Privacy Policy


Last update: 7th of November, 2024

This Privacy Policy outlines how CEX.IO Corp. and its affiliates (collectively, “CEX.IO,” “we,” “us,” or “our”) collect, process and use the information we collect about you through our website, email newsletters, mobile app and other services (collectively, “Services”). Protecting and securing information and the systems that process and maintain CEX.IO’s data is a critical part of our operations. This Privacy Policy, in conjunction with our Terms of Use, governs the use of the information we collect.

You acknowledge and understand that by visiting or accessing our website or using  CEX.IO services, you agree to this Privacy Policy. You also agree that our privacy policy and privacy notices are subject to the terms and conditions set forth in the Terms of Use. CEX.IO reserves the right to change, amend or revise this Privacy Policy at any point, under our sole discretion. When we update this Privacy Policy, we will update the “Last Updated” date above and post the policy. If you do not agree with the terms of this Policy, do not access or use our Services, or access our website.

If you are a California resident, you can learn more about how we use your information and your privacy rights by reviewing our California Privacy Notice.
 

Table of Contents

1. Information We Collect and How We Collect It

        Information You Provide 

        Information We Collect Automatically 

        Publicly Available Information 

        Face Data Collection, Usage, and Storage
2. Children
3. How We Use Your Information
4. Disclosure of Information
5. Your Choices
6. Security
7. Retention of Personal Information
8. AI Products in Communication Channels
9. External Links
10. Contact Us

1. Information We Collect and How We Collect It  

For purposes of this policy, “Personal Information” refers to any data or information that can be used to identify an individual, either alone or in combination with other data. We require your Personal Information only for the purposes of providing the services requested from CEX.IO, and to satisfy the legal requirements from our regulatory obligations as a licensed financial institution. If you refuse to share your Personal Information, we will not be able to provide our services to you. The types of personal information we collect, and share depend upon the product or service you are using with us. This information can include:

Information You Provide

  • Account Information: The information we collect varies depending on several factors, including whether you are an individual or representing a corporate entity, as well as other relevant circumstances and considerations. When you create an account, we may collect information associated with your account such as your username, name, corporate legal name (including d/b/a name), date of birth, contact information, address(es), phone number, biometric identifiers (facial recognition and facial geometry data derived from photographs or videos you submit to us during the onboarding process), photographs, audio recordings, and government-issued identification documents (e.g. drivers license, passport, social security number, employer identification number, and taxpayer identification number), information to corroborate the stated source of your funds and employment details (collectively, “Account Information”) proof of legal existence and beneficial ownership (e.g. state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, operating agreement, share registry, capitalization table, schedule K-1, and/or other comparable legal documents as applicable) information concerning all authorized account customers and beneficial owners (including but not limited to, full names, proof of identity, and contact information). Account information includes any additional personal information at the discretion of our Compliance Department.
  • Financial Information: Certain services require financial information such as your credit/debit card information, digital asset wallet addresses, information about your income/source of funds, tax information.   
  • Social Media Information: We have profiles and pages on social media websites (referred to as “Social Media Pages”) like X, LinkedIn, Facebook, Telegram, Instagram, YouTube, Reddit, Pinterest, and TikTok. When you interact with us on Social Media Pages, we will collect personal information that you choose to provide us, such as your contact details. Additionally, any information shared on these platforms is subject to the respective social media platform's privacy policy and terms of service. We do not have control over the information collected by these platforms and are not responsible for their actions. We reserve the right to moderate or remove any content that violates these guidelines or our company policies.
  • Communication information: When you contact us, we collect information concerning the contents of your communications, whether by email, chat, social media, telephone or otherwise. These communications may include data in files which are uploaded or emailed or otherwise provided by you. Please note that the obligation to record and retain conversations with customers arises from legal and regulatory requirements, as well as our legal interest in defending against potential claims.  
  • Other Information You Voluntarily Choose to Provide: We may collect information, including personal information, that you voluntarily provide to us when you:
    • Participate in surveys, sweepstakes, promotions, and contests;
    • Register for, attend, or participate in conferences, webinars or other events;
    • Apply for a job with CEX.IO

Other Personal Information that we should process in accordance with our legal obligations and legal interest.

Information We Collect Automatically

  • Location Data: We collect your IP address automatically when you use our Services, from which we or third parties operating on our behalf may be able to determine your approximate location (e.g. country and city). Such information is collected for the limited purposes of: system administration, to report aggregate information for our internal statistics, to ensure that you are in a jurisdiction which we are authorized to operate, and to ensure that your account has not been compromised by detecting irregular or suspicious logins or transactions.
  • Device Information: We collect your device information, such as browser type and operating system, to analyze trends, administer the website and gather demographic information.  
  • Referral URLs and Clickstream Data: We may collect information about the pages you visit on our website, and other actions you take while navigating through our website. 
  • Tracking Technologies and Cookies: Our websites automatically gather certain information and store it in log files. This information may include your IP address, browser type, referring/exit pages, operating system, date/time stamp and clickstream data. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our site. The technologies we use may include web beacons and cookies.
    • Cookies are small text files that are placed on your device (e.g. computer, phone, tablet) when you visit our website. These files enable us to collect certain information about your browsing behavior and preferences.  Information collected from cookies, including clear gifs, is used by us to evaluate the effectiveness of our Sites, analyze trends, and administer the Platform. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties. 
    • Web beacons, are also known as pixel tags, and are pieces of code embedded in our Services that collect information about engagement on our website or emails.   
  • Analytics: We utilize analytics tools and third-party services that may collect, monitor, and analyze usage information to understand your preferences, optimize our websites, and provide personalized experiences. These tools may use cookies and web beacons, or other tracking technologies to collect data. Third party service provider(s), to assist us in better understanding the use of our Sites. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Sites, what products are browsed, and general transaction information. Our service provider(s) analyzes this information and provides us with aggregate reports and/or detailed data logs. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Sites and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our Sites other than to assist us.
    • We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the website and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online resources.

Publicly Available information

  • Information from Third Party Sources: We may collect information that is publicly  available or obtained from other sources. This includes information that you have knowingly made available to the public such as information posted on public directories, other publicly accessible websites. The collection of publicly available information is done in accordance with applicable laws and regulations.   
  • Public Blockchains: Transactions in digital assets are not necessarily anonymous. All public blockchains allow anyone to see the balance and transaction history of any public digital asset address. It may be possible to match your public digital asset wallet address to other Personal Information about you, and therefore may be able to identify you from a blockchain transaction. This is a result of Personal Information published on a blockchain (such as your digital asset wallet address and IP address) which may be correlated with Personal Information that CEX.IO and others may have. Additionally, when using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud, identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you.

Face Data Collection, Usage, and Storage

  • Purpose of Collecting Face Data

At CEX.IO, we use face data as part of our liveness check during the user verification process. This is essential for:

  • Identity Verification: Ensuring that the person verifying their identity is physically present and not using a photo or video, which helps prevent identity fraud.
  • Security: Adding an extra layer of security to ensure the authenticity of the user during the verification process.
  • Fraud Prevention: Detecting and preventing potential attempts to bypass security measures, ensuring that the verification process remains secure and trustworthy. Verifying that the individual accessing our services is indeed who they claim to be.
  • Regulatory Compliance: Meeting legal and regulatory requirements that mandate secure identity verification methods for Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.

By utilizing face data in the liveness check, we ensure a more secure and reliable verification process for all users.

  • Storage and Retention of Face Data

Face data is stored securely in compliance with regulatory requirements that CEX.IO must adhere to. We implement robust security measures to protect this data. We retain face data for a period of five to eight years, depending on local regulatory body requirements. This retention period starts from the date of the user’s last transaction or the end of the tax period in which the last transaction occurred. This duration is necessary to comply with legal and regulatory obligations and to ensure we can respond to any legal or compliance inquiries that may arise during this period.

We are committed to ensuring that face data is handled securely and stored only for as long as necessary and required by legal and regulatory requirements to fulfill the purposes for which it was collected. Our approach to the storage and retention of face data is governed by the following principles:

  1. Limited Retention Period:
    Face data is stored only for the duration needed to complete the verification process or meet the legal requirements related to identity verification. Once the verification is complete, we retain the data for a specific period in accordance with regulatory obligations and internal policies.
  2. Purpose-Specific Retention:
    We store face data for the following purposes:
    • Identity Verification: Retained for a limited period to allow for audits or disputes related to the verification process.
    • Fraud Prevention and Security: Retained to detect and prevent potential fraud during and after the verification process.
  3. Data Deletion Policy:
    Once face data is no longer necessary for the purposes it was collected for, or after the retention period has passed, it is securely deleted. We do not retain face data indefinitely.
  4. Compliance with Legal Requirements:
    Our retention policy complies with applicable data protection regulations. Face data is retained only for as long as necessary to fulfill the purposes for which it was collected, in accordance with legal, regulatory, and contractual obligations. 
  5. User Rights:
    Users have the right to request the deletion of their face data at any time, in accordance with applicable privacy laws. We ensure a transparent and easy process for users to exercise this right.

By adhering to these principles, we aim to balance the need for effective user verification and security with the rights and privacy of our users.

  • Sharing of Face Data with Third Parties

We prioritize the security and privacy of face data and only share it with third parties when absolutely necessary. Our approach to sharing face data is guided by the following principles:

  1. Limited Sharing:
    We share face data with third parties only when it is essential to provide our services or comply with legal obligations. The main purposes for sharing face data include:
    • Identity Verification Providers: We may share face data with trusted service providers who assist us in conducting secure user verification and liveness checks.
    • Cloud Storage Providers: Face data may be stored securely by third-party cloud service providers who are bound by strict data protection agreements.
    • Security and Fraud Prevention Partners: We may share data with specialized security vendors to help detect and prevent fraud during the verification process.
    • Banks and Payment Providers: We may share face data with banks and payment providers upon request for investigation related to specific transactions.
    • Regulatory Authorities: If required by law or to comply with legal obligations, we may share face data with government or regulatory bodies to meet legal requirements or respond to law enforcement requests.
  2. Robust Data Protection Agreements:
    All third parties we share face data with are required to comply with strict contractual agreements that meet or exceed applicable data protection laws. These agreements ensure that third parties use the data solely for the purposes we have defined and apply stringent security measures to protect the data.
  3. No Unauthorized Use:
    We do not permit third parties to use face data for any purpose other than what is explicitly stated in our agreements. Third parties are prohibited from using the data for advertising, analytics, or any other purposes outside of those required for verification or security.
  4. Data Retention by Third Parties:
    Some third parties, such as identity verification providers, may retain face data for a limited period to comply with legal or contractual obligations. We ensure that any third-party data retention policies are consistent with our own practices, and they are required to delete or anonymize face data once it is no longer needed.
  5. Transparency and User Rights:
    We provide transparency to our users about which third parties may have access to their face data and the reasons for such sharing. Users also have the right to request information about third-party sharing and to request deletion of their face data.

By adhering to these principles, we ensure that face data is shared responsibly and securely, maintaining the privacy and trust of our users. 

  • Third-Party Data Storage and Practices

When we share face data with third parties, we ensure that their data storage practices align with the highest standards of privacy and security. Below is an outline of how third-party data storage is handled, along with our measures to protect user privacy:

  1. Data Storage by Third Parties:
    Some third parties, such as identity verification providers and cloud storage services, may store face data temporarily to assist us in completing the user verification process. The specific practices include:
    • Secure Cloud Storage: Third-party providers may store face data on secure servers that use encryption and advanced security measures to protect data from unauthorized access.
    • Temporary Retention: In most cases, third parties only store face data for the duration necessary to complete verification, after which the data is either securely deleted or anonymized.
  2. Privacy Practices of Third Parties:
    We carefully vet all third-party providers to ensure their privacy practices are compliant with applicable data protection regulations. Their privacy practices must include:
    • Limited Data Usage: Third parties are prohibited from using face data for any purpose other than those specified by us, such as verification and fraud prevention.
    • Security Measures: They are required to implement strong security protocols, such as encryption and secure access controls, to safeguard face data.
    • Compliance with Regulations: Third parties must adhere to relevant data protection regulations, and we regularly review their compliance.
  3. Data Retention Policies:
    If third parties retain face data, they are bound by specific retention policies that comply with the following guidelines:
    • Purpose-Limited Retention: Face data is only retained for the period necessary to fulfill the specific purpose (e.g., user verification or fraud detection).
    • Deletion or Anonymization: Once the data is no longer needed, third parties must either securely delete it or anonymize it to ensure it cannot be linked to individual users.
  4. Reasons for Third-Party Data Storage:
    Third parties may store face data for the following reasons:
    • Verification Records: To maintain an audit trail of user verification for compliance with legal or contractual requirements.
    • Fraud Prevention: To identify and prevent repeated or attempted fraud during the verification process.

By enforcing strict data storage and privacy practices with our third-party partners, we ensure that face data is handled securely and in compliance with all relevant privacy laws.

  • User Rights

Users can access, correct, or request the deletion of their face data by contacting our Support Team. However, please note that we may need to retain personal information if required by data protection laws for specific purposes, such as regulatory compliance or defending legal claims. In such cases, we will inform you and provide an explanation if this applies.

  • Additional Information

This section specifically addresses face data and complements the other provisions of our privacy policy. For any questions or additional details not covered here, please refer to the full privacy policy for comprehensive information.

2. Children

Minors are not permitted to use CEX.IO. If you are under the age of 18, please do not provide any personal information through the Sites or Services. If you are a parent or guardian and believe that CEX.IO has information of a child under the age of 18 please contact us immediately at dpo@cex.io, so we remove any such information from our database.

3. How We Use Your Information

Please see below for the purposes for which we process your Personal Information:

  • To provide and maintain our services, including to allow you to open and operate an account and monitor the usage of services;
  • To manage your account: To manage your registration as a Сustomer of the service(s). The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered customer, i.e., to enable you to complete transactions on the Platform;
  • For the performance of a contract: The development, compliance and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us;
  • Contact You: We may contact you by email, telephone, SMS, or other equivalent forms of electronic communication, such as push notifications from our mobile app. We may use these methods to provide you with updates, informative communications related to the functionalities of our products or contracted services, including security updates when necessary or reasonable for their implementation, and to reply to your queries; 
  • Marketing: To provide you with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
  • Requests: To attend to, and manage your requests of us;
  • Security: To ensure security of your account (for instance, if you make a request to disable 2-factor authentication on your account we can ask you to provide additional Personal Information to confirm your identity);
  • Legal Obligations: To comply with legal obligation purposes such as tax reporting, fraud prevention, our reporting obligations etc.;
  • Joint Marketing: To provide you with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if you have specifically agreed to receive such information;
  • Market Research: For market research e.g., surveying your needs and opinions on issues, such as performance. Unless consented, your data for this purpose would be anonymised;
  • Business Transfers: We may use your Personal information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about you is among the assets transferred; and
  • Other Purposes: We may use your Personal Information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service(s), products, services, marketing, and your experience.

Your Privacy Rights

  • You have the right to access the Personal Information we collect about you, the right to correct any inaccuracies in your Personal Information, and, in certain circumstances, the right to limit its sharing. Please note that your privacy rights may vary depending on the specific regulations of your state. Please feel free to reach out to our Help Centre or at dpo@cex.io if you have any questions regarding your privacy rights, or want to exercise them.  

4. Disclosure of Information

  • Affiliates and Subsidiaries: We disclose your information with our affiliates and subsidiaries, including information regarding your experience using our services.
  • Third Party Service Providers: We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats throughout the normal course of our business. Any third party which receives or has access to your Personal Information is required to protect such Personal Information and only to use it for the limited purposes necessary to carry out the services they are explicitly contracted to provide. Such third parties, aside from law enforcement or regulatory authorities, are contractually bound by the same security and confidentiality policies and responsibilities as CEX.IO. We do not sell customer Personal Information to third-parties for the purposes of marketing. We ensure that all third-parties are bound by obligations under the Privacy Policy. CEX.IO represents that we will only enter into contracts with future third parties that are bound by terms no less protective than the obligations of this Privacy Policy and are consistent with all applicable data protection laws. 
  • Advertising and Third-Party Data Sharing: We may collaborate with third-party advertising partners (e.g., ad networks and advertising service providers) to deliver tailored advertisements and promotional content to you when you visit our website and use our Services. These advertising partners may utilize cookies, pixel tags, and similar technologies to collect information about your activities for the purpose of providing personalized advertisements. Additionally, we may share hashed data, including personal data such as email addresses and phone numbers, with third-party entities for data analytics, profiling, and user acquisition purposes. This shared information helps us monitor the effectiveness of our advertising campaigns and display relevant ads for products and services that align with your interests, based on your visits to our website and other websites. It's important to note that these third-party entities maintain their own privacy policies, which may differ from ours. We encourage you to review their respective privacy policies to understand how they handle your information. Rest assured that we ensure these third parties adhere to data privacy standards that are no less stringent than our own. For marketing and analytics purposes, we may share your Personal Information, including hashed data, along with other general or non-personally identifiable data, with the following entities: Appsflyer, AdRoll (including NextRoll), Customer.io, Gleam.io, Google and its affiliates (including Firebase), Hotjar, Hubspot, Intercom, META and its affiliates, Mixpanel, Pinterest, Prefinery, Quora, Reddit, RudderStack, Snapchat, Trustpilot, X, Typeform, Wheel of Popups, Zapier, and Microsoft Advertising. 
  • When Required by Law: As a licensed non-bank financial institution and Money Services Business in the United States, CEX.IO must comply with Section 326 of the USA PATRIOT ACT; which requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all customers. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. We may disclose your Personal information when required by applicable laws, regulations, legal processes, or government authorities. This may include, but is not limited to, complying with court orders, subpoenas, or other legal obligations. We may also disclose your information to protect our legal rights, respond to legal claims, or defend against legal disputes. In some situations where we believe it is necessary to prevent imminent harm, financial loss, or to report suspected illegal activities, we reserve the right to disclose your Personal Information to relevant law enforcement authorities or other government agencies. Please be aware that, while we take measures to protect your privacy, we may be legally obligated to disclose your information without providing prior notice.   
  • Change in Ownership: We may share your Personal Information with financial institutions, insurance companies or other companies in an anonymized format to an interested buyer or seller of the business or business assets. In the case of a merger, divestiture, corporate reorganization, or asset sale of the business, we will notify you prior to the non-anonymized transfer of your Personal Information. We encourage you to exercise all of your rights regarding the sharing of your Personal Information.

5. Your Choices 

When it comes to your privacy, we are able to offer you certain choices concerning the personal information we collect from you. 

  • Email Marketing: In order to no longer receive email marketing messages from us, please click “unsubscribe” at the very bottom of the email message. Alternatively, you can contact us at dpo@cex.io and request that we remove you from receiving email marketing messages.
  • Push Messaging Marketing: In order to block push notification marketing messages in iOS Settings, go to Settings > Notifications  >  Select the desired CEX.IO app  > Toggle the “allow notifications” to turn off the notifications. For android, go to Apps > Choose an app > Notifications > Turn off all notifications or select specific types to turn off.
  • SMS Messaging: At this time, CEX.IO does not send marketing messages over SMS Messaging. 
  • Do Not Track: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our website does not respond to browser DNT signals.
  • Social Media: We may use social media advertising to promote our services and reach a wider audience. Such advertising may involve the use of cookies or similar technologies to collect data about your browsing behavior. If you do not wish to receive targeted advertising from us, you can adjust your social media platform's settings or opt-out of targeted advertising by following the instructions provided by the respective social media platform.
  • Analytics
    • You can opt-out of having made your activity on the website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (gtm.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
    • If you wish to opt out of various third-party ad networks, including those operated by the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA), you can find more details on interest-based advertising and how to opt out on their respective websites: www.aboutads.info/choices (DAA) and https://optout.networkadvertising.org/?c=1  (NAI). By opting out of one or more NAI or DAA member networks (many of which overlap), you will no longer receive targeted content or ads from those members. However, this does not mean that you will stop receiving all ads on our Sites or other websites. You may still receive advertisements based on the particular website you are currently visiting. Additionally, please note that if your browser settings reject cookies, if you delete your cookies, or if you switch to a different computer or web browser, your NAI or DAA opt-out may no longer remain effective.
  • Cookie Preferences

To facilitate easier customization of your cookie preferences and similar technologies, we have implemented a cookie window, the appearance, and settings of which may vary depending on your region.            

6. Security

CEX.IO maintains physical, electronic and procedural security measures to guard against unauthorized access to systems and uses safeguards such as firewalls and data encryption. 

No security measure is perfect. However, we have implemented technical and organizational security measures to ensure the confidentiality, integrity and accountability of your Personal Information. Through a constant process of reevaluation and testing we pride ourselves on our abilities to protect your Personal Information from loss, misuse, manipulation or destruction. Examples of measures we take to protect your Personal Information include:

  • Pseudonymization and TLS 1.3 encryption of personal data     
  • Access control     
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services     
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident     
  • Only authorized personnel, who are subject to strict confidentiality agreements, have access to your Personal Information.

Technical and organizational security measures will be reviewed on a rolling basis to consider all legal and technical developments. Additionally, we perform ongoing due diligence on third-party vendors which may have access to your Personal Information.

In the event of a data breach or the failure of our security measures, we will notify you in accordance with applicable laws, regulations, or guidelines. CEX.IO may retain a data protection and breach notification security advisory firm which monitors all applicable reporting requirements for the United States and other jurisdictions which we operate.

7. Retention of Personal Information

CEX.IO will retain your Personal Information for as long as is necessary to complete the purposes for which it was collected, or as may be required by law. However, please note that some data may be retained for a longer period if required or permitted by law, to resolve disputes, enforce our agreements, or for other legitimate business purposes. If you have any questions or concerns regarding our retention practices, please contact us using the information provided in the “Contact Us” section below.   

8. AI Products in Communication Channels

We continuously strive to ensure prompt resolution of questions and issues arising from our customers' use of our services. The primary method of communication with our Support Team is via chat available on our website. This tool is provided to us by our third-party provider, Intercom Inc., with whom we have appropriate agreements in place. These agreements include provisions ensuring that Intercom Inc., acting as a Data Processor, cannot provide a lower level of data protection than we do. Furthermore, to streamline the operation of our Support Team, particularly in responding to users' queries promptly, we have implemented the functionality of Intercom Inc.'s AI chatbot, Fin AI Agent, into the chat.

To address any potential concerns that may arise, we provide key information below regarding the measures we have implemented to minimize risks to the protection of individuals' personal data:

  • We conducted a thorough assessment of the risks to personal data protection and consulted with relevant stakeholders regarding the implementation of AI Products.
  • We have entered into appropriate agreements with Intercom Inc. guaranteeing data protection in using AI. These agreements include:
  • OpenAI being contractually restricted from using customer data to train its AI model, with zero data retention enabled by Intercom Inc.
  • No sensitive data shared within the chat will be stored or used for self-learning by OpenAI. Sensitive data will only be processed by Strac.io when converted into physical conversations with agents.
  • You will have the choice of receiving a quick response via the AI chatbot or proceeding directly to a conversation with our agent.

For additional information about the Fin AI Agent, please refer to the following resources: Fin AI Agent Explained and AI Products Features Legal FAQ.

*The term ‘artificial intelligence’ means a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations or decisions influencing real or virtual environments.

9.External Links

This Privacy Policy applies only to our website. There may be links on our website that will direct you to websites hosted by third-parties. Accessing those third-party websites will require you to leave our website. We do not control third-party websites or any of the content contained therein. You acknowledge that by leaving our website, CEX.IO is not responsible or liable for any of those third-party websites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those websites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, for each website that you visit.

10. Contact Us

Please let us know how we can improve, or if you have any questions, comments, or concerns regarding our privacy policies and practices, feel free to send us an email at  support@cex.io, or contact us through chat available on our website.

Additional resources may be found through our Help Centre. At the Help Centre, you can search for a particular question and read our collection of Frequently Asked Questions (“FAQ”).

CEX.IO Corp.’s registered office is 900 E. Diehl Road, Suite 110, Naperville, Illinois 60563.