Skip to main content

Privacy and security

Information we collect

Unchained Capital is a financial institution as defined by the Bank Secrecy Act (BSA). As a financial institution, we are required to follow Anti-Money Laundering (AML) and Know Your Customer (KYC) practices. To comply, we must collect and verify sufficient information to form a reasonable belief that we know the true identity of the customer.

We take a risk-adjusted approach to each of our products to ensure that we collect the minimum information necessary as determined by our legal and regulatory advisors. We will continue to do so as we expand our suite of financial services.

Tier 1
For basic account access
  • Full name
  • Email address
Tier 2
For vaults
  • Date of birth
  • Proof of address
  • Form of government ID
Tier 3
For trading, loans, and IRA
  • Social security no.
  • Annual income
  • Net worth
  • Source of bitcoin
  • Bank account info.

What we do with your data

Account approval procedures

Basic profile

When performing a basic profile check, we compare a legal identification document to the account information in order to:

  • Evaluate the document’s validity
  • Ensure the name matches
  • Ensure the birthdate matches

We confirm that user’s address and home country are not on any OFAC-maintained list of sanctioned individuals or countries.

Name, address, and ID constitute the minimum set of requirements financial institutions are required to collect and retain in order to verify a customer’s identity.

Advanced profile

For an advanced profile, we perform these additional steps:

  • Review the source of funds
  • Perform online searches on the user’s name and address
  • Review lending regulations in user’s local jurisdiction, which may dictate term & rate

Before approving a bank account, we verify the account and routing number with our ACH provider. This ensures that we can make deposits and withdrawals as needed for a loan.

Support for inheritance and probate

User identity

To ensure bitcoin are protected and lawfully transferred, the person authorized to handle the estate will need to present state-specific documents establishing their authority. The user identity information we collect allows us to authenticate these documents.

In the case of a foreign will, there may be additional steps taken before we would accept the orders of a foreign court, which will depend on the circumstances of the individual case.

Data retention

After the expiration or termination of a client agreement, Unchained will delete the client’s confidential information in concordance with regulations and company data retention policies.

Your privacy is our business to protect

We strictly limit client data shared with third parties.

We don’t collect your data to monetize it later. Monetizing data is not part of our business model.

We don’t voluntarily share information with government agencies or regulatory authorities; however, we are required to monitor for suspicious activity and comply with lawful court orders.

We take significant data security measures to ensure addresses and accounts are never deanonymized publicly, and we pursue every step possible to ensure that government entities do not infringe on our customers’ rights.

Our security practices ensure that we are your most trusted financial services partner

Wallet security

Our systems use unique per-customer, multisignature P2SH addresses. With vaults and multi-institution loans, these addresses are partially derived using a customer’s extended public keys. We never have access to user private keys, ever. All Unchained keys use hierarchical deterministic (HD) wallets that are cold-stored on hardware devices, including offline air-gapped machines. We use well-tested, industry-standard, open-source software to author and audit transactions.

Operational and physical security

We maintain an internal security policy and ensure that includes personnel training. We store our hardware devices in geographically separated, physically secure locations that require identity verification for access. We store wallet seeds in physically secure locations separate from the wallets they restore. We never store devices or seeds at Unchained corporate offices.

Network security

We employ high-level security throughout our IT infrastructure in accordance with PCI-compliance standards. We operate within a secure, private, firewalled network. We encrypt all data to, from and within our environment (in motion and at rest) using industry-standard AES-256 encryption. We require two-factor authentication (2FA) to access all sensitive resources. Our centralized identity management infrastructure uniquely identifies employees. All access to systems are limited, minimal, and controlled by this infrastructure. We aggressively monitor all traffic to, from and within our environment, and we retain access, system, and application logs indefinitely (with user/system/employee identifiers).

Identity & intent verification

We help our customers achieve a higher degree of security by offering a cosigning service. If requested by customers, we will verify both the identity and intent of a customer transaction prior to cosigning. A customer has the option to record a video verification of their identity that Unchained uses to validate transaction signing requests and 2FA resets. This opt-in feature is only active if requested and includes the option to set transaction amount thresholds for active identity and intent verfication. This service helps high-net-worth customers enhance the operational security of high-value transactions.

Unchained uptime

Availability

We endeavor to provide our clients with system service availability of greater than 99.5 percent. In case of unforeseen disasters and equipment failures, we maintain and regularly review business continuity and disaster recovery procedures. Bitcoin secured using the Unchained platform can always be accessed directly through the bitcoin network using open-source software, even in the event of Unchained system downtime, as long as the client retains control over a minimum of two keys and their multisig config file.