Cexc.io Team
September 23, 2025
1.1. This POLICY (“Policy”) applies to all personal data of Users that the Cexc.io Service and any related applications (including, without limitation, mobile applications) (“Service”) may obtain from Users in the course of using the Service.
The Service is owned by Codenest Corp, registration number 155760398, with its registered address at Via España, Delta Bank Building, 6th Floor, Suite 604D, Panama City, Republic of Panama.
1.2. Use of the Service, including registration of an account on the Service, constitutes the User’s unconditional consent to this Policy and the terms of data collection and processing specified herein; if the User disagrees with these terms, the User must refrain from using the Service. By using the Services, you accept the terms of this Policy and our Terms of Use, and you consent to the collection, use, disclosure, and storage of your information as described in this Policy. If you have not already done so, please also review the Terms of Use. The Terms of Use contain provisions that limit our liability to you and require that any disputes with us be resolved on an individual basis, rather than through class or representative actions. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, PLEASE DO NOT USE THE SERVICES.
2.1. Personal Data – any information relating directly or indirectly to a specific or identifiable individual (data subject), including standard data automatically obtained by the HTTP server when accessing the Service and subsequent User actions (host IP address, User’s operating system type, Site pages visited by the User, etc.).
2.2. Terms of Use – the agreement between the User and the Operator containing all necessary and essential terms for using the Service, granting access to the Service, and the User’s use of the Service, whereby this Policy is an integral part of the Terms of Use.
2.3. User (data subject, User) – an individual who visits, downloads, registers an Account on the Service, or otherwise uses the Service, regardless of whether they actually use the Service’s features.
2.4. Operator – Codenest Corp, registration number 155760398, with its registered address at Via España, Delta Bank Building, 6th Floor, Suite 604D, Panama City, Republic of Panama, which manages the Service and is the owner of the Service.
2.5. Service means the Cexc.io Service, including the website https://cexc.io/ and related ecosystems, including the application/mobile application, through which Cexc.io provides Users with certain functionality related to cryptocurrencies.
2.6. Account – the User’s account on the Service, containing User data and a set of access rights to the Service’s functionality.
2.7. Cookies – a piece of data as part of an HTTP request, intended to be stored on the User’s device and used by the Operator for User authentication, storing personal preferences and User settings, tracking User access session status, and maintaining User statistics.
2.8. Destruction of Personal Data – actions as a result of which it becomes impossible to determine the ownership of personal data to a specific User without excessive financial and organizational costs.
2.9. Processing of Personal Data – any action (operation) or set of actions (operations) performed on personal data with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
3.1. This Policy governs the processing of personal data during the interaction between the Operator and the User in connection with the use of the Service.
3.2. The Policy is developed in accordance with the requirements of:
3.2.1. Applicable legislation;
3.2.2. Contracts concluded by the Operator;
3.2.3. Other regulatory documents, taking into account modern requirements in the field of personal data protection, including the General Data Protection Regulation (GDPR).
3.3. This Policy is published on the Service.
4.1. The Operator may process the following personal data of Users:
4.1.1. User’s last name, first name, patronymic, if this information is indicated as the User’s name/full name;
4.1.2. Gender;
4.1.3. Citizenship;
4.1.4. Email address;
4.1.5. Phone number;
4.1.6. Details of an identity document;
4.1.7. Date and place of birth;
4.1.8. Registration address (according to passport/temporary registration) and actual residential address;
4.1.9. Login to access the Service;
4.1.10. Password for using the Service;
4.1.11. Financial information, including supporting documents of source of funds, documents on use of funds, etc., requested for compliance with international industry regulations, local regulatory requirements, including Anti-Money Laundering (AML) and Know Your Customer (KYC) procedures;
4.1.12. IP address of the device used to access the Service, information about the operating system, access time, location;
4.1.13. Type and version of the browser used;
4.1.14. History of transactions conducted on the Service;
4.1.15. Cookie data;
4.1.16. Data about content posted on the Service, data about activity on the Service.
5.1. Users’ personal data obtained during the use of the Service may be processed for the following purposes:
5.1.1. Providing the Service’s capabilities, as well as User identification;
5.1.2. Collecting and analyzing statistical data on the Service’s operation;
5.1.3. Protecting User accounts and data archiving;
5.1.4. Improving the performance and functionality of the Service;
5.1.5. Compliance with the requirements of applicable law;
5.1.6. Informing Users about products, features, and updates of the Service (including any sales, marketing promotions, or events), as well as sending important notices regarding the Service’s operation;
5.1.7. Communicating with the User regarding the Service’s functioning through the Operator’s official channels, processing User requests, responding to User inquiries;
5.1.8. Maintaining a high level of User satisfaction by measuring system performance;
5.1.9. Analyzing and improving the Service’s performance;
5.1.10. Ensuring the security of the product website;
5.1.11. Modeling, reporting, evaluation, risk monitoring, researching current or new products, and identifying potential leads;
5.1.12. Preparing reporting documents on the basis of which financial operations are carried out;
5.1.13. Fulfilling storage, reporting, and disclosure obligations established by competent government authorities in accordance with applicable law, as well as ensuring compliance with requests or decisions made by said authorities;
5.1.14. Notifying competent government authorities for the purpose of investigating, detecting, and preventing offenses;
5.1.15. Resolving current and potential legal disputes and claims;
5.1.16. Ensuring the security of the User’s account and protecting the system as a whole;
5.1.17. Fulfilling obligations under legislation on anti-money laundering, prevention of corruption, fraud, terrorism, and other offenses;
5.1.18. Preparing reports and providing information about contracts concluded by us with third parties (service providers, agents, credit institutions, etc.).
5.2. The processing of personal data is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purposes of their collection is not permitted.
5.3. The Operator has the right to entrust the processing of the User’s personal data to third parties only with the consent of the personal data subject, based on applicable law, and/or within the framework of an agreement with the User.
5.4. When transferring the processing of personal data to a third party, the Operator is obliged to define the list of actions (operations) with personal data that this party will perform, as well as the purposes of processing, to oblige said party to maintain the confidentiality of personal data and ensure their security during processing; requirements for the protection of processed personal data must also be established.
5.5. When transferring User’s personal data, access is granted only to specially authorized persons, and such persons have the right to receive only those personal data necessary for the performance of their official duties.
6.1. The Operator receives and processes your personal data on the basis of and in connection with the receipt and/or execution of:
6.1.1. Contracts, applications, and other documents concluded in connection with the execution of the Terms of Use;
6.1.2. Notifications from Users;
6.1.3. Inquiries to the call center and technical support;
6.1.4. Data from third parties – service providers, subsidiary, branch, and partner companies of the Operator.
6.2. When collecting and processing personal data, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of the User’s personal data.
6.3. In the process of processing personal data, the Operator performs the following actions: collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, anonymization, blocking, deletion, destruction of information, and other actions for the purpose of complying with the Terms of Use and providing access to the Service.
6.4. Personal data is stored on electronic media.
6.5. Personal data must be stored in a manner that prevents their loss or misuse. Storage of personal data is carried out in a form that allows identification of the personal data subject for no longer than required by the purpose of personal data processing, unless a different storage period is established by applicable law or the Terms of Use.
6.6. Information about the User will be stored solely for the period necessary to achieve the purposes described in this Policy, and only to the extent required to comply with applicable law, resolve disputes, and enforce contractual rights.
6.7. The Operator may store Customer Personal Data for a longer period than specified in clause 6.6 if necessary to fulfill the Service’s legal obligations (including responding to law enforcement requests or resolving disputes), to ensure compliance with applicable law, or if such storage is justified by the Service’s legitimate interests (e.g., ensuring security and preventing fraud).
6.8. All confidentiality measures for the collection, processing, and storage of personal data apply to both paper and electronic (automated) media.
6.9. The processing of personal data by the Operator may be carried out in the following ways:
6.9.1. manual processing of personal data;
6.9.2. automated processing of personal data;
6.9.3. transfer of the obtained information via the Operator’s internal network (information is accessible only to strictly designated employees of the Operator);
6.9.4. transfer of the obtained information using public information and telecommunication networks;
6.9.5. non-transfer of the obtained information;
6.9.6. mixed method of personal data processing.
6.10. The Operator does not make decisions based solely on automated processing of personal data that give rise to legal consequences for the personal data subject or otherwise significantly affect their rights and legitimate interests.
6.11. A decision entailing legal consequences for the personal data subject or otherwise affecting their rights and legitimate interests may be based solely on automated processing of their personal data only with the written consent of the personal data subject or in cases provided for by regulatory legal acts, whereby measures must be established to ensure the observance of the rights and legitimate interests of the personal data subject.
7.1. The User has the right to:
7.1.1. access information about the personal data processed by the Operator using the Account, including information about the purposes and methods of processing;
7.1.2. independently make changes and corrections to their own personal data, delete personal data placed in the personal account on the Service;
7.1.3. demand the modification or correction of personal data from the Operator;
7.1.4. demand notification of all persons who were previously provided with incorrect or incomplete personal data;
7.1.5. receive from the Operator information about third parties to whom the Operator has transferred personal data;
7.1.6. receive from the Operator information about the procedure for processing their personal data within the Operator’s authority and according to the procedures adopted by the Operator;
7.1.7. receive the personal data provided to the Operator in a structured, commonly used, and machine-readable format and transmit those data to other operators;
7.1.8. demand the deletion and/or destruction, in whole or in part, of their personal data, the imposition of restrictions on the processing of their personal data, as well as the withdrawal of consent to the processing of personal data;
7.1.9. demand compensation for damages in case of harm resulting from unlawful processing of personal data;
7.1.10. lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates applicable data protection laws.
7.2. The User should be aware that the deletion of personal data or withdrawal of consent to data processing may result in the inability to use the Service’s functionality fully or partially.
The Operator and the Service are not intended for individuals under the age of 18, and we do not knowingly request or collect information from individuals under the age of 18. If you are under 18, please do not provide any personal information through the Operator’s Service. If it is suspected that a User who provided personal data is under the age of 18, the Operator will require the relevant User to close their account and will take measures to delete their information as soon as possible.
9.1. When processing personal data, the Operator takes the necessary legal, organizational, and technical measures and ensures their implementation to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data, which includes, in particular (but not exclusively):
9.1.1. appointment of a person responsible for the processing of personal data (DPO), who can be contacted at the following email address: _____________;
9.1.2. limiting the number of employees with access to personal data;
9.1.3. software identification of Users and recording of their actions;
9.1.4. implementation of antivirus control and other measures against malicious software;
9.1.5. implementation of backup and recovery tools;
9.1.6. regular updating of software used in the processing of personal data to ensure the security of the processed data;
9.1.7. application of encryption when transmitting personal data over the Internet;
9.1.8. taking measures related to allowing only authorized persons into the technical equipment installation sites;
9.1.9. using storage facilities for physical media containing personal data.
9.2. The Service undertakes to protect Users’ information with the same care it protects its own data and network. The Service does not allow third parties to contact Users directly without their consent regarding their products or services. The Service does not sell, exchange, or rent out identifiable personal information of Users.
9.3. The Service uses various security measures to help keep Users’ personal information secure. However, the Service cannot guarantee that these measures will prevent all attempts to bypass privacy or security settings on its website and application, whether as a result of unforeseen circumstances or unlawful actions. Therefore, the Service makes no express or implied warranties that such access can be completely prevented.
The Operator undertakes to keep confidential information obtained at its disposal strictly confidential and takes all necessary measures to ensure the confidentiality of the information and prevent its improper disclosure or unauthorized use.
11.1. The Operator uses cookies and similar technologies when you visit the Operator’s Service or in marketing communications. This section explains what these technologies are, why we use them, and your rights regarding controlling their use.
11.2. Cookies are small files, usually consisting of letters and numbers, that are downloaded to your computer or mobile device when you visit certain websites. When you return to these sites or visit other sites that use the same cookies, the sites recognize these cookies and your device. Cookies cannot read data from your hard drive or read cookies set by other sites.
11.3. We use first-party and third-party cookies to recognize you as a __________ User, customize __________ services, content, and advertising, measure the effectiveness of advertising, and collect information about your computer or other access device for the purposes of risk reduction, fraud prevention, and ensuring trust and security.
11.4. We may place third-party cookies that may use information about your visits to other websites to target advertisements about products and services offered by the Operator.
11.5. The Operator does not control the types of information collected and stored by these third-party cookies. The User should review the third party’s privacy policy for more information about how they use cookies.
11.6. The types of cookies we use:
11.6.1. Necessary Cookies. These cookies are necessary for the Service to function and cannot be disabled. They are usually set only in response to User actions that constitute a request for services, such as setting your privacy settings, logging in, or filling out forms. They also include cookies that the Operator may rely on to prevent fraud. You can set your browser to block or alert you about these cookies, but some parts of the site may not function then;
11.6.2. Analytical/Performance Cookies. These cookies allow the Operator to count visits and traffic sources so the Operator can measure and improve the performance of the Service. They help us understand which pages are the most and least popular and see how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, the Operator will not know when you have visited the Operator’s site and will not be able to monitor its performance.
11.6.3. Functionality Cookies. These cookies allow the Operator to remember choices you make and tailor the Service to provide you with relevant content. For example, functionality cookies can remember your preferences.
12.1. The destruction of the User’s personal data is carried out in the following cases:
12.1.1. Upon achieving the purposes of their processing or in case of loss of the necessity to achieve them within a period not exceeding thirty days from the date of achieving the purpose of personal data processing, unless otherwise provided by the contract of which the User is a party, or another agreement between the Operator and the User (their representative);
12.1.2. In case of unlawful processing of personal data or upon lawful withdrawal of personal data within a period not exceeding ten business days from the identification of such fact;
12.1.3. Upon expiration of the personal data storage period defined in accordance with applicable law and the Operator’s organizational and administrative documents, including withdrawal of consent to the processing of the User’s personal data;
12.1.4. Upon receipt of an order from the authorized body for the protection of the rights of personal data subjects or a court decision.
12.1.5. The parties acknowledge and agree that the Operator has the right to destroy copies of personal data at its discretion, including in case of unauthorized access to personal data by third parties.
13.1. The Operator may enter into contracts with third parties who require access to personal information to provide the Services. Any such third-party service providers undertake to comply with the terms of this Policy and to use the information solely in accordance with the Operator’s instructions.
13.2. The User agrees that the Operator may transfer their information to its contractual partners. Any disclosure of information will be made only in the manner described in this Policy.
13.3. The Operator may transfer personal data to the following persons, considering the purposes of processing:
13.3.1. Its employees, as well as developers of the Service;
13.3.2. Partners, consultants, lawyers, auditors, court and/or law enforcement agencies, as well as government bodies and organizations for conducting legal and financial checks;
13.3.3. Persons, institutions, organizations having grounds to access personal data by virtue of legal provisions;
13.3.4. Hosting providers, web analytics and technical support providers, as well as marketing service providers;
13.3.5. Subsidiary, affiliated, interdependent structures of the Operator;
13.3.6. Credit institutions;
13.3.7. Other third parties provided for by the User’s Consent to the processing of personal data.
13.4. Notwithstanding any contrary provisions in this Policy, the Operator may preserve or disclose your information if it reasonably believes that such action is necessary to comply with applicable law, regulatory requirements, legal process, or a government request; to protect the safety of any person; to prevent or address cases of fraud, security, or technical issues; or to protect the rights or property of the Operator or its users.
14.1. The User consents to the cross-border transfer of personal data to the territory of other states for the processing of personal data at the location of the Copyright Owner for the purposes specified in Section 5 of this Policy.
14.2. The Operator may carry out cross-border transfer of personal data to states that both ensure and do not ensure adequate protection of the rights of personal data subjects, for the purposes specified in Section 5 of this Policy.
14.3. Before commencing the cross-border transfer of personal data, the Operator is obliged to ensure that the foreign state to whose territory the transfer of personal data is intended provides adequate protection of the rights of personal data subjects.
14.4. Cross-border transfer of personal data to the territories of foreign states that do not meet the specified requirements may be carried out only with the written consent of the User to the cross-border transfer of their personal data and/or the conclusion of a contract, the parties to which are the User and the Operator.
14.5. The Operator undertakes to make reasonable efforts to ensure that third parties gaining access to personal data through cross-border transfers take the necessary technical and administrative measures to protect the transferred personal data.
15.1. Users have the right to send their requests to the Operator by email: __________________ regarding the use of personal data.
15.2. The Operator undertakes to consider and respond to the User’s request within thirty (30) days from the date of receipt of the request.
15.3. All correspondence received by the Operator from Users (written or electronic appeals) is confidential information and shall not be disclosed without the User’s written consent. Personal data and other information about the User who sent the appeal cannot be used without the User’s special consent for any purposes other than responding to the appeal, except as expressly provided by law.
16.1. The Operator may place links on the Service to third-party websites that may redirect Users to these third-party resources. The Operator is not responsible for the collection, processing, and deletion of Users’ personal data by such third parties or for the content of these sites. For more information, please review the privacy policies of the respective third parties available through these links.
17.1. The term for processing personal data processed by the Operator is equal to the term of the Operator’s obligations or until the withdrawal of consent by the User or the termination of the Operator’s activities.
17.2. Withdrawal of consent is carried out by the User or their representative sending a written statement to the Operator, drawn up in free form, in such a way that it is possible to reliably identify the person who signed and sent the statement, as well as the basis of the representative’s authority.
The statement must be sent to the following email address: ____________________.