Last Updated: April 16, 2025

XPayr ("Platform", "we", "us") values the privacy of its users and is committed to protecting your personal data. This Privacy Policy explains how the Platform collects, processes, stores, and protects your personal data. By using the Platform, you consent to the data processing practices described in this policy.

1. Data We Collect

The Platform may collect the following categories of personal data:

Identity Information: For Know Your Customer (KYC) procedures, such as name, surname, date of birth, identification documents (passport, driver’s license, etc.), and photographs.

Contact Information: Email address, phone number, or other contact details.

Transaction Information: Cryptocurrency wallet addresses, transaction amounts, dates, and related metadata.

Technical Data: IP address, browser type, device information, operating system, and logs related to your use of the Platform.

Other Information: Additional information voluntarily provided by you (e.g., during support requests).

2. Purpose of Data Collection

Your personal data is collected and processed for the following purposes:

Service Provision: To facilitate payment transactions, manage user accounts, and ensure the Platform’s functionality.

KYC/AML Compliance: To verify identities and monitor suspicious transactions to prevent money laundering and terrorist financing.

Legal Obligations: To comply with applicable laws and regulations, such as reporting suspicious activities to relevant authorities.

Communication: To contact users for support requests, updates, or notifications.

Security: To ensure the Platform’s security, prevent fraud, and detect technical issues.

Improvement: To analyze and enhance the Platform’s services and user experience.

3. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds:

Contractual Necessity: Processing is necessary to provide the Platform’s services (e.g., for payment transactions).

Legal Obligation: To comply with KYC/AML and international sanctions regulations.

Legitimate Interests: To ensure the Platform’s security, improve services, and prevent fraud.

Consent: In certain cases, such as marketing communications, your explicit consent may be obtained.

4. Data Sharing

Your personal data may be shared with third parties in the following circumstances:

Legal Authorities: With relevant authorities for legal obligations or reporting suspicious activities (e.g., law enforcement, regulators).

Service Providers: With trusted third-party providers for services such as KYC verification, data storage, or technical support (only to the extent necessary and under confidentiality agreements).

Blockchain Networks: Transaction data may be recorded on public blockchain networks due to the nature of cryptocurrency transactions. Such data is beyond the Platform’s control.

The Platform does not share or sell your personal data for marketing purposes.

5. Data Retention

Your personal data is retained only for as long as necessary for the purposes for which it was collected. For example:

KYC data is typically retained for [5 years] as required by law.

Transaction data may be retained for the duration required for regulatory audits.

Retention periods are determined based on applicable laws and the purpose of processing.

Data no longer needed is securely deleted or anonymized.

6. Data Security

The Platform implements appropriate technical and organizational measures to protect your personal data (e.g., encryption, access controls, secure servers).

However, please note that data transmission over the internet or blockchain networks is not entirely secure. The Platform is not liable for security breaches beyond its control.

7. User Rights

Under GDPR and other data protection laws, you have the following rights:

Access: To know whether your data is being processed and what data is processed.

Rectification: To correct inaccurate or incomplete data.

Erasure: To request the deletion of your data, where not prohibited by legal obligations.

Restriction: To restrict the processing of your data in certain circumstances.

Data Portability: To receive your data in a structured format.

Objection: To object to data processing based on legitimate interests.

Withdraw Consent: To withdraw consent for processing based on consent.

To exercise these rights, contact us at [email protected]. Your requests will be responded to within [30 days], in accordance with applicable laws.

8. International Data Transfers

As the Platform provides global services, your data may be processed in different countries. Some countries may not have adequate data protection standards. In such cases, the Platform commits to protecting your data through appropriate safeguards (e.g., standard contractual clauses).

9. Cookies and Tracking Technologies

The Platform may use cookies and similar technologies to provide services and improve user experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the Platform’s functionality.

For more details, visit our Cookie Policy

10. Third-Party Links

The Platform may contain links to third-party websites or services. These links are not under the Platform’s control, and we are not responsible for their privacy practices.

11. Children’s Privacy

The Platform does not provide services to individuals under 18 years of age. We do not knowingly collect or process children’s personal data. If we discover that a child’s data has been collected inadvertently, we will promptly delete it.

12. Changes to This Policy

This Privacy Policy may be updated as needed. Updates will be published on the Platform’s website ([website URL]) and take effect upon publication. By continuing to use the Platform after updates, you accept the revised policy.

13. Contact

For questions about this Privacy Policy or our data processing practices:

Email: [email protected]