Last updated: 5 January 2026
Privacy Policy
1. Data controller
Ecavistar S.A., holder of Tax ID (RUC) 1793215487001 and registered office at Av. República de El Salvador N36-140, Mansión Blanca Building, 7th floor, Quito, Ecuador, is the controller of personal data collected through ecavistar.com.
2. Data we collect
We collect your full name, email address, phone number, national ID or passport number, browsing history on the site and, if you become a client, the financial information required by the KYC process mandated by Ecuadorian regulation.
3. Purposes
We process your data to (i) send you information about crowdlending projects, (ii) manage your registration as an investor, (iii) comply with our obligations before the Superintendence of Companies, Securities and Insurance and the UAFE, (iv) prevent fraud and (v) improve the site via aggregated analytics.
4. Legal basis
Processing is based on your explicit consent, the performance of the investment agreement and compliance with legal obligations arising from the Ecuadorian Organic Law on Personal Data Protection and its regulation.
5. Retention
Non-client lead data is retained for a maximum of 24 months. Client data is retained throughout the contractual relationship and up to 10 years after termination, in line with UAFE obligations.
6. Recipients
We may share your data with providers of electronic signature, biometric verification, hosting and web analytics located in Ecuador, Colombia or the European Union. All of them have signed data-processor agreements with Ecavistar.
7. Data subject rights
You may exercise your rights of access, rectification, update, erasure, objection, portability and not to be subject to automated decisions by writing to privacidad@ecavistar.com and attaching a copy of your ID document.
8. Supervisory authority
If you believe your rights have not been properly attended to, you may file a complaint with the Superintendence for Personal Data Protection of Ecuador.
9. Security
We apply TLS 1.3 encryption for all communications, store passwords with bcrypt, keep daily backups and run yearly external information security audits.
10. Changes to this policy
We may update this policy to reflect regulatory or operational changes. The current version will always be published at this URL and, when the change is material, we will notify you by email.