How does Maclear protect investor personal data: GDPR and security measures
06/24/2026
4 min
Maclear stores and processes investor personal data under two regulatory frameworks: the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG). Identity documents, selfies, and verification records are retained for a minimum of 10 years after account closure, as required by Swiss AML law. Data is shared with third parties only in two cases: KYC processing through Sumsub, and document signing through Skribble. Maclear does not sell personal data and does not share it with tax authorities.
What personal data does Maclear collect and why?
Maclear collects data at two stages: registration and identity verification (KYC).
Data type | When collected | Why stored | Retention |
Name, email address | Registration | Account identification | Duration of account + 10 years |
Identity document photos (front + back) | KYC verification | AML compliance (AMLA) | Min. 10 years after account closure |
Selfie + photo holding ID | KYC verification | Liveness check, fraud prevention | Min. 10 years after account closure |
Real-time identification extracts | KYC verification | Regulatory audit trail | Min. 10 years after account closure |
Utility bill or address document | KYC / POA verification | Proof of address requirement | Min. 10 years after account closure |
Commercial register extract | Company KYB only | Entity verification | Min. 10 years after account closure |
Transaction history | Throughout account lifetime | AML / TF monitoring | Min. 10 years after account closure |
This data is collected because Swiss AML law (AMLA) requires Maclear AG to verify the identity of every investor and retain that record. This is a legal obligation, not a business choice.
Who processes investor data on Maclear's behalf?
Maclear works with two verified third-party providers:
Sumsub — the identity verification provider that processes KYC documents and selfies. Sumsub operates in more than 220 countries, supports over 14,000 document types, and is used by thousands of fintech and financial institutions worldwide. The partnership is structured to comply with KYC, AML, and GDPR requirements.
Skribble — a Swiss-based electronic signature provider used for Form A signing, compliant with EU and Swiss digital signature regulations (eIDAS and ZertES).
Maclear does not pass investor data to advertising networks, data brokers, or commercial third parties.
Is Maclear GDPR-compliant? What rights do investors have?
Yes. GDPR applies because Maclear serves investors from EU countries. Your rights under GDPR and how they apply on Maclear:
Right | What it means in practice | Limitation on Maclear |
Right of access | Request a copy of all personal data Maclear holds about you | No limitation — contact support@maclear.ch |
Right to rectification | Request correction of inaccurate data | No limitation |
Right to erasure | Request deletion of your personal data | Swiss AML law (AMLA) requires retention for min. 10 years after account closure — this legal obligation takes precedence |
Right to restriction | Request that Maclear limits how your data is used | Available where legally permitted |
Right to data portability | Receive your data in a structured, machine-readable format | Available on request |
Right to object | Object to certain types of data processing | Available where legally permitted |
After the 10-year retention period expires, data is deleted in accordance with Maclear's Privacy Policy.
How does Maclear protect account access?
Platform access is protected by a password and optional two-factor authentication (2FA). 2FA is not required to use Maclear, but is strongly recommended for all investors. With 2FA enabled, logging in requires a second verification step — either a time-based code from an authenticator app or a one-time code sent to your email. Without 2FA, a compromised password gives full account access.
Maclear will never ask for your password by email or phone. If you receive a message claiming to be from Maclear and requesting credentials, contact support@maclear.ch immediately.
Is my Maclear data shared with tax authorities?
No. Maclear does not report investor data to tax authorities and does not withhold taxes on investment income. Each investor is responsible for declaring and paying taxes in their country of tax residence. For questions about your specific tax obligations, consult a qualified tax advisor.
What should I do if I think my account has been compromised?
Reset your password immediately in Personal Settings. If you cannot access your account, contact support@maclear.ch. Enable 2FA if it is not already active. If you received a suspicious email or call claiming to be from Maclear, report it to support — Maclear does not request passwords or credentials through any channel.
Regulatory disclosure: Maclear AG, registered in Switzerland, member of PolyReg SRO, a self-regulatory organization supervised by FINMA.