Privacy Policy

We at Coinchange (defined below) respect and protect the privacy of visitors to our websites and our customers. This Privacy Policy describes our information handling practices when you access our services, which include our content on the websites located at Coinchange.io or any other websites, pages, features, or content we own or operate (collectively, the "Site(s)") or when you use the Coinchange mobile app, any Coinchange API or third party applications relying on such an API, and related services (referred to collectively hereinafter as "Services").

Please take a moment to read this Privacy Policy carefully. If you have any questions about this Policy, please submit your request via email to support@coinchange.io

1. Introduction and Scope

At Coinchange, your privacy and the security of your personal data are among our top priorities. We believe that trust is at the heart of any financial relationship, especially in the fast-evolving world of digital assets. That’s why we want to explain, in clear and accessible language, exactly how we handle your personal information when you interact with any of our websites, mobile applications, APIs, or related services (collectively referred to as the “Services”). This Privacy and Cookies Policy (“Policy”) applies to all users of our Services globally, whether you’re browsing our website, creating an account, using our app, or contacting support.

We know that data privacy laws vary around the world. For this reason, we have designed this Policy to be consistent with the most stringent global standards, including the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA/CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil’s LGPD, Japan’s APPI, and many others. No matter where you are, you can expect the same dedication to transparency, security, and respect for your rights.

We encourage you to read this Policy in full. If you have any questions, please reach out to us at privacy@coinchange.io.

‍

2. Acceptance of This Policy

By accessing or using any part of our Services, you acknowledge that you have read and understood this Privacy and Cookies Policy and agree to its terms. In some situations, local law requires us to obtain your explicit consent before processing certain categories of personal data, especially for activities such as sending you marketing materials or using analytics cookies. In such cases, we will ask for your consent in a clear and transparent way, and you will always have the option to withdraw your consent at any time.

We may also provide additional privacy notices or just-in-time explanations when you use particular features or regions of our Services. These notices are meant to supplement not replace this Policy and may offer you more options or details depending on your circumstances.

If you disagree with any aspect of this Policy or are uncomfortable with our data handling practices, please do not use our Services.

‍

3. Group Structure and Data Controller

Coinchange is an international group of companies dedicated to providing secure, compliant, and innovative digital asset services. The specific company within our group that is responsible for your personal data referred to as the “data controller” may depend on where you are located and which services you use.

For example, if you are a resident of the European Union or the European Economic Area (EEA), the company responsible for your data is:

• Coinchange Financials sp. z o.o.

ul. Grzybowska 80/82/700

00-844 Warszawa, Polska

KRS: 00000942658

Email: privacy@coinchange.io

If you reside in Canada, your data controller is:

• Coinchange Financials, Inc.

261-250 University Avenue, Toronto, Ontario M5H 3E5, Canada

For users in the United States, your data controller is:

• Coinchange Financials, Inc.

Corporation Trust Center 1209 Orange St., Wilmington, DE 19801, USA

Regardless of which company serves as your data controller, all companies within the Coinchange Group are committed to upholding the principles and commitments outlined in this Policy. Our Data Protection Officer is available at dpo@coinchange.io to answer questions about your data and this Policy.

‍

4. Changes to This Policy

The world of digital assets and privacy law is constantly evolving, and so too are our Services. From time to time, we may update this Policy to reflect changes in our practices, improvements in security, or updates in law. Any changes will be reflected by updating the “Last Updated” date at the top of this document. If we make material changes, such as introducing new types of data collection or significantly altering how we use your information, we will provide prominent notice (for example, via email or a banner on our website) before the changes take effect.

We encourage you to review this Policy periodically. By continuing to use our Services after any update, you accept the revised Policy unless local law requires your renewed consent.

‍

5. What Personal Data We Collect

To deliver our Services safely, efficiently, and in compliance with applicable laws, we must collect and process a variety of information. We are committed to collecting only the information that is necessary and relevant for clearly defined purposes.

Information you provide directly:

When you open an account, use our Services, or communicate with us, we may ask for:

• Basic identity details, such as your full name, address, date of birth, nationality, phone number, and email address.
• Verification documents as required by law—these may include a copy of your passport, national ID, driver’s license, or a selfie/photo for facial verification. In some jurisdictions, we may also ask for biometric data if it is needed to comply with anti-money laundering (AML) or know-your-customer (KYC) regulations.
• Business account information (for corporate users), including company name, proof of legal registration, names and IDs of directors or ultimate beneficial owners.
• Financial data, such as bank account numbers, payment card details, source of funds, and tax identification numbers, if relevant.
• Transaction records, detailing the amounts, wallet addresses, and timing of your crypto or fiat transactions, as well as recipient details if required by law.
• Communications, including emails, chat logs, support tickets, survey responses, and any feedback you choose to provide.

Information we collect automatically:

When you use our websites, mobile apps, or APIs, certain technical information is automatically captured to help us secure and improve our Services. This may include:

• Device information such as your IP address, browser and device type, operating system, and screen resolution.
• Usage data including the pages you visit, features you use, the links you click, the time and duration of your sessions, error logs, and other interactions.
• Location data based on your IP address or device settings, where allowed, to personalize your experience and help prevent fraud.
• Cookies and similar technologies—details are provided in Section 13 below.

Information from third parties:

To fulfill our regulatory obligations and offer seamless services, we may also receive information about you from:

• Verification partners and public databases, such as government agencies, sanctions lists, or identity verification services, to confirm your identity and protect against fraud.
• Financial institutions, such as banks or payment processors, especially if you fund your account or make withdrawals.
• Other Coinchange companies when you use their services or move assets between entities.
• Public blockchain records, as transactions may be transparently recorded on blockchains.

Special note on children:

We do not knowingly collect information from anyone under 18. If we learn that a user is underage, we will take steps to close the account and delete the information as soon as possible.

‍

6. How and Why We Use Your Personal Data

We process your personal data with great care and always for a specific, lawful purpose.

Our main purposes for processing your data include:

• Legal and regulatory compliance: As a regulated financial services provider, Coinchange must comply with AML, KYC, anti-terrorist financing, sanctions, tax, and other legal requirements. This means we need to verify your identity, assess the legitimacy of your funds, monitor transactions for suspicious activity, and maintain records as required by law. These activities are non-negotiable and are essential to the continued operation of our Services.
• Contractual necessity: Much of the data we collect is needed simply to open, maintain, and service your account. This includes authenticating your identity during logins, executing your transactions, sending you receipts or confirmations, and resolving support issues. Without certain personal information, we would be unable to offer our core Services.
• Protection of legitimate interests: We have a legitimate interest in ensuring the security and integrity of our Services, protecting users against fraud and abuse, and continually improving the experience we offer. This includes analyzing usage patterns to prevent attacks, identifying bugs or performance issues, and understanding how features are used so we can enhance them in future updates. We always weigh our legitimate interests against your privacy rights and apply strong safeguards.
• Your consent: In some cases, especially for sending marketing communications or enabling analytics and advertising cookies we will ask for your clear and informed consent. You are always free to withdraw your consent at any time, and we make it easy for you to do so via account settings or by contacting us.
• Personalization: To make our Services more relevant, we may use your data to personalize your dashboard, suggest features, remember your language or timezone preferences, or show you relevant news and offers (always respecting your choices).

We do not use your data for automated decision making that would have significant effects on you, unless such processing is authorized by law and subject to appropriate safeguards.

‍‍

7. With Whom and How We Share Your Data

We treat your personal data as confidential and only share it with carefully selected third parties, always for legitimate purposes and in accordance with applicable law.

• Service providers: To operate effectively, we rely on trusted partners to provide services such as cloud hosting, identity verification, payment processing, IT security, analytics, customer support, and marketing. All service providers are required by contract to use your information solely to perform services on our behalf and to maintain strict confidentiality and security.
• Financial institutions: When you fund your account, withdraw money, or conduct a transaction, we may need to share certain details with banks, payment processors, or other financial entities to complete your transaction and meet compliance requirements.
• Other Coinchange companies: Sometimes, your information may be shared within our group to offer you integrated services, support global operations, or comply with regulations in different regions. All group companies adhere to the same high standards of privacy and security.
• Regulators and authorities: In some situations, we are legally obligated to share your personal data with governmental authorities, courts, or law enforcement agencies—for example, to comply with a subpoena, prevent physical harm or financial crime, or enforce our agreements.
• Professional advisors: We may share your data with legal, banking, compliance, insurance, or audit professionals when needed for our operations or compliance audits.
• Corporate transactions: If we merge, are acquired, or sell assets, your personal data may be transferred to the new entity, which will continue to be bound by this Policy.
• With your explicit consent: For activities not otherwise described, we will only share your information if you have given us clear and specific permission.

We will never sell or rent your personal data to third parties for their own marketing purposes.

‍

8. International Transfers of Data

Because Coinchange Group operates globally, your data may be processed or stored in different countries including the United States, Canada, Poland, or others where we or our service providers operate. We take your privacy seriously regardless of location.

For transfers from the European Economic Area to countries without an “adequacy decision,” we use approved legal safeguards, such as Standard Contractual Clauses, as required by the GDPR. For Canadian, Brazilian, and other users, we comply with the specific cross-border transfer requirements of local privacy laws. We require all third parties to provide at least the same level of protection for your personal information as required by law.

You can contact us at any time to learn more about how we protect your data when it is transferred internationally.

‍

9. How We Protect Your Data

The security of your personal information is fundamental to our operations. We use a combination of technical, organizational, and physical safeguards to prevent unauthorized access, loss, or misuse of your data.

These measures include:

• Encryption of sensitive data both when it is stored (“at rest”) and transmitted (“in transit”)—for example, all web traffic uses HTTPS/TLS.
• Firewalls and intrusion detection systems to protect our networks from external threats.
• Strict access controls that ensure only authorized employees and contractors with a legitimate business need can access your information.
• Regular staff training on security awareness and privacy responsibilities.
• Vulnerability scanning and penetration testing to identify and remediate risks.
• Incident response plans to react quickly to any potential data breaches.

While we work hard to keep your data secure, no system is completely foolproof. If we ever become aware of a data breach that affects your personal information, we will notify you promptly and work with regulators as required by law.

‍

10. Data Retention

We retain your personal data only for as long as necessary to achieve the purposes described in this Policy, and in line with legal, regulatory, and operational requirements. The retention period may depend on the type of data, your relationship with us, and the obligations imposed by different jurisdictions.

For example:

• Information collected for AML/KYC purposes (such as identification and transaction data) is typically retained for at least five years after you close your account, in compliance with financial regulations.
• Support communications, including emails and call recordings, may be kept for several years for audit and quality assurance.
• Marketing information is retained until you unsubscribe or object, after which we keep minimal data to ensure we honor your preferences.
• Web analytics and cookies data are stored only as long as needed for their purpose, typically no longer than one year.

When your information is no longer required, we securely delete it or anonymize it so that you can no longer be identified.

‍

11. Your Privacy Rights

We are committed to upholding your rights regarding your personal data, in accordance with the laws of your country.

Depending on your jurisdiction, you may have the following rights:

• Access: You have the right to request a copy of your personal data and information about how we process it.
• Rectification: If you believe your data is inaccurate or incomplete, you can ask us to correct or update it.
• Erasure (“Right to be forgotten”): You may ask us to delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
• Restriction of processing: You may request that we limit the use of your data while we investigate a concern, or in other situations provided by law.
• Objection: You may object to our processing of your data where we rely on legitimate interests or for direct marketing.
• Portability: Where applicable, you can request that we provide your data in a structured, machine-readable format, or transfer it directly to another provider.
• Withdraw consent: If we process your data based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Automated decisions: If you are subject to a decision based solely on automated processing, you may request a review by a human.

You can exercise these rights by contacting us at privacy@coinchange.io. For your protection, we may need to verify your identity before responding. We will always respect your rights, unless legal requirements prevent us from doing so (in which case we will explain why).

‍

12. How to Make a Privacy Request or Complaint

If you wish to exercise your privacy rights or have concerns about our data practices, you can contact us at privacy@coinchange.io or support@coinchange.io. We take all privacy inquiries seriously and will respond as promptly as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For example:

• EU/EEA: Your local Data Protection Authority or the Polish UODO.
• Canada: The Office of the Privacy Commissioner of Canada.
• USA: Your state privacy authority.

‍

13. Cookies and Similar Technologies

We use cookies for several important reasons:

• Essential cookies are required for the basic operation of our websites and apps. Without these, you would not be able to log in, complete transactions, or move between pages securely.
• Performance cookies help us understand how visitors use our sites—such as which pages are most popular, how users navigate, and where technical problems occur. This data is typically aggregated and anonymized, helping us to improve our Services for everyone.
• Functionality cookies allow us to remember your language, timezone, and other preferences, so you don’t have to set them every time you visit.
• Targeting and advertising cookies help us (and sometimes our partners) show you relevant ads, measure the effectiveness of campaigns, and avoid showing you the same ad repeatedly. These cookies often track browsing across different websites, but only with your consent.

Types of cookies used:

Third party cookies:

Some cookies on our site are set by third parties (such as analytics providers or embedded content partners). These third parties may collect information about your browsing habits across different websites. Although we require them to follow privacy and security standards, their use of your data is governed by their own privacy policies.

Your choices:

On your first visit, and periodically thereafter as required by law, you’ll be asked to consent to non-essential cookies. You may change your preferences at any time via our cookie consent manager or your browser settings. If you disable cookies, please note that some features of our Services may not function as intended.

14. Additional Notices and Legal Disclosures

• No children under 18: Our Services are intended only for adults. If you are under 18, you may not use our Services.
• No financial advice or deposit protection: Crypto assets are not legal tender, are not insured or backed by any government, and are not protected by the FDIC or SIPC. The value of crypto assets can fluctuate and may involve substantial risk.
• Service availability: Not all Services are available in every jurisdiction. Local laws and regulations may limit access.
  
  

15. Contacting Us

If you have any questions, concerns, or wish to exercise your privacy rights, you can contact us at:

Email: privacy@coinchange.io

Support: support@coinchange.io

Mail:

• Coinchange Financials sp. z o.o., ul. Grzybowska 80/82/700 00-844 Warszawa, Polska
• Coinchange Financials, Inc., 261-250 University Avenue, Toronto, Ontario M5H 3E5, Canada
• Coinchange Financials, Inc., Corporation Trust Center 1209 Orange St., Wilmington, DE 19801, USA

We value your trust and will always do our utmost to safeguard your personal data and respect your rights.