Privacy Policy | XchangeOn - Secure Crypto Trading Exchange

Read XchangeOn’s Privacy Policy to learn how we protect your data. We prioritize security, privacy, and transparency for a safe crypto trading experience.

Welcome to XchangeOn Mobile App. Your privacy is important to us, and we are committed to protecting your personal data while providing a secure and seamless cryptocurrency trading experience. This Privacy Policy explains how we collect, use, store, and protect your information when you use our app. By using XchangeOn, you agree to the terms outlined below.

1. Information We Collect

When you use the XchangeOn Mobile App, we may collect the following types of information:

  • A. Personal Information (Provided by You)
    • Name, email address and other contact details when you sign up.
    • Identity verification documents (e.g., government-issued ID, proof of address) for KYC (Know Your Customer) compliance.
    • Payment details (such as cryptocurrency wallet addresses) for transactions.
    • Facial Data: During identity verification, you may be asked to take a selfie or video for verification purposes. This data is used solely to confirm your identity and prevent fraudulent activity.
    • We may also collect information about your user preferences, language, and communication choices.
  • B. Automatically Collected Information
    • Device & Usage Data: IP address, device model, operating system, app version, and browsing activity.
    • Transaction Information: Details of your deposits, withdrawals, and trades conducted through the app.
    • Cookies & Tracking Technologies: We use cookies and similar technologies to enhance user experience and improve app performance. Necessary cookies (login, security) / Analytical cookies (optimization) / Marketing cookies (prospecting)

2. How We Use Your Information

We use your data for the following purposes:

  • Account Creation & Verification – To register and authenticate your account, ensuring compliance with financial regulations.
  • Transaction Processing – To facilitate deposits, withdrawals, and trades securely.
  • Security & Fraud Prevention – To monitor suspicious activities and protect user accounts from unauthorized access.
  • Customer Support – To assist with inquiries, troubleshoot issues, and improve user experience.
  • App Optimization & Analytics – To enhance our app performance, detect technical issues, and personalize user experience.
  • We may use your data for automated decisions (identity, fraud prevention, risk scoring). You have the right to obtain human intervention in the event of an automated refusal.
  • We specify that any processing of your data is based on one of the following legal bases: explicit consent, performance of a contract, legitimate interest, legal compliance.

3. How We Protect Your Information

We implement strict security measures to protect your personal data, including:

  • End-to-End Encryption for data transmission.
  • Multi-Layer Security Protocols to prevent unauthorized access.
  • Two-Factor Authentication (2FA) for additional account security.
  • Regular Security Audits to ensure compliance with industry standards.
  • Role-based access control (RBAC) to limit data access to authorized personnel only.
  • Continuous monitoring and intrusion detection systems (IDS/IPS) to detect and respond to threats in real time.
  • Data anonymization and encryption at rest to secure stored personal information. Secure backup and disaster recovery procedures to ensure data integrity in any circumstance.
  • Compliance with global privacy regulations such as VARA, PDPL and local data protection laws.
  • Employee security training programs to maintain a strong security culture and awareness.

4. Sharing of Information

We do not sell, rent, or trade your personal data. However, we may share certain information in the following cases:

  • With Regulatory Authorities: If required by law or in response to a legal request.
  • With Trusted Partners: To process transactions, prevent fraud, or conduct security checks.
  • With Service Providers: Such as cloud storage, analytics, or customer support platforms, strictly for operational purposes and all subject to data processing agreements.

5. Your Privacy Choices & Rights

You have the right to:

  • Access & Update Your Information – Modify your personal details in your account settings.
  • Opt-Out of Marketing Communications – Unsubscribe from promotional emails or notifications.
  • Request Data Deletion – Subject to legal and regulatory obligations, you can request the deletion of your account and associated data.
  • Procedure for exercising these rights: send a request by email or via a dedicated form. Response time: 30 days.
  • You can submit a complaint to us or directly to the EAU Data Protection Authority. The DPO’s contact details are listed below.

6. Data Retention Policy

We retain your information only as long as necessary (Must be defined 5 years) to:

  • Comply with legal and regulatory obligations.
  • Resolve disputes and enforce our terms.
  • Provide continued services and account security.
  • Automatic deletion scheduled after each period expires.

7. Third-Party Links & Services

XchangeOn may contain links to third-party platforms, such as external exchanges or service providers. We are not responsible for their privacy practices, and we encourage users to review their policies before sharing personal data.

8. Children’s Privacy

Our app is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware of such data collection, we will take immediate steps to delete it.

9. Data Breach and Incident

In the event of a data breach or security incident, we will notify you by email without unjustified delay and in accordance with legal requirements. You will be informed of the risks and recommended measures.

10. Updates to This Privacy Policy

We may update this policy periodically to reflect changes in legal requirements, security measures, or app functionalities. You will be notified of any significant changes through in-app notifications or email.

11. Facial Data & Identity Verification

As part of our Know Your Customer (KYC) and anti-fraud processes, XchangeOn uses identity verification technology provided by Veriff (or another regulated identity verification provider). During this process, you may be asked to capture a live selfie or short video for comparison with your submitted identity document.

  • Purpose: Facial data is used solely for identity verification and fraud prevention.
  • Retention: XchangeOn does not store face data on its own servers. Facial images and videos are securely transmitted to our verification provider, who retains them only for the period necessary to complete verification and comply with applicable regulations (typically up to 30 days).
  • Third-Party Sharing: Facial data is shared only with our identity verification partner (Veriff) for the limited purpose of completing KYC checks.
  • Third-Party Practices: Veriff stores and processes facial data in accordance with its own privacy policy, which can be reviewed at Veriff’s Privacy Notice.
  • User Rights: You may contact us or Veriff to request deletion of your facial data after verification, subject to regulatory requirements.
  • Security: All face data is encrypted during transmission and processing to prevent unauthorized access.

12. Contact Us

If you have any questions or concerns regarding this Privacy Policy, you can reach out to us at:

📧 Email: support@xchangeon.io

🌐 Website: https://xchangeon.io/

👤 DPO: dpo@xchangeon.io