Unchained Capital is a financial institution as defined by the Bank Secrecy Act (BSA). As a financial institution, we are required to follow Anti-Money Laundering (AML) and Know Your Customer (KYC) practices. To comply, we must collect and verify sufficient information to form a reasonable belief that we know the true identity of the customer.
We take a risk-adjusted approach to each of our products to ensure that we collect the minimum information necessary as determined by our legal and regulatory advisors. We will continue to do so as we expand our suite of financial services.
What we do with your data
Account approval procedures
When performing a basic profile check, we compare a legal identification document to the account information in order to:
Evaluate the document’s validity
Ensure the name matches
Ensure the birthdate matches
We confirm that user’s address and home country are not on any OFAC-maintained list of sanctioned individuals or countries.
Name, address, and ID constitute the minimum set of requirements financial institutions are required to collect and retain in order to verify a customer’s identity.
For an advanced profile, we perform these additional steps:
Review the source of funds
Perform online searches on the user’s name and address
Review lending regulations in user’s local jurisdiction, which may dictate term & rate
Before approving a bank account, we verify the account and routing number with our ACH provider. This ensures that we can make deposits and withdrawals as needed for a loan.
Support for inheritance and probate
To ensure crypto assets are protected and lawfully transferred, the person authorized to handle the estate will need to present state-specific documents establishing their authority. The user identity information we collect allows us to authenticate these documents.
In the case of a foreign will, there may be additional steps taken before we would accept the orders of a foreign court, which will depend on the circumstances of the individual case.
What we don’t do with your data
We don’t share your data with third-parties unless legally required or unless consent has been given. Consent may be requested during a loan process by banking partners or capital providers.
We don’t collect your data to later monetize it. Monetizing data is not part of our business model.
We don’t voluntarily share information with government agencies or regulatory authorities; however, we are required to monitor for suspicious activity and comply with lawful court orders.
Your privacy is our business to protect. We take significant data security measures to ensure addresses and accounts are never deanonymized publicly, and we pursue every step possible to ensure that government entities do not infringe on our customers’ rights.
Our security practices ensure that we are your most trusted financial services partner
Our systems use unique per-customer, multisignature P2SH addresses. With vaults and multi-institution loans, these addresses are partially derived using a customer’s extended public keys. (We never have access to user private keys, ever.) All Unchained keys use hierarchical deterministic (HD) wallets that are cold-stored on hardware devices, including offline air-gapped machines. We use well-tested, industry-standard open source software to author and audit transactions.
Operational and physical security
We maintain an internal security policy and ensure that includes personnel training. We store our hardware devices in geographically separated, physically secure locations that require identity verification for access. We store wallet seeds in physically secure locations separate from the wallets they restore. We never store devices or seeds at Unchained corporate offices.
We employ high-level security throughout our IT infrastructure in accordance with PCI-compliance standards. We operate within a secure, private, firewalled network. We encrypt all data to, from and within our environment (in motion and at rest) using industry-standard AES-256 encryption. We require two-factor authentication (2FA) to access all sensitive resources. Our centralized identity management infrastructure uniquely identifies employees. All access to systems are limited, minimal, and controlled by this infrastructure. We aggressively monitor all traffic to, from and within our environment, and we retain access, system, and application logs indefinitely (with user/system/employee identifiers).
Identity & intent verification
We help our customers achieve a higher degree of security by offering a cosigning service. If requested by customers, we will verify both the identity and intent of a customer transaction prior to cosigning. A customer has the option to record a video verification of their identity that Unchained uses to validate transaction signing requests and 2FA resets. This opt-in feature is only active if requested and includes the option to set transaction amount thresholds for active identity and intent verfication. This service helps high-net-worth customers enhance the operational security of high-value transactions.