Privacy Policy for IronBit

1. Personal Identification Information

• Full name
• Date of birth
• Nationality
• Residential address
• Email address and telephone number
• Government-issued identification documents (e.g., passport, national ID, driver’s license)
• Photographic or biometric data (where required for identity verification)
• Any other information required for Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) compliance

2. Account Information

• Username and password or other authentication credentials
• Account numbers or unique user identifiers
• Account settings and preferences
• Communication preferences

3. Transactional and Financial Information

• Details of cryptocurrency transactions, including wallet addresses, transaction amounts, dates, and times
• Deposit, withdrawal, and conversion history
• Source of funds and intended use of the platform (as required for AML compliance)
• Records of internal transfers and interactions with external liquidity providers

4. Device and Technical Information

• Internet Protocol (IP) address
• Device type, operating system, and browser type
• Device identifiers and mobile network information
• Log data, including access times, pages viewed, and system activity
• Geolocation data (where permitted and necessary for compliance or security)

5. Cookies and Tracking Technologies

• Information collected through cookies, web beacons, and similar technologies to enhance user experience, monitor platform usage, and support security measures
• Types of cookies used may include session cookies, persistent cookies, and analytics cookies

6. Information from Third Parties

• Data received from third-party service providers, partners, or publicly available sources for the purposes of identity verification, AML screening, and fraud prevention
• Information obtained from blockchain analytics providers or other compliance partners

7. Customer Support and Communications

• Records of communications with our customer support team, including inquiries, complaints, and feedback
• Information provided in connection with recovery support services or dispute resolution

1. Account Creation and Management

• To register and authenticate your account, verify your identity, and manage your user profile.
• To maintain accurate and up-to-date account information and preferences.

2. Transaction Processing and Verification

• To facilitate deposits, withdrawals, conversions, and internal transfers of digital assets.
• To record and verify transaction details, ensure the integrity of your account activity, and provide transaction history.

3. Compliance with Legal and Regulatory Obligations

• To conduct Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) checks, including ongoing monitoring of transactions and user activity.
• To detect, prevent, and report suspicious or potentially unlawful activities in accordance with applicable laws and regulations.
• To comply with requests from regulatory authorities, law enforcement, or other governmental bodies as required by law.

4. Security and Fraud Prevention

• To protect the security and integrity of our platform, including monitoring for unauthorized access, fraud, or other malicious activity.
• To implement technical and organizational measures designed to safeguard your information.

5. Customer Support and Recovery Services

• To respond to your inquiries, requests, or complaints, and to provide customer support.
• To assist with account recovery, dispute resolution, and support for users affected by crypto-related fraud or scams.

6. Service Improvement and Analytics

• To analyze usage patterns, monitor platform performance, and improve the functionality, security, and user experience of our services.
• To develop new features, products, or services based on aggregated and anonymized data.

7. Communications

• To send you important information regarding your account, transactions, or changes to our services or policies.
• To provide you with updates, security alerts, and administrative messages.
• To communicate with you for marketing or promotional purposes, where permitted by law and subject to your preferences.

1. Consent

We may process your information where you have provided explicit consent for specific purposes, such as marketing communications or the use of certain cookies and tracking technologies. Where consent is required, you have the right to withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.

2. Contractual Necessity

The processing of your information is necessary for the performance of our contractual obligations to you. This includes, but is not limited to, account registration, authentication, transaction processing, and the provision of custodial wallet services. Without such processing, we would be unable to provide you with access to or use of our platform.

3. Compliance with Legal and Regulatory Obligations

We are required to process certain information to comply with applicable laws and regulations, including but not limited to anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) requirements. This includes conducting identity verification, transaction monitoring, and reporting suspicious activities to relevant authorities as mandated by law.

4. Legitimate Interests

In some cases, we may process your information where it is necessary to pursue our legitimate business interests, provided that such interests are not overridden by your rights and interests. Legitimate interests may include ensuring the security and integrity of our platform, preventing fraud, improving our services, and responding to user inquiries.

1. Regulatory Authorities and Legal Compliance

• We may disclose your information to regulatory authorities, law enforcement agencies, courts, or other governmental bodies when required to do so by applicable law, regulation, legal process, or enforceable governmental request.
• Such disclosures may occur in connection with anti-money laundering (“AML”), counter-terrorist financing (“CTF”), tax reporting, or other compliance obligations.
• We may also share information to protect our rights, property, or safety, or that of our users or others, and to detect, prevent, or address fraud, security, or technical issues.

2. Service Providers and Contractors

• We engage third-party service providers to perform functions on our behalf, such as identity verification, AML screening, transaction processing, data storage, IT support, analytics, and customer support.
• These service providers are granted access to your information only to the extent necessary to perform their designated functions and are contractually obligated to maintain the confidentiality and security of your data.
• We require all service providers to comply with applicable data protection laws and to implement appropriate technical and organizational measures to safeguard your information.

3. Business Partners

• In certain cases, we may share information with business partners or affiliates where necessary to provide integrated services, facilitate transactions, or support platform features, subject to your consent where required by law.
• Any such sharing will be limited to the information necessary for the relevant purpose and will be governed by appropriate agreements to ensure the protection of your data.

4. Business Transfers

• In the event of a merger, acquisition, restructuring, sale of assets, or other business transaction, your information may be transferred to the relevant third party as part of the transaction, subject to the continued protection of your rights and in accordance with this Policy.
• We will notify you of any such transfer where required by law or where the nature of the processing changes materially.

5. With Your Consent

• We may share your information with third parties for purposes not described in this Policy only with your explicit consent, which you may withdraw at any time, subject to legal or contractual restrictions.

6. International Data Transfers

• Where it is necessary to transfer your information outside (for example, to service providers or partners located in other jurisdictions), we will take reasonable steps to ensure that your data is afforded an adequate level of protection in accordance with applicable law.
• Such measures may include contractual safeguards, data transfer agreements, or reliance on recognized legal mechanisms for cross-border data transfers.

7. Restrictions on Unrelated Third-Party Sharing

• We do not sell, rent, or otherwise share your personal information with third parties for their independent marketing or commercial purposes.

1. Encryption

• Data in Transit: All data transmitted between your device and our servers is protected using industry-standard encryption protocols (such as TLS/SSL) to prevent interception or tampering by unauthorized parties.
• Data at Rest: Sensitive information, including personal identification and transactional data, is encrypted while stored on our systems using robust cryptographic algorithms.

2. Access Controls

• Role-Based Access: Access to user data is strictly limited to authorized personnel who require such access to perform their job functions. We employ role-based access controls and the principle of least privilege to minimize exposure.
• Authentication and Authorization: Multi-factor authentication and strong password policies are enforced for both users and administrative staff to prevent unauthorized account access.

3. Physical and Logical Security

• Secure Infrastructure: Our servers and data storage facilities are located in secure environments with physical access controls, surveillance, and monitoring.
• Network Security: Firewalls, intrusion detection systems, and regular vulnerability assessments are utilized to protect our network and systems from external threats.

4. Security Monitoring and Incident Response

• Continuous Monitoring: We continuously monitor our systems for suspicious activity, unauthorized access attempts, and potential vulnerabilities.
• Incident Response: In the event of a data breach or security incident, we have established procedures to promptly investigate, contain, and remediate the issue. Affected users will be notified in accordance with applicable laws and regulations.

5. Staff Training and Confidentiality

• Employee Training: All employees and contractors with access to user data receive regular training on data protection, privacy obligations, and security best practices.
• Confidentiality Agreements: Staff are required to sign confidentiality agreements and are subject to disciplinary measures for violations of data security policies.

6. Compliance and Best Practices

• Legal Compliance: Our data security practices are designed to comply with the laws and regulations of Poland as well as recognized industry standards.
• Regular Reviews: We periodically review and update our security measures to address emerging threats, technological advancements, and changes in legal requirements.

1. Right of Access (Art. 15 GDPR)

You have the right to request confirmation as to whether we process your personal information and, where applicable, to obtain a copy of such information, together with details regarding the nature, purpose, and categories of data processed.

2. Right to Rectification (Art. 16 GDPR)

If you believe that any personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct or update such information without undue delay.

3. Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR)

You may request the deletion of your personal information in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, or where you have withdrawn your consent (where processing is based on consent). Please note that we may be required to retain certain information for legal, regulatory, or legitimate business purposes, including compliance with anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) obligations.

4. Right to Restrict Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal information in specific situations, for example, where you contest the accuracy of the data or object to its processing, pending verification or resolution.

4. Right to Restrict Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal information in specific situations, for example, where you contest the accuracy of the data or object to its processing, pending verification or resolution.

6. Right to Withdraw Consent (Art. 7(3) GDPR)

If we rely on your consent to process your personal information, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal, nor will it affect processing based on other legal grounds.

7. Right to Data Portability (Art. 20 GDPR)

Where technically feasible and applicable, you may request to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to have that information transmitted to another service provider of your choice.

8. Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority:

9. Exercising Your Rights

To exercise any of the rights described above, please submit a written request to us using the contact details provided in the “Contact Information” section of this Policy. We may require you to provide sufficient information to verify your identity before processing your request. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Please note that certain rights may be subject to limitations or exceptions, particularly where the processing of your information is necessary for compliance with legal obligations, the establishment, exercise, or defense of legal claims, or for other legitimate business purposes.

If you have any questions regarding your rights or how to exercise them, please contact us as indicated in this Policy.

1. What Are Cookies and Tracking Technologies?

Cookies are small text files that are stored on your device when you visit our website or use our mobile applications. In addition to cookies, we may use web beacons, pixels, and other similar technologies (collectively, “tracking technologies”) to collect and store information about your interactions with our platform.

2. Types of Cookies and Technologies We Use

• Essential Cookies: These cookies are necessary for the operation of our platform and enable core functions such as user authentication, account security, and transaction processing. Without these cookies, certain features of the platform may not function properly.
• Performance and Analytics Cookies: These cookies collect information about how users interact with our platform, such as pages visited, time spent on the site, and error messages encountered. This data helps us monitor platform performance, identify areas for improvement, and enhance the overall user experience. Analytics cookies may be set by us or by third-party analytics providers acting on our behalf.
• Performance and Analytics Cookies: These cookies collect information about how users interact with our platform, such as pages visited, time spent on the site, and error messages encountered. This data helps us monitor platform performance, identify areas for improvement, and enhance the overall user experience. Analytics cookies may be set by us or by third-party analytics providers acting on our behalf.
• Functionality Cookies: These cookies allow the platform to remember your preferences and settings (such as language or region), providing a more personalized experience.
• Security Cookies: These cookies help us detect and prevent security threats, unauthorized access, and fraudulent activity.
• Third-Party Cookies: Some features of our platform may rely on third-party service providers who may set their own cookies or tracking technologies. These providers are contractually required to process information in accordance with applicable data protection laws and our instructions.

3. Purposes of Cookies and Tracking Technologies

We use cookies and tracking technologies for the following purposes:

• To authenticate users and maintain secure sessions.
• To facilitate and record transactions and account activities.
• To remember user preferences and enhance usability.
• To monitor and analyze platform usage and performance.
• To detect, prevent, and respond to security incidents or fraudulent activity.
• To comply with legal and regulatory obligations, including AML monitoring.
• To support customer support and recovery services.

4. User Choices and Cookie Management

You have the right to control the use of cookies and tracking technologies on your device:

• Browser Settings: Most web browsers allow you to manage your cookie preferences, including blocking or deleting cookies. Please refer to your browser’s help section for instructions on how to adjust your settings.
• Cookie Consent Tools: Where required by law or platform design, we may provide a cookie consent banner or settings panel that allows you to accept or reject non-essential cookies.
• Impact of Disabling Cookies: Please note that disabling or blocking certain cookies may affect the functionality and security of the platform, and some features may not be available or may not operate as intended.

5. Third-Party Analytics and Tracking

We may use third-party analytics services to help us understand how users interact with our platform. These third parties may use their own cookies or tracking technologies to collect information on our behalf, subject to contractual safeguards and compliance with applicable law. We do not permit third parties to use information collected via our platform for their own independent purposes.

6. Updates to This Section

We may update our use of cookies and tracking technologies from time to time to reflect changes in technology, legal requirements, or our business practices. Any material changes will be communicated in accordance with the “Changes to This Privacy Policy” section.

If you have questions about our use of cookies or tracking technologies, or if you wish to exercise your rights regarding data collected through these means, please contact us using the details provided in the “Contact Information” section of this Policy.

1. Retention Periods

• KYC and AML Data: Information collected for Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) compliance, including identification documents and verification records, is retained for 5 years. This period may extend beyond the termination of your relationship with IronBit to ensure compliance with ongoing legal obligations, regulatory audits, or investigations.
• Transactional Data: Records of deposits, withdrawals, conversions, and other account activities are retained for as long as necessary to fulfill contractual obligations, resolve disputes, enforce our rights, and comply with applicable financial regulations.
• Customer Support and Communications: Communications with our support team, including inquiries, complaints, and recovery support requests, are retained for a period necessary to address your request, resolve disputes, and improve our services.
• Technical and Usage Data: Device information, log data, and analytics records are retained for operational, security, and analytical purposes, typically for a period consistent with industry best practices and legal requirements.

2. Criteria for Determining Retention

The specific retention period for each category of data is determined based on the following criteria:

• The nature and sensitivity of the information.
• The purpose for which the data was collected and processed.
• The existence of any legal, regulatory, or contractual requirements mandating retention.
• The need to establish, exercise, or defend legal claims.
• The operational requirements of IronBit, including fraud prevention, security, and business continuity.

3. Secure Deletion and Anonymization

When your information is no longer required for the purposes described above, we will take appropriate steps to securely delete, destroy, or anonymize the data in accordance with our internal policies and applicable law. Anonymized data that no longer identifies you may be retained for analytical or statistical purposes.

4. Exceptions

In certain circumstances, we may be required to retain your information for longer periods, including:

• Where retention is necessary to comply with a legal obligation, regulatory inquiry, or court order.
• Where data is subject to a legal hold in connection with litigation, investigation, or dispute resolution.
• Where retention is required to protect our rights or the rights of others.

5. User Rights and Data Retention

You have the right to request information about the retention of your personal data, as well as the right to request deletion or restriction of processing, subject to the limitations described in this Policy and applicable law. For more information on exercising your rights, please refer to the “User Rights” and “Contact Information” sections of this Policy.

1. Platform Not Intended for Children

Our services are not directed to, and are not intended for use by, individuals under the age of 18 or any higher minimum age required by applicable law in your jurisdiction. We do not knowingly collect, use, or process personal information from children under this age. If you are under 18 years of age, you are not permitted to register for or use the IronBit platform or provide any personal information to us.

2. Age Verification and Preventive Measures

To help ensure compliance with this policy, we implement reasonable measures to verify the age of users during the account registration process. This may include requiring users to provide their date of birth and, where necessary, supporting identification documents as part of our Know Your Customer (“KYC”) procedures.

3. Actions Upon Discovery of Minor Data Collection

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without appropriate parental or guardian consent, we will take prompt steps to delete such information from our records and to terminate the associated account.

4. Parental and Guardian Rights

If you are a parent or legal guardian and believe that your child has provided personal information to IronBit without your consent, please contact us immediately using the details provided in the “Contact Information” section of this Policy. We will take appropriate steps to investigate and address your concerns, including the removal of any such information as required by law.

5. Ongoing Review

We periodically review our policies and procedures to ensure that we do not knowingly collect or process information from minors and to maintain compliance with applicable legal requirements.

1. Notification of Changes

• Advance Notice: Where required by law or where changes are material, we will provide advance notice of updates to this Policy. Notification may be provided through prominent postings on our website, direct communication via email, or through in-app notifications.
• Effective Date: Each version of this Policy will include an “Effective Date” at the top of the document. Unless otherwise specified, changes will become effective on the date indicated.

2. User Review and Acceptance

• Reviewing Updates: We encourage you to review this Policy periodically to stay informed about how we collect, use, and protect your information. The most current version will always be available on our website and within our platform.
• Continued Use: Your continued access to or use of the IronBit platform after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree with the revised terms, you should discontinue use of our services and may request the closure of your account.

3. Contact for Questions

If you have any questions or concerns regarding changes to this Privacy Policy, or if you require further clarification about how updates may affect your rights, please contact us using the details provided in the “Contact Information” section of this Policy.

We are committed to maintaining transparency regarding our privacy practices and will ensure that any changes to this Policy are communicated clearly and in a timely manner.

1. Data Protection Contact

We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection compliance.

• Email: privacy@ironbit.com

The DPO can be contacted regarding any questions about this Policy, the processing of your data, or the exercise of your rights.

2. Exercising Your Rights

To exercise your rights as described in this Policy (including access, correction, deletion, restriction, objection, or data portability), please submit a written request to the contact details above. We may require you to provide sufficient information to verify your identity before processing your request.