Privacy Policy

Last updated: September 27, 2025

Introduction

Access Crypto ("", "us", "our") operates a peer-to-peer digital asset exchange platform. This Privacy Policy explains what information we collect, how we use it, when we disclose it, and the choices you have regarding your information when you use our platform, products and services (the "Service").

1. Information We Collect

• Account & Identity Data: name, email address, phone number, profile data and any identity verification documents you provide for KYC/AML (e.g., government ID, selfie, proof of address).
• Transaction Data: Listings, offers, order history, transaction amounts, counterparties, timestamps and payment instructions necessary to facilitate trades and settlement.
• Authentication & Security: login credentials (hashed), multi-factor authentication data, IP addresses, device identifiers, and security event logs.
• Usage & Technical Data: cookies, analytics, pages visited, referral data and other diagnostic data collected automatically when you interact with the Service.
• Communications and Support: records of communications with Support, dispute evidence and other messages you send through the platform or by email.

2. How We Use Your Information

• Provide and operate the Service: enable account creation, listing creation, matching, settlement and account management.
• Compliance: perform KYC, AML and sanctions screening, reporting and other legal obligations required by regulators or law enforcement.
• Security & Fraud Prevention: detect and prevent fraud, abuse and security incidents and to enforce our Terms of Service.
• Support & Disputes: investigate issues, resolve disputes between users, and respond to inquiries.
• Improvements & Analytics: analyze usage to improve the Service, perform research and develop new features.
• Communication: send system notices, transactional messages, security alerts, and (where consented) marketing or promotional communications.

3. Legal Bases for Processing (GDPR)

If you are in the European Economic Area, our legal bases for processing personal data include: performance of a contract, compliance with legal obligations (e.g., AML/KYC), legitimate interests (e.g., security, fraud prevention, platform improvement) and, where required, your consent.

4. Sharing and Disclosure

• Counterparties: trade counterparties receive the data necessary to execute and settle trades (for example, payment instructions and amounts).
• Service Providers: we share data with vendors who provide hosting, payment processing, identity verification, analytics, and customer support.
• Legal & Regulatory: we disclose information to comply with laws, respond to lawful requests, prevent harm, and when compelled by courts or law enforcement.
• Business Transfers: in the event of a merger, acquisition, reorganization or asset sale, user data may be transferred as part of the transaction.

5. Data Retention

We retain personal data as long as necessary to provide Services, comply with legal obligations (including recordkeeping for financial and AML laws), resolve disputes, and enforce our agreements. Retention periods vary by data type and applicable law.

6. Security

We implement reasonable administrative, technical and physical safeguards designed to protect the confidentiality and integrity of your information. No system is completely secure; we cannot guarantee absolute protection. You are responsible for maintaining the security of your account credentials and for enabling available protections such as multi-factor authentication.

7. Cookies and Tracking

We use cookies and similar technologies to operate the Service, remember preferences, and collect analytics. You may control cookie preferences through your browser settings and, where provided, via our cookie banner. Blocking cookies may limit functionality.

8. International Transfers

The Service operates globally. Personal data may be stored and processed in countries outside your residence. When transferring data cross-border we rely on safeguards like standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms as required by applicable law.

9. Your Rights

• Access: request a copy of personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your data, subject to legal or contractual retention obligations.
• Portability: request a machine‑readable copy of your data where applicable.
• Object / Restrict: object to or request restriction of certain processing activities.
• Withdraw Consent: where processing is based on consent, you may withdraw it (this does not affect processing prior to withdrawal).

To exercise your rights, contact us via the contact details below. We may request information to verify your identity before responding.

10. Minors

The Service is not intended for persons under the age required to create an account under applicable law. We do not knowingly collect personal data from minors; if we learn we have done so we will take steps to delete it.

11. Third‑Party Services

The Service may contain links to third‑party sites or integrate third‑party services (e.g., identity providers, payment processors). Those third parties have their own privacy practices and we are not responsible for their handling of your data.

12. Dispute Resolution & Law Enforcement

We may retain and disclose information to resolve disputes between users, cooperate with investigations, or respond to legal processes. We may also suspend accounts or freeze funds where required by law or to mitigate risk.

13. Changes to This Policy

We may update this Privacy Policy. We will post changes on the Site and, where required, provide notice. Continued use of the Service after changes indicates acceptance of the updated policy.

14. Contact

For privacy questions, requests or complaints, contact: support@accesscrypto.io (or use the Contact page).