Privacy Policy
Last updated: April 13, 2026 — Version 2.0
1. Data Controller
GeraCash is operated by Gera Services (registered in England and Wales), a digital wallet and payments platform. We are the data controller under the UK GDPR and Data Protection Act 2018.
- Website: geracash.com
- Data Protection: [email protected]
Financial Services Notice: GeraCash processes financial transactions and applies enhanced data protection standards consistent with KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations under UK law.
2. What Personal Data We Collect
2.1 Identity and Contact Data
Full name, date of birth, email address, phone number, residential address.
2.2 Identity Verification Data (KYC)
Government-issued photo ID (passport, national ID, driving licence), proof of address, selfie for facial verification, and enhanced due diligence documentation for high-value accounts.
2.3 Financial Data
Bank account details for payouts (sort code and account number), card type and last four digits (full card numbers never stored), wallet balance, full transaction history (amounts, recipients, timestamps, reference notes), and GeraCoins balance.
2.4 AML and Fraud Prevention Data
Transaction patterns, device fingerprints, IP addresses, geolocation at transaction time, and fraud screening flags.
2.5 Usage and Technical Data
Browser type, device identifiers, OS version, session data, crash logs.
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and wallet management | Contract (Art. 6(1)(b)) |
| Processing payments and transfers | Contract (Art. 6(1)(b)) |
| KYC identity verification | Legal Obligation (Art. 6(1)(c)) — Money Laundering Regs 2017 |
| AML transaction monitoring | Legal Obligation (Art. 6(1)(c)) — Proceeds of Crime Act 2002 |
| Fraud detection and prevention | Legitimate Interests (Art. 6(1)(f)) |
| Regulatory reporting (HMRC, FCA) | Legal Obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Data Retention
| Data Type | Retention | Basis |
|---|---|---|
| Transaction records | 6 years | HMRC / tax law |
| KYC documents | 5 years after account closure | Money Laundering Regulations 2017 |
| AML records | 5 years | Proceeds of Crime Act 2002 |
| Account data (post-closure) | 5 years | Financial regulation |
| Analytics | 13 months | ICO guidance |
5. Who We Share Your Data With
We do not sell your data. We share only as necessary:
- Payment networks and banking partners — to process transactions
- KYC/AML screening providers — identity verification and fraud screening
- HMRC and FCA — as required by UK financial regulation
- National Crime Agency — statutory reporting under the Proceeds of Crime Act
- Railway, Neon, Vercel — infrastructure
- PostHog (EU, anonymised); Sentry (EU, errors)
6. Your Rights
UK GDPR rights apply. Note that AML and regulatory retention requirements may limit erasure rights. Email [email protected]. Complaints to the ICO.
7. Security
PCI DSS-aligned: TLS 1.2+ in transit, AES-256 at rest, tokenised card data, segregated financial data environments, MFA on all accounts, continuous fraud monitoring.
8. Cookies
Essential, functional, and (with consent) analytics cookies. See our Cookie Policy.
9. Contact
- Data Protection: [email protected]
- Support: [email protected]