Privacy Policy

Krypta ("Platform", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform.

By accessing or using the Platform, you consent to the data practices described in this policy. If you do not agree, please refrain from using the Platform.

Account Information: When you register, we collect your email address, username, password (stored in hashed form), and any other information you provide during registration.

Identity Verification (KYC): To comply with regulatory requirements and to maintain Platform integrity, we may collect: full legal name, date of birth, nationality, government-issued identification documents (passport, national ID, driver's license), proof of address, selfie or biometric data for identity verification purposes.

Transaction Data: We record information about your trades, including counterparty details, transaction amounts, timestamps, cryptocurrency addresses, payment methods, and trade status.

Technical Data: We automatically collect IP addresses, browser type and version, device information, operating system, access times, pages viewed, referral URLs, and other diagnostic data.

Communication Data: We may retain records of your communications with other users through the Platform's messaging system, as well as communications with our support team.

We use collected information for the following purposes: (a) providing, operating, and maintaining the Platform; (b) processing and facilitating P2P transactions; (c) verifying your identity and conducting KYC/AML checks; (d) preventing fraud, money laundering, and other illicit activities; (e) resolving disputes between users; (f) communicating with you about your account, transactions, and Platform updates; (g) complying with legal obligations and responding to lawful requests from authorities; (h) analyzing usage patterns to improve the Platform's functionality and user experience; (i) enforcing our Terms of Service and other policies.

We process your personal data based on the following legal grounds: (a) Contract Performance — processing necessary to provide you with Platform services; (b) Legal Obligation — processing required to comply with applicable laws, including AML/KYC regulations; (c) Legitimate Interest — processing necessary for fraud prevention, Platform security, and service improvement; (d) Consent — where you have provided explicit consent for specific data processing activities.

We do not sell your personal information. We may share your data in the following circumstances: (a) With counterparties — limited information necessary to facilitate a P2P trade (e.g., username, reputation score); (b) With KYC/AML service providers — identity verification data shared with trusted third-party verification services under appropriate data protection agreements; (c) With law enforcement and regulatory authorities — in response to valid legal requests, subpoenas, court orders, or as otherwise required by law; (d) With professional advisors — lawyers, auditors, and other professionals under strict confidentiality obligations; (e) In the event of a merger, acquisition, or sale — your data may be transferred as part of a business transaction, subject to the same privacy protections.

When sharing information with law enforcement or regulatory authorities, the Platform will comply fully and unconditionally with all lawful requests and may not be able to notify you of such disclosure where prohibited by law.

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses or other mechanisms recognized by applicable data protection laws.

We retain your personal information for as long as your account is active and as necessary to fulfill the purposes described in this policy. After account closure, we may retain certain data for the following periods: (a) transaction records — for a minimum of 5 years after the last transaction, as required by AML/KYC regulations; (b) identity verification data — for a minimum of 5 years after the end of the business relationship; (c) technical logs — for up to 12 months; (d) communication records — for up to 3 years after account closure.

We may retain data for longer periods where required by law, to resolve disputes, or to enforce our agreements.

Subject to applicable law, you may have the following rights: (a) Right of Access — request a copy of your personal data; (b) Right to Rectification — request correction of inaccurate data; (c) Right to Erasure — request deletion of your data (subject to legal retention obligations); (d) Right to Restriction — request limitation of processing; (e) Right to Data Portability — receive your data in a structured, machine-readable format; (f) Right to Object — object to processing based on legitimate interests; (g) Right to Withdraw Consent — where processing is based on consent.

To exercise any of these rights, please contact us at privacy@krypta.exchange. We will respond within 30 days. Note that certain rights may be limited where we have a legal obligation to retain data or where data is necessary for the performance of our services.

We implement appropriate technical and organizational measures to protect your personal data, including: encryption of data in transit and at rest, access controls and authentication mechanisms, regular security audits and penetration testing, employee training on data protection, and incident response procedures.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

The Platform is not intended for individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically. Continued use of the Platform after changes constitutes acceptance of the updated policy.

For questions or concerns about this Privacy Policy or our data practices, please contact us at: privacy@krypta.exchange