Privacy Policy

1. Information we collect

Information you provide

Email address, username, display name, profile information, payment information, and identity verification documents (for KYC/AML compliance).

Information collected automatically

IP address, browser type, device information, operating system, referral URLs, pages visited, time and date of access, trade history, deposit and withdrawal records, and session duration.

Information from third parties

Authentication data from social login providers (Google, Telegram), blockchain transaction data from public ledgers, and identity verification results from our KYC providers.

2. How we use your information

We use your information to: (a) provide and maintain the Platform; (b) process deposits, withdrawals, and trades; (c) verify your identity for compliance purposes; (d) send service-related communications such as transaction confirmations and security alerts; (e) detect and prevent fraud, abuse, and security incidents; (f) improve the Platform and develop new features; (g) provide customer support; (h) comply with legal and regulatory obligations; and (i) enforce our Terms of Service.

3. Legal basis for processing (GDPR)

We process your personal data on the following legal bases: Contract performance — processing necessary to provide the Platform services you requested; Legal obligation — processing required by AML/KYC regulations, tax law, and financial reporting requirements; Legitimate interest — fraud prevention, security, and Platform improvement, balanced against your rights; Consent — for marketing communications, which you may withdraw at any time.

4. Data sharing

We do not sell your personal data. We may share information with service providers (hosting, analytics, customer support) under strict data processing agreements; regulatory authorities when required by law; payment processors and blockchain networks for transaction processing; identity verification providers for KYC/AML compliance; and professional advisors under confidentiality obligations. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

5. Data security

We employ industry-standard security measures including AES-256-GCM encryption for sensitive data at rest, TLS 1.3 for data in transit, two-factor authentication (TOTP), scrypt-based key derivation, regular security audits, and role-based access controls. Cryptocurrency funds are secured using HD wallets with encrypted master seeds and a multi-tier (hot/cold) architecture. While we take every reasonable precaution, no system is completely secure and we cannot guarantee absolute security.

6. Cookies and tracking

Essential cookies are required for Platform operation (session authentication, language preferences, security tokens) and cannot be disabled. Analytics cookies help us understand usage patterns to improve the Platform — we use privacy-focused analytics that do not track users across websites. You can manage cookie preferences through your browser settings; disabling essential cookies may impair Platform functionality.

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including legal, accounting, and reporting requirements. AML/KYC records are retained for 7 years after account closure as required by applicable law. After the retention period, your data will be anonymised or securely deleted.

8. Your rights (GDPR)

If you are in the European Economic Area, you have the right to access your personal data, request correction of inaccurate data, request deletion of your data (subject to retention requirements), restrict or object to processing, request data portability, and lodge a complaint with your supervisory authority. To exercise these rights, contact privacy@polygram.ink.

9. Your rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of personal information, opt out of the sale of personal information (note: we do not sell personal information), and to non-discrimination for exercising these rights.

10. International transfers

Your personal data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses approved by the European Commission where applicable.

11. Children's privacy

The Platform is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it.

12. Contact & Data Protection Officer

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at privacy@polygram.ink. For general support, see /support.