Esta política de privacidad está disponible en inglés.
Si necesita ayuda para entenderla, contáctenos:support@inbitix.com.

This privacy policy is written in English.
If you need assistance, please contact us:support@inbitix.com.

InBitix Privacy Notice

Welcome to InBitix’s Privacy Notice. This Notice applies to our App (Version 1.0) and official website (https://www.inbitix.com/), and clarifies how we collect, process and protect your personal data for providing core services including virtual currency spot trading, market inquiry, asset deposit/withdrawal and account security management. We strictly abide by the Seychelles AML/CFT Act and applicable data protection laws, and adhere to the principle of data minimization in all data processing activities.

Our services are only open to users aged 18 and above. We do not collect or process data of minors, and do not provide contract trading, marketing, social sharing and other services in App Version 1.0.

1. Who We Are

InBitix Global Limited is the data controller responsible for all personal data processing of users.

For privacy-related questions, right exercise or complaints, contact us via:

We will update this Notice from time to time, and notify you of material changes via in-App pop-up or official announcement.

2. What Personal Data We Collect

We divide data collection into Basic KYC (for registration/login) and Enhanced KYC (for spot trading/deposit/withdrawal) in accordance with anti-money laundering requirements, and do not collect biometric information, marketing data or any irrelevant data. All collected data is only for core service provision:

Data Category Specific Content (App Version 1.0) Applicable KYC Level
Identity Data Full name, username, date of birth, ID/passport/driving licence (for identity verification) Basic (name/DOB); Enhanced (ID document)
Contact Data email, phone number Basic (residence/email/phone); Enhanced (address proof)
Financial Data Virtual currency account Enhanced
Transactional Data Spot trading records, deposit/withdrawal details (address, amount, time, status) Enhanced (generated during use)
Technical & Usage Data IP address, device info, login logs, GOOGLE Authenticator binding data, fund password encryption info, App operation logs (market inquiry/ trading/ security center) Basic (auto-collected for registration); supplemented for Enhanced
Profile Data Account info, security center operation records (GOOGLE Authenticator/unbind, fund password modification), spot trading preferences, customer support feedback Basic + Enhanced

3. How We Collect Your Data

  1. Direct interaction: You provide data when registering an account, completing KYC verification, operating the security center (binding GOOGLE Authenticator/setting fund password), conducting spot trading/deposit/withdrawal, or contacting customer support.
  2. Automated collection: We automatically collect technical/usage data via necessary technical cookies and server logs when you use the App/website (no marketing/analytical cookies). Disabling non-necessary cookies will not affect core service use.

4. How We Use Your Data

We only use your personal data for the core service provision and compliance requirements, with the following legal bases: Performance of Contract (for service provision), Compliance with Legal Obligations (for anti-money laundering/ risk control), Legitimate Interests (for account security/ service optimization, without overriding user rights).

Core Usage Purposes

  1. Complete account registration and KYC verification;
  2. Provide market inquiry, spot trading and deposit/withdrawal services, execute transaction instructions;
  3. Provide account security protection (GOOGLE Authenticator two-factor verification, fund password verification) to prevent unauthorized access/fraud;
  4. Fulfill anti-money laundering (AML)/counter-terrorism financing (CFT) obligations, conduct transaction risk control and suspicious transaction screening;
  5. Reply to user feedback and provide customer support;
  6. Optimize App core functions and service experience (only analyze user behavior of core services).

We use automated decision-making only for KYC verification, transaction anti-fraud and abnormal account identification (e.g., remote login, large-amount withdrawal). You have the right to apply for manual review for any automated decision that affects you.

5. Disclosures of Your Data

We will not share your personal data with any third party for non-core service purposes, and only disclose data to the following entities under the premise of signing data protection agreements and limiting processing scope:

  1. Third-party technical service providers for spot trading, deposit/withdrawal and App operation;
  2. Identity verification agencies for KYC checks (in accordance with AML requirements);
  3. Anti-fraud/AML agencies for crime prevention;
  4. Seychelles or local regulatory/ law enforcement authorities (when required by law, e.g., suspicious transaction reporting);
  5. Transferees in the event of business restructuring/sale (who must abide by this Notice and use data only for core services).

Blockchain Data Rules

We only upload spot trading/deposit/withdrawal transaction identifiers (e.g., transaction hash, address hash) to the blockchain (no personal identity information). On-chain data is immutable and cannot be deleted due to technical characteristics, and cannot be associated with your personal data without authorized matching.

6. International Data Transfers

We only transfer the minimal technical/transaction data required for core services to third parties outside the Seychelles, and adopt the European Commission’s Standard Contractual Clauses (SCCs) to ensure data protection level. No unnecessary personal identity information is transferred cross-border.

7. Data Security

We have taken comprehensive security measures to protect your personal data from unauthorized access, loss or alteration, and limit data access only to staff with legitimate business needs. Key security measures for App Version 1.0:

  1. Fund password is stored with salted hash encryption (no plaintext storage);
  2. GOOGLE Authenticator binding data is transmitted with end-to-end encryption, and device info is desensitized;
  3. All personal/financial data is encrypted, and deposit/withdrawal addresses are verified with multi-level encryption;
  4. Real-time monitoring of abnormal account operations, and regular security testing of the App;
  5. Regular backup of data and establishment of emergency recovery mechanisms.

We will immediately notify you and relevant regulators of any personal data breach (as required by law) and take remedial measures.

8. Data Retention

We only retain your personal data related to core services, and the retention period abides by the Seychelles AML/CFT legal framework and applicable laws, with no redundant retention:

  1. Mandatory AML retention: All KYC data, spot trading and deposit/withdrawal records are retained for at least 7 years after the end of the user-company relationship (may be extended in accordance with the law);
  2. Complaint/litigation: Relevant data is retained until the dispute is resolved or the litigation limitation period expires (up to 10 years);
  3. Account cancellation: Data is still retained in accordance with the above rules, and on-chain transaction identifiers cannot be deleted.

We will delete your data only when it meets legal requirements and no longer needs to be retained (excluding on-chain data).

9. Your Legal Rights

You have the following rights regarding your personal data (exercise via in-App customer service or email, we will verify your identity before processing):

  1. Access: Obtain a copy of the personal data we hold about you;
  2. Rectification: Request correction of inaccurate/incomplete personal data;
  3. Erasure: Request deletion of personal data (subject to legal requirements, AML retention rules and blockchain technical characteristics);
  4. Objection: Object to data processing based on legitimate interests (we will review and respond);
  5. Manual Review: Apply for manual review of automated decision-making results;
  6. Restriction: Request suspension of data processing under specific legal circumstances;
  7. Data Portability: Request transfer of your personal data in a machine-readable format (for contract-related/consented automated data);
  8. Withdraw Consent: Withdraw any explicit consent for data processing (will not affect prior lawful processing);
  9. Security Center Operation: Apply for unbinding GOOGLE Authenticator, resetting fund password (after identity verification);
  10. Complaint: Lodge a complaint with the Seychelles Information Commissioner or your local data protection authority.

Service Rules for Right Exercise

  1. No fee is charged for legitimate requests (a reasonable fee may be charged for unfounded/excessive requests);
  2. We will reply to your request within 30 calendar days (may be extended for complex requests, with prior notification);
  3. Identity verification materials provided by you will be deleted immediately after verification.

10. Other Provisions

This Notice is the primary privacy rule for InBitix App Version 1.0. If there is a conflict with other supplementary notices, this Notice shall prevail.

InBitix Global Limited reserves the right to interpret this Notice in accordance with the law.