Contro Compliance & Security Statement

At Contro, regulatory compliance and data security are the foundation of everything we do. We are committed to protecting our users, partners, and systems through industry best practices, regulatory alignment, and strong technical safeguards.

If you do not agree, please do not use Contro.

1. Regulatory Compliance

Contro operates under a compliance-first framework to meet the requirements of financial authorities, card networks, and digital asset regulations. Key compliance practices include:

  • Know Your Customer (KYC): All users undergo identity verification via Didit, a licensed KYC provider compliant with AML/CFT regulations.

  • Anti-Money Laundering (AML): We implement automated risk scoring and transaction monitoring to detect and report suspicious activity.

  • Card Network Compliance: We comply with Visa network requirements through our card program managers, Reap Technologies and Interlace.

  • Data Sharing: We only share personal data with trusted partners as required to deliver core services and ensure regulatory compliance.

2. Data Protection & Privacy

We strictly limit access to user data and apply the principles of data minimization and purpose limitation. Our Privacy Policy is designed to comply with major app store and data protection requirements.

  • Personal data is processed only with consent and solely for identity verification, card issuance, and transaction operations.

  • We do not sell or monetize user data.

  • All third-party processors are contractually bound to protect data under strict confidentiality and security clauses.

3. Technical Security Measures

We employ a robust multi-layer security architecture, including:

  • End-to-End Encryption: All sensitive user data is encrypted in transit (TLS 1.3) and at rest (AES-256).

  • Programmable Wallets: Digital asset custody is provided through trusted infrastructure partners like Circle, ensuring user funds are safeguarded with advanced key management and policy control.

  • Infrastructure Hardening: Our backend systems are protected with firewalls, intrusion detection, and continuous security monitoring.

  • Access Controls: All internal access is governed by role-based permissions and two-factor authentication (2FA).

4. Incident Response & Business Continuity

Contro maintains:

  • A formal incident response plan for managing security breaches and regulatory notifications.

  • Regular penetration testing and security audits.

  • A business continuity and disaster recovery plan to ensure service resilience and minimize downtime.

5. Commitment to Continuous Improvement

We continually assess and update our systems, policies, and practices in response to emerging threats, regulatory changes, and technology evolution. Compliance and security are not one-time tasks—they are part of our culture.

Questions or Concerns?
Reach our compliance team at: [email protected]