AhoraCrypto operates under a strict regulatory framework and applies technical, operational and organisational controls built to protect your funds, your data and your experience.
AhoraCrypto, S.L. is registered as a Virtual Asset Service Provider (VASP) with the Bank of Spain under number D803, in accordance with Law 10/2010 on the prevention of money laundering and terrorism financing.
The registration places us under the supervision of SEPBLAC (Executive Service of the Commission for the Prevention of Money Laundering) and binds us to identification, due diligence and reporting obligations. We also align our operations with internationally recognised standards for information security, risk management and operational resilience.
Defence in depth, from your wallet to our infrastructure.
We never store your private keys. Crypto goes straight from our platform to your own wallet. Before the first transfer to an external address, we verify ownership of the destination wallet.
All sensitive data is transmitted and stored with industry-standard encryption. Browser-to-server communications run over modern TLS.
Adds a second layer on every login and operation. Internally, least-privilege access and multi-factor on critical systems.
The platform is monitored around the clock to detect anomalous activity. Formal incident management and response procedures in place.
We carry out audits and security tests regularly, including independent exercises that probe our systems against real-world threats.
All crypto operations are confirmed on the corresponding blockchain. Transparent, traceable and immutable.
We maintain business continuity and disaster recovery plans, tested regularly to minimise service impact in exceptional scenarios.
We comply with Spanish and European regulations on the prevention of money laundering and terrorism financing.
We comply with the EU General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD). Lawful, fair and transparent processing, only what is needed to provide the service and meet our legal obligations.
Independent compliance functions and periodic reviews, supervised by the board of directors, which holds ultimate responsibility for risk and compliance.
Formal procedure for handling complaints, with defined timeframes and an auditable record.
