Legal
Privacy Policy
Last updated: May 2026. Onbridge (operating under [Registered Company Name], Dubai, UAE)
This policy explains how Onbridge collects, uses, stores and protects personal data in connection with our institutional exchange onboarding facilitation service. We take privacy seriously and collect only what is necessary to deliver our service.
1. Who we are
Onbridge is an institutional document management and onboarding facilitation service operated by [Registered Company Name], registered in [Free Zone], Dubai, UAE. Our registered address is [Address]. You can contact us at hello@onbridge.io.
References to "Onbridge", "we", "us" or "our" in this policy refer to [Registered Company Name].
2. What personal data we collect
We collect personal data in two contexts: through our website and through our onboarding facilitation service.
Website enquiries
- Name and job title
- Work email address
- Company name and entity type
- Exchanges of interest and general enquiry notes
Onboarding facilitation service
- Corporate documents including certificates of incorporation and ownership structures
- Identity documents of directors and ultimate beneficial owners including passport copies and proof of address
- Compliance documentation including AML and KYC policies
- Source of funds and financial documentation where required by target exchanges
- Contact details of individuals involved in the onboarding process
3. How we use your data
We use personal data solely for the following purposes:
- Responding to enquiries submitted through our website
- Preparing and submitting KYB documentation to exchanges explicitly selected and authorised by you
- Communicating with you and with exchanges regarding the status of onboarding applications
- Maintaining records required for our own compliance obligations
- Improving our service based on aggregated, anonymised feedback
We do not use your data for marketing, profiling, or any secondary commercial purpose. We do not sell your data.
4. Legal basis for processing
We process personal data on the following legal bases:
- Contractual necessity: processing required to deliver the onboarding service you have engaged us for
- Legitimate interests: maintaining records, fraud prevention, and ensuring the security of our systems
- Legal obligation: where we are required to retain records under applicable law
- Consent: where you have explicitly provided consent, which you may withdraw at any time
5. How we store and protect your data
All client documents are stored on Tresorit, an ISO 27001 certified, SOC 2 compliant document management platform with end-to-end zero-knowledge encryption. Files are encrypted before they leave your device and cannot be accessed by any party, including Tresorit, without explicit authorisation.
We apply the following controls:
- AES-256 encryption for all data at rest
- TLS 1.2 or higher for all data in transit
- Role-based access permissions: only team members assigned to your case may access your documents
- Multi-factor authentication required for all platform access
- Full audit trail of every access, upload and transmission event
6. Who we share your data with
We share personal data only in the following circumstances:
- With exchanges explicitly selected and authorised by you, for the purpose of completing your onboarding application
- With Tresorit as our document storage infrastructure provider, subject to appropriate data processing agreements
- With legal or regulatory authorities where required by law
We do not share your data with any other third party without your explicit written consent.
7. International transfers
Onbridge operates from Dubai, UAE. Documents may be transmitted to exchanges located in other jurisdictions as directed by you. Tresorit's infrastructure is hosted in [specify region: EU/Switzerland]. Where data is transferred internationally, we ensure appropriate safeguards are in place.
8. How long we keep your data
- Website enquiry data: 12 months from date of enquiry unless an engagement commences
- Active engagement documents: duration of engagement plus 12 months
- Submitted onboarding packages: 5 years from date of submission
- Audit logs: 5 years from date of creation
You may request deletion of your data at any time, subject to any legal retention obligations. Deletion requests are fulfilled within 30 calendar days.
9. Your rights
You have the following rights regarding your personal data:
- Right to access: request a copy of the data we hold about you
- Right to rectification: request correction of inaccurate data
- Right to erasure: request deletion of your data
- Right to restriction: request that we limit processing of your data
- Right to portability: receive your data in a standard electronic format
- Right to object: object to processing based on legitimate interests
To exercise any of these rights, contact us at hello@onbridge.io. We will respond within 5 business days and fulfil requests within 30 calendar days.
10. Cookies
Our website uses only essential cookies required for basic functionality. We do not use tracking, advertising or analytics cookies. No cookie consent banner is required as we do not set non-essential cookies.
11. Changes to this policy
We may update this policy from time to time. Material changes will be communicated to active clients with a minimum of 30 days notice. The current version is always available at onbridge.io/privacy.html.
12. Contact
For any privacy-related queries or to exercise your rights, contact us at hello@onbridge.io or write to us at [Registered Address], Dubai, UAE.