Escrowlyst
Legal

Privacy Policy

We collect the minimum data needed to settle your deal safely, and nothing more. This policy explains exactly what that means.

Last updated · January 1, 2026

The data minimisation principle

Escrowlyst was designed with one constraint: collect the smallest amount of personal data necessary to settle and audit a deal. Anything we cannot justify, we do not store.

What we collect

  • Telegram identity — your handle, display name and Telegram user ID, used to bind you to a deal thread.
  • Deal terms — the messages, files and evidence you exchange inside the Telegram thread.
  • On-chain data — the deposit and release addresses, transaction hashes, amounts and confirmation times.
  • KYC data (only when triggered) — government ID, selfie, and proof of address for high-value or flagged deals.
  • Anonymous web analytics — aggregate page views on escrowlyst.com, with no cookies and no fingerprinting.

What we do not collect

  • We don’t set tracking cookies on escrowlyst.com.
  • We don’t fingerprint your browser or device.
  • We don’t buy data from third parties to enrich your profile.
  • We don’t sell, rent, or share your data with marketers — ever.
  • We don’t embed third-party trackers, pixels or ads on this site.

Why we collect what we do

Identity binding and deal evidence let us resolve disputes fairly. On-chain data is intrinsic to the custody itself. KYC data, when required, satisfies our AML obligations. Aggregate analytics tell us which pages load slowly so we can fix them.

Where we store it

  • Deal threads live on Telegram’s encrypted infrastructure.
  • Vault keys live on hardware-secured devices in geographically separated facilities.
  • KYC documents and operational records live in encrypted object storage with strict access controls.
  • Analytics are processed in-memory and rolled up daily; no per-user logs are retained.

How long we keep it

  • Telegram thread contents: 7 years after deal close (legal recordkeeping).
  • KYC documents: 5 years after the last deal you participated in (FATF Rec. 11).
  • On-chain data: indefinite (it’s already public).
  • Marketing data: we don’t keep any.

Your rights

Access, correction, erasure, portability

You can request a copy of all personal data we hold about you, ask us to correct it, or — outside our legal retention window — ask us to erase it. You can also request your data in a portable JSON export. Send a request from your verified Telegram handle to @escrowlystwith the subject "DATA REQUEST".

Response time

Within 30 days, in line with GDPR / UK GDPR.

Security

Personal data is encrypted at rest with AES-256 and in transit with TLS 1.3. Access is gated by hardware-key two-factor authentication and audited continuously. We run quarterly external penetration tests on our infrastructure.

International transfers

Because we operate cross-border, your data may be processed outside your home jurisdiction. Where required we apply standard contractual clauses or equivalent safeguards. Telegram’s own data-residency rules apply to your thread content.

Cookies

escrowlyst.com sets no cookies. No marketing pixels, no analytics cookies, no consent banner needed.

Children

Escrowlyst is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has used the service, contact us and we will erase the data immediately.

Changes to this policy

Material changes are announced on this page with at least 30 days’ notice. Continued use after the effective date constitutes acceptance.