Ensuro Docs
  • Introduction
    • General Questions
    • Risk Management
  • Liquidity Providers
    • FAQ - Liquidity Providers
    • Onboarding process
  • Risk Partners
    • FAQ - Risk Partners
    • Onboarding process
    • Flow
  • Deployments
  • Audits
  • Smart Contracts
    • Architecture
    • Roles and permissions
    • Governance
    • Policy Lifecycle
    • Policies
    • Liquidity pools
    • Premiums Accounts
    • Reserves
    • Asset Management
    • Contracts
      • PolicyPool
      • EToken
      • RiskModule
        • TrustfulRiskModule
        • SignedQuoteRiskModule
        • SignedBucketRiskModule
        • FlightDelayRiskModule
        • PriceRiskModule
      • PremiumsAccount
      • AccessManager
      • IAssetManager
        • LiquidityThresholdAssetManager
        • ERC4626AssetManager
        • AAVEv3AssetManager
      • ILPWhitelist
        • LPManualWhitelist
      • Extensions
        • ERC4626CashFlowLender
        • ETokensBundleVault
        • MultiStrategyERC4626
  • Offchain APIs
    • Introduction
    • Callback notifications
    • API Reference
      • Pricing API
      • Offchain API
  • Frontend
    • Security and Monitoring
  • Legal & Compliance
    • Trust & Security in Ensuro's Ecosystem
  • Ensuro Risk Disclosures
  • Confirmation of Acceptance of Participation Agreement and Token Holder Terms & Conditions
  • Ensuro Terms of Service
  • Restricted Jurisdictions
  • Participation Agreement for Token Holders
  • Ensuro Anti-Money Laundering & Anti-Terrorism Financing Policy Statement
  • Privacy Policy
  • Ensuro Data Protection Policy
  • Cybersecurity Guide for Ensuro Protocol Investors
  • Tax Guide for Ensuro Protocol Investors
Powered by GitBook
On this page

Ensuro Data Protection Policy

Ensuro Re Ltd. (“Ensuro”) is committed to protecting the personal data of our users, investors, risk partners, and employees. As a blockchain-based licensed (re)insurance provider operating under the oversight of the Bermuda Monetary Authority, Ensuro implements robust measures to ensure personal data is handled securely and in compliance with applicable data protection laws.

1. Purpose

The purpose of this policy is to outline Ensuro’s data protection principles and practices. It ensures all personal data processed by Ensuro is done lawfully, fairly, and transparently, in alignment with data privacy regulations and Web3 best practices.

2. Scope

This policy applies to all Ensuro employees, contractors, and third-party service providers processing personal data on behalf of Ensuro. It covers all data collected through our platform (app.ensuro.co), internal systems, smart contracts, and KYC/AML tools.

3. Data Protection Principles

Ensuro adheres to the following principles:

  • Lawfulness, Fairness, and Transparency – Data is processed legally and openly.

  • Purpose Limitation – Data is collected for defined, legitimate purposes only.

  • Data Minimization – Only the necessary data for business or legal purposes is collected.

  • Accuracy – Ensuro ensures that data is accurate and up to date.

  • Storage Limitation – Personal data is retained only for as long as needed to fulfill legal or operational requirements.

  • Integrity and Confidentiality – We protect data with strong encryption, access controls, and secure cloud environments.

  • Accountability – Ensuro maintains documentation to demonstrate compliance with these principles.

Ensuro processes data based on the following legal bases:

  • Consent – Explicit user consent where required.

  • Contractual Necessity – To fulfill obligations under investment or legal agreements.

  • Legal Obligation – To comply with BMA licensing and AML/KYC regulations.

  • Legitimate Interests – To enhance platform functionality and investor experience, except where such interests override user rights.

5. Data Subject Rights

Data subjects have the right to:

  • Access their personal data.

  • Rectify incorrect or outdated data.

  • Erase data in specific circumstances (“right to be forgotten”).

  • Restrict processing under certain conditions.

  • Port their data to another provider.

  • Object to data use where legally applicable.

Requests can be sent to compliance@ensuro.co.

6. Data Security

Ensuro implements technical and organizational measures such as:

  • Secure, KYC-compliant storage of personal data off-chain .

  • Encryption of sensitive data.

  • Multi-factor authentication and IP-based restrictions.

  • Regular IT audits.

7. Data Breach Response

In case of a breach, Ensuro will:

  • Contain and mitigate the incident.

  • Notify regulators within 72 hours.

  • Inform affected users if risks are high.

  • Conduct a post-incident review to strengthen defenses.

8. Data Retention

Ensuro retains personal data only as long as necessary to meet legal, regulatory, and operational needs (e.g., transaction auditing, tax reporting).

9. Third-Party Processors

All third-party processors (e.g., KYC/AML vendors, cloud storage services) undergo due diligence and contractual obligations to adhere to Ensuro’s data protection and cybersecurity standards​.

10. Training and Awareness

All staff receive regular training on data privacy and security. Compliance is monitored through internal policies, audits, and board oversight​.

11. Contact Information

If you have questions about this policy or your data, contact:

PreviousPrivacy PolicyNextCybersecurity Guide for Ensuro Protocol Investors

Last updated 2 days ago

Ensuro Re Ltd. Ensuro Re Limited Crawford House, 50 Cedar Ave, Hamilton HM 11, Bermuda compliance@ensuro.co

ensuro.co