Privacy Policy

Xynex ("Xynex", "we", "us") provides cryptocurrency payment infrastructure to businesses. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it.

We collect the following categories of personal data:

• Account data — name, email, password hash, business details, owner / beneficial-owner identity documents (KYB).
• Transaction data — payment amounts, fiat and crypto currencies, on-chain addresses, transaction hashes, network and provider IDs, fees, refunds, disputes, payouts.
• Customer data — limited information passed to us by merchants for the purpose of accepting a payment (customer email, order reference).
• Device and usage data — IP address, browser, device type, log timestamps, API request metadata, dashboard activity.
• Communications — emails, support tickets, chat messages with our team.

• To provide, operate, secure, and improve the Services.
• To verify merchants (KYB) and screen for sanctions / fraud / AML risk.
• To process payments, payouts, refunds, conversions and reconcile balances.
• To send transactional emails (receipts, payout notifications, security alerts, password resets).
• To respond to support requests, investigate incidents, and enforce our terms.
• To comply with applicable laws, court orders, and regulatory requests.

We rely on the following bases: performance of a contract with you; legal obligation (KYB, AML, tax); legitimate interests (security, fraud prevention, service improvement); and consent (where required, e.g. certain marketing).

We share personal data only with:

• Payment / custody providers that execute the on-chain side of your transactions.
• KYB / sanctions screening providers that verify merchant identities.
• Infrastructure providers (cloud hosting, email delivery, monitoring) under strict confidentiality.
• Law-enforcement and regulators where legally required.
• Successors in the event of a merger, acquisition, or asset sale.

We do not sell personal data. We do not allow third parties to use your data for their own marketing.

Personal data may be processed in jurisdictions outside your own. Where required, we use appropriate safeguards (standard contractual clauses, equivalent measures) to protect transfers.

We retain account, KYB and transaction data for as long as your account is active and for a further 5–7 years after closure to satisfy AML/CTF, tax, and audit obligations. Logs and security telemetry are retained for shorter periods (typically up to 12 months).

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion (subject to legal retention obligations above).
• Restrict or object to certain processing.
• Request portability of your data in a machine-readable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority.

Submit requests to privacy@xynex.app.

We protect data with encryption in transit (TLS), encryption at rest, scoped access controls, role-based permissions, secrets vaulting, audit logging, and routine penetration testing. No system is perfectly secure; please use a strong unique password and enable any available second-factor authentication.

We use a minimal set of strictly-necessary cookies for authentication and security, and aggregated analytics cookies to understand product usage. We do not use third-party advertising cookies.

The Services are not directed to anyone under 18. We do not knowingly collect personal data from minors.

We may update this Policy. Material changes will be communicated by email or in-dashboard banner. The "Last updated" date at the top will always reflect the most recent version.

Data Protection contact: privacy@xynex.app. See also our Terms of Service andAML / Sanctions Policy.