This Data Deletion Policy explains how RUTO AI LIMITED handles requests to delete, erase, close, restrict, or remove personal information connected with RutoWallet.
RutoWallet is a custodial crypto wallet and virtual card product. Because wallet activity, KYC verification, transaction records, fraud controls, card services, blockchain records, and compliance reviews may involve financial and legal obligations, deletion is handled through a controlled process rather than immediate removal of every record.
This policy should be read together with the Privacy Policy, Terms of Service, Acceptable Use Policy, Risk and Compliance Disclosure, Card Terms, Cookie Policy, and any provider terms that apply to selected services.
Where the European Union General Data Protection Regulation, the United Kingdom General Data Protection Regulation, or similar data protection laws apply, this policy is intended to support the user's right to erasure, right to restriction of processing, right to object, right to withdraw consent, and related data protection rights, subject to lawful exceptions.
Industry Approach Used by Us
RutoWallet follows the general approach used by responsible fintech, payment, wallet, card, and digital finance platforms: users may request deletion or account closure, but certain records may continue to be retained where needed for legal, regulatory, tax, accounting, audit, fraud-prevention, dispute-resolution, security, provider, or law-enforcement purposes.
Comparable financial platforms commonly state that personal data is retained only as long as needed for the purpose collected or as required by law, and that deletion may be limited where financial recordkeeping, identity verification, anti-fraud, AML, sanctions, card, audit, dispute, or legal duties still apply.
What Users Can Request
Subject to applicable law and any lawful retention obligations, users may request that RutoWallet:
- Delete or erase personal information that is no longer needed for a lawful purpose
- Close a RutoWallet account where account closure is available
- Withdraw consent for optional processing where consent is the lawful basis
- Stop or restrict selected processing where required by applicable data protection law
- Delete marketing preferences or unsubscribe from optional marketing communications
- Correct inaccurate personal information before or during a deletion review
A deletion request may be sent to support@rutowallet.com or legal@rutowallet.com. RutoWallet may require the user to verify account ownership, identity, email access, or other security information before processing the request.
Where EU, UK, or similar data protection law applies, RutoWallet will aim to respond to valid deletion and restriction requests without undue delay and within the legally required period, which is generally one month from receipt of the request. This period may be extended where permitted by law, including where a request is complex, multiple requests are made, or additional verification is required.
A user may request deletion where personal information is no longer necessary for the purpose collected, consent has been withdrawn and no other lawful basis applies, the user has successfully objected to processing, the information has been processed unlawfully, deletion is required by law, or another applicable data protection ground applies.
Account Closure Before Deletion
For safety and compliance reasons, RutoWallet may require a user to close or prepare the account before certain personal information can be deleted.
Before account closure or deletion, the user may need to:
- Withdraw or transfer any available wallet balance where withdrawals are supported
- Complete, cancel, or resolve pending deposits, withdrawals, conversions, user-to-user transfers, card recharges, card withdrawals, card transactions, disputes, chargebacks, refunds, or support cases
- Settle unpaid fees, negative balances, provider charges, card obligations, failed transaction charges, or other amounts owed
- Resolve open compliance, KYC, fraud, sanctions, suspicious activity, account recovery, or security reviews
- Confirm that account closure may remove access to wallet services, card services, transaction history inside the account interface, rewards, offers, preferences, and related features
Account closure and deletion may be delayed, restricted, or declined where RutoWallet is required or permitted to keep the account active or retain records for legal, security, provider, regulatory, or user-protection reasons.
Data That May Be Deleted
Where no lawful retention reason applies, RutoWallet may delete, anonymize, aggregate, de-identify, or restrict access to personal information such as:
- Profile information, preferences, optional account settings, and non-essential account details
- Marketing communication preferences and optional survey or feedback data
- Support information that is no longer needed for service, dispute, legal, or security purposes
- Device, analytics, cookie, or technical data that is no longer needed for security, reliability, fraud prevention, or legal purposes
- Other personal information that is no longer necessary for the purpose collected and is not subject to retention obligations
RutoWallet may also anonymize or aggregate information so it no longer identifies a user. Anonymized or aggregated information may be retained for analytics, service improvement, security, reporting, or business purposes where permitted by law.
Data That May Be Retained
Some information may be retained after a deletion request or account closure if RUTO AI LIMITED has a lawful basis, legal duty, provider requirement, or legitimate need to retain it.
Retained information may include:
- KYC, identity verification, sanctions screening, and compliance review records
- Wallet balances, deposits, withdrawals, conversions, user-to-user transfers, wallet addresses, blockchain transaction references, card transactions, card recharge records, card withdrawal records, fees, refunds, chargebacks, disputes, and related financial records
- Fraud-prevention, anti-money laundering, suspicious activity, stolen-fund risk, account takeover, scam, sanctions, security, device, and investigation records
- Tax, accounting, audit, reporting, reconciliation, legal, regulatory, provider, issuer, card network, or law-enforcement records
- Records needed to enforce terms, resolve disputes, defend legal claims, protect users, prevent abuse, or comply with court orders or lawful requests
For legal and regulatory compliance reasons, RUTO AI LIMITED may retain personal data for an additional period of six years after termination of the relationship between the user and RutoWallet, unless a longer retention period is required or permitted by law.
If RutoWallet declines or postpones deletion because retention is required or permitted, RutoWallet may keep only the information needed for that lawful purpose and may restrict ordinary processing where appropriate.
Blockchain Records
Some wallet activity may be recorded on public or third-party blockchain networks. Blockchain records are generally outside RutoWallet's exclusive control and may be permanent, public, or independently retained by blockchain nodes, explorers, analytics providers, counterparties, or other participants.
RutoWallet may delete, restrict, anonymize, or de-identify information in systems it controls where lawful and technically possible, but it cannot delete public blockchain records or records independently controlled by third parties.
Third-Party Providers
RutoWallet may use third-party providers for KYC, card services, wallet infrastructure, blockchain infrastructure, analytics, hosting, communications, fraud prevention, sanctions screening, support, and related services.
When RutoWallet approves a deletion request, it may instruct relevant service providers to delete, anonymize, restrict, or return personal information where required and where the provider is processing the information on RutoWallet's behalf. Providers may still retain information where they have their own legal, regulatory, provider, audit, fraud-prevention, dispute, or security obligations.
Where required by applicable data protection law, RutoWallet will take reasonable steps to notify recipients or processors of approved deletion, correction, or restriction requests unless doing so is impossible or would involve disproportionate effort.
Backups, Archives, and Logs
Deleted information may remain for a limited time in backups, archives, encrypted storage, system logs, disaster recovery systems, or security records before it is overwritten, isolated, anonymized, or removed according to RutoWallet's retention and backup processes.
During this period, access to backup or archived information is restricted and the information is not used for ordinary business purposes unless restoration, security, legal, compliance, audit, dispute, or system recovery needs require it. Where immediate deletion from backups is not technically practical, RutoWallet may place the information beyond ordinary use until it is overwritten or removed under established backup schedules.
How Requests Are Reviewed
After receiving a deletion request, RutoWallet will review the request against account status, identity verification, open transactions, card activity, balances, disputes, compliance obligations, fraud and security concerns, provider requirements, legal duties, and applicable data protection laws.
RutoWallet may approve the request in full, approve it in part, request more information, ask the user to complete account closure steps, restrict selected processing, anonymize certain data, or decline deletion where lawful retention is required or permitted.
RutoWallet may refuse or limit a request where permitted by law, including where the request is manifestly unfounded or excessive, where information must be retained for legal obligations, where retention is needed for legal claims, security, fraud prevention, public interest, or regulatory reasons, or where deletion would adversely affect another person's rights.
Where possible, RutoWallet will explain the outcome of the request. In some cases, RutoWallet may be unable to provide detailed reasons where doing so could affect security, fraud prevention, provider rules, compliance reviews, investigations, legal obligations, or another person's rights.
Effect of Deletion
Once account deletion or closure is completed, access to RutoWallet services may be permanently disabled. The user may lose access to account history inside the app or website, saved preferences, linked services, cards, support history, promotions, rewards, and other account features.
Deletion does not reverse completed blockchain transactions, card transactions, fees, conversions, transfers, deposits, withdrawals, chargebacks, provider records, merchant records, or obligations that already occurred before deletion.
Contact
Deletion, account closure, privacy, and data protection requests may be sent to support@rutowallet.com or legal@rutowallet.com.
Users should include the registered email address, a clear description of the request, and any information needed to help RutoWallet verify account ownership and locate the relevant records.
Where applicable data protection law gives a user the right to complain to a data protection authority or supervisory authority, the user may contact the authority responsible for the user's location or the relevant authority for the processing activity.
Effective Date
This Data Deletion Policy is effective as of June 10, 2026.