Compliance

PII: minimize, encrypt, and strictly control access.

Logging: never log secrets (codes, tokens, signatures).

Data subject rights: export keys and permanently delete accounts.

Vendors: Coinbase on‑ramp involves Coinbase KYC/AML where applicable.