other applicable data protection laws, we process your personal data on one or more of the following legal bases:

  • Consent – when you have given us your explicit consent to process your personal data for specific purposes (Article 6(1)(a) GDPR).
  • Performance of a contract – when processing is necessary to perform our contractual obligations to you or to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).
  • Compliance with a legal obligation – when processing is required for us to comply with laws and regulations to which we are subject, including AML/CFT requirements (Article 6(1)(c) GDPR).
  • Legitimate interests – when processing is necessary for our legitimate business purposes or those of a third party, provided that such interests are not overridden by your rights and freedoms (Article 6(1)(f) GDPR).

If you would like to know which specific legal basis applies to a particular instance of processing, you may contact us for clarification.

5. What Personal Data Do We Collect? 

We collect personal data in order to comply with our legal obligations, provide our Services, and ensure the security and integrity of our platform. This includes data you provide directly, data collected automatically when you use our Services, data obtained from trusted third-party sources, and, in specific cases, data provided by law enforcement or regulatory authorities.

5.1 Data You Provide Directly

Depending on whether you are an individual user, a legal entity representative, or a legal entity, we may collect the following categories of personal data:

For Individual Users:

  • Identification details (full name, date of birth, nationality).
  • Identity documents (passport, national ID, driver’s licence, visa).
  • Residential address and contact details (email, phone number).
  • Liveness or biometric verification (facial similarity check).
  • Information on the purpose of the account and source of funds.
  • Declarations required under AML/CFT laws.

For Legal Entity Representatives:

  • Identification and contact details.
  • Identity and authority verification documents.
  • Required declarations.

For Legal Entities:

  • Company details (name, registration number, country of incorporation).
  • Proof of legal existence and ownership structure.
  • Information on shareholders, beneficial owners, and directors (including identity and address verification).
  • Documents relating to source of funds and source of wealth.

The exact scope of data collected may vary based on your risk profile, the Services you use, and applicable legal requirements.

We use Sum and Substance Ltd. (Sumsub) to perform identity verification in line with our AML/CFT Policy.

5.2 Data Related to Your Transactions and Account Activity

  • Payment and transaction details.
  • Exchange and order history.
  • Account status.
  • Linked digital wallet address and related transaction history.

In certain cases, and in accordance with our AML/CFT obligations, we may request additional information or supporting documents related to specific transactions. This may include, but is not limited to, proof of source of funds, source of wealth, purpose of the transaction, or documentation evidencing the origin or destination of assets. Such requests are made to meet legal requirements, ensure compliance with our internal risk assessment procedures, and protect the integrity of our Services.

5.3 Data Related to Your Transactions and Account Activity

When you access or use our Website or Telegram Bot, we may automatically collect:

  • Device Data: device type, operating system, device ID, browser settings, mobile network information, general geographic location.
  • Online Identifiers: IP address, cookie identifiers, advertising IDs, and similar technologies (see our Cookie Policy).
  • Usage Data: pages visited, functions used, actions performed, time zone, access dates and times, duration of visits, and search terms used.

5.4 Data Collected from Law Enforcement or Regulatory Authorities

If you are a representative of a law enforcement or regulatory agency submitting a legal request through our official portal, we may collect and process the following personal data:

  • Full name and official title.
  • Government agency or department name.
  • Official contact details (e.g., email address).
  • Documentation verifying your identity and authority.
  • Verification logs (e.g., timestamps, IP address, and verification provider data).

This data is processed solely to authenticate your identity, evaluate the validity of the request, and ensure lawful compliance with applicable data protection and financial crime regulations. It is retained only as long as necessary for compliance, legal defence, or audit purposes, and always in accordance with our internal data retention policy.

5.5 Lawful Use and Retention

We process personal data only to the extent necessary to:

  • Provide our Services.
  • Comply with legal and regulatory requirements, including AML/CFT laws.
  • Maintain platform security and prevent fraud.

Data is retained in accordance with applicable legal retention periods and then securely deleted or anonymised.

6. What Personal Data Do We Not Collect

We do not knowingly collect or process special categories of personal data as defined under Article 9 of the GDPR, including:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious, philosophical, or other beliefs;
  • Membership in trade unions;
  • Genetic or biometric data for the purpose of uniquely identifying a natural person (beyond the liveness/ID checks required solely for verification under AML/CFT obligations);
  • Health-related data;
  • Data concerning a natural person’s sex life or sexual orientation;
  • Criminal convictions and offences (unless required by applicable law or for AML/CFT compliance purposes, in which case such processing is limited and subject to strict safeguards).

If such data is inadvertently collected, we will take immediate steps to delete it unless we are legally required to retain it for compliance, law enforcement, or regulatory purposes.

7. How Do We Process the Personal Data of Minors?

Our Services are not intended for, and may not be used by, individuals under the age of 18. We do not knowingly collect, process, or store personal data of persons under this age.

During the verification process, you are required to confirm that you are at least 18 years old and have the legal capacity to enter into a binding agreement with us.

If we become aware that we have inadvertently collected personal data from a person under the age of 18, we will take immediate steps to delete such data unless we are legally required to retain it.

If you believe that a person under 18 has provided personal data to us, please contact us promptly at [email protected].