Privacy Policy
Last updated: May 2026
Hainan Infrastructure Partners Platform Ltd. ("we", "us", "our") operates this tokenised infrastructure investment platform (the "Platform") and is the data controller for the personal information processed on it. This Privacy Policy explains what we collect, why we collect it, how long we keep it, who we share it with, and the rights you hold over your data. It is written to satisfy the EU General Data Protection Regulation (GDPR), the China Personal Information Protection Law (PIPL), and equivalent regimes that apply to qualified institutional users worldwide.
Information We Collect
We collect three categories of information. (a) Identity and verification data — legal name, date of birth, nationality, government-issued ID, passport scans, selfie or liveness images used for KYC, and company registration documents, ownership structure, beneficial-owner disclosures, and licence numbers used for KYB. (b) On-chain and account data — your wallet address, signed EIP-712 wallet-binding messages, the institutional email tied to your account, transaction hashes, deposit and redemption history, token holdings on the chains we connect to, and the audit trail of every administrative action affecting your account. (c) Technical and security data — IP address, browser type, device fingerprint, request timestamps, rate-limit counters, blocked-action logs, and Sentry error reports with personal identifiers automatically scrubbed.
Legal Basis for Processing
We process personal data under one or more of the following legal bases. (a) Legal obligation — anti-money-laundering, counter-terrorist-financing, sanctions screening, and securities-law obligations require us to collect, verify, and retain identity records. (b) Performance of a contract — opening your account, executing token subscriptions, and processing redemptions cannot be done without your data. (c) Legitimate interest — Platform security, fraud prevention, abuse detection, and dispute resolution. (d) Consent — for any processing outside the above (for example, optional product updates); you may withdraw it at any time.
How We Use Your Information
Your data is used to (a) verify your identity and institutional standing before you can transact, (b) screen you against sanctions and politically-exposed-person lists at onboarding and on an ongoing basis, (c) match wallet addresses to verified investors so the on-chain whitelist stays accurate, (d) execute subscriptions, settle distributions, and reconcile fiat-to-token conversions, (e) detect suspicious activity and respond to anti-money-laundering alerts, (f) maintain append-only audit logs for regulator and auditor inspection, (g) provide customer support, and (h) improve Platform reliability and security. We do not use your data for advertising, do not sell it to third parties, and do not engage in fully-automated decision-making with legal effect without human review.
Sharing and Disclosure
We share personal data only with parties that have a documented need to receive it. These include (a) regulators, supervisory authorities, courts, and law-enforcement bodies where required by law, (b) our KYC, KYB, sanctions-screening, and AML-monitoring service providers under written data-processing agreements, (c) qualified custodians, settlement banks, and token-transfer agents involved in executing your transactions, (d) external auditors and tax advisers who are bound by professional secrecy, and (e) a successor entity in the event of a merger, acquisition, or restructuring (subject to equivalent privacy protections). We never share KYC documents or biometric data with marketing partners or third-party analytics providers.
Blockchain Transparency
Public blockchains are immutable and globally visible. When you transact on the Platform, your wallet address, the token you subscribe to, the amount, and the timestamp are written to a public ledger that we cannot modify or delete. The Platform does not publish your name, email, or KYC documents on-chain — only the pseudonymous wallet address — but a third party that already knows your wallet address can observe your activity. If this concerns you, use a dedicated wallet for Platform activity.
International Data Transfers
The Platform is operated from the Hainan Free Trade Port. Personal data may be transferred to and processed in jurisdictions outside your country of residence, including the People's Republic of China and any country where our service providers are located. Where data is transferred out of the European Economic Area or the United Kingdom we rely on Standard Contractual Clauses approved by the European Commission. Where data is transferred out of mainland China we comply with the cross-border transfer requirements of PIPL, including a personal-information protection impact assessment and, where required, a security assessment by the Cyberspace Administration of China.
Data Retention
Identity-verification documents and transaction records are retained for at least seven (7) years after the end of the business relationship to comply with FATF recommendations and applicable AML/CTF legislation; some records may be retained longer where required by tax or securities law. Append-only audit logs are retained for seven (7) years and cannot be modified or deleted during that period — the underlying database revokes UPDATE, DELETE, and TRUNCATE privileges on these tables at the role level. Marketing-related data and optional preferences are deleted within thirty (30) days of withdrawal of consent.
Security Measures
We protect your data with layered controls including encryption in transit (TLS 1.2+) and at rest, hardware-wallet enforcement for all administrative on-chain actions, signed session cookies with periodic key rotation, distributed rate limiting against credential-stuffing, an append-only audit log enforced at the database role level, Content Security Policy with per-request nonces, CSRF protection on every state-changing endpoint, magic-byte verification and SHA-256 fingerprinting on every uploaded document, automatic Sentry PII scrubbing, and periodic third-party penetration testing. No system is perfectly secure — if you suspect your account or wallet has been compromised, contact us immediately at security@hainan-infra.com.
Your Rights
Depending on your jurisdiction, you may have the right to (a) request a copy of the personal data we hold about you, (b) ask us to correct inaccurate data, (c) ask us to delete data we are not legally required to retain (most identity-verification records remain locked under AML retention duties even after deletion is requested), (d) object to or restrict certain processing, (e) ask for portability of data you provided to us, (f) withdraw consent at any time where consent is the legal basis, and (g) lodge a complaint with your supervisory authority. To exercise any of these rights, email privacy@hainan-infra.com from the address we have on file; we respond within thirty (30) days.
Cookies and Local Storage
The Platform uses only cookies and local-storage items strictly necessary for operation, such as the signed session cookie, the locale preference, and the wallet-connection state. We do not set advertising cookies or third-party analytics cookies. See our Cookie Policy at /cookies for the full inventory.
Updates to This Policy
We may amend this Privacy Policy from time to time. Material changes will be notified to you by email and surfaced in the Platform's banner at least thirty (30) days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision; earlier versions are archived and available on request.
Contact and Data Protection Officer
For any privacy-related question, request, or complaint, contact our Data Protection Officer at privacy@hainan-infra.com. Postal address: Hainan Infrastructure Partners Platform Ltd., DPO Office, Haikou, Hainan, People's Republic of China.