Data Privacy Protocol
How Fractur collects, encrypts, and processes personal and institutional data within our tokenization infrastructure.
1. Introduction & Scope
This Privacy Policy applies to the Fractur platform, API infrastructure, and all associated services provided by Fractur Ltd. ("Fractur", "we", "our", or "us").
As an institutional-grade infrastructure provider bridging physical real estate with programmable on-chain assets, we are committed to the highest standards of data security, operating in alignment with global data protection regulations and local UAE frameworks.
2. Data We Collect
To facilitate secure, legally compliant asset tokenization, Fractur collects specific categories of data during the onboarding, verification, and asset lifecycle phases.
2.1 Institutional & Asset Owner Data
- Corporate entity documents, ultimate beneficial ownership (UBO) structures, and SPV registration details.
- Real estate asset documentation, including Land Registry title deeds, valuations, and yield historicals.
- Authorized signatory identity data (passports, government IDs) required for strict Know Your Business (KYB) protocols.
2.2 Investor Data
- Personal identification data required for Anti-Money Laundering (AML) and Know Your Customer (KYC) clearance.
- Wallet addresses (e.g., ERC-20 compatible addresses) used for holding and interacting with ERC-3643 standard security tokens.
- Source of funds declarations and accreditation status verification.
3. Blockchain & Immutable Data
Note on Blockchain Permanence: Due to the inherent nature of Distributed Ledger Technology (DLT), certain transactional data published to the blockchain cannot be deleted or altered.
Fractur utilizes smart contracts (specifically the ERC-3643 standard) to govern asset ownership. While we strive to keep personal data off-chain, the following information will be permanently recorded on public or consortium ledgers:
- Cryptographic wallet addresses (which are pseudonymous).
- Transaction timestamps, token transfer amounts, and contract execution hashes.
- On-chain identity registry hashes (which do not expose raw personal data, but verify whitelist status).
4. How We Use Your Data
We process your information strictly for the execution of our infrastructure services and compliance mandates:
- Legal Structuring: To coordinate the formation of compliant SPVs mapped to physical property.
- Regulatory Compliance: To perform automated KYC/AML gating and ensure secondary market transfers do not violate jurisdictional sanctions.
- Asset Lifecycle Management: To facilitate automated dividend distributions directly to verified wallets.
- Security Auditing: To monitor platform integrity and prevent unauthorized access attempts.
5. Third-Party Disclosures
Fractur acts as the technological bridging layer. To execute these services, limited data sharing with trusted third-party institutional partners is required:
- Legal Counsel & Registries: Data required to file SPVs and synchronize with entities such as the Dubai Land Department (DLD) or equivalent bodies.
- KYC/AML Providers: Tier-1 identity verification vendors who process compliance checks on our behalf.
- Institutional Custodians: Third-party digital asset custodians who manage multi-sig security for underlying assets.
We do not sell, rent, or trade your personal or institutional data to marketing agencies or unauthorized data brokers.
6. Security & Infrastructure
Our platform architecture is designed to meet strict institutional safeguards. We implement robust technical measures including:
- End-to-end encryption of all off-chain personal and corporate data (AES-256).
- Strict role-based access control (RBAC) for internal system administration.
- Regular third-party penetration testing and smart contract auditing by independent Web3 security firms.
7. Institutional & User Rights
Depending on your jurisdiction, you maintain specific rights regarding your off-chain data, including:
- The right to access and export a copy of your verified data.
- The right to request rectification of inaccurate corporate or personal records.
- The right to request deletion of off-chain data (subject to mandatory AML/KYC data retention laws, typically 5-10 years).
8. Contact Compliance
For data privacy inquiries, deletion requests, or questions regarding our Web3 compliance architecture, please contact our legal team directly.