Data Privacy Protocol
How Fractur collects, encrypts, and processes investor, broker, partner, and property data within our tokenization platform.
1. Introduction & Scope
This Privacy Policy applies to the Fractur platform, marketplace, referral tools, API integrations, and all associated services provided by Fractur Ltd. ("Fractur", "we", "our", or "us").
As a regulated MENA real estate tokenization and distribution platform, we are committed to the highest standards of data security across investor onboarding, broker attribution, property listings, token transactions, and local UAE compliance workflows.
2. Data We Collect
To facilitate secure, legally compliant asset tokenization, Fractur collects specific categories of data during the onboarding, verification, and asset lifecycle phases.
2.1 Developer, Broker & Partner Data
- Corporate entity documents, RERA license details where applicable, ultimate beneficial ownership (UBO) structures, and SPV registration details.
- Real estate asset documentation, including Land Registry title deeds, valuations, and yield historicals.
- Authorized signatory identity data, referral attribution records, and payout information required for KYB, broker onboarding, and partner workflows.
2.2 Investor Data
- Personal identification data required for Anti-Money Laundering (AML) and Know Your Customer (KYC) clearance.
- Wallet addresses (e.g., ERC-20 compatible addresses) used for holding and interacting with ERC-3643 standard security tokens.
- Source of funds declarations and accreditation status verification.
3. Blockchain & Immutable Data
Note on Blockchain Permanence: Due to the inherent nature of Distributed Ledger Technology (DLT), certain transactional data published to the blockchain cannot be deleted or altered.
Fractur utilizes smart contracts (specifically the ERC-3643 standard) to govern asset ownership. While we strive to keep personal data off-chain, the following information will be permanently recorded on public or consortium ledgers:
- Cryptographic wallet addresses (which are pseudonymous).
- Transaction timestamps, token transfer amounts, and contract execution hashes.
- On-chain identity registry hashes (which do not expose raw personal data, but verify whitelist status).
4. How We Use Your Data
We process your information strictly for the execution of our platform services and compliance mandates:
- Legal Structuring: To coordinate compliant SPVs and property-level documentation.
- Regulatory Compliance: To perform KYC/AML gating, wallet screening, and jurisdictional sanctions controls.
- Asset Lifecycle Management: To facilitate rental yield distributions, investor reporting, broker attribution, and secondary-transfer records.
- Security Auditing: To monitor platform integrity and prevent unauthorized access attempts.
5. Third-Party Disclosures
To execute these services, limited data sharing with trusted third-party regulated partners is required:
- Legal Counsel & Registries: Data required to file SPVs and synchronize with entities such as the Dubai Land Department (DLD) or equivalent bodies.
- KYC/AML Providers: Tier-1 identity verification vendors who process compliance checks on our behalf.
- Licensed Partners: VASPs, custodians, payment providers, and lending partners involved in stablecoin routing, token custody, and approved platform services.
We do not sell, rent, or trade your personal, broker, partner, or property data to marketing agencies or unauthorized data brokers.
6. Security & Infrastructure
Our platform architecture is designed to meet strict safeguards for investor, broker, partner, and property data. We implement robust technical measures including:
- End-to-end encryption of all off-chain personal and corporate data (AES-256).
- Strict role-based access control (RBAC) for internal system administration.
- Regular third-party penetration testing and smart contract auditing by independent Web3 security firms.
7. User & Partner Rights
Depending on your jurisdiction, you maintain specific rights regarding your off-chain data, including:
- The right to access and export a copy of your verified data.
- The right to request rectification of inaccurate corporate or personal records.
- The right to request deletion of off-chain data (subject to mandatory AML/KYC data retention laws, typically 5-10 years).
8. Contact Compliance
For data privacy inquiries, deletion requests, or questions regarding our Web3 compliance architecture, please contact our legal team directly.