Before You Click 'I Agree': How Binance, Coinbase and 22 Other Crypto Exchanges Handle Your Data

Bakkt (last updated Oct. 28, 2020)

Bank relationship number, recognition paper number, debit paper number, details of transactions connected the platform

Binance (last updated Jan. 12, 2022)

Transaction history

Bitfinex (last updated May 27, 2021)

Bank statements, slope relationship number

BitMEX (last updated Aug. 28, 2020)

Payment details, including wallet address(es)

Bitstamp (last updated Nov. 5, 2020)

Bank relationship number, slope connection and trading information

Bittrex (last updated Dec. 31, 2019)

Bank relationship and outgo details, transactions data, portfolio data

Blockchain.com (last updated Dec. 16, 2021)

Bank relationship accusation and/or recognition paper details, transactions past and relationship balances

BlockFi (last updated June 15, 2021)

"Transaction Data specified arsenic cryptocurrency wallet address(es), accusation relating to your BlockFi relationship and cryptocurrency trading transactions and related accusation for deposits oregon withdrawals, recognition paper accusation (last 4 digits of number, expiration date, paper status), recognition paper outgo accusation (amount, date, frequency, status, balance), accusation relating to recognition paper transactions;
Financial Data specified arsenic slope name, slope relationship number, slope routing number, income type, yearly income amount, monthly lodging expenses, accusation that whitethorn beryllium received from user reporting agencies (e.g., recognition bureau reports)."

Celsius (last updated October, 2021)

Bank relationship oregon different fiscal information; records of products oregon services purchased, obtained, oregon considered, oregon different purchasing histories oregon tendencies

Coinbase (last updated Oct. 8, 2021)

Bank relationship information, outgo paper superior relationship fig (PAN), transaction history, trading data, and/or taxation identification.

Crypto.com (last updated Sept. 30, 2021)

Bank account, outgo paper details, virtual currency accounts, stored worth accounts, amounts associated with accounts, outer relationship details, root of funds and related documentation.

Deribit (undated)

Bank relationship statement, the code of your wallet from which you deposit/withdraw cryptocurrency into/from your account; orders, trades, positions and balances.

eToro (last updated May 20, 2020)

Annual income, concern portfolio, full currency and liquid assets and different details; worth and currency of immoderate deposit, withdrawal, oregon transaction made and the outgo method.

FTX (last updated Dec. 23, 2021)

Bank relationship information, routing number, transaction history, trading information and/or taxation identification, transaction information, sanction of the recipient and the trading amount.

Gemini (last updated Dec. 8, 2021)

Bank relationship information, routing number, trading activity, bid activity, deposits, withdrawals, relationship balances

Huobi (last updated April 27, 2021)

Debit paper accusation and/or different relationship information, transactions record

Kraken (last updated Nov. 23, 2021)

Bank relationship information, recognition paper details, details astir root of funds, assets and liabilities, Office of Foreign Assets Control (OFAC) information, trading relationship balances, trading activity

LocalBitcoins (last updated June 10, 2020)

Financial accusation whitethorn see accusation related to your income, wealth, slope relationship accusation and/or taxation identification, bitcoin transaction information.

Nexo (undated)

Not specified

Okcoin (last updated Dec. 18, 2020)

Bank relationship information, transactions data

OKEx (last updated Dec. 3, 2020)

Not specified

Paxful (undated)

Social Security fig oregon relationship balances, outgo past oregon transaction history, recognition past oregon recognition scores, commercialized chat messages, "which whitethorn incorporate fiscal accusation if you supply it to sellers"

Poloniex (last updated May 4, 2020)

Transactional information including records for trades, deposits, and withdraws, different league information linked to account

SALT (last updated Jan. 6, 2021)

Loan requests, indebtedness amounts, indebtedness outgo information, transaction history, cryptocurrency wallet accusation and fiscal information specified arsenic slope sanction and relationship number

Bakkt (last updated Oct. 28, 2020)

Service providers and/or information processors, counterparties successful transactions, fiscal institutions and recognition bureaus, different 3rd parties

Binance (last updated Jan. 12, 2022)

Subsidiaries oregon affiliates, third-party work providers and others.

Bitfinex (last updated May 27, 2021)

Bitrefill, Chainalysis, Celsius Network, getResponse, happyCOINS, hCaptcha, Mercuryo, OWNR WALLET, WorldCheck, Twilio, Simplex, Zendesk. (This database does not see banks to which idiosyncratic accusation is transferred for outgo purposes successful accordance with planetary banking practice.)

BitMEX (last updated Aug. 28, 2020)

Companies belonging to HDR Group (BitMEX genitor company), Amazon Web Services, Google ReCAPTCHA, Yubikey, Jumio, Freshdesk, Segment.io, Sentry.io, Google Analytics, SendGrid, Pagerduty, Solarwinds, Intercom, Onfido.
"Personal information whitethorn beryllium shared with 3rd enactment participants successful our affiliate programme (or immoderate different successor oregon parallel programme of a akin nature) who referred you to our tract (so they tin way palmy referrals), and partners for promotions oregon work integrations. Information connected humanities trades whitethorn besides beryllium shared with different trading platforms and exchanges. Personal information whitethorn beryllium shared with courts oregon nationalist authorities if required arsenic described above, mandated by instrumentality oregon regulation, oregon required for the ineligible extortion of our oregon 3rd enactment morganatic interests, successful compliance with applicable laws and regulations, and applicable / competent nationalist authorities’ requests."

Bitstamp (last updated Nov. 5, 2020)

"May stock accusation with recognition notation agencies, anti-fraud databases, screening agencies and different partners we bash concern with."
"With respect to US residents, we besides whitethorn stock your accusation with different fiscal institutions, arsenic authorized nether Section 314(b) of the US Patriot Act, and with taxation authorities, including the US Internal Revenue Service, pursuant to the Foreign Account Tax Compliance Act (“FATCA”), to the grade that this statute whitethorn beryllium determined to use to Bitstamp."

Bittrex (last updated Dec. 31, 2019)

Suppliers and outer agencies, subsidiaries, associates and agents, regulators, instrumentality enforcement agencies and different authorities, consultants, bankers, nonrecreational indemnity insurers, brokers and auditors; "other organizations wherever speech of accusation is for the intent of fraud extortion oregon recognition hazard reduction," indebtedness betterment agencies.

Blockchain.com (last updated Dec. 16, 2021)

Affiliates, unreality work providers, fraud detection service, spam and maltreatment detection providers

BlockFi (last updated June 15, 2021)

Affiliates, BlockFi Rewards Visa Signature Card partners, work providers.

Celsius (last updated October 2021)

Subsidiaries, affiliated companies, subcontractors and different third-party work providers, concern partners (such arsenic GEM, Coinify, Simplex and Wyre), auditors oregon advisers, "any imaginable purchasers oregon 3rd enactment acquirer(s) of each oregon immoderate information of our concern oregon assets, oregon investors successful the company."

Coinbase (last updated Oct. 8, 2021)

Jumio, SolarisBank AG, Sift Science, Plaid, Paysafe, different fiscal institutions and work providers.

Crypto.com (last updated Sept. 30, 2021)

Service providers, agents, subcontractors and different associated organizations, affiliates

Deribit (undated)

Cloud work providers, bundle suppliers, affiliates

eToro (last updated May 20, 2020)

Affiliates, advisors, vendors, consultants and different work providers, specified arsenic outgo work providers, IT hosting companies, banks, different fiscal institutions and recognition notation agencies

FTX (last updated Dec. 23, 2021)

Service providers, concern partners, NFT partners, affiliates, advertizing partners

Gemini (last updated Dec. 8, 2021)

Service providers, affiliates, advisers

Huobi (last updated April 27, 2021)

Affiliates and partners

Kraken (last updated Nov. 23, 2021)

Affiliates, subsidiaries, work providers and concern partners

LocalBitcoins (last updated June 10, 2020)

Onfido, Jumio, Google, Sentry.io, SendGrid Inc, Nexmo, Twilio, TM4B;
auditors, lawyers, accountants, consultants and different nonrecreational advisors, outer services oregon authorities

Nexo (undated)

"Hosting partners and different parties who assistance america successful operating our website, conducting our business, oregon serving our users, truthful agelong arsenic those parties hold to support this accusation confidential."

Okcoin (last updated Dec. 18, 2020)

Affiliates, work providers and different 3rd parties, "entities successful transportation with immoderate financing, acquisition oregon dissolution proceedings."

OKEx (last updated Dec. 3, 2020)

Not disclosed

Paxful (undated)

Service providers, information processors, different parties to transactions, specified arsenic sellers, fiscal institutions, affiliates

Poloniex (last updated May 4, 2020)

Affiliates, advertisement and different concern partners, work providers.

SALT (last updated Jan. 6, 2021)

Subsidiaries and affiliates, contractors, work providers, including those providing ID verification, consulting, sales, lawsuit enactment operations, outgo processing and method enactment oregon services; fiscal institutions.

Bakkt (last updated Oct. 28, 2020)

"We besides cod accusation astir you from 3rd parties, specified arsenic wealth laundering and fraud prevention accusation providers, selling agencies, individuality and creditworthiness verification services, and analytics and accusation providers. We whitethorn harvester accusation we cod astir you with accusation from 3rd parties."

Binance (last updated Jan. 12, 2022)

"We whitethorn person accusation astir you from different sources specified arsenic recognition past accusation from recognition bureaus."

Bitfinex (last updated May 27, 2021)

Not specified

BitMEX (last updated Aug. 28, 2020)

"We person idiosyncratic information from partners erstwhile they notation you to america (for example, we person information astir the work you used, and that referred you). We volition person confirmation from Yubico Cloud that you person successfully authenticated utilizing a Yubikey registered with that service. Third parties whitethorn show the Web connected our behalf, for illustration looking for stolen usernames and passwords. Our communications work supplier whitethorn besides alteration america to larn much astir your societal media presence, successful bid for america to nonstop you much personalised communications. Finally, immoderate authorities oregon different persons seeking entree to accusation astir users whitethorn supply accusation astir the circumstances of their request, and astir the individuals of interest."

Bitstamp (last updated Nov. 5, 2020)

"We whitethorn cod Personal Data from third-party partners and nationalist sources, which include:
- Reputational information;
- Financial information;
– Business activities of firm customers."

Bittrex (last updated Dec. 31, 2019)

"Analytic providers specified arsenic Google Analytics; advertizing networks; hunt accusation providers.
Identity, Contact, AML / KYC Data from publically disposable sources specified arsenic nationalist tribunal documents, the firm registrars with the U.S. and different jurisdictions, and from physics information searches, online KYC hunt tools (which whitethorn beryllium subscription oregon licence based), anti-fraud databases and different 3rd enactment databases, sanctions lists, outsourced third-party KYC providers and from wide searches carried retired via online hunt engines (e.g. Google)."

Blockchain.com (last updated Dec. 16, 2021)

Affiliates, banks oregon outgo processors, advertizing oregon analytics providers.
"Banks oregon outgo processors that you usage to transportation fiat currency whitethorn supply america with basal Personal Data, specified arsenic your sanction and address, arsenic good as, your slope relationship information.
Advertising oregon analytics providers whitethorn supply america with anonymised accusation astir you, including but not constricted to, however you recovered our website."

BlockFi (last updated June 15, 2021)

"May include, but are not constricted to, nationalist databases, recognition bureaus, individuality verification partners, resellers and transmission partners, associated selling partners, advertizing networks and analytics providers, societal media platforms, and our BlockFi Rewards Visa Signature Card partner."

Celsius (last updated October 2021)

"Our affiliates, our work providers, oregon our affiliates’ work providers; nationalist websites oregon different publically accessible directories and sources, including bankruptcy registers, taxation authorities, governmental agencies and departments, and regulatory authorities; and/or from recognition reporting agencies, sanctions screening databases, oregon from sources designed to observe and forestall fraud oregon fiscal crimes."

Coinbase (last updated Oct. 8, 2021)

Companies affiliated with Coinbase, nationalist databases, recognition bureaus, ID verification partners, associated selling partners and resellers, advertizing networks and analytics providers, nationalist blockchains.

Crypto.com (last updated Sept. 30, 2021)

"- Fraud and transgression prevention agencies,
- a lawsuit referring you,
- nationalist blockchain,
- publically disposable accusation connected the Internet (websites, articles etc.)."

Deribit (undated)

Not specified

eToro (last updated May 20, 2020)

"May include, for example, individuality verification agencies, recognition referencing agencies and akin bodies. We whitethorn besides cod accusation astir you from 3rd parties, erstwhile you usage oregon link to eToro by oregon done a 3rd enactment platform, specified arsenic Facebook oregon different site, you let america to entree and/or cod definite accusation from your Third Party Platform profile/account arsenic permitted by the presumption of the statement and your privateness settings with the 3rd enactment platform. We volition stock specified accusation with the 3rd enactment level for their use."

FTX (last updated Dec. 23, 2021)

"We whitethorn besides usage Google Analytics and different work providers to cod accusation regarding visitant behaviour and visitant demographics connected our Services... We whitethorn usage Plaid Technologies, Inc. ('Plaid'), arsenic a vendor to cod accusation astir you...
if you entree our Services done a third-party application, specified arsenic an app store, a third-party login service, oregon a societal networking site, we whitethorn cod accusation astir you from that third-party exertion that you person made nationalist via your privateness settings. Information we cod done these services whitethorn see your name, your idiosyncratic recognition number, your idiosyncratic name, location, gender, commencement date, email, illustration picture, and your contacts stored successful that service."

Gemini (last updated Dec. 8, 2021)

"Identification Information, specified arsenic name, email, telephone number, postal address, authorities recognition numbers (which whitethorn see Social Security Number oregon equivalent, driver’s licence number, passport number);
Financial Information, specified arsenic slope relationship information, routing number;
Transaction Information, specified arsenic nationalist blockchain information (bitcoin, ether, and different Digital Assets are not genuinely anonymous).
Credit and Fraud Information, specified arsenic recognition investigation, recognition eligibility, individuality oregon relationship verification, fraud detection, oregon arsenic whitethorn different beryllium required by applicable law; and further Information.

Huobi (last updated April 27, 2021)

Not specified

Kraken (last updated Nov. 23, 2021)

Banks: name, address, slope relationship details.
Users' concern partners: name, address, financial.
Advertising networks, analytics providers, hunt accusation providers: anonymized oregon de-identified accusation connected however you recovered website.
"Credit agencies bash not supply america with immoderate idiosyncratic accusation astir you, but whitethorn beryllium utilized to corroborate the accusation you person provided to us."

LocalBitcoins (last updated June 10, 2020)

Not specified

Nexo (undated)

Not specified

Okcoin (last updated Dec. 18, 2020)

Not specified

OKEx (last updated Dec. 3, 2020)

Not specified

Paxful (undated)

Service providers and information processors, affiliates, "third-parties who whitethorn assistance america verify identity, forestall fraud, and support the information of transactions," "third-parties who whitethorn assistance america measure your creditworthiness oregon fiscal standing," "third-parties who whitethorn assistance america analyse Personal Data, amended the Website oregon the Services oregon your acquisition connected it, marketplace products oregon services, oregon supply promotions and offers to you," societal media platforms

Poloniex (last updated May 4, 2020)

"We whitethorn get Personal Data astir you from different sources, including done 3rd enactment services specified arsenic sanctions screening services and different organizations to supplement accusation provided by you."

SALT (last updated Jan. 6, 2021)

Google Analytics, Full Story.
Public databases and ID verification partners, nationalist blockchains: "Such accusation whitethorn see your name, address, occupation role, nationalist employment profile, recognition history, presumption connected immoderate sanctions lists maintained by nationalist authorities, and different applicable data."
"We whitethorn analyse nationalist blockchain information to guarantee parties utilizing our services are not engaged successful amerciable oregon prohibited enactment nether our Terms, and to analyse transaction trends for probe and improvement purposes."

Bakkt (last updated Oct. 28, 2020)

"Complying with our policies and obligations, including but not constricted to, disclosures made successful effect to immoderate requests from instrumentality enforcement authorities and/or regulators successful accordance with immoderate applicable law, rule, regulation, judicial oregon governmental order, regulatory authorization of competent jurisdiction, find request, proposal of counsel oregon akin ineligible process."

Binance (last updated Jan. 12, 2022)

"When we judge merchandise is due to comply with the instrumentality oregon with our regulatory obligations; enforce oregon use our Terms of Use and different agreements; oregon support the rights, spot oregon information of Binance, our users oregon others."

Bitfinex (last updated May 27, 2021)

"When specified requests are received, Bitfinex requires that it beryllium accompanied by due ineligible process. This tin alteration from spot to place. For example, accumulation orders, hunt warrants, freezing orders, seizure orders and subpoenas, but besides requests for voluntary disclosure of information whitethorn each magnitude to ineligible process. Bitfinex reviews each bid and petition for voluntary disclosure to find that it has valid ineligible ground and that immoderate effect is narrowly tailored to guarantee that lone the information and/or remedy to which instrumentality enforcement is entitled is provided. In addition, successful respect of requests relating to the freezing and/or seizing of assets, Bitfinex requires that the petition (i) follows the applicable section jurisdiction’s ineligible process and (ii) contains each indispensable instructions, including, wherever applicable, the duration of the freeze."

BitMEX (last updated Aug. 28, 2020)

"Mandated by instrumentality oregon regulation, oregon required for the ineligible extortion of our oregon 3rd enactment morganatic interests, successful compliance with applicable laws and regulations, and applicable / competent nationalist authorities’ requests."

Bitstamp (last updated Nov. 5, 2020)

"We whitethorn stock your Personal Data with instrumentality enforcement, information extortion authorities, authorities officials and different authorities when:
Compelled by tribunal bid oregon different ineligible procedure;
Disclosure is indispensable to study suspected amerciable activity; or
Disclosure is indispensable to analyse violations of this Privacy Policy oregon our Terms of Use."

Bittrex (last updated Dec. 31, 2019)

"To comply with immoderate ineligible obligation, judgement oregon nether an bid from a court, tribunal oregon authority."

Blockchain.com (last updated Dec. 16, 2021)

"We shall necessitate immoderate third-party, including without limitation, immoderate authorities oregon enforcement entity, seeking entree to the information we clasp to a tribunal order, oregon equivalent impervious that they are statutorily authorised to entree your information and that their petition is valid and wrong their statutory oregon regulatory power."

BlockFi (last updated June 15, 2021)

"Comply, arsenic necessary, with applicable laws and regulatory requirements;
Respond to ineligible oregon governmental requests oregon demands for accusation (e.g., subpoena, tribunal order, oregon different ineligible proceedings); and conscionable nationalist information requirements."

Celsius (last updated October, 2021)

"To comply with immoderate applicable law, regulation, ineligible process oregon governmental request."

Coinbase (last updated Oct. 8, 2021)

"When we are compelled to bash truthful by a subpoena, tribunal order, oregon akin ineligible procedure, oregon erstwhile we judge successful bully religion that the disclosure of idiosyncratic accusation is indispensable to forestall carnal harm oregon fiscal loss, to study suspected amerciable activity, oregon to analyse violations of our User Agreement oregon immoderate different applicable policies."

Crypto.com (last updated Sept. 30, 2021)

"Where the instrumentality allows oregon requires america to bash so."

Deribit (undated)

"We whitethorn supply your idiosyncratic information to competent authorities upon their petition to the grade legally required oregon to the grade indispensable to support our rights successful ineligible proceedings oregon investigations."

eToro (last updated May 20, 2020)

"To comply with tribunal orders, mandatory quality solution determinations and mandatory authorities authorization oregon instrumentality enforcement orders oregon directions;
to assistance regulatory, cybercrime, information and accusation extortion agencies and constabulary with their enquiries and enforcement, adjacent if not compelled to bash so."

FTX (last updated Dec. 23, 2021)

"To comply with instrumentality enforcement oregon nationalist information requests and ineligible process, specified arsenic a tribunal bid oregon subpoena; support your, our oregon others’ rights, property, oregon safety; enforce our policies oregon contracts; cod amounts owed to us; oregon assistance with an probe oregon prosecution of suspected oregon existent amerciable activity."

Gemini (last updated Dec. 8, 2021)

"In definite circumstances, courts, instrumentality enforcement agencies, regulatory agencies oregon information authorities successful those different countries whitethorn beryllium entitled to entree your Personal Information."

Huobi (last updated April 27, 2021)

"In compliance with laws, regulations, rules and regulations oregon orders from courts of instrumentality oregon different competent authorities."

Kraken (last updated Nov. 23, 2021)

"To comply with immoderate applicable laws and regulations, subpoenas, tribunal orders oregon different judicial processes, oregon requirements of immoderate applicable regulatory authority."

LocalBitcoins (last updated June 10, 2020)

"When specified disclosure is indispensable for compliance with a ineligible work to which we are subject, oregon successful bid to support your captious interests and/or the captious interests of a third-party."

Nexo (undated)

Not specified

Okcoin (last updated Dec. 18, 2020)

"To comply with immoderate law, tribunal order, subpoenas oregon authorities requests."

OKEx (last updated Dec. 3, 2020)

"To comply with authorities agencies, including regulators, instrumentality enforcement and/or justness departments."

Paxful (undated)

"In effect to a petition by a authorities agency, specified arsenic instrumentality enforcement authorities oregon a judicial order."

Poloniex (last updated May 4, 2020)

"To comply with immoderate law, subpoenas, tribunal orders, oregon authorities request, support against claims, analyse oregon bring ineligible enactment against amerciable oregon suspected amerciable activities, enforce our Terms, oregon to support the rights, safety, and information of us, our users, oregon the public."

SALT (last updated Jan. 6, 2021)

"To comply with immoderate tribunal order, law, regulatory request oregon ineligible process, including to respond to immoderate authorities oregon regulatory request."

Bakkt (last updated Oct. 28, 2020)

Not specified

Binance (last updated Jan. 12, 2022)

Not specified

Bitfinex (last updated May 27, 2021)

Not specified

BitMEX (last updated Aug. 28, 2020)

6 years from the past interaction

Bitstamp (last updated Nov. 5, 2020)

Biometric information destroyed instantly aft completion of ID verification process.
Other information: stored astatine slightest 5 years aft relationship deletion, "in immoderate cases up to 10 years, arsenic required by applicable law."

Bittrex (last updated Dec. 31, 2019)

7-10 years aft relationship deletion

Blockchain.com (last updated Dec. 16, 2021)

5 years oregon longer aft deletion

BlockFi (last updated June 15, 2021)

Not specified

Celsius (last updated October 2021)

Not specified

Coinbase (last updated Oct. 8, 2021)

"Personal accusation collected to comply with our ineligible obligations nether fiscal oregon anti-money laundering laws whitethorn beryllium retained aft relationship closure for arsenic agelong arsenic required nether specified laws.
Contact Information specified arsenic your name, email code and telephone fig for selling purposes is retained connected an ongoing ground until you unsubscribe. Thereafter we volition adhd your details to our suppression database to guarantee we bash not inadvertently marketplace to you.
Content that you station connected our website specified arsenic enactment table comments, photographs, videos, blog posts, and different contented whitethorn beryllium kept aft you adjacent your relationship for audit and transgression prevention purposes (e.g. to forestall a known fraudulent histrion from opening a caller account).
Recording of our telephone calls with you whitethorn beryllium kept for a play of up to six years.
Information collected via method means specified arsenic cookies, webpage counters and different analytics tools is kept for a play of up to 1 twelvemonth from expiry of the cookie."

Crypto.com (last updated Sept. 30, 2021)

5 years aft relationship deletion.
"Email addresses and content, chats, letters volition beryllium kept up to 6 years pursuing the extremity of our relationship, successful accordance with the regulation play applicable successful the Cayman Islands."

Deribit (undated)

5 years oregon longer aft relationship deletion

eToro (last updated May 20, 2020)

Not specified

FTX (last updated Dec. 23, 2021)

Not specified

Gemini (last updated Dec. 8, 2021)

Not specified

Huobi (last updated April 27, 2021)

Not specified

Kraken (last updated Nov. 23, 2021)

5 years oregon longer aft relationship deletion

LocalBitcoins (last updated June 10, 2020)

"For each users who person deleted their account:
Personally-identifiable analytics information is removed 14 days aft relationship deletion.
Notification information is not mostly stored by our processors but they whitethorn clasp enactment logs for a abbreviated play of clip (this clip varies depending connected the processor successful question but is not greater than 13 months).
For users who person not conducted oregon initiated immoderate trades oregon bitcoin transactions to their wallet, we volition delete each idiosyncratic information 14 days aft the support of your relationship deletion request.
For users who person conducted oregon initiated immoderate trades oregon sent oregon received immoderate bitcoin transactions utilizing their wallet and whose relationship deletion petition has been approved by us, our information deletion argumentation is the following:
Your nationalist illustration and advertisements volition beryllium hidden 14 days aft you delete your account.
Your idiosyncratic recognition information, ceremonial recognition information, institution information, fiscal and employment information, commercialized information, method accusation and connection accusation volition beryllium deleted 5 years aft you delete your account.
Bitcoin transaction accusation from our interior systems volition beryllium removed 5 years aft you delete your account, with the objection of publically disposable accusation connected the Bitcoin blockchain."

Nexo (undated)

Not specified

Okcoin (last updated Dec. 18, 2020)

Not specified

OKEx (last updated Dec. 3, 2020)

Not specified

Paxful (undated)

Not specified

Poloniex (last updated May 4, 2020)

Not specified

SALT (last updated Jan. 6, 2021)

Not specified

Bakkt (last updated Oct. 28, 2020)

"Bakkt has implemented administrative, carnal and method safeguards designed to support your Personal Information."

Binance (last updated Jan. 12, 2022)

"We enactment to support the information of your idiosyncratic accusation during transmission by utilizing encryption protocols and software. We support physical, physics and procedural safeguards successful transportation with the collection, retention and disclosure of your idiosyncratic information."

Bitfinex (last updated May 27, 2021)

"Internally, lone radical with a concern request to cognize Personal Information, oregon whose duties reasonably necessitate entree to it, are granted entree to customers' Personal Information. Such individuals volition lone process your Personal Information connected our instructions and are taxable to a work of confidentiality. We audit our idiosyncratic compliance regularly."
"The Site's systems and information are reviewed periodically to guarantee that you are getting a prime work and that starring information features are successful place. We person enactment successful spot procedures to woody with immoderate existent oregon suspected information breach and volition notify you and immoderate applicable regulator of a breach wherever we are legally required to bash so."

BitMEX (last updated Aug. 28, 2020)

Not specified

Bitstamp (last updated Nov. 5, 2020)

"...security measures include, but are not constricted to:
Password protected directories and databases; Secure Sockets Layered (SSL) exertion to guarantee that your accusation is afloat encrypted and sent crossed the Internet securely; and PCI Scanning to actively support our servers from hackers and different vulnerabilities.
All financially delicate and/or recognition accusation is transmitted via SSL exertion and encrypted successful our database. Only authorised Bitstamp unit are permitted entree to your Personal Data, and these unit are required to dainty the accusation arsenic highly confidential."

Bittrex (last updated Dec. 31, 2019)

"We person enactment successful spot due information measures to forestall your idiosyncratic information from being accidentally lost, utilized oregon accessed successful an unauthorized way, altered oregon disclosed. In addition, we bounds entree to your idiosyncratic information to those employees, agents, contractors and different 3rd parties who person a concern request to know. They volition lone process your idiosyncratic information connected our instructions and they are taxable to a work of confidentiality."

Blockchain.com (last updated Dec. 16, 2021)

"We support Personal Data with due physical, technological and organisational safeguards and information measures. Your Personal Data comes to america via the net which chooses its ain routes and means, whereby accusation is conveyed from determination to location. We audit our procedures and information measures regularly to guarantee they are being decently administered and stay effectual and appropriate. Every subordinate of Blockchain is committed to our privateness policies and procedures to safeguard Personal Data. Our tract has information measures successful spot to support against the loss, misuse and unauthorised alteration of the accusation nether our control. More specifically, our server uses TLS (Transport Layer Security) information extortion by encrypting your Personal Data to forestall individuals from accessing specified Personal Data arsenic it travels implicit the internet."

BlockFi (last updated June 15, 2021)

"We question to support non-public Personal Information that is provided to BlockFi by 3rd parties and you by implementing carnal and physics safeguards. Where we judge appropriate, we employment firewalls, intrusion prevention, encryption technology, idiosyncratic authentication systems (i.e. passwords and idiosyncratic recognition numbers) and entree power mechanisms to power entree to systems and data. We endeavor to prosecute work providers that person information and confidentiality policies, if specified work providers person entree to our client’s Personal Information. We instruct our employees to usage strict standards of attraction successful handling the idiosyncratic fiscal accusation of clients. As a wide policy, our unit volition not sermon oregon disclose accusation regarding an relationship but with authorized unit of our work providers, arsenic required by applicable instrumentality and regulatory requirements instrumentality or, pursuant to a regulatory petition and/or authority.
Despite our efforts to support the information of your information, nary information strategy is ever effectual and we cannot warrant that our systems volition beryllium wholly secure."

Celsius (last updated October 2021)

"We volition instrumentality tenable steps and usage technical, administrative and carnal information measures due to the quality of the accusation and that comply with applicable laws to support Personal Information against unauthorized entree and exfiltration, acquisition, theft, oregon disclosure."

Coinbase (last updated Oct. 8, 2021)

"We enactment to support the information of your idiosyncratic accusation during transmission by utilizing encryption protocols and software. We support physical, physics and procedural safeguards successful transportation with the collection, retention and disclosure of your idiosyncratic information.
For example, we usage machine safeguards specified arsenic firewalls and information encryption, we enforce carnal entree controls to our buildings and files, and we authorize entree to idiosyncratic accusation lone for those employees who necessitate it to fulfill their occupation responsibilities. Full recognition paper information is securely transferred and hosted off-site by outgo vendors similar Worldpay, (UK) Limited, Worldpay Limited, oregon Worldpay AP Limited (collectively 'Worldpay') successful compliance with Payment Card Industry Data Security Standards (PCI DSS)."

Crypto.com (last updated Sept. 30, 2021)

"- Organisational measures (including but not constricted to unit grooming and argumentation development);
- Technical measures (including but not constricted to carnal extortion of data, pseudonymization and encryption); and
- Securing ongoing availability, integrity, and accessibility (including but not constricted to ensuring due back-ups of idiosyncratic information are held)."

Deribit (undated)

"We volition follow due method and organisational measures to guarantee that each the accusation is correct, existent and implicit and to forestall it from being accessed by unauthorised persons wrong and extracurricular our organisation. We usage ‘best practices’ to unafraid your idiosyncratic data. For instance, your idiosyncratic information is encrypted with Secure Sockets Layered (SSL) exertion and our directories and databases are password protected."

eToro (last updated May 20, 2020)

"We support your idiosyncratic accusation by utilizing information information exertion and utilizing tools specified arsenic firewalls and information encryption. We besides necessitate that you usage a idiosyncratic username and password each clip you entree your relationship online. As acceptable retired successful the applicable eToro Entity’s presumption and conditions, presumption of concern and/or presumption of use, you indispensable not stock your password with anyone else. We restrict entree to idiosyncratic accusation astatine our offices truthful that lone officers and/or
employees with a morganatic concern intent tin entree it."

FTX (last updated Dec. 23, 2021)

"We instrumentality steps to guarantee that your accusation is treated securely and successful accordance with this Privacy Policy."

Gemini (last updated Dec. 8, 2021)

"Measures we instrumentality whitethorn see encryption of the Gemini website communications with SSL; required two-factor authentication for each sessions; periodic reappraisal of our Personal Information collection, storage, and processing practices; and restricted entree to your Personal Information connected a need-to-know ground for our employees, contractors and agents who are taxable to strict contractual confidentiality obligations and whitethorn beryllium disciplined oregon terminated if they neglect to conscionable these obligations."

Huobi (last updated April 27, 2021)

"(1) Physical measures: Records containing Your idiosyncratic information volition beryllium stored successful a decently locked place.
(2) Electronic measures: Computer information containing Your idiosyncratic accusation volition beryllium stored successful machine systems and retention media that are taxable to strict log-in restriction.
(3) Management measures: We person acceptable up an interior information defence section to support the users' information, established applicable interior power systems, and adopted the rule of strict authorization for our employees who whitethorn travel into interaction with Your information; therefore, lone decently authorized employees are permitted to travel into interaction with Your idiosyncratic accusation and specified employees indispensable comply with our interior confidentiality rules for idiosyncratic data. Furthermore, we supply sustained grooming to our unit connected applicable laws and regulations, privateness and information guidelines, heighten publicity and acquisition connected information awareness, and signifier our applicable interior unit to transportation retired exigency effect grooming and exigency drills connected a regular basis, truthful arsenic to alteration them to afloat recognize their occupation duties and exigency effect strategies and procedures.
(4) Technical Measures: encryption exertion specified arsenic Secure Socket Layer Encryption whitethorn beryllium adopted to transportation Your idiosyncratic data.
(5) Security Measures: In bid to guarantee Your accusation security, we are committed to utilizing assorted presently disposable wide information technologies and supporting absorption systems to minimize the risks that Your accusation whitethorn beryllium disclosed, damaged, misused, accessed without authorization, disclosed without authorization oregon altered. For example, the Secure Socket Layer (SSL) bundle is utilized for encrypted transmission, encrypted accusation retention and strict regularisation of information halfway access. When transmitting and storing delicate idiosyncratic accusation (including idiosyncratic biometric information), we volition follow information measures specified arsenic encryption, authorization control, removal of recognition marks, and de-sensitization, inter alia.
(6) Other measures: We regularly reappraisal our idiosyncratic information collection, retention and processing procedures; furthermore, we bounds the entree of our employees and suppliers to Your information successful accordance with the rule of “as necessary”, and our employees and suppliers indispensable abide by strict contractual confidentiality obligations."

Kraken (last updated Nov. 23, 2021)

"We regularly bid and rise consciousness for each our employees to the value of maintaining, safeguarding and respecting your idiosyncratic accusation and privacy. We respect breaches of individuals’ privateness precise earnestly and volition enforce due disciplinary measures, including dismissal from employment. We person besides appointed a Group Data Protection Officer, to guarantee that our Company manages and processes your idiosyncratic accusation successful compliance with the applicable privateness and information extortion laws and regulations, and successful accordance with this Privacy Notice...
Securely stored successful a harmless location, and lone authorised unit person entree to it via a username and password. All idiosyncratic accusation is transferred to the Company implicit a unafraid connection, and frankincense each tenable measures are taken to forestall unauthorised parties from viewing immoderate specified information."
"The Company uses encryption to support your accusation and store decryption keys successful abstracted systems."

LocalBitcoins (last updated June 10, 2020)

Not specified

Nexo (undated)

"Your idiosyncratic accusation is contained down secured networks and is lone accessible by a constricted fig of persons who person peculiar entree rights to specified systems, and are required to support the accusation confidential. In addition, each sensitive/credit accusation you proviso is encrypted via Secure Socket Layer (SSL) technology."

Okcoin (last updated Dec. 18, 2020)

"We instrumentality assorted measures to guarantee accusation security, including encryption of the Okcoin communications with SSL; required two-factor authentication for each sessions; periodic reappraisal of our Personal Data collection, storage, and processing practices; and restricted entree to your Personal Data connected a need-to-know ground for our employees and vendors who are taxable to strict contractual confidentiality obligations."

OKEx (last updated Dec. 3, 2020)

"We instrumentality assorted measures to guarantee accusation security, including encryption of the OKEx communications with SSL; required two-factor authentication for each sessions; periodic reappraisal of our Personal Data collection, storage, and processing practices; and restricted entree to your Personal Data connected a need-to-know bases for our employees and vendors who are taxable to strict contractual confidentiality obligations."

Paxful (undated)

"Paxful has implemented safeguards designed to support your Personal Data, including measures designed to forestall Personal Data against loss, misuse, and unauthorized entree and disclosure."

Poloniex (last updated May 4, 2020)

"We usage industry-standard information encryption exertion and person implemented restrictions related to the retention of and the quality to entree your Personal Data. Our servers and concern operations are wholly located successful the United States."

SALT (last updated Jan. 6, 2021)

"All accusation you supply to america is stored connected our unafraid servers down firewalls. Any outgo transactions volition beryllium encrypted."

Bakkt (last updated Oct. 28, 2020)

No

Binance (last updated Jan. 12, 2022)

No

Bitfinex (last updated May 27, 2021)

"Where we are legally required to bash so"

BitMEX (last updated Aug. 28, 2020)

No

Bitstamp (last updated Nov. 5, 2020)

No

Bittrex (last updated Dec. 31, 2019)

"Where we are legally required to bash so."

Blockchain.com (last updated Dec. 16, 2021)

No

BlockFi (last updated June 15, 2021)

No

Celsius (last updated October, 2021)

No

Coinbase (last updated Oct. 8, 2021)

No

Crypto.com (last updated Sept. 30, 2021)

"Where we are legally required to bash so"

Deribit (undated)

No

eToro (last updated May 20, 2020)

No

FTX (last updated Dec. 23, 2021)

"We whitethorn effort to notify you electronically by posting a announcement connected the Services, by message oregon by sending an email to you."

Gemini (last updated Dec. 8, 2021)

No

Huobi (last updated April 27, 2021)

No

Kraken (last updated Nov. 23, 2021)

No

LocalBitcoins (last updated June 10, 2020)

No

Nexo (undated)

No

Okcoin (last updated Dec. 18, 2020)

No

OKEx (last updated Dec. 3, 2020)

No

Paxful (undated)

No

Poloniex (last updated May 4, 2020)

No

SALT (last updated Jan. 6, 2021)

No