Privacy Policy
Concept — legal review pending
Last updated: July 2026
1. Who we are
goSettle B.V. is the controller for the personal data described in this policy. You can reach us here:
- goSettle B.V.
- Schiedamse Vest 154, 3011 BH Rotterdam, Netherlands
- Chamber of Commerce (KvK): 96131845
- VAT: NL867482011B01
- Email: [email protected]
We are a Dutch company, built in Rotterdam, and we operate under EU law — the General Data Protection Regulation (GDPR). This policy explains what data we process, why, and what your rights are. We have written it in plain language on purpose: privacy only works if you can actually understand it.
2. Our starting point
goSettle combines end-to-end encrypted communication with a non-custodial crypto wallet. Both are built on the same idea: we should know as little about you as technically possible. Our business model is the service itself — not your data. We do not run analytics on our website, we do not track you, we do not show ads, and we never sell data. Ever.
3. Data we process on the website
Almost nothing. Our website uses no cookies, no analytics, no tracking pixels, and has no contact forms. Two things are worth mentioning:
- Language preference. If you pick a language, we save that choice in your browser's localStorage. This stays on your device and is never sent to us. You can delete it at any time via your browser settings.
- Hosting access logs. Like almost every website, the server that delivers our pages may briefly record standard technical data (such as your IP address, browser type and the page requested) in access logs. This happens for security and to keep the site running (legal basis: our legitimate interest in a secure, functioning website). These logs are kept only for a short period and are not used to identify or profile you.
That is the complete list for the website.
4. Data we process in the app (at launch)
The goSettle app is expected to launch in 2026, starting on iOS. When it launches, we will process the following data about app users:
- Account data. Your @handle, phone number, and basic account settings. We need these to create your account and to let other users find and pay you (legal basis: performance of our contract with you).
- Identity verification (KYC). Every goSettle user verifies their identity. There are no anonymous accounts. During verification you provide an identity document and complete a liveness check. This is handled by our verification partner, which acts strictly as our processor: it processes your data only on our instructions. We verify identities because financial regulation, including anti-money-laundering rules, requires us to know who our users are (legal basis: compliance with a legal obligation, and where a rule does not strictly apply yet, our legitimate interest in keeping the network free of fraud and abuse).
- Account age. The date your account was created is visible to other users. This is a deliberate trust feature: it helps people judge who they are dealing with before sending money.
- Technical operating data. Minimal metadata needed to deliver the service — for example, that a message was routed to a recipient. Our servers see that a message was sent; they can never see what it says (see section 5).
We only ever process data for the purposes above. We do not build profiles, and we do not use your data for advertising.
5. What we can never see
This section matters most, so read it.
- Your messages and calls. All chats, group chats, voice and video calls, shared files and locations are end-to-end encrypted. The encryption keys exist only on your device and the devices of the people you talk to. This is not a policy choice we could quietly reverse. It is how the system is built. We cannot read your content, we cannot hand it to anyone, and it is never analysed, never used for KYC, and never used for anything else.
- Your private keys and funds. Your wallet is non-custodial. Your recovery phrase and private keys are generated on your phone and never leave it. goSettle has no access to your keys and holds no client funds. We are not a bank, not a custodian, and not a deposit-taking institution. Because we never have this data, we cannot lose it, leak it, or be forced to hand it over.
6. How long we keep data
- Website access logs: a short, fixed period, then deleted automatically.
- Account data: for as long as your account exists, then deleted or anonymised within a reasonable period after closure.
- KYC data: for as long as the law requires us to keep it. Anti-money-laundering legislation typically requires retention for a number of years after the end of the relationship; we keep this data no longer than legally necessary.
7. Sharing and international transfers
We do not sell or rent your data to anyone. We share personal data only with:
- Processors — such as our verification partner and hosting providers — bound by data processing agreements and acting only on our instructions.
- Authorities — where a valid legal obligation requires it. Note that end-to-end encrypted content and private keys cannot be handed over by us, because we do not have them.
We keep data within the European Economic Area wherever possible. If a transfer outside the EEA is ever needed, we only do so with appropriate safeguards under the GDPR, such as an adequacy decision or standard contractual clauses.
8. Security
Security is the core of our product, not a paragraph in a policy. We apply end-to-end encryption for content, encryption in transit and at rest for the data we do hold, strict access controls, and data minimisation as a design principle: the safest data is data we never collect.
9. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have incorrect data corrected;
- have your data deleted (where the law does not require us to keep it, such as KYC records);
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent, where processing is based on consent.
Email [email protected] and we will respond within one month. Exercising your rights is free.
10. Complaints
If you believe we handle your data incorrectly, please tell us first. We take this seriously. You also always have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
11. Changes to this policy
We may update this policy, for example when the app launches or the law changes. The date at the top always shows the current version. For meaningful changes we will inform you clearly — in the app or on the website — before they take effect.