Alert!
AML Watcher LLC – CCPA Privacy Notification
Last updated: March 27, 2026
Preamble
AML Watcher LLC ('we/us/our'), being a software-as-a-service business providing global AML compliance and risk management services, takes the requirements and restrictions under the CCPA very seriously.
The CCPA Privacy Notification ('Notification') supplements the privacy provisions contained in AML Watcher Privacy Policy.
This Notification is addressed to AML Watcher's clients who reside in the State of California and those who are California residents and will provide their personal information to AML Watcher for processing, including AML Watcher's public-facing websites and platforms.
We adopt this Notification to comply with the requirements and restrictions under the California Consumer Privacy Act of 2018 ('CCPA'), as amended by the California Privacy Rights Act ('CPRA'), and other California privacy laws.
1. Definitions
According to the definitions outlined in Civil Code section 1798.140, for purposes of this Notification:
Consumer
a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier. The consumer is considered a User ('User' or 'you/your') when receiving any services processed through AML Watcher platforms.
Personal information
any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Business
a legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners that collects consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California, and that satisfies one or more of the thresholds indicated in Section 1798.140. The Business is considered to be a Client when applying for AML Watcher services.
Service Provider
a person that processes personal information on behalf of a business and receives from or on behalf of the business a consumer's personal information for a business purpose according to a written contract. AML Watcher acts as a Service Provider under Client Data Processing Agreements.
Agreement
the contractual arrangement concluded by AML Watcher with each Business (or 'Client'), including Terms & Conditions, Data Processing Agreement (DPA), its annexes, and appendices.
Service(s)
the AML compliance and risk management services provided by AML Watcher, including customer due diligence (CDD), sanctions and watchlist screening, politically exposed persons (PEP) screening, adverse media checks, transaction monitoring, blockchain/wallet analysis, Travel Rule compliance, and biometric identity verification.
Third-Party
the service providers authorized to exercise certain processing activities under the direct authority of AML Watcher. Any other terms defined in the CCPA and Privacy Policy have the same meaning when used in this Notification.
2. Scope of this Notification
We may act as a Service Provider
We process personal data where it is engaged by a Business (a Client or its agent) for the purposes of the respective Agreement.
As part of the Services provided to a Business, we perform AML compliance procedures including identity verification, sanctions screening, transaction monitoring, and risk scoring. Before processing, Users are subject to their Business's privacy notice and consent procedures.
We may act as a Business
We may determine the purposes and means of personal data processing in some instances. This applies, in particular, to the following situations:
- when "cookie" files are collected in the course of the website or platform operation;
- when the AML Watcher website is visited and interacted with;
- when we obtain data from forms filled out on the website;
- when a prospective Client's representative creates a Customer Account via the website;
- when taking steps before entering the contract with a Client and further processing for the performance of the contract;
- when AML Watcher's demonstration environments (WebSDK Demo, Mobile App Demo) are used.
3. The types of information that may be collected about you
Category A – Identifiers
Full name, aliases, postal address, Internet Protocol address, email address, phone number, dates of birth, passport numbers, national ID numbers, driver's license numbers, device identifiers, or other similar identifiers.
Category B – Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Full name, signature, address, email address, telephone number, identity document data (document type, issuing country, number, expiry date, MRZ code, barcode data, security features), masked bank account numbers, credit/debit card details (first 6/last 4 digits, expiry), source of funds documentation.
Category C – Protected classification characteristics under California or federal law
Age (if over 40), citizenship, nationality.
Category D – Commercial information
Transaction histories, cryptocurrency wallet addresses, payment records, beneficial ownership structures.
Category E - Biometric information
Facial features and templates derived from facial recognition technologies, liveness detection scores.
Category F – Internet or other similar network activity
Access history, platform interactions, API call data, session logs, page views, search history.
Category G – Geolocation data
Precise or approximate location derived from IP address.
Category H - Audio, electronic, visual, thermal, olfactory, or similar information
Photos of face (selfie images), scans of identification documents, verification videos.
Category I – Professional or employment-related information
Occupation, employer name, job title, business affiliation, PEP status.
Category X – Sensitive personal information (CPRA)
Social Security numbers (partial), biometric data, precise geolocation.
4. Sources of information collection
We collect the above-listed categories of personal information from the following sources:
- Directly from our clients or their agents (e.g., Clients provide end-user data necessary for AML Services).
- Directly from you (e.g., you provide information during identity verification or demo usage).
- Directly and indirectly from you when interacting with our websites/platforms (e.g., technical information collected automatically, forms, Customer Account creation).
- Third-party providers (sanctions lists, PEP databases, blockchain analytics, public government registers).
5. Purpose of use of the provided information
We will not collect additional categories of personal information or use collected information for materially different, unrelated, or incompatible purposes without notice.
As the Business
- Provide requested information via 'Contact Us' forms or livechat
- Process Client onboarding, due diligence, and contract performance
- Maintain Customer Accounts for servicing/invoicing
- Demonstrate Services via WebSDK/Mobile App demos
- Analyze website/platform usage via cookies (see Cookie Policy)
- Send compliance news/updates (with consent)
- Ensure security, prevent fraud/misuse.
As the Service Provider
- Enable Client compliance with AML/CFT regulations
- Perform automated processing (database cross-checks, risk scoring, biometric verification)
- Generate compliance reports and risk indicators.
Once Personal Information is no longer necessary, we delete it per Privacy Policy Section 8 (6 months post-termination unless Client instructs otherwise).
6. Sharing of personal information
We disclose Personal Information to Third-Parties only as necessary for Agreement purposes, website operation, or legal obligations. Third-Parties provide safeguards via contract.
In the preceding twelve (12) months, we disclosed:
- Category A: Identifiers
- Category B: California Customer Records
- Category C: Protected characteristics
- Category D: Commercial information
- Category E: Biometric information
- Category F: Internet activity
- Category G: Geolocation
- Category H: Audio/visual information
- Category I: Professional information
- Category X: Sensitive information .
No sales or cross-context sharing occurred. All disclosures were business-purpose only.
7. Your Rights and Choices
Right to know
- Categories of Personal Information collected
- Purposes for collection
- Categories of third parties shared with
- Specific pieces collected (data portability, max 2x/year) .
Right to delete
Request deletion subject to exceptions (security, legal obligations, fraud prevention). We delete and direct service providers to delete unless:
- Required for security/fraud detection
- Legal retention obligations (AML/CFT up to 5 years)
- Contract performance
- Other CCPA exceptions apply .
8. Exercising of CCPA Rights
Submit valid requests toÂ
Only you, or a California-registered authorized agent, may submit. Provide sufficient detail for verification. Service Provider requests forwarded to controlling Client.
9. Request response Timing and Format
- 45 days to respond (extendable to 90 days with notice)
- No fee unless excessive/repetitive
- Email response matches request format
- Covers 12 months prior to request
- Denial reasons provided if applicable.
10. Non-Discrimination
We will not discriminate for exercising CCPA rights: no service denial, price discrimination, or quality reduction.
11. Changes to Our Privacy Notice
This Notification is reviewed regularly for CCPA/CPRA compliance. Last updated date at top .
12. Contact Information
For CCPA requests or complaints:
California Privacy Protection Agency (CPPA) complaints: www.cppa.ca.govÂ