Privacy Policy
Last updated: April 2026
Glorayy ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at https://www.glorayy.com, use our platform, dashboard, reward token subscriptions, USDT services, loan tools, virtual cards, or interact with our live AI chatbot (collectively, the "Services").
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are (Data Controller)
Glorayy is a UK-based digital asset management platform empowering users with secure management of cryptocurrency and digital ownership, including reward token subscriptions for assets such as e-commerce websites and metaverse properties.
Data Controller:
[Glorayy]
Email: mail@glorayy.com
Telephone: [+441615314270]
Address:
Deane Road, Bolton, BL3 5AB
2. Personal Data We Collect
We collect the following categories of personal data:
Identity and Contact Data: Name, email address, phone number, date of birth, government-issued ID (for KYC/AML verification where required).
Financial and Transaction Data: USDT wallet addresses, transaction history, subscription details, loan calculator inputs/outputs, virtual card usage data.
Technical and Usage Data: IP address, browser/device information, login times, pages visited, cookies, and analytics data.
Profile and Subscription Data: Reward token subscription preferences, dashboard activity, asset interests.
Communication and Chat Data: Messages sent to our customer support or Live AI Chatbot (powered by OpenAI), including text inputs, queries, and conversation history.
Other: Any information you voluntarily provide via forms, feedback, or support requests.
AI Chatbot Note: When you use our Live Chat feature, your chat inputs (which may include personal data if you choose to share it) are sent to OpenAI to generate responses. We minimise the personal data sent where possible and instruct OpenAI to process it only on our behalf.
We do not intentionally collect special category (sensitive) data unless legally required for enhanced due diligence, and only with appropriate safeguards.
3. How We Collect Your Data
Directly from you when registering, subscribing, transacting, using tools (e.g., loan calculator), contacting support, or chatting with our AI chatbot.
Automatically via cookies, server logs, and analytics when using the Services.
From third parties (e.g., KYC/identity verification providers, blockchain analytics tools, or OpenAI for chatbot functionality).
4. Purposes and Lawful Bases for Processing
We process your personal data based on the following UK GDPR lawful bases:
Performance of a Contract (Art. 6(1)(b)): To deliver the Services, manage subscriptions, process USDT transactions, handle loans and virtual cards, maintain your dashboard, and respond to queries via live chat or support.
Legal Obligation (Art. 6(1)(c)): To comply with AML, KYC, counter-terrorism financing, tax, and other regulatory requirements.
Legitimate Interests (Art. 6(1)(f)): To improve our Services and platform security, analyse usage trends, prevent fraud, and provide customer support (including via the AI chatbot). We balance these interests against your rights through legitimate interests assessments where needed.
Consent (Art. 6(1)(a)): For direct marketing communications or non-essential cookies/tracking. You can withdraw consent at any time.
For the AI chatbot, processing of chat data is primarily necessary for the performance of our contract with you (providing customer support) or based on legitimate interests (efficient, 24/7 assistance). We do not use chatbot conversations to train OpenAI models (we rely on OpenAI's enterprise/API configuration that prevents this).
5. Sharing Your Personal Data
We may share your personal data with trusted third parties, always under appropriate safeguards (e.g., data processing agreements):
Service Providers and Processors: Hosting providers, analytics tools, payment processors, KYC/AML services, and OpenAI (for powering our Live AI Chatbot). OpenAI acts as our data processor and processes chat inputs only on our instructions to generate helpful responses. We have a Data Processing Addendum (DPA) in place with OpenAI.
Professional Advisers and Regulators: Lawyers, accountants, or authorities when legally required (e.g., for compliance or fraud prevention).
Business Transfers: In the event of a merger, acquisition, or restructuring.
We do not sell your personal data.
Specific to OpenAI Chatbot: Chat conversations are shared with OpenAI solely to provide the live chat functionality. OpenAI does not use this data for its own model training under our arrangement. Processing may involve international transfers (see Section 6).
6. International Transfers
Some of our processors, including OpenAI, are located outside the UK (e.g., in the United States or other jurisdictions). We ensure appropriate safeguards are in place, such as the UK Addendum to the EU Standard Contractual Clauses (SCCs) or other ICO-approved mechanisms, as detailed in OpenAI's DPA.
We conduct transfer risk assessments where required and only transfer the minimum data necessary.
7. Data Security
We use technical and organisational measures including encryption (where appropriate for financial or chat data), access controls, secure servers, and regular security audits. However, no system is 100% secure. For chatbot interactions, we encourage you not to share sensitive financial details (e.g., full wallet seeds or private keys).
8. Data Retention
We keep your personal data only as long as necessary for the purposes set out in this policy or as required by law (e.g., AML/KYC records are typically retained for 5–7 years). Chatbot conversation logs are retained for a limited period [insert your period, e.g., 30–90 days] for support, quality, and compliance purposes, then securely deleted or anonymised.
9. Your Rights
Under the UK GDPR, you have rights to:
Access, rectify, or erase your data
Restrict or object to processing
Data portability
Withdraw consent (where used)
Not be subject to solely automated decisions with significant effects (if applicable)
To exercise these rights, email mail@glorayy.com. We respond within one month. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.
10. Cookies and Tracking Technologies
We use essential cookies for site functionality and (with your consent) analytics/marketing cookies. See our separate Cookie Policy [insert link] for details.
11. Children's Privacy
Our Services are not directed at children under 18. We do not knowingly collect data from minors.
12. Changes to This Privacy Policy
We may update this policy. Material changes will be notified via the website or email. The "Last updated" date will be revised.
13. Contact Us
Questions about this Privacy Policy or your data? Contact us at:
Email: privacy@glorayy.com
Address: [Insert full UK registered address]
Additional Implementation Advice
In-Chat Transparency — Add a clear banner or initial message in the AI chatbot:
"This live chat is powered by OpenAI. Your messages are processed to provide support. Do not share sensitive financial information here. See our Privacy Policy for details."
Data Minimisation — Where possible, route sensitive queries (e.g., account-specific transactions) to human support or authenticated dashboard sections instead of the public chatbot.
DPIA — Strongly recommended for the AI feature due to the fintech context and potential for users to input personal/financial data.
Cookie Policy — If you haven't already, create one that mentions any tracking related to the chatbot (e.g., session analytics).
Internal Records — Update your Record of Processing Activities (ROPA) to include the OpenAI processing activity (categories of data, purposes, processor details, retention, etc.).
