Skip to main content
Sezvo
Legal

Privacy notice

How Sezvo collects, uses, shares, and protects your personal data — written to satisfy the GDPR and written in plain English.

Effective 1 June 2026

This privacy notice explains how Sezvo handles your personal data when you visit our website, open an account, or use any of our products — multi-currency accounts, cards, savings vaults, payments, investing, the self-custodial crypto wallet, business accounts, loans, and insurance. It is written to meet our obligations under the EU General Data Protection Regulation (the "GDPR"), the Lithuanian Law on Legal Protection of Personal Data, and the ePrivacy rules that govern cookies and similar technologies. We have tried to keep it readable; where a term has a specific legal meaning we have used it deliberately.

01 · Who is responsible for your data

Sezvo is a brand operated by UAB Aušra Pay, a licensed electronic money institution (EMI) authorised and supervised by the Bank of Lithuania and passporting its services across the European Economic Area. UAB Aušra Pay is the data controller for the personal data described in this notice, which means we decide why and how your data is processed. Our BIC/SWIFT is OCENLT22 and the accounts we provide use Lithuanian (LT) IBANs.

For some processing we act jointly with, or share data with, regulated partners — for example card issuers and banking partners who provide parts of the service. Where another organisation determines the purpose of processing (such as a merchant you pay, or a network you transact over), that organisation is a separate controller with its own privacy notice.

We have appointed a Data Protection Officer (DPO) who oversees our compliance with this notice and with data protection law. You can reach the DPO by email at dpo@sezvo.com or by post to: Data Protection Officer, UAB Aušra Pay, Vilnius, Lithuania. Please use these details for any privacy question, to exercise your rights, or to raise a concern.

02 · The personal data we collect

The categories of personal data we process depend on the products you use. In broad terms we collect:

  • Identity data — your full name, date of birth, nationality, gender where you provide it, and government identifiers such as passport, national ID, or residence-permit numbers.
  • Contact data — residential and billing address, email address, and phone number.
  • Financial and transaction data — your IBAN and account balances, the amounts, dates, currencies, counterparties and references of your payments, card transactions, transfers, FX conversions, savings and investment activity, on-chain wallet addresses you link, loan and insurance records, and your source of funds and wealth.
  • KYC and due-diligence data — the documents and information we are required to collect to verify your identity, including copies of identity documents, proof of address, and a selfie or short video used for liveness checks.
  • Biometric data — where you choose to verify using face matching, we (or our verification provider) process a biometric template derived from your selfie and ID photo to confirm they belong to the same person. This is a special category of data and we only process it with an appropriate condition under Article 9 of the GDPR.
  • Device and technical data — IP address, device model and operating system, app version, device identifiers, time-zone and language settings, and crash and diagnostic logs.
  • Usage data — how you interact with the app and website: pages and screens viewed, features used, login times, and the actions you take. Some of this is collected through cookies and similar technologies.
  • Communications data — the content of your messages with our 24/7 in-app support, call recordings where applicable, and your contact and marketing preferences.

If you open a business account, we also process data about your company and about its directors, beneficial owners, and authorised representatives. Where you give us personal data about other people (for example a beneficiary of a payment, a joint account holder, or a company officer), you confirm you are entitled to share it and that they are aware of how it will be used.

03 · How we collect your data

We collect personal data from several sources. Most comes directly from you — when you register, complete identity verification, fund your account, make payments, or contact support. Some is generated automatically as you use our apps and website, through cookies, SDKs, and server logs. And some we receive from third parties, including:

  • identity-verification, sanctions-screening and politically-exposed-person (PEP) databases used for KYC and anti-money-laundering (AML) checks;
  • credit-reference and fraud-prevention agencies, where you apply for a loan or where we need to assess and prevent fraud;
  • card networks, acquirers, and banking partners involved in settling your transactions;
  • public registers and open sources, such as company registries; and
  • blockchain networks — transactions you make through the self-custodial wallet are recorded on public ledgers that we and others can read.

04 · The lawful bases we rely on

We only process personal data where the GDPR allows us to. Depending on the activity, we rely on one or more of the following lawful bases:

  • Performance of a contract (Article 6(1)(b)) — to open and operate your account, process payments and transfers, execute investment and FX orders, service loans and insurance, and provide support. If you do not provide the data we need for these purposes, we may be unable to provide the service.
  • Legal obligation (Article 6(1)(c)) — to meet our duties as a regulated EMI, including KYC, AML and counter-terrorist-financing checks, transaction monitoring, sanctions screening, suspicious-activity reporting, tax reporting, and record-keeping required by the Bank of Lithuania and other regulators.
  • Legitimate interests (Article 6(1)(f)) — to prevent fraud and abuse, keep our systems and your account secure, analyse and improve our products, manage risk, and conduct internal administration. We balance these interests against your rights and only rely on this basis where it does not override your interests.
  • Consent (Article 6(1)(a)) — for optional marketing communications, non-essential cookies and analytics, and certain processing of biometric data. Where we rely on consent you may withdraw it at any time without affecting the lawfulness of earlier processing.

For special-category data such as biometrics, we rely on your explicit consent and, where applicable, on substantial public-interest grounds connected to preventing fraud and financial crime.

05 · What we use your data for

We process personal data for these purposes:

  • Onboarding and account management — verifying your identity, setting up your IBAN and cards, and maintaining your account.
  • Executing transactions — processing SEPA Instant, SWIFT and internal transfers (most internal transfers land in around six seconds), card payments, FX across the currencies we support, savings, and commission-free investing.
  • Financial-crime prevention — screening, monitoring, and reporting as required by AML law.
  • Security and fraud prevention — authenticating logins, detecting unusual activity, and protecting your money.
  • Support and communications — answering your questions and sending service messages about your account.
  • Product improvement and analytics — understanding how features are used so we can make them better.
  • Marketing — telling you about products and offers, where you have not opted out or where consent applies.
  • Legal and regulatory — meeting our obligations, responding to lawful requests, and establishing, exercising, or defending legal claims.

06 · Automated decisions and profiling

To keep your money safe and meet our legal duties, some checks are carried out automatically. We use automated systems to screen transactions for fraud and to assess money-laundering and sanctions risk, and we may use automated scoring as part of a loan application. In limited cases these processes can produce a decision with legal or similarly significant effects — for example declining a payment, restricting an account, or refusing a credit application.

Where a decision is based solely on automated processing and has such an effect, you have the right to obtain human intervention, to express your point of view, and to contest the decision. Contact our DPO using the details above. We do not use automated profiling to make significant decisions for purposes other than those described here.

07 · Who we share your data with

We do not sell your personal data. We share it only where necessary, and only with recipients bound by confidentiality and data-protection obligations. These include:

  • Service providers (processors) — cloud hosting, identity-verification, customer-support tooling, analytics, and communications providers who process data on our instructions.
  • Card networks and issuers — Visa, Mastercard, card-issuing partners, and acquirers needed to authorise and settle card payments and to enable Apple Pay and Google Pay.
  • Banking and payment partners — the institutions that help us route SEPA, SWIFT, and FX transactions.
  • KYC, AML, and fraud providers — the verification, screening, and fraud-prevention partners that support our financial-crime controls.
  • Regulators and authorities — the Bank of Lithuania, tax authorities, courts, and law-enforcement bodies, where we are legally required or permitted to disclose data.
  • Professional advisers and corporate parties — auditors, lawyers, and, in the event of a corporate transaction, a prospective buyer subject to confidentiality.

We publish the current list of our main processors in the app under Settings → Privacy and keep it up to date.

08 · International transfers and safeguards

We aim to keep your personal data within the EEA. Where a provider or partner is located outside the EEA, we only transfer data where there is an adequate level of protection. We rely on adequacy decisions of the European Commission where they exist, and otherwise on appropriate safeguards — principally the European Commission's Standard Contractual Clauses (SCCs), supported by a transfer-impact assessment and supplementary technical and organisational measures such as encryption. Some transfers connected to the public blockchains you transact over are inherent to those networks and cannot be restricted by us. You can ask us for a copy of the safeguards that apply to a particular transfer.

09 · How long we keep your data

We keep personal data only for as long as we need it for the purposes set out in this notice, and then delete or anonymise it. In practice:

  • While your account is open — we retain the data needed to provide the service.
  • KYC, AML, and transaction records — we are required to keep these for a minimum of five years, and in some cases up to seven or ten years, after your relationship with us ends, in line with anti-money-laundering and accounting law.
  • Support communications — typically retained for a shorter period sufficient to handle queries and complaints.
  • Marketing data — kept until you opt out or withdraw consent.

On-chain wallet activity recorded on public blockchains is permanent and outside our control; we cannot edit or erase data written to those ledgers.

10 · How we keep your data secure

We apply technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, strict access controls on a need-to-know basis, multi-factor authentication, continuous monitoring, secure software-development practices, and regular testing of our systems. The crypto wallet is self-custodial: your private keys are generated and held on your device and are never transmitted to or held by us, which means we cannot move your crypto and cannot recover it if you lose your keys or recovery phrase. Please keep your credentials and recovery phrase safe and never share them.

11 · Your rights

Subject to certain conditions and exemptions in the GDPR, you have the right to:

  • Access — obtain confirmation that we process your data and a copy of it.
  • Rectification — have inaccurate or incomplete data corrected.
  • Erasure — ask us to delete your data, except where we must keep it to meet legal obligations.
  • Restriction — ask us to limit processing in certain circumstances.
  • Portability — receive the data you provided in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
  • Objection — object to processing based on legitimate interests, and to direct marketing at any time.
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting earlier processing.

To exercise any right, contact our DPO at dpo@sezvo.com. We will respond within one month, which may be extended by two further months for complex requests. We may need to verify your identity first, and we will not charge a fee unless a request is manifestly unfounded or excessive.

You also have the right to lodge a complaint with a supervisory authority. Our lead authority is the State Data Protection Inspectorate of Lithuania (Valstybinė duomenų apsaugos inspekcija). You may also complain to the authority in your country of residence. We would, however, appreciate the chance to resolve any concern with you first.

12 · Cookies and similar technologies

Our website and app use cookies, SDKs, and similar technologies for essential functionality, security, and — with your consent — analytics and personalisation. You can manage your preferences at any time. For full details of what we set and how to control them, please see our separate Cookie notice, which forms part of this privacy notice.

13 · Children

Our services are intended for adults. We do not knowingly offer accounts to, or knowingly collect personal data from, anyone under the age required to hold an account in their country. If you believe a minor has provided us with personal data, please contact our DPO and we will take appropriate steps to delete it.

14 · Changes to this notice

We may update this notice from time to time to reflect changes in our products, the law, or our practices. When we make material changes we will update the effective date above and, where appropriate, notify you in the app or by email. We encourage you to review this notice periodically.

15 · How to contact us

For any privacy question, to exercise your rights, or to raise a concern, contact our Data Protection Officer at dpo@sezvo.com or write to: Data Protection Officer, UAB Aušra Pay, Vilnius, Lithuania. Sezvo is an electronic money institution rather than a traditional bank; this notice concerns how we handle your personal data and should be read alongside our Terms and our Cookie notice.

Last updated: 1 June 2026