Is Maclear compliant with AML and GDPR: how investor data and funds are protected

Maclear AG complies with the Swiss Anti-Money Laundering Act (AMLA), the EU General Data Protection Regulation (GDPR), and the Swiss Data Protection Act. These are legal obligations that come with PolyReg SRO membership and are verified through independent audits. Compliance covers three areas: who can access the platform, how every transaction is screened, and how investor data is stored and protected.

AML compliance: what it means for investors

Under Swiss AMLA, Maclear is required to screen every investor and transaction to prevent money laundering and terrorism financing. This obligation applies regardless of the transfer amount or speed and cannot be waived for any investor.

AML checks run on three levels:

At onboarding — before any investor can deposit or invest, identity must be verified through KYC. Verification is handled by Sumsub.

On every incoming transfer — each deposit is screened before funds are credited to the investor's account. The checks include:

These checks are carried out under AMLA, PolyReg SRO regulations, and FINMA Circular 2016/7. Instant SEPA transfers go through the same screening as standard transfers — "instant" refers to bank-to-bank speed, not the crediting timeline on Maclear.

Ongoing monitoring — Maclear monitors borrower solvency and project performance throughout the loan term. The platform also conducts regular internal reporting and auditing as required by PolyReg.

The November 2024 audit by Grant Thornton AG — an independent Swiss firm operating under FINMA-approved SRO standards — confirmed Maclear's strict adherence to AMLA requirements, covering AML processes, KYC procedures, and PolyReg compliance.

GDPR compliance: how investor data is handled

Maclear complies with GDPR and the Swiss Data Protection Act. The KYC provider — Sumsub — is also GDPR-compliant. Investor data is collected only to fulfill legal obligations and is used for no other purpose.

What data Maclear stores after KYC verification:

How long data is retained: Maclear stores KYC data for a minimum of 10 years following account closure, as required by Swiss AMLA (→ Maclear Terms and Conditions, section 2.11). This applies to identity documents, selfies, and associated personal information.GDPR's right to delete your data does not override this obligation. After 10 years, data is deleted in accordance with Maclear's Privacy Policy.

Who has access to investor data:

Data is held confidentially. Maclear does not share investor data with tax authorities. Disclosure to AML/TF authorities only takes place upon an official request submitted to Maclear in accordance with Swiss law. No third party receives investor data outside this framework.

Who stores data:

Is my data shared with tax authorities?

No. Maclear does not report investor data to tax authorities. Each investor is responsible for declaring and paying taxes according to the laws of their country of tax residence.

Can I delete my data before the 10-year period ends?

No. Swiss AMLA requires financial intermediaries to retain identity verification records for at least 10 years. This is a statutory obligation. After the retention period, data is deleted under Maclear's Privacy Policy.

Who audits Maclear's compliance?

PolyReg SRO can inspect Maclear's operations at any time and commissions regular audits. The November 2024 independent audit by Grant Thornton AG confirmed full compliance with Swiss AMLA and PolyReg's rulebook.

Regulatory disclosure: Maclear AG, registered in Switzerland (UID CHE-115.674.165), member of PolyReg SRO, a self-regulatory organization supervised by FINMA.