Last updated: 21 May 2026
Who we are
VAMELA LTD ("VAMELAONE", "we", "us") is the data controller for personal data processed through our websites and platform. We are registered in the Republic of the Marshall Islands (Registration No. 132394), with registered office at Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Marshall Islands MH96960.
Data we collect
We collect: (a) account and identity data (name, email, company, role); (b) verification data required for KYC/KYB (identification documents, beneficial-ownership information); (c) transaction and usage data (payments, balances, API usage, logs); (d) device and technical data (IP address, browser, cookies); and (e) any data you provide when contacting us.
How we use data
We use personal data to: (a) provide, operate, and improve the Services; (b) comply with legal, regulatory, and contractual obligations, including anti-money-laundering and sanctions screening; (c) prevent fraud and secure the platform; (d) communicate with you about the Services; and (e) carry out analytics and product research.
Legal bases
Where required by law, we rely on the following bases: performance of a contract with you; compliance with legal obligations; our legitimate interests in operating and securing the Services; and, where applicable, your consent.
Sharing
We share personal data with: (a) banking, acquiring, and payment-method partners required to deliver the Services; (b) compliance and identity-verification providers; (c) cloud infrastructure and security vendors acting as our processors; (d) authorities and regulators when legally required; and (e) advisors and auditors under confidentiality.
International transfers
Personal data may be transferred to, and processed in, jurisdictions outside your country. Where we transfer data internationally, we put in place appropriate safeguards, including contractual protections such as the EU Standard Contractual Clauses, where applicable.
Retention
We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law (for example, AML record-keeping obligations of up to seven years).
Security
We maintain administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, loss, or alteration. Our platform is PCI-DSS Level 1, SOC 2 Type II, and ISO 27001 certified.
Your rights
Subject to applicable law, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. To exercise these rights, contact us using the details below. We may need to verify your identity before responding.
Cookies
We use strictly necessary cookies to operate the Services, and may use analytics cookies to understand usage. You can control cookies through your browser settings; disabling some cookies may affect functionality.
Children
The Services are not directed to children under 18 and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, please contact us so we can delete it.
Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated through the Services or by email. The "Last updated" date above indicates when the Policy was last revised.
Contact
For privacy questions or to exercise your rights, contact us at info@vamelaone.com or write to the registered office above.