Legal

    Privacy Policy

    Last updated: May 2026 · Version 1.2

    1. Introduction

    Go2Glory Ltd ("WhyAML", "we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and safeguard your personal data when you use the WhyAML service.

    This policy applies to anyone interacting with WhyAML, including obliged-entity clients (estate agents, letting agents, tax accountants, and other regulated professionals) and the customers being verified through the platform.

    This policy is governed by the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

    2. Data controller

    Go2Glory Ltd is the data controller for personal data processed through the WhyAML service.

    Go2Glory Ltd
    Registered in England & Wales · Company No. 15720361
    Trading as WhyAML
    Contact: support@whyaml.com

    3. Data we collect

    WhyAML is engineered to minimise the personal data we hold. We collect three categories.

    Operational data (held by Go2Glory Ltd)

    • Name and address of the individual being verified
    • Wallet address used for the verification
    • Verification outcome metadata (timestamps, proof level reached, G-RADE confidence score)

    Client-firm account data

    • Firm name, registered address, and Companies House number
    • Contact name, email, role
    • Billing details

    What we do NOT collect

    • We do not collect passport scans, driving licences, or other identity documents
    • We do not collect selfies, biometric data, or liveness recordings
    • We do not collect bank-statement images or proof-of-address documents
    • We do not collect verification artefacts from third-party DVS providers

    4. How we use your data

    We use personal data only for the purposes for which it was collected:

    • To provide the WhyAML verification service to obliged-entity clients
    • To issue Compliance Certificates and on-chain Compliance Tokens
    • To maintain records for the five-year period required by the Money Laundering Regulations 2017 (Regulation 40)
    • To improve the service, prevent fraud, and respond to enquiries
    • To comply with regulatory obligations

    5. Lawful basis for processing

    We process personal data on the following lawful bases under UK GDPR Article 6:

    • Legal obligation (Article 6(1)(c)): processing is required for our clients to discharge their AML obligations under the Money Laundering Regulations 2017.
    • Legitimate interests (Article 6(1)(f)): the operation, security, and improvement of the WhyAML service.
    • Contract (Article 6(1)(b)): the provision of services to client firms under our terms.

    6. Data retention

    Verification records are retained for five years after the end of the business relationship between the obliged entity and the verified customer, as required by Regulation 40 of the Money Laundering Regulations 2017.

    Client-firm account data is retained while the account is active and for a reasonable period afterwards for accounting and legal purposes.

    Where retention is no longer required, data is deleted or anonymised.

    7. Data sharing

    We share personal data only as set out below:

    • With our service providers: hosting, infrastructure, and security suppliers, all bound by written data processing agreements.
    • With the obliged-entity client: verification outcomes and Compliance Certificates are made available to the firm that requested the verification.
    • With regulators and law enforcement: where required by law, court order, or regulatory request.

    We never sell your personal data and we do not share data for marketing purposes.

    8. International transfers

    Personal data is stored on infrastructure located in the European Union (EU adequacy region under UK GDPR). Where data is processed outside the UK or EU, we rely on the UK International Data Transfer Agreement or equivalent safeguards.

    9. Your rights

    Under UK GDPR and the Data (Use and Access) Act 2025, you have the following rights:

    • The right to access the personal data we hold about you
    • The right to correct inaccurate or incomplete data
    • The right to request erasure, subject to our legal retention obligations
    • The right to object to processing or to restrict processing in certain circumstances
    • The right to data portability
    • The right to lodge a complaint with the Information Commissioner's Office (ICO)

    To exercise any of these rights, contact us at support@whyaml.com. We will respond within one calendar month.

    10. Security

    We apply security measures designed to be proportionate to the sensitivity of the data:

    • Encryption at rest (AES-256 equivalent) and in transit (TLS)
    • Hardware-isolated processing inside AWS Nitro Enclaves for sensitive verification operations
    • Strict access controls, least-privilege permissions, and audit logging
    • UK / EU-based data residency under UK GDPR adequacy
    • Independent technology audit pre-launch

    Why we hold less to begin with. The WhyAML architecture is designed so that - in the event of any breach - the data at risk is limited to name, address, and wallet address. We do not hold identity documents, biometric data, or financial-account images. The highest-severity breach categories are removed by design, not by control.

    11. Cookies

    WhyAML uses a small number of cookies. Some are strictly necessary for the site to work; others are optional and only fire if you give consent through the cookie banner.

    Strictly necessary cookies (always on)

    • defined_segment - remembers which audience variant of the site you're viewing (estate agent, tax accountant, or default) so the Pricing link routes you to the right page. No personal data. Session-length.
    • whyaml_consent - remembers your cookie preferences so you aren't asked again on every visit. Stores only your yes/no choices and a timestamp. Expires after 12 months.

    Optional cookies (only with your consent)

    • Analytics - helps us understand how visitors use the site so we can improve it. Data is anonymous and aggregated.
    • Marketing - measures the effectiveness of our advertising so we can spend less and reach the right people.

    You can change your cookie choices at any time using the Cookie preferences link in the footer.

    12. Patent notice

    The WhyAML verification methodology - including the G-RADE™ confidence scoring system, the multi-level proof architecture, and the behavioural geolocation method - is patented in the European Patent Office (EPO), the United States Patent and Trademark Office (USPTO), and under the Patent Cooperation Treaty (PCT). Zero prior art was identified at filing.

    13. Contact

    For any privacy enquiry, please contact us at support@whyaml.com or use the contact form.

    If you are not satisfied with our response, you may complain to the Information Commissioner's Office (ICO) at ico.org.uk.

    Questions about how we handle your data?

    support@whyaml.com