Teller

Teller is the controller of personal data processed through the Platform. For some data flows (notably loan offers, fiat on-ramp, identity verification, payroll connections, and bank-feed connections) the third-party provider is an independent or joint controller for the data it processes — see Section 6.

2.1 Information about your wallet and on-chain activity

• Wallet addresses you connect or that we generate for you via an embedded-wallet provider (e.g. Privy).
• On-chain balances, token holdings, transactions, approvals, swaps, bridges, borrows, repayments, liquidations, NFT holdings, and contract interactions, sourced from public blockchains and from indexers (e.g. Alchemy).
• Computed values derived from on-chain activity — including the Teller Score, score-category breakdowns, score events, weekly swap volume, monthly borrow volume, fees accrued, and points credited via the Teller Points MCP.

2.2 Identity and verification data

• KYC data, including zero-knowledge proofs and disclosed attributes (e.g. age range, nationality, sanctions status) from Self Protocol's zk-passport flow, and, where applicable, document images and OCR-extracted fields from government-issued ID processed via an AI vision provider.
• Liveness, selfie, and anti-spoofing signals where required by a third-party verifier or Lender.
• Sanctions-screening, PEP-screening, and adverse-media-screening results returned to us by compliance providers.
• Residency, geolocation (IP-derived), state of residence (for U.S. users where applicable), and U.S.-person status.

2.3 Income and employment data

• Payroll-direct connections via Argyle, including employer, pay frequency, gross and net pay, hours, and deductions, for accounts you authorize.
• Document uploads (W-2, 1099, pay stubs, tax returns) and OCR-extracted fields produced by an AI vision provider (e.g. Anthropic).
• On-chain stablecoin inflow patterns detected by our heuristics to estimate recurring income.
• Bank-feed transaction data from PSD2 open-banking connections in the EU and UK via GoCardless / Bank Account Data.
• Self-attested income, occupation, and employment data.

2.4 Connected accounts

• Coinbase: OAuth tokens, account list, balances, and supported-asset data for accounts you authorize.
• Binance and Kraken: user-supplied read-only API keys and the balance and account data returned by those keys.
• Bank Account Data / GoCardless: account list, balances, and transactions for accounts you authorize.
• URN deposits and vault-earn syncs.

2.5 Account and contact data

• Authentication identifiers from Privy: email, phone, social-login subject identifiers, embedded-wallet public address, and session tokens.
• Display name, avatar, and profile preferences you provide.
• Communications with us, including support tickets and feedback.

2.6 Device, log, and usage data

• IP address, approximate geolocation derived from IP, user-agent, device type, OS, screen size, language, and timezone.
• Pages and screens visited, features used, click and scroll events, sheet opens, errors, latency, and crash diagnostics.
• Cookies, localStorage, and similar identifiers (see Section 9).

2.7 Referral, affiliate, and offer-click data

• Referrer URLs, UTM parameters, affiliate-slug clicks, pre-qualification submissions, offer eligibility outcomes, ineligibility reasons, redirect destinations, and (where the Lender returns it) origination outcomes and commission events.

2.8 Fiat on-ramp metadata

• Where the Platform surfaces a third-party on-ramp or off-ramp, we may receive transaction status, amount, asset, and routing metadata from the provider. We do not see your full card number, bank credentials, or KYC documents submitted to the on-ramp.

• We never have your private keys, seed phrase, or recovery share. Embedded wallets are managed by Privy under its own controls; we cannot sign transactions on your behalf.
• We do not store the body of any document you upload longer than necessary to extract the fields used for verification (see Section 8 — retention).
• We do not have your full payment-card number or bank credentials when you use a third-party on-ramp.
• We do not see the contents of zk-passport proofs beyond the attributes you authorize Self Protocol to disclose.

We use personal data for the following purposes:

• To provide and operate the Platform — wallet onboarding, portfolio display, swaps, borrows, repayments, score computation, and surfacing of loan offers. Legal basis: performance of a contract.
• To compute, recompute, and display the Teller Score and score-category breakdowns, and to record score events (including via the Teller Points MCP). Legal basis: contract and our legitimate interest in operating a fair, accurate scoring system.
• To verify your identity, income, residency, age, and U.S.-person status, and to screen against sanctions and PEP lists. Legal basis: compliance with legal obligations and our legitimate interest in preventing fraud, abuse, and prohibited use.
• To route you to eligible loan offers and to share the minimum data necessary for the Lender to pre-qualify or originate. Legal basis: contract (your request) and, for any data not strictly necessary, your consent.
• To detect, prevent, and investigate fraud, Sybil behavior, wash trading, market abuse, sanctions evasion, scoring manipulation, security incidents, and other prohibited activity. Legal basis: legitimate interest and legal obligation.
• To communicate with you about service announcements, security alerts, repayment courtesy reminders (where offered), and product updates. Marketing communications, where applicable, are sent only with consent or as otherwise permitted by law, and you can opt out at any time.
• To measure, debug, secure, and improve the Platform. Legal basis: legitimate interest.
• To comply with law — including tax, AML, sanctions, consumer-protection, and lawful information requests. Legal basis: legal obligation.

The Teller Score is computed by an automated heuristic from the inputs listed in Section 2.1, 2.3, and 2.4. The score itself does not make a legally binding decision about you and is not a regulated credit score (see Terms, Section 5). However, the score and other signals are used to determine eligibility for certain Platform features and to filter which Lender offers are surfaced to you. Lender decisions about pre-qualification, approval, rate, term, and credit limit are made by the Lender on its own systems, not by Teller. Where local law (for example, Article 22 GDPR) gives you the right to obtain human review of a significant automated decision, you may contact us at the address in Section 13.

We share personal data only as described below. We do not sell personal data and we do not share personal data with third parties for their own independent marketing.

6.1 Service providers (processors acting on our instructions)

• Privy — authentication and embedded wallets.
• Alchemy — multi-chain balance, transaction, and price data.
• LI.FI and integrated DEX / bridge protocols — swap and bridge quoting and execution.
• Self Protocol — zk-passport identity verification.
• Argyle — payroll-direct income verification.
• GoCardless / Bank Account Data — PSD2 bank-feed connections.
• Coinbase, Binance, Kraken — exchange holdings (only for accounts you connect).
• Anthropic — AI vision for document OCR and AI features.
• Cloud hosting and database providers (e.g. Railway, Postgres) — infrastructure for the Platform.
• Email, push-notification, analytics, error-tracking, and customer-support providers — operations.

6.2 Lenders and the offer-referral handoff

When you click, pre-qualify for, or apply to a loan offer, we transmit the minimum personal data needed by the Lender or its affiliate network to evaluate your application (which may include hashed identifiers, state of residence, age band, income band, score band, employment band, and the offer slug). The Lender becomes an independent controller of that data and processes it under its own privacy policy. We may also receive postback data from the Lender (e.g. click, lead, funded, commission) for measurement and payout. Lenders may pull a soft or hard credit inquiry through their own bureau relationships; Teller does not pull bureau data and does not report to bureaus.

6.3 Fiat on-ramp / off-ramp providers

If you initiate a fiat purchase or sale through an integrated provider, you are submitting payment, identity, and transaction data directly to that provider, which acts as an independent controller. Teller receives only routing metadata and high-level transaction status.

6.4 Public blockchains

On-chain transactions you sign are broadcast to a public blockchain. They are public, immutable, and visible to anyone, including chain analytics firms. Wallet addresses can, in some cases, be linked to your off-chain identity by third parties using public information.

6.5 Affiliate, advertising, and analytics partners

We may share limited event-level data (e.g. hashed click or lead identifiers) with affiliate-network partners to attribute referrals and confirm payouts. Where we use analytics or product-measurement tools, we configure them to limit data to what is necessary for the purpose.

6.6 Law enforcement, regulators, and legal process

We may disclose data when required by a binding legal request, when necessary to comply with sanctions, AML, or tax obligations, to protect the safety, rights, or property of Teller or any person, to investigate fraud or security incidents, or in connection with the establishment or enforcement of legal claims.

6.7 Corporate transactions

If Teller is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred to the counterparty subject to customary confidentiality and (where required) regulatory protections.

6.8 With your consent or at your direction

We share data with any other party where you direct us to do so or where you give your consent.

Teller and its service providers operate globally. Your personal data may be transferred to, processed in, and stored in countries other than the one where you reside, including the United States and the European Economic Area. Where required, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

We retain personal data only as long as necessary for the purposes set out in this Policy, including:

• Account, wallet, score, swap, and borrow records for as long as the wallet remains active on the Platform and afterwards as needed for legitimate business and legal purposes (typically up to 7 years for financial records, tax, AML, and sanctions evidence).
• KYC and sanctions-screening evidence for the period required by applicable AML rules (typically 5 years from termination of the customer relationship).
• Document uploads (W-2, pay stubs, ID images): retained only as long as needed to verify and to satisfy applicable record-keeping obligations, and otherwise deleted or anonymized.
• Connected-account credentials (Coinbase OAuth, exchange API keys, bank-feed authorizations): retained until you revoke them or for a short period after revocation.
• Affiliate / offer-click telemetry: retained as needed to support attribution, fraud detection, and payout reconciliation (typically up to 24 months).
• Logs and analytics: typically retained for shorter periods (e.g. up to 13 months) and aggregated or anonymized thereafter.

On-chain data (transactions, balances, signatures, contract events) is public, immutable, and cannot be deleted by Teller from the underlying blockchain.

We use cookies, localStorage, and similar technologies to keep you signed in, remember preferences (such as the sidebar collapsed state stored in the teller-sidenav-collapsed cookie), detect fraud, secure sessions, measure use, and (where consent is required) for analytics or marketing. Where required by law, we present a cookie consent control. You can also control cookies through your browser settings; blocking essential cookies may break features.

Subject to applicable law, you have the right to:

• Access — request a copy of personal data we hold about you.
• Rectify — correct inaccurate or incomplete data.
• Delete — request deletion of data we are not legally required to keep (note: on-chain data cannot be deleted by us).
• Restrict or object — limit or object to certain processing, including processing based on legitimate interest.
• Portability — receive certain data in a machine-readable format.
• Withdraw consent — where processing is based on consent, at any time, without affecting prior lawful processing.
• Not be subject to a solely automated decision with significant effect — where such a right applies under local law, request human review.
• Lodge a complaint with a supervisory authority — including the data-protection authority in your country of residence.

U.S. residents in states with applicable privacy laws (including California, Colorado, Virginia, Connecticut, Utah, Texas, and others) have the right to know, access, correct, delete, port, and opt out of sale or sharing of personal information for cross-context behavioral advertising. Teller does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws. You may exercise rights by emailing us at the address in Section 13. We will not discriminate against you for exercising your rights.

We use administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, encryption at rest for sensitive fields, least-privilege access controls, audit logging, hardware-backed key management for any platform-side keys, and vendor due diligence. No system is perfectly secure. You are responsible for the security of your wallet, devices, recovery methods, and connected accounts. If we become aware of a personal-data breach affecting you, we will notify you and applicable regulators as required by law.

The Platform is not directed to children under 18 and we do not knowingly collect personal data from children under 18. If you believe a child has provided personal data to us, contact us and we will delete it.

We may update this Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, post notice in the Platform. For material changes that reduce your rights, we will provide additional notice as required by law.

Privacy questions, rights requests, or complaints: [email protected]. For all other legal matters: [email protected].