Menu
en
English
Русский
Telegram
en
English
Русский

Privacy policy, processing and storage of user data

Last updated: March 13, 2026

1. Introduction

This Privacy Policy describes how Crybex (hereinafter — “the Service”) collects, uses, stores, and protects the personal data of users of our platform at crybex.com.

By using the Service, you confirm that you have read this Privacy Policy and accept its terms. If you disagree with any of the provisions, please refrain from using the Service.

In this Policy, “Personal Data” means any information that directly or indirectly identifies a natural person: name, email address, phone number, IP address, transaction data, and other identifying information.

This Privacy Policy applies to the Service’s website, all services and products offered by the Service (including when accessing the Service via the website or when communicating — for example, by email, messenger, or online chat on the website).

The Service respects the privacy of its users and guarantees that users’ Personal Data is processed in a confidential manner and in accordance with applicable legislation. The Service implements this Privacy Policy in accordance with AMLD and GDPR.

2. Data Collected

2.1. Data provided directly by you:

  • First and last name;
  • Email address;
  • Phone number;
  • Country of residence;
  • Identity documents (as part of the KYC procedure: passport, driver’s licence, and similar documents);
  • Financial data required to process transactions;
  • Data provided when contacting the support team.

2.2. Data collected automatically:

  • IP address and browser type;
  • Operating systеm and device type;
  • Time zone and country of connection;
  • Page visit history within the Service;
  • Transaction data: cryptocurrency wallet addresses, amounts, transaction identifiers, timestamps;
  • coоkie data and similar tracking technologies.

2.3. Data received from third parties:

  • Identity verification results from KYC providers;
  • AML compliance data from specialised blockchain transaction screening services;
  • Data from partners and payment service providers.

Please note that cookies may be set both by the Service itself and by trusted third parties (for example, analytics systems such as Google Analytics or advertising networks). Users may modify or dеlete cookies at any time through their browser settings.

3. KYC and AML Procedures

In accordance with anti-money laundering (AML) and counter-terrorism financing (CFT) regulations, the Service is required to verify the identity of its users (Know Your Customer, KYC). As part of this procedure, the Service may request:

  • Identity documents (passport, government-issued identity card);
  • Proof of residential address (utility bills, bank statements);
  • A selfie with the document or video verification;
  • Information on the source of funds where necessary.

The collection and storage of the above data is required for the fulfilment of legal obligations. Failure to provide verification data may result in restricted access to certain features of the Service or their complete suspension.

For the purpose of conducting KYC verification, the Service may engage accredited third-party providers.

4. Use of Personal Data

The Service uses your personal data for the following purposes:

  • Provision of services: account registration and support, processing of transactions, operation of the Service.
  • Verification and compliance: user identification, fulfilment of AML/KYC requirements, compliance with sanctions legislation.
  • Security: detection and prevention of fraudulent transactions, unauthorised access, and other abuses.
  • Service improvement: analysis of Service usage, error resolution, development of new features.
  • Communication: responding to enquiries, transaction notifications, technical and systеm alerts.
  • Marketing: sending informational and promotional materials — only with your explicit consent and with the option to withdraw at any time.
  • Legal obligations: fulfilment of legislative requirements, interaction with regulators and law enforcement authorities.

5. Data Retention Periods

The Service retains your personal data for the period necessary to achieve the purposes for which it was collected, taking into account the requirements of applicable legislation:

  • User Data: for 3 years from the date of the last transaction or last interaction with the Service — regardless of whether a registered account exists.
  • KYC and transaction data: for no less than 3 years from the termination of the business relationship with the User, in accordance with anti-money laundering legislation.
  • Marketing data: until your consent is withdrawn or a deletion request is received.
  • Technical logs: for no more than 12 months, unless a longer period is required by law.

Upon expiry of the retention periods, data is securely deleted or anonymised.

6. Transfer of Data to Third Parties

The Service may transfer your personal data to the following categories of recipients:

  • Service providers: KYC verification providers, payment systems, cloud storage providers, analytics tool suppliers.
  • Regulators and law enforcement authorities: in cases provided for by law: upon official requests from courts, financial intelligence units, or other authorised bodies.
  • Business partners: in the context of providing joint services — only where appropriate data protection guarantees are in place.
  • Successors: in the event of a merger, acquisition, or sale of the business — with prior notification to users of the change of data controller.

The Service does not sell your personal data to third parties for commercial purposes.

7. Data Security

The Service applies a range of technical and organisational measures to protect your data from unauthorised access, loss, alteration, or disclosure:

  • SSL/TLS encryption for all connections involving personal data;
  • Encryption of databases and backups;
  • Hosting of data on secured servers equipped with firewalls and intrusion detection systems;
  • Restriction of data access on a least-privilege basis;
  • Employee training on data protection requirements.

In the event of a security breach that poses a risk to your rights and freedoms, the Service undertakes to notify the relevant supervisory authority within 72 hours, and you — as soon as reasonably possible.

8. User Rights

In accordance with applicable data protection legislation, you have the following rights:

  • Right of access: to obtain confirmation of whether the Service processes your data, and to receive a copy of the data being processed.
  • Right to rectification: to request the correction of inaccurate or the completion of incomplete data.
  • Right to erasure: to request the deletion of data where the legally established grounds apply (“right to be forgotten”).
  • Right to restriction of processing: to request the suspension of processing in certain circumstances.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to object: to object to processing carried out on the basis of legitimate interest or for marketing purposes.

If you believe your rights have been violated, you have the right to lodge a complaint with the relevant personal data protection authority in your jurisdiction.

9. Protection of Minors

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with their personal data without the consent of their parents or legal representatives, please notify us immediately at [email protected]. The Service will dеlete such data as soon as reasonably possible.

10. Links to Third-Party Resources

The Service may contain links to third-party websites and services. This Privacy Policy does not apply to the actions of third parties. The Service recommends reviewing the privacy policies of third-party resources before using them.

11. Changes to the Privacy Policy

The Service reserves the right to make changes to this Privacy Policy.
Continued use of the Service after the changes take effect constitutes your acceptance of the updated Policy.

12. Contact Information

For all questions related to this Privacy Policy or the processing of your personal data, you may contact us at [email protected]. All enquiries are handled in the order they are received.