Loading...

Main Menu
MilleWallet – Privacy Policy

MilleWallet – Privacy Policy

Effective Date: November 2025
Company: TECH1ter
Address: 38 Chemin de la Bigotte, 13015 Marseille, France
Email: contact@millewallet.com

1

Introduction

TECH1ter (“we”, “our”, “us”) operates the MilleWallet platform (“MilleWallet”, “Service”). We are committed to protecting your personal data and processing it in a lawful, fair, and transparent manner.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data, including data processed for fraud prevention, security, and anti-money laundering / counter-terrorist financing (AML/CTF) compliance.

By accessing or using MilleWallet, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must not use the Service.

2

Data Controller

The data controller responsible for your personal data is:

TECH1ter
38 Chemin de la Bigotte
13015 Marseille – France
Email: contact@millewallet.com

We process personal data in accordance with applicable data protection laws, including:

  • EU General Data Protection Regulation (EU) 2016/679 (“GDPR”),
  • French Data Protection Act,
  • ePrivacy rules,
  • Applicable AML/CTF legislation, and
  • Industry fraud-prevention best practices.
3

What MilleWallet Is (Clarification)

MilleWallet is not a bank, not an e-money issuer, and not a regulated financial institution. MilleWallet operates a closed virtual wallet system with features such as:

  • Internal balances,
  • Internal transfers between users,
  • Deposit initiation via regulated Payment Service Providers (PSPs),
  • Withdrawal requests via external bank accounts or PSPs,
  • Optional prepaid card integrations,
  • Optional gaming/rewards mechanisms, and
  • Fraud detection and AML/CTF monitoring.

All real-money operations (e.g., bank transfers, card payments, PayPal payments, issuance of payment instruments) are executed by regulated third-party payment institutions (for example card processors, banks, prepaid card issuers, Stripe, PayPal, and other PSPs).

4

Categories of Personal Data We Collect

We collect only the data that is necessary for operating MilleWallet, fulfilling our contractual obligations, protecting the Service against fraud and abuse, and complying with legal and regulatory requirements.

4.1 Identity Data

  • Full name,
  • Date of birth,
  • Residential address,
  • Nationality,
  • Phone number,
  • Email address,
  • Government-issued identification documents (e.g., ID card, passport),
  • Selfie and/or liveness checks (for KYC and fraud prevention),
  • For business users: company registration documents, VAT number, and beneficial owner information.

4.2 Financial & Payment Data

MilleWallet does not directly store full payment card numbers or complete bank account details. These are processed by regulated PSPs. However, we may receive and store:

  • Transaction references and IDs,
  • Deposit and withdrawal confirmations (success/failure),
  • Payment method type (e.g., card, bank transfer, PayPal, prepaid),
  • Partial masked card information (e.g., last 4 digits),
  • Chargeback and dispute status from PSPs.

4.3 Technical & Behavioral Data

We use technical and behavioral data to secure your account and detect fraud:

  • IP addresses (including approximate geolocation, e.g., city/country),
  • Device identifiers and device fingerprinting (browser, OS, hardware characteristics),
  • Cookies and similar technologies (see Cookies section),
  • Login timestamps and session IDs,
  • Failed login attempts and security events,
  • Velocity checks (e.g. how many actions in a short time),
  • Patterns of behavior that may indicate fraud or account takeover.

4.4 Transaction Data

  • Internal transfers between users,
  • Wallet balance changes,
  • Deposit requests and outcomes,
  • Withdrawal requests and outcomes,
  • Usage of payment links or internal payment tools,
  • Failed or blocked transactions and reasons (when available).

4.5 Communication Data

  • Emails and messages exchanged with support,
  • Uploaded documents for verification or dispute resolution,
  • Support tickets and internal notes relevant to your account.
5

Purposes and Legal Bases for Processing

We process your data under the following legal bases:

  • Contract (Art. 6(1)(b) GDPR): to provide you with MilleWallet services and features.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with AML/CTF, accounting, tax, and other legal requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR): to protect the platform, prevent fraud, ensure security, and improve the Service.
  • Consent (Art. 6(1)(a) GDPR): for specific optional features (e.g. certain cookies or marketing communications).

5.1 Fraud Prevention and Security (Critical Purpose)

We process your data for fraud prevention, abuse detection, and platform security on the basis of:

  • Legitimate interests in protecting MilleWallet, our users, and third parties; and
  • Legal obligations regarding financial crime, AML/CTF, and cooperation with PSPs and authorities.

This includes:

  • Detecting suspicious login patterns and account takeovers,
  • Preventing use of stolen or unauthorized payment methods,
  • Identifying synthetic or fake identities,
  • Detecting chargeback and refund abuse,
  • Monitoring high-risk transactional behavior,
  • Identifying mule accounts or money-laundering patterns,
  • Preventing abuse of promotions, bonuses, or gaming features,
  • Protecting the Service against bots, scripts, and automated attacks.

Due to AML/CTF and fraud-prevention requirements, certain fraud-related and AML-related data cannot be erased upon request where the law requires us to retain it.

6

Fraud Detection & Fraud Scoring (Detailed)

6.1 Automated Fraud Analysis

We use automated systems and algorithms to analyze patterns and detect high-risk or abnormal behavior. Examples include:

  • Sudden changes in IP country (“impossible travel”),
  • Login from anonymizing networks (e.g. certain VPNs, proxies, Tor),
  • Multiple accounts using the same device or fingerprint,
  • Rapid sequences of deposits followed by immediate withdrawal attempts,
  • Unusual deposit or withdrawal amounts and frequencies,
  • Patterns consistent with card testing or stolen credential testing,
  • Unusual or inconsistent KYC document information,
  • Attempts to bypass limits, restrictions, or verification.

6.2 Data Used for Fraud Prevention

For fraud detection, we may combine:

  • Identity and contact information,
  • Transaction history and account behavior,
  • Login and device information,
  • IP-based geolocation and risk indicators,
  • Email and phone reputation data (e.g., disposable email, VOIP numbers),
  • Information from PSPs, banks, and card networks,
  • Known fraud patterns and internal blacklists.

6.3 Manual Review by Fraud and Compliance Teams

In many cases, automated systems are followed by a manual review. Our authorized personnel may:

  • Request additional identity or address documentation,
  • Request proof of funds or origin of funds where justified,
  • Request clarification regarding certain transactions or behaviors,
  • Verify information with third-party providers,
  • Temporarily limit or freeze specific features while an investigation is ongoing.

6.4 Freezing or Restricting Accounts

We may temporarily or permanently freeze or restrict your account, without prior notice, if we reasonably suspect:

  • Fraudulent activity or chargeback abuse,
  • Use of stolen payment methods or credentials,
  • Document forgery or identity theft,
  • Violations of our Terms of Service or AML/CTF laws,
  • Use of the Service for illegal or prohibited purposes.

During such restrictions, withdrawals and certain other operations may be blocked until the situation is clarified or the investigation is concluded.

6.5 Reporting Fraud to Third Parties and Authorities

Where required by law or contract, we may share information about fraud or suspected fraud with:

  • Regulated PSPs and banks,
  • Card networks and dispute resolution bodies,
  • Financial Intelligence Units (FIUs) and AML authorities,
  • Police or other competent law enforcement agencies,
  • Courts and regulatory bodies.

6.6 Fraud Blacklists and Retention

To protect our Service and our users, we may maintain internal blacklists and risk profiles containing, for example:

  • Accounts involved in confirmed fraud or severe policy violations,
  • Device fingerprints and associated risk indicators,
  • IP addresses linked to attacks or abuse,
  • Emails and phone numbers used in fraud attempts.

Such data may be retained for extended periods (often 5–10 years or longer, depending on legal requirements) and may not be subject to erasure requests where the data is necessary for compliance, fraud prevention, or legal claims.

7

AML/CTF (Anti-Money Laundering / Counter-Terrorist Financing)

We are required to perform checks and monitoring to prevent money laundering and terrorist financing, which may include:

  • Identity verification and periodic re-verification,
  • Screening against sanctions and watchlists,
  • Detecting unusual or high-risk transaction patterns,
  • Classifying users and transactions into AML risk levels,
  • Filing reports or alerts to relevant authorities where required.

AML/CTF-related data is retained as required by law and may not be deleted or restricted upon request if such deletion would conflict with our legal obligations.

8

Sharing of Personal Data

We do not sell your personal data. We may share your data with:

8.1 Payment Service Providers and Banks

  • Card processors and acquirers,
  • Prepaid card issuers,
  • Stripe, PayPal, and similar PSPs,
  • Partner banks for deposits and withdrawals.

8.2 Fraud, Security, and Risk Providers

  • Fraud detection and scoring vendors,
  • Device fingerprint and bot-detection services,
  • IP reputation and proxy/VPN detection services.

8.3 KYC and Identity Verification Providers

  • Document verification services,
  • Liveness detection providers,
  • Sanctions and watchlist screening tools.

8.4 Authorities and Legal Recipients

We may disclose your data if required by law or legitimate legal request, for example:

  • Courts and law enforcement agencies,
  • Financial regulators and supervisory authorities,
  • Tax authorities, where legally justified.

8.5 Internal Staff and Contractors

Access to your data is restricted to staff and contractors who need it to perform their duties (e.g. support, fraud, compliance, tech) and who are bound by confidentiality obligations.

9

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When data is transferred to such providers, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission,
  • Data Privacy Framework participation (where applicable),
  • Technical and organizational measures (encryption, access controls, etc.).
10

Data Retention

10.1 General Retention

We retain your personal data for as long as necessary to:

  • Provide and improve the Service,
  • Comply with our legal and contractual obligations,
  • Resolve disputes and enforce our rights.

10.2 AML/CTF and Fraud Data

AML and fraud-related data is generally retained for a minimum of 5 to 10 years, or longer where required by law or necessary in connection with legal claims, regulatory investigations or serious fraud.

This data may not be deleted upon request where retention is required by law or necessary to protect our legitimate interests and those of third parties.

10.3 Logs and Security Records

Security logs and technical records (such as IP logs, login logs, and system events) are retained for periods consistent with security best practices and legal requirements, typically between 1 and 5 years, depending on the nature and sensitivity of the data.

11

Your Data Protection Rights

Subject to legal limitations, you have the following rights under GDPR:

  • Right of access: to obtain confirmation whether we process your data and to receive a copy.
  • Right to rectification: to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): to request deletion of your data where legally possible.
  • Right to restriction: to request that we limit processing in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format.
  • Right to object: to certain types of processing, especially processing based on our legitimate interests.
  • Right to withdraw consent: where processing is based on your consent.

Important: These rights are not absolute. We may refuse or limit a request where:

  • We are legally required to retain the data (e.g. AML/CTF laws),
  • The data is necessary for fraud prevention and security,
  • The data is needed to establish, exercise, or defend legal claims.

To exercise your rights, you can contact us at contact@millewallet.com.

12

Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Authentication and session management,
  • Security and fraud prevention,
  • Remembering your preferences,
  • Optional analytics and performance measurement (where allowed).

Certain cookies are strictly necessary for the Service to function and cannot be disabled. For non-essential cookies (such as analytics), we will ask for your consent where required by law.

13

Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Transport-layer encryption (HTTPS/TLS),
  • Encryption of sensitive data at rest where appropriate,
  • Access controls and role-based permissions,
  • Strong password and authentication requirements,
  • Rate limiting, anomaly detection, and anti-bot mechanisms,
  • Logging and monitoring of security-relevant events,
  • Regular updates and security patches.

However, no online service can be 100% secure, and you also play a role by choosing strong passwords, enabling additional security options where available, and keeping your credentials confidential.

14

Children’s Privacy

MilleWallet is intended only for users who are at least 18 years old. We do not knowingly collect personal data from children. If you believe a minor has used our Service, please contact us so we can take appropriate action.

15

Automated Decision-Making and Profiling

We use automated decision-making and profiling primarily for:

  • Fraud detection and risk scoring,
  • AML/CTF risk assessment,
  • Security enforcement (e.g. blocking suspicious logins or transactions).

These automated processes may result in temporary or permanent restrictions on your account where high risk is detected. Where required by law, you may request:

  • Human review of an automated decision,
  • An explanation of the decision,
  • To express your point of view and contest the decision.
16

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will notify you by appropriate means (for example by email, in-app notification, or a notice on our website) and indicate the date of the latest update at the top of this page.

17 

Deposits made via Orange Money, etc., or bank accounts are purchases of MilleWallet credit that allow access to the platform's services. MilleWallet is not a money transfer service, and funds are never held in the user's name.

Contact and Complaints

If you have any questions about this Privacy Policy or how we process your personal data, you can contact us at:

TECH1ter
38 Chemin de la Bigotte
13015 Marseille – France
Email: contact@millewallet.com

You also have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL (www.cnil.fr).