CEX.IO Bitcoin Exchange

Open the CEX.IO app

Get the App

Privacy Policy


Last update: October 24th, 2023

This Privacy Policy outlines how CEX.IO Corp. and its affiliates (collectively, “CEX.IO,” “we,” “us,” or “our”) collect, process and use the information we collect about you through our website, email newsletters, mobile app and other services (collectively, “Services”). Protecting and securing information and the systems that process and maintain CEX.IO’s data is a critical part of our operations. This Privacy Policy, in conjunction with our Terms of Use, governs the use of the information we collect.

You acknowledge and understand that by visiting or accessing our website or using CEX.IO services, you agree to this Privacy Policy. You also agree that our privacy policy and privacy notices are subject to the terms and conditions set forth in the Terms of Use. CEX.IO reserves the right to change, amend or revise this Privacy Policy at any point, under our sole discretion. When we update this Privacy Policy, we will update the “Last Updated” date above and post the policy. If you do not agree with the terms of this Policy, do not access or use our Services, or access our website.

If you are a California resident, you can learn more about how we use your information and your privacy rights by reviewing our California Privacy Notice.

1. Information We Collect and How We Collect It

For purposes of this policy, “Personal Information” refers to any data or information that can be used to identify an individual, either alone or in combination with other data. We require your Personal Information only for the purposes of providing the services requested from CEX.IO, and to satisfy the legal requirements from our regulatory obligations as a licensed financial institution. If you refuse to share your Personal Information, we will not be able to provide our services to you. The types of personal information we collect, and share depend upon the product or service you are using with us. This information can include:

Information You Provide

  • Account Information: The information we collect varies depending on several factors, including whether you are an individual or representing a corporate entity, as well as other relevant circumstances and considerations. When you create an account, we may collect information associated with your account such as your username, name, corporate legal name (including d/b/a name), date of birth, contact information, address(es), phone number, biometric identifiers (facial recognition and facial geometry data derived from photographs or videos you submit to us during the onboarding process), photographs, audio recordings, and government-issued identification documents (e.g. drivers license, passport, social security number, employer identification number, and taxpayer identification number), information to corroborate the stated source of your funds and employment details (collectively, “Account Information”) proof of legal existence and beneficial ownership (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, operating agreement, share registry, capitalization table, schedule K-1, and/or other comparable legal documents as applicable) information concerning all authorized account customers and beneficial owners (including but not limited to, full names, proof of identity, and contact information). Account information includes, any additional personal information at the discretion of our Compliance Department.
  • Financial Information: Certain services require financial information such as your credit/debit card information, digital asset wallet addresses, information about your income/source of funds, tax information.
  • Social Media Information: We have profiles and pages on social media websites (referred to as “Social Media Pages”) like Twitter, LinkedIn, Facebook, Telegram, Instagram, YouTube, Reddit, Pinterest, and TikTok. When you interact with us on Social Media Pages, we will collect personal information that you choose to provide us, such as your contact details. Additionally, any information shared on these platforms is subject to the respective social media platform's privacy policy and terms of service. We do not have control over the information collected by these platforms and are not responsible for their actions. We reserve the right to moderate or remove any content that violates these guidelines or our company policies.
  • Communication information: When you contact us, we collect information concerning the contents of your communications, whether by email, chat, social media, telephone or otherwise. These communications may include data in files which are uploaded or emailed or otherwise provided by you.
  • Other Information You Voluntarily Choose to Provide: We may collect information, including personal information, that you voluntarily provide to us when you:
    • Participate in surveys, sweepstakes, promotions, and contests;
    • Register for, attend, or participate in conferences, webinars or other events;
    • Apply for a job with CEX.IO.

Information We Collect Automatically

  • Location Data: We collect your IP address automatically when you use our Services, from which we or third parties operating on our behalf may be able to determine your approximate location (e.g. country and city). Such information is collected for the limited purposes of: system administration, to report aggregate information for our internal statistics, to ensure that you are in a jurisdiction which we are authorized to operate, and to ensure that your account has not been compromised by detecting irregular or suspicious logins or transactions.
  • Device Information: We collect your device information, such as browser type and operating system, to analyze trends, administer the website and gather demographic information.
  • Referral URLs and Clickstream Data: We may collect information about the pages you visit on our website, and other actions you take while navigating through our website.
  • Tracking Technologies and Cookies: Our websites automatically gather certain information and store it in log files. This information may include your IP address, browser type, referring/exit pages, operating system, date/time stamp and clickstream data. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our site. The technologies we use may include web beacons and cookies.
    • Cookies are small text files that are placed on your device (e.g. computer, phone, tablet) when you visit our website. These files enable us to collect certain information about your browsing behavior and preferences. Information collected from cookies, including clear gifs, is used by us to evaluate the effectiveness of our Sites, analyze trends, and administer the Platform. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties.
    • Web beacons, are also known as pixel tags, and are pieces of code embedded in our Services that collect information about engagement on our website or emails.
  • Analytics: We utilize analytics tools and third-party services that may collect, monitor, and analyze usage information to understand your preferences, optimize our websites, and provide personalized experiences. These tools may use cookies and web beacons, or other tracking technologies to collect data. Third party service provider(s), to assist us in better understanding the use of our Sites. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Sites, what products are browsed, and general transaction information. Our service provider(s) analyzes this information and provides us with aggregate reports and/or detailed data logs. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Sites and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our Sites other than to assist us.
    • We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the website and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online resources.

Publicly Available information

  • Information from Third Party Sources: We may collect information that is publicly available or obtained from other sources. This includes information that you have knowingly made available to the public such as information posted on public directories, other publicly accessible websites.The collection of publicly available information is done in accordance with applicable laws and regulations.
  • Public Blockchains: Transactions in digital assets are not necessarily anonymous. All public blockchains allow anyone to see the balance and transaction history of any public digital asset address. It may be possible to match your public digital asset wallet address to other Personal Information about you, and therefore may be able to identify you from a blockchain transaction. This is a result of Personal Information published on a blockchain (such as your digital asset wallet address and IP address) which may be correlated with Personal Information that CEX.IO and others may have. Additionally, when using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud, identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you.

2. Children

Minors are not permitted to use CEX.IO. If you are under the age of 18, please do not provide any personal information through the Sites or Services. If you are a parent or guardian and believe that CEX.IO has information of a child under the age of 18 please contact us immediately at dpo@cex.io, so we remove any such information from our database.

3. How We Use Your Information

We generally use the information we collect online to:

  • To provide and maintain our services, including to allow you to open and operate an account and monitor the usage of services;
  • To manage your account: To manage your registration as a Сustomer of the service(s). The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered customer, i.e., to enable you to complete transactions on the Platform;

For the performance of a contract: The development, compliance and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us;

Contact You: We may contact you by email, telephone, SMS, or other equivalent forms of electronic communication, such as push notifications from our mobile app. We may use these methods to provide you with updates, informative communications related to the functionalities of our products or contracted services, including security updates when necessary or reasonable for their implementation, and to reply to your queries;

  • Marketing: To provide you with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
  • Requests: To attend to, and manage your requests of us;
  • Security: To ensure security of your account (for instance, if you make a request to disable 2-factor authentication on your account we can ask you to provide additional Personal Information to confirm your identity);
  • Legal Obligations: To comply with legal obligation purposes such as tax reporting, fraud prevention, our reporting obligations etc.;
  • Joint Marketing: To provide you with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if you have specifically agreed to receive such information;
  • Market Research: For market research e.g., surveying your needs and opinions on issues, such as performance. Unless consented, your data for this purpose would be anonymised;
  • Business Transfers: We may use your Personal information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about you is among the assets transferred; and
  • Other Purposes: We may use your Personal Information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service(s), products, services, marketing, and your experience.

Your Privacy Rights

  • You have the right to access the Personal Information we collect about you, the right to correct any inaccuracies in your Personal Information, and, in certain circumstances, the right to limit its sharing. Please note that your privacy rights may vary depending on the specific regulations of your state. Please feel free to reach out to our Help Centre or at dpo@cex.io if you have any questions regarding your privacy rights, or want to exercise them.

4. Disclosure of Information

  • Affiliates and Subsidiaries: We disclose your information with our affiliates and subsidiaries, including information regarding your experience using our services.
  • Third Party Service Providers: We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats throughout the normal course of our business. Any third party which receives or has access to your Personal Information is required to protect such Personal Information and only to use it for the limited purposes necessary to carry out the services they are explicitly contracted to provide. Such third parties, aside from law enforcement or regulatory authorities, are contractually bound by the same security and confidentiality policies and responsibilities as CEX.IO. We do not sell customer Personal Information to third-parties for the purposes of marketing. We ensure that all third-parties are bound by obligations under the Privacy Policy. CEX.IO represents that we will only enter into contracts with future third parties that are bound by terms no less protective than the obligations of this Privacy Policy and are consistent with all applicable data protection laws.
  • Advertising and Third-Party Data Sharing: We may collaborate with third-party advertising partners (e.g., ad networks and advertising service providers) to deliver tailored advertisements and promotional content to you when you visit our website and use our Services. These advertising partners may utilize cookies, pixel tags, and similar technologies to collect information about your activities for the purpose of providing personalized advertisements. Additionally, we may share hashed data, including personal data such as email addresses and phone numbers, with third-party entities for data analytics, profiling, and user acquisition purposes. This shared information helps us monitor the effectiveness of our advertising campaigns and display relevant ads for products and services that align with your interests, based on your visits to our website and other websites. It's important to note that these third-party entities maintain their own privacy policies, which may differ from ours. We encourage you to review their respective privacy policies to understand how they handle your information. Rest assured that we ensure these third parties adhere to data privacy standards that are no less stringent than our own. For marketing and analytics purposes, we may share your Personal Information, including hashed data, along with other general or non-personally identifiable data, with the following entities: Appsflyer, AdRoll (including NextRoll), Customer.i, Gleam.io, Google and its affiliates (including Firebase), Hotjar, Hubspot, Intercom, META and its affiliates, Mixpanel, Pinterest, Prefinery, Quora, Reddit, RudderStack, Snapchat, Twitter, Typeform, Wheel of Popups, and Zapier.
  • When Required by Law: As a licensed financial institution and Money Services Business in the United States, CEX.IO must comply with Section 326 of the USA PATRIOT ACT; which requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. We may disclose your Personal information when required by applicable laws, regulations, legal processes, or government authorities. This may include, but is not limited to, complying with court orders, subpoenas, or other legal obligations. We may also disclose your information to protect our legal rights, respond to legal claims, or defend against legal disputes. In some situations where we believe it is necessary to prevent imminent harm, financial loss, or to report suspected illegal activities, we reserve the right to disclose your Personal Information to relevant law enforcement authorities or other government agencies. Please be aware that, while we take measures to protect your privacy, we may be legally obligated to disclose your information without providing prior notice.
  • Change in Ownership: We may share your Personal Information with financial institutions, insurance companies or other companies in an anonymized format to an interested buyer or seller of the business or business assets. In the case of a merger, divestiture, corporate reorganization, or asset sale of the business, we will notify you prior to the non-anonymized transfer of your Personal Information. We encourage you to exercise all of your rights regarding the sharing of your Personal Information.

5. Your Choices

When it comes to your privacy, we are able to offer you certain choices concerning the personal information we collect from you.

  • Email Marketing: In order to no longer receive email marketing messages from us, please click “unsubscribe” at the very bottom of the email message. Alternatively, you can contact us at dpo@cex.io and request that we remove you from receiving email marketing messages.
  • Push Messaging Marketing: In order to block push notification marketing messages in iOS Settings, go to Settings > Notifications > Select the desired CEX.IO app > Toggle the “allow notifications” to turn off the notifications. For android, go to Apps > Choose an app > Notifications > Turn off all notifications or select specific types to turn off.
  • SMS Messaging: At this time, CEX.IO does not send marketing messages over SMS Messaging.
  • Do Not Track: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our website does not respond to browser DNT signals.
  • Social Media: We may use social media advertising to promote our services and reach a wider audience. Such advertising may involve the use of cookies or similar technologies to collect data about your browsing behavior. If you do not wish to receive targeted advertising from us, you can adjust your social media platform's settings or opt-out of targeted advertising by following the instructions provided by the respective social media platform.
  • Analytics
    • You can opt-out of having made your activity on the website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (gtm.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
    • If you wish to opt out of various third-party ad networks, including those operated by the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA), you can find more details on interest-based advertising and how to opt out on their respective websites: www.aboutads.info/choices (DAA) and https://optout.networkadvertising.org/?c=1 (NAI). By opting out of one or more NAI or DAA member networks (many of which overlap), you will no longer receive targeted content or ads from those members. However, this does not mean that you will stop receiving all ads on our Sites or other websites. You may still receive advertisements based on the particular website you are currently visiting. Additionally, please note that if your browser settings reject cookies, if you delete your cookies, or if you switch to a different computer or web browser, your NAI or DAA opt-out may no longer remain effective.

6. Security

CEX.IO maintains physical, electronic and procedural security measures to guard against unauthorized access to systems and uses safeguards such as firewalls and data encryption.

No security measure is perfect. However, we have implemented technical and organizational security measures to ensure the confidentiality, integrity and accountability of your Personal Information. Through a constant process of reevaluation and testing we pride ourselves on our abilities to protect your Personal Information from loss, misuse, manipulation or destruction. Examples of measures we take to protect your Personal Information include:

  • Pseudonymization and TLS 1.3 encryption of personal data
  • Access control
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Only authorized personnel, who are subject to strict confidentiality agreements, have access to your Personal Information.

Technical and organizational security measures will be reviewed on a rolling basis to consider all legal and technical developments. Additionally, we perform ongoing due diligence on third-party vendors which may have access to your Personal Information.

In the event of a data breach or the failure of our security measures, we will notify you immediately. CEX.IO may retain a data protection and breach notification security advisory firm which monitors all applicable reporting requirements for the United States and other jurisdictions which we operate.

7. Retention of Personal Information

CEX.IO will retain your Personal Information for as long as is necessary to complete the purposes for which it was collected, or as may be required by law. However, please note that some data may be retained for a longer period if required or permitted by law, to resolve disputes, enforce our agreements, or for other legitimate business purposes. If you have any questions or concerns regarding our tension practices, please contact us using the information provided in the “Contact Us” section below.

8. External Links

This Privacy Policy applies only to our website. There may be links on our website that will direct you to websites hosted by third-parties. Accessing those third-party websites will require you to leave our website. We do not control third-party websites or any of the content contained therein. You acknowledge that by leaving our website, CEX.IO is not responsible or liable for any of those third-party websites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those websites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, for each website that you visit.

9. Contact Us

Please let us know how we can improve, or if you have any questions, comments, or concerns regarding our privacy policies and practices, feel free to send us an email at support@cex.io, or contact us through live chat available on our website.

Additional resources may be found through our Help Centre. At the Help Centre, you can search for a particular question and read our collection of Frequently Asked Questions (“FAQ”).

CEX.IO Corp.’s registered office is 900 E. Diehl Road, Suite 110, Naperville, Illinois 60563.