Vyra Bank — Privacy & Data Protection Policy

1) Commitment to Privacy

Vyra Bank is firmly committed to the strongest possible protection of client information. We regard privacy not only as a regulatory requirement but as a fundamental right. Accordingly, we design our systems and policies so that disclosure of personal data is legally and technically restricted to the maximum extent permitted under Mexican law.

2) Data Minimization

  • Minimal collection: We collect only what is strictly necessary to comply with mandatory KYC/AML obligations and to operate our Services.
  • No unnecessary tracking: We do not engage in commercial profiling, targeted advertising, or the sale of personal data under any circumstances.
  • Temporary metadata: Any technical metadata (IP addresses, session identifiers, device fingerprints) is retained only for as long as necessary for immediate security purposes, then irreversibly destroyed.

3) Technical Safeguards

  • Encryption by default: All personal data, KYC documentation, and account information is encrypted at rest and in transit using industry-leading cryptographic standards.
  • Segregation & zero-access design: Data is segregated, access is compartmentalized, and systems are configured so that even internal personnel cannot access information without multi-factor, role-based authorization and logging.
  • Rapid log destruction: System logs and metadata are minimized and automatically purged on the shortest possible cycle consistent with operational security.
  • Independent audits: Security infrastructure and data handling practices are subject to regular external audits to verify compliance with the above commitments.

4) Legal Protection & Disclosure

  • No voluntary disclosure: We do not disclose personal data to any third party, foreign regulator, or government absent a binding, final order issued by a competent Mexican court following due process.
  • Litigation threshold: Disclosure will only occur if compelled through formal litigation in Mexico. We do not honor informal requests, subpoenas, or administrative demands from outside Mexico.
  • Foreign authorities: Any foreign request for information must be made via official international cooperation channels and enforced through Mexican judicial authorities. We will not provide data directly to foreign governments.
  • Transparency principle: Where legally permissible, clients will be notified of any compelled disclosure request before data is produced.

5) Retention & Destruction

  • Active accounts: Data is retained only as long as necessary for service provision and compliance with mandatory law.
  • Closed accounts: KYC and transactional records are securely destroyed one (1) year after account closure unless a longer period is expressly required by binding Mexican law.
  • Automated destruction: Metadata, logs, and other transient data are automatically deleted as soon as operational security needs have passed.

6) Client Rights

  • Access & correction: Clients may request access to, or correction of, their personal data in accordance with applicable privacy frameworks (e.g., GDPR, LGPD).
  • Erasure: Clients may request deletion of their data; such requests will be honored to the maximum extent permitted under Mexican law.
  • Portability & restriction: Where international privacy laws apply, clients may exercise additional rights, subject to compatibility with Mexican legal obligations.

7) Cookies & Digital Tracking

We do not deploy advertising or marketing cookies. Any cookies used are strictly limited to security, authentication, and basic functionality. Analytics are performed on anonymized or aggregated data wherever possible. You may disable non-essential cookies in your browser settings.

8) Jurisdiction & Exclusivity

  • Governing law: This Policy is governed exclusively by the laws of Mexico.
  • Exclusive jurisdiction: Any dispute concerning data protection or privacy is subject solely to the jurisdiction of Mexican courts.
  • Non-application of foreign law: No foreign privacy or disclosure laws apply directly to Vyra Bank or its Services.

9) Amendments

  • We may amend this Policy to reflect changes in law, regulation, or technology. Updates will be posted on our Website and/or through the client portal.
  • Clients who do not agree with material changes may close their accounts and request deletion of their data subject to our retention obligations.

10) Contact

Questions or privacy requests may be directed to the contact details published on our Website. Formal legal requests must be properly filed with competent Mexican courts.

Vyra Bank employs a privacy-by-design approach, using maximum encryption, rapid data destruction, and strict legal resistance to disclosure. Client data is safeguarded by both technical architecture and legal jurisdiction, ensuring the highest possible protection under Mexican law.