Product USPs
Step 1
Step 2
Step 3
Step 4
Step 1
Minimise operational
overhead and risk
Step 2
Step 3
Step 4
Provide secure and flexible custodial services to a wide range of customers
Create unlimited secure custodial wallets for your customers. Easily deploy new wallets or recover existing customer wallets.
Achieve full account segregation for customer wallets as per regulatory requirements in several jurisdictions.
Access the real-time audit record of all transaction-related details and metadata. Export and share human-readable documents with relevant regulatory bodies and auditors.
Download Infos
Download Infos
(Information pursuant to Articles 13 and 14 GDPR)

We, Riddle & Code (also referred to as "RIDDLE&CODE" or "we" in this Data Protection Notice), are committed to personal data protection. As a rule, the use of our website and our business activities involve the processing of personal data. In order to make these data processing operations comprehensible, we would like to inform you in our data protection notice about how we process personal data and what rights you have. Should you have any further questions, please find our contact details below.

I. Who we are and how you can contact us if you have any questions:

The controller responsible within the meaning of the General Data Protection Regulation (GDPR) is:Riddle & Code GmbHAdresse c/o Spaces Icon Central Station, Gertrude-Fröhlich-Sandner-Straße 2-4/Tower 9, 1100 Vienna, Austria, EuropeE-Mail: privacy@riddleandcode.comTelefon: +43 1 2051907139

II. Our data processing - for what purpose and on what legal basis we process personal dataII.

1 General:
We process personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR, Regulation [EU] 2016/679) and the Austrian Data Protection Act (DSG). Any data processing by us will therefore only take place within the scope of a legal basis (in particular pursuant to Art. 6 Para. 1 lit a - f GDPR), which will be stated below for the individual data processing operations. All of our employees entrusted with the processing are obliged to maintain the confidentiality of your data (data confidentiality). We do not carry out any automated decision making.In principle, we collect personal data directly from the data subject. In individual cases, we collect and store personal data (in particular name and contact information) on the basis of correspondence with our customers and business partners or from publicly accessible sources (e.g. telephone directory, websites, company register) on the basis of Art 6 para. 1 lit f GDPR (and in this case not directly from the data subject) if this is necessary for providing our service or for contacting and administering the data, which also mirrors our legitimate interests.

II.2 Operation of our website:

Every time you access our website (, your computer (device) or browser automatically transmits certain information to enable you to visit our website and vice versa enable us to operate the website.Services of Squarespace are used to manage and deliver the website (;). Further information on the purpose and scope of data collection and its processing by these third parties can be found in the respective data protection declarations of these providers (;). There you will also find further information on your rights in this regard and setting options for protecting your privacy.

Legal basis and purpose of data processing

The legal basis for the processing of data and their temporary storage in log files is Art 6 Paragraph 1 lit f GDPR. Temporary storage of the listed data by the system is necessary to enable delivery of the website to the user's computer. The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems, in particular to guarantee the integrity, confidentiality and availability of the data processed via our website. These purposes also include our legitimate interest in data processing pursuant to Art 6 Paragraph 1 lit f GDPR.

Retention period

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case when collecting data for the purpose of providing the website when the respective session is ended. When the data is stored in log files, this is the case after fourteen days at the latest, unless further processing is necessary to clarify a (suspected) attack.Personal data that is collected during the operation of the website will only be transmitted by us to third parties (in particular to expert persons and competent public authorities) in the event of a (suspected) data security incident or a criminal act (e.g. an attack) for the purposes ending the respective attack, of clarification, prosecution and the assertion of legal claims.

II.3 Use of cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies that

- are going to be deleted again when you close your browser (session cookies),
- remain stored on your end user device even after you close your browser (permanent cookies),
- originate from us (first party cookies) or from third parties (third party cookies).

Legal basis and purpose for data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. Through our cookies, we process data on the following legal bases and for the following purposes:

We use cookies, which are absolutely necessary for our websites to function. For this purpose, we have a legitimate interest in processing personal data pursuant to Art 6 Paragraph 1 lit f GDPR;

We use all other cookies on the basis of your consent pursuant to Art 6 Paragraph 1 lit a GDPR.

In order to withdraw your consent or to restrict it to certain cookies, you can use the settings of your browser. Details can be found in the help function of your browser (usually accessible via the F1 key on your keyboard). Withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal.

Retention period, objection and removal possibility

Generally, cookies are stored on the user's computer and transmitted by the user to our site. The session cookies used are technically necessary and are deleted when you close your browser. You as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that not all functions of the website can be used to their full extent.

II.4 Social Media

We use social media to present our work through widely used communications channels.Each social media channel has its own policy on the way they process your personal data when you access their sites. For example, if you choose to visit LinkedIn, you will be asked for explicit consent to accept LinkedIn cookies; if you look at our Twitter activity on Twitter, you will be asked for explicit consent to accept Twitter cookies; the same applies for LinkedIn.If you have any concerns or questions about their use of your personal data, you should read their privacy policies carefully before using them:


We use the short message service "Twitter" under the handle @riddleandcode and make use of the platform of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. Responsible for data processing (for persons living outside the USA) is: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. Please note that you use this short message service and its functions (e.g. Retweet, Like) on your own responsibility and that we have no influence on the data processing by Twitter. For more information on processing by Twitter, please refer to the Twitter privacy policy: Twitter Inc. is committed to the principles of the EU-US Privacy Shield. You can find more information about this here: data you publish on Twitter, in particular your handle (user name) and the content accessible under your account, are processed by us to the extent that we retweet or reply to these ("tweets") or write tweets from us that refer to your account.

II.5. provision of services as well as customer care and information in this context (distribution and offer of our services as well as administration of these services):

We process personal data for the purpose of providing our services, customer support and information including internal documentation and administration. The legal basis for the processing of the data is the fulfilment of the contract or the implementation of pre-contractual measures (Art 6 Paragraph 1 lit b GDPR), if the data subject is directly party of the contract (B2C); the fulfilment of legal obligations (Art 6 Paragraph 1 lit c GDPR) as well as our legitimate interests (Art 6 Paragraph 1 lit f GDPR), in particular the interests of asserting or defending our own legal claims as well as internal administration within the company.In order to conclude a contract, the provision of certain personal data is required by law or contract, to which the person concerned is obliged; otherwise, no contract can be concluded (and therefore no service provided).

II.6 Establishing contact

When contacting us (e.g. via contact form or e-mail), the information provided by the inquirer (name, contact data, other details) will be processed for documentation, processing and answering the enquiry. We offer a contact form on our website. We have marked the mandatory data required to answer an inquiry as mandatory fields. The provision of further data is voluntary.The basis for this is our legitimate interest in the proper documentation, processing and answering of the enquiry (Art 6 Paragraph 1 lit f GDPR); in the event of contact being made in an upright customer relationship or the initiation of a business relationship, we rely on the fulfilment of the contract or the implementation of pre-contractual measures (Art 6 Paragraph 1 lit b GDPR).If you contact us in order to fulfil your obligations under labour or civil law as an employee for your employer or other client, we also have a legitimate interest in the proper documentation, processing and answering of the enquiry (Art 6 Paragraph 1 lit f GDPR), which also includes your data as an external contact person; in the case of contacting us in an upright client relationship or the initiation of a business relationship, we rely on the fulfilment of the contract or the implementation of pre-contractual measures (Art 6 Paragraph 1 lit b GDPR).

II.7. Job applications

We process the data of applicants on the basis of Art 6 Paragraph 1 lit b GDPR (pre-contractual measures) and Art 6 Paragraph 1 lit f GDPR for the purpose of carrying out the application procedure and contacting the applicant.If you apply for an open position and you are not recruited, we will store the personal data for seven months from the end of the application procedure (deadline for asserting claims under Sections 15 (1) and 29 GlBG) on the basis of Art 6 (1) lit f GDPR. If the applicant consents to this in each individual case (Art 6 (1) lit a GDPR), we will keep the specific application documents in evidence for a further period of up to three years.If it is a spontaneous/speculative application, we process the application documents for a maximum of three years on the basis of Art 6 Paragraph 1 lit f GDPR in order to be able to contact the applicant in the event of suitable positions - an informal objection to the processing can be lodged at any time.In any case, proof of qualification is required for the conclusion of a contract. In individual cases, depending on the requirements for filling a vacancy, it may also be necessary to submit further data (e.g. extract from the criminal register). If the required data is not submitted, such an application cannot be considered. If we contact references provided by the applicant, data and information on a previous employment relationship may be collected. In the event that an employment relationship is established, the application documents will be used for the purpose of personnel administration and formation of or performance under a contract.

II.8 To whom do we transmit personal data?

We transmit your personal data only to the extent necessary and only in the following cases:with your consent;for the processing of contractual relationships or for the implementation of pre-contractual measures;insofar as we are legally obliged to do so;to companies that support us in providing our services; these service providers act as processors, who may only process the data pursuant to our instructions (within the framework of a Data Processing Agreement);insofar as this is necessary to protect our legitimate interests (e.g. to assert, exercise or defend legal claims) or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.In the cases mentioned above, the following third parties may come into consideration: contractual and business partners who are involved in the delivery or service (e.g. logistics companies), banks (for handling payment transactions), legal representatives, courts, auditors / tax consultants, administrative authorities, self-governing bodies (social insurance carriers), insurance companies.In principle, we have no intention to transfer personal data to recipients in third countries or international organizations. Such a transfer is possible if a data subject or, in the specific case, a party involved is domiciled in a third country (e.g. in the case of a customer with headquarters outside the EU). If we transfer data to a country without adequate data protection legislation, we ensure an adequate level of protection by using suitable guarantees in the form of appropriate contracts (standard contractual clauses) or binding internal data protection regulations (Binding Corporate Rules) or rely on the exceptional circumstances otherwise provided for in the GDPR (consent, execution of a contract, establishment, exercise or enforcement of legal claims, overriding public interests, already published personal data or to protect the integrity of data subjects). For a copy of the above-mentioned contractual guarantees regarding p-country processing, please contact us using the contact details provided.In this context, we would also like to point out that any data voluntarily published by users of our services themselves is public and potentially accessible worldwide.

II.9 Website AnalyticsGoogle Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. We process your data on the basis of our overriding legitimate interest to cost-efficiently generate easy to use website access statistics (Article 6(1)(f) General Data Protection Regulation).The information generated by the cookie about your use of the website (including your IP address and the URLs of the accessed pages) will be transmitted to and stored by Google on servers in the United States. We do not store any of your personal data collected by Google Analytics.This website uses an IP anonymization feature provided by Google Analytics. Your IP address will there-fore be truncated/anonymized by Google as soon as it receives it. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to us. Google will not associate your IP address with any other data held by Google.You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of your data by downloading and installing the browser plug-in available under information concerning Google’s terms of use and privacy statement can be found at or at the cases in which personal data is transferred to the USA, Google has self-certified pursuant to the EU-US Privacy Shield ( can also refuse the use of Google Analytics on this website by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:Click here to opt-out of Google Analytics

II.10. Integration of third-party technologies

Services or libraries of third parties, such as Squarespace, Typeform, Stripe, Paypal und Google (e.g. hosting, surveys, forms, web fonts, maps, payment systems), are integrated into our website in order to optimise loading speeds and page presentation and to offer services. This involves using resources of these providers from external servers (and thus also the transfers of data such as the IP address), which may be located outside the European Union. Further information on the purpose and scope of data collection and its processing by these third parties can be found in the respective data protection declarations of these providers (;;;; There you will also find further information on your rights in this regard and setting options for protecting your privacy.

II.11 Webshop

In the course of your visit of our webshop and the processing of your orders we will collect the categories of personal data (names, titles, birth date, contact data, language, delivery address, terms of delivery or service, payment method, bank account details, credit card numbers and credit card company, delivery or service insurance data and related financing data, tax liability and tax calculation data, date and time of your visit of this webshop, IP address, name and version of your web browser, the website (URL) you have visited before you accessed this webshop, information that you provide us with by filling out any contact form, by registering in this webshop, and by ordering products.You are under no obligation to provide us with the data we ask you for. However, if you do not provide your personal data, you will not be able to make use of all the functions of this webshop, including the possibility to order goods or services via our webshop.We use “cookies” to improve the functionality of our website and webshop, please see Section II.3 above.

Purposes for which we process your data: We will process your personal data to make this webshop available to you and to offer goods and services; process your order; create usage statistics and be able to recognize, prevent and investigate attacks on this webshop.

Legal bases of the processing: We process the categories of your personal data listed above either on the basis of the performance of the contract we have concluded with you, or the necessity to take steps at your request prior to entering into such an agreement, insofar as it is necessary (Article 6 paragraph 1 lit b GDPR), or our overriding legitimate interest according to Article 6 paragraph 1 lit f GDPR to achieve the purposes set out above, or the necessity to comply with legal obligations to which we are subject (Article 6 paragraph 1 lit c GDPR).Transfer of your personal data: To achieve the purposes set out above, we will transfer your personal data to the following categories of recipients: IT service providers that we use as processors; distributors, logistic companies and postal service providers that we use and Payment Service Providers.

III How long do we store personal data?

Unless otherwise specified in the respective processing, we store personal data for as long as it is necessary to ensure the fulfilment of the aforementioned purposes or as long as we are legally obliged to do so.This means for business letters, contracts, bookings, orders etc. according to § 212 para. 1 UGB and § 132 para. 1 BAO: Until the end of the business relationship or until the expiry of the limitation and statutory retention periods applicable to us (in particular at least 7 years to prove compliance with tax, duty and company law retention obligations); furthermore until the end of any legal disputes in which the data is required as evidence. In the case of services where claims for damages or other titles are asserted, for the required period (between 3 and 30 years).For inquiries (contacting): Personal data that you voluntarily provide us with will be stored by us for the purpose of providing the associated processing and keeping records (up to 3 years after completion or termination), except for a longer storage period is also required for the purpose of fulfilling a legal obligation or for the assertion or defense of legal claims.If you register on our webshop we will retain your data at least for as long as your account is active.

IV. Rights of the data subject

Provided that the respective legal requirements are met, you can assert the following rights of data subjects:Right to information: You can request confirmation as to whether personal data concerning you is being processed and request information about this data and the information pursuant to Art 15 GDPR.Right of rectification if we process incorrect or incomplete data about you (Art 16 GDPR).Right to have personal data concerning you deleted if the conditions of Art 17 GDPR are met.Right to limit the processing of your data (Art 18 GDPR).The right to transfer the data you have provided to us, provided that the processing is based on consent (Art 6 Paragraph 1 letter a) or on a contract (Art 6 Paragraph 1 letter b) to which you are party and that the processing is carried out using automated procedures (Art 20 GDPR).In the case of processing operations carried out on the basis of legitimate interests (pursuant to Art. 6 para. 1 lit f GDPR), you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for doing so arising from your particular situation. In the case of processing for the purpose of direct marketing, this right is unrestricted.You can revoke your consent to the processing of personal data at any time, please contact us (see our contact details). Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.Right of complaint: You have the right to complain to a supervisory authority responsible for you (in Austria: Data Protection Authority, Barichgasse 40-42, 1030 Wien, if you believe that the processing of personal data relating to you has violated the GDPR or your rights as a data subject have been infringed. In cases in which you were not completely satisfied with our services, we kindly ask you to contact us first so that have an opportunity to quickly rectify any mistakes.

Changes to our Data Protection Notice

We keep our privacy policy up to date and therefore adapt it when necessary. The current version of our data protection notice is available at update: 20.02.2020The german version of the Riddle &Code GmbH Data protection notice can be found here.