Privacy Policy

Account Information: When you register, we collect your name, email address, phone number, date of birth, nationality, and residential address.

Identity Verification (KYC/AML): To comply with regulatory requirements, we collect government-issued identification documents, proof of address, selfie photos, and other verification data processed by our Dragao compliance engine.

Financial Information: Account identifiers, transaction history, portfolio data, and payment information necessary for platform operations.

Usage Data: IP address, browser type, device information, pages visited, actions taken, session duration, and referral sources. This data helps us improve platform performance and security.

Communications: Messages sent through our contact form, support tickets, and any correspondence with our team.

To provide, maintain, and improve the AssetLink platform and its services, including Linka AI analytics, InspectPro asset verification, Dragao compliance processing, and Forja settlement operations.

To verify your identity and comply with KYC/AML regulations and other legal obligations.

To process transactions, manage your portfolio, and deliver platform notifications.

To detect and prevent fraud, unauthorized access, and other security threats.

To communicate with you about your account, platform updates, and, with your consent, marketing communications.

To conduct internal analytics and research to improve our AI engines and user experience.

Contract Performance: Processing necessary to provide the services you requested when you created your account.

Legal Obligation: Processing required to comply with KYC/AML regulations, tax reporting, and other legal requirements.

Legitimate Interest: Processing for fraud prevention, security, platform improvement, and business analytics, where our interests do not override your rights.

Consent: Processing for marketing communications and optional analytics. You may withdraw consent at any time.

We do not sell your personal data. We may share information with: (a) identity verification providers for KYC/AML compliance; (b) settlement networks as required for transaction processing; (c) payment processors for transactions; (d) law enforcement or regulatory authorities when required by law.

All third-party service providers are contractually bound to protect your data and process it only as instructed by us.

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity with equivalent privacy protections.

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.3), two-factor authentication, role-based access controls, regular security audits, and intrusion detection systems.

While we take extensive measures to protect your data, no system is completely secure. We encourage you to use strong passwords, enable 2FA, and report any suspicious activity immediately.

We retain your personal data for as long as your account is active and as required to fulfill our legal obligations. KYC/AML data is retained for a minimum of 5 years after account closure, as required by applicable regulations.

Usage data and analytics are retained in anonymized form for up to 3 years. You may request deletion of your account data subject to our legal retention obligations.

You have the right to: (a) access the personal data we hold about you; (b) rectify inaccurate data; (c) request erasure of your data ('right to be forgotten'), subject to legal retention requirements; (d) restrict or object to certain processing; (e) receive your data in a portable, machine-readable format; (f) withdraw consent at any time.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) or your local supervisory authority.

We use essential cookies to maintain your session and preferences. We may use analytics cookies (with your consent) to understand platform usage patterns.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Your data is primarily stored on servers in the European Union. If data is transferred outside the EU/EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under GDPR.

AssetLink is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification at least 30 days before taking effect. Continued use of the platform after changes constitutes acceptance.

For privacy-related inquiries, contact our Data Protection Officer at [email protected] or write to: AtivoLabs, Av. da Liberdade 110, Lisbon, Portugal.