Privacy Policy

Last updated: July 25, 2025

Preamble

Third Space (“WeSplit”, “we”, “us”, “our”) places the utmost importance on the protection of your personal data. This Privacy Policy is intended to inform you in a clear, simple, and comprehensive manner about how we collect, use, and protect your data in connection with the use of our application and services (the “Service”).

This policy is in compliance with the legislation in force, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation - GDPR) and Law No. 78-17 of January 6, 1978, known as the “Data Protection Act”.

We invite you to read this document carefully to understand our practices and your rights concerning your personal data.

Article 1: Identity of the Data Controller

Company NameThird Space
Legal FormSimplified Share Business (SAS, Société par Actions Simplifiée)
Share Capital1 000 €
Registered Office198 D ROUTE DE NEUVILLE, 01390 SAINT-ANDRE-DE-CORCY, France
RegistrationRegistered with the Bourg-en-bresse Trade and Companies Register (RCS) under the SIREN number: 930682703
Intra-Community VAT NumberFR24930682703
Publication DirectorMs. Pauline Mila-Alonso, in her capacity as President
ContactFor any questions or requests for information regarding the service, or to report any illegal content or activities, the user may contact the publisher:
Email address: contact@wesplit.io

Article 2: Personal Data Collected

In the course of providing the Service, we process different categories of data. It is essential to distinguish between two types of data:

  1. Off-Chain Data: Data that you provide to us directly or that we generate, and which we control on our servers.
    • Identification and contact data: Email address, pseudonym.
    • Identity verification (KYC) data: As part of our legal obligations, we collect information such as last name, first name, date of birth, nationality, as well as a copy of your identity document and a proof of address via our specialized provider.
    • Technical and connection data: IP address, device type, operating system, connection logs, information on the use of the Service.
  2. On-Chain Data: Data recorded on public and decentralized ledgers (Solana, Stellar blockchains).
    • Wallet Addresses: The public address of your non-custodial wallet, which acts as a pseudonym on the blockchain.
    • Transaction Data: Details of your transactions (transaction ID - TxID, sender and recipient addresses, amount, date, fees).

Article 3: Purposes and Legal Bases for Processing

Each data processing operation we perform is based on a specific purpose and a legal basis defined by the GDPR.

Data TypeProcessing PurposesLegal Basis for Processing
Identification and contact dataCreation and management of your user account.
Provision of customer support.
Sending transactional communications (confirmations, alerts).		Performance of the contract (our General Terms of Use).
Identity verification (KYC) dataTo comply with our obligations to combat money laundering and terrorist financing (AML/CFT).Legal obligation.
On-Chain Data (Wallet addresses, transactions)Provision of the core functionalities of the Service: displaying balances, transaction history, facilitating payments and reimbursements.Performance of the contract (our General Terms of Use).
Technical and connection dataTo ensure the security of our Service, prevent fraud and abuse.
To improve the performance and stability of the application.
To produce anonymized statistics for Service improvement.		Legitimate interest of WeSplit to ensure the security and optimization of its service.
Contact data (for marketing)Sending commercial offers, newsletters, and information about our new products.User's consent.

Article 4: Specific Clause: The Nature of Data on the Blockchain

It is crucial to understand the specific nature of data recorded on a blockchain.

Public and Pseudonymous Nature: Your wallet address and transaction history are recorded on public ledgers (the Solana and Stellar blockchains). This data is publicly accessible but is pseudonymous: it does not directly reveal your civil identity.

Immutability and Limitation of Your Rights: Due to the immutable and decentralized nature of blockchain technology, transaction data, once validated and recorded, cannot technically be modified or erased. Consequently, your right to erasure (“right to be forgotten”) and your right to rectification cannot apply to transaction data that has been permanently recorded on a blockchain.

These rights remain fully applicable to your Off-Chain data that WeSplit controls (e.g., your email address, your profile data).

Article 5: Data Recipients

We never sell your personal data. However, we may share it with third parties in the following cases:

  • Our processors:
    • Hosting providers (e.g., AWS, Google Cloud) that store our data.
    • KYC service provider for your identity verification.
    • Providers of analytics and customer support tools.
    • Payment service providers for managing Premium subscriptions.
    Our processors are rigorously selected for their compliance with the GDPR and only act on our instructions.
  • Competent authorities:
    • We may be required to transmit your data to judicial or administrative authorities upon legal request.
  • The public (for On-Chain data):
    • By its nature, transaction data on the blockchain is publicly accessible.

Article 6: Data Transfers Outside the European Union

Some of our processors may be located outside the European Union. In such cases, we ensure that the transfer of your data is governed by appropriate safeguards, such as:

  • The existence of an adequacy decision from the European Commission.
  • The signing of Standard Contractual Clauses (SCCs) approved by the European Commission.

Article 7: Retention Periods

We retain your data for a limited period, defined according to the purpose of the processing.

Data CategoryRetention Period
Account data (profile, email)For the entire duration of the contractual relationship, then archived for a period of 5 years (statutory limitation period).
Identity verification (KYC) data5 years after the end of the business relationship, in accordance with legal obligations (AML/CFT).
Connection logs and technical data12 months maximum.
Data relating to prospects (non-customers)3 years from your last contact.
On-Chain data (transactions)Indefinitely, due to their immutable recording on the blockchain.

Article 8: Security of Your Data

The security of your data is our priority. We implement robust technical and organizational measures to protect your personal data against destruction, loss, alteration, disclosure, or unauthorized access. These measures include:

  • Encryption of communications (SSL/TLS protocol).
  • Securing our technical infrastructure.

Article 9: Your Rights and How to Exercise Them

In accordance with the GDPR, you have the following rights over your personal data (Off-Chain):

  • Right of access: To obtain a copy of the data concerning you.
  • Right to rectification: To modify inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): To request the deletion of your data, subject to our legal obligations.
  • Right to restriction of processing: To request a temporary freeze on the use of some of your data.
  • Right to data portability: To receive your data in a structured, commonly used format to transmit it to another data controller.
  • Right to object: To object to certain processing, particularly for marketing purposes.
  • Right to withdraw your consent: For processing based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at contact@wesplit.io, enclosing proof of identity.

If you believe that your rights have not been respected, you have the right to lodge a complaint with the French Data Protection Authority (CNIL).

Article 10: Policy on Cookies and Other Trackers

When you browse our website or application, cookies may be placed on your device. We use different types of cookies:

  • Strictly necessary cookies: Essential for the functioning of the Service (e.g., user session, security). They do not require your consent.
  • Performance and analytics cookies: Allow us to understand how you use the Service in order to improve it (e.g., most visited pages, loading times). They are subject to your consent.
  • Functionality cookies: Allow us to remember your preferences (e.g., language) to enhance your experience. They are subject to your consent.

During your first visit, an information banner allows you to configure your choices regarding cookies. You can change your preferences at any time via our cookie management tool.

Article 11: Changes to the Privacy Policy

We reserve the right to modify this policy at any time, particularly to comply with legal and regulatory developments. In the event of a substantial change, we will inform you by email or via a notification in the application. The version in force is the one accessible on our website and application.