Legal

Privacy Policy

Effective date: January 1, 2026 Last updated: June 4, 2026 Version: 1.0

Neonex ("we", "us", or "our") respects your privacy. This Privacy Policy explains what personal data we process when you use our website, applications, APIs, and services (the "Services"), why we process it, with whom we share it, and what rights you have.

We process personal data because we operate a regulated crypto-asset platform and are required by law to identify our users, monitor transactions, and report suspicious activity.

1. Introduction

This Policy applies to all individuals who interact with the Services, including registered users, affiliate partners, prospects who contact us, and visitors to our public pages. It should be read together with our Terms of Use.

2. Data Controller

The data controller is Neonex. You can reach our privacy team at privacy@neonex.io. If you are in the EU/EEA or the UK, our data protection officer can be contacted at the same address.

3. Data We Collect

We collect the following categories of personal data:

CategoryExamples
Account & identityName, date of birth, nationality, email, phone, country, residential address, profile photo
KYC / verificationGovernment-issued ID, selfie or video, proof of address, source of funds declarations
TransactionalDeposits, withdrawals, exchanges, balances, wallet addresses, blockchain hashes, fees
FinancialLinked card / bank details (tokenised by our payment partners), tax residency
TechnicalIP address, device and browser fingerprint, language, time zone, session logs
CommunicationsSupport tickets, chats, call recordings (where indicated), survey responses
MarketingChannel preferences, campaign engagement, referral code use

4. How We Use Data

  • to register and authenticate you, and to operate your account;
  • to provide the Services you request, including buying, selling, holding, and transferring crypto-assets;
  • to comply with KYC, AML, CTF, sanctions, fraud-prevention, and tax-reporting obligations;
  • to monitor, investigate, and prevent suspicious or prohibited activity;
  • to provide customer support and to handle disputes;
  • to operate the affiliate programme and calculate commissions;
  • to send service notifications and, where you have opted in, marketing communications;
  • to improve and secure the platform, debug issues, and conduct internal analytics.

Where the GDPR (or a similar regime) applies, we rely on the following legal bases:

  • Performance of a contract — to deliver the Services you have signed up for;
  • Legal obligation — for KYC/AML, sanctions screening, transaction monitoring, and reporting;
  • Legitimate interests — to secure the platform, prevent fraud, and improve our products;
  • Consent — for optional marketing communications and certain non-essential cookies, which you can withdraw at any time.

6. Sharing & Recipients

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Service providers — KYC/identity vendors, payment processors, custody and liquidity partners, cloud hosting, email delivery, analytics, customer-support tooling;
  • Regulators and authorities — when required by law, court order, or in response to a lawful request;
  • Affiliates and corporate group entities, where applicable, under appropriate safeguards;
  • Successors — in case of a merger, acquisition, or restructuring (you will be notified).

We do not sell your personal data.

7. International Transfers

Some of our service providers are located outside the EU/EEA or the UK. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or adequacy decisions. A copy of the relevant safeguards is available on request.

8. Retention

We retain personal data only for as long as necessary for the purposes described above. Specifically:

  • KYC records and transaction history are kept for at least 5 years after account closure, in line with AML legislation;
  • support and communication records are kept for up to 3 years;
  • marketing data is retained until you withdraw consent or for a maximum of 2 years of inactivity;
  • technical and security logs are kept for up to 12 months (longer for incidents under investigation).

9. Security

We implement industry-standard organisational and technical measures to protect personal data, including encryption in transit and at rest, role-based access control, multi-factor authentication for staff, segregated production environments, regular penetration testing, and a documented incident-response procedure. Despite our efforts, no method of transmission or storage is 100% secure; please report any suspected vulnerability to security@neonex.io.

10. Your Rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate or incomplete data;
  • request erasure ("right to be forgotten"), subject to our legal retention obligations;
  • restrict or object to certain processing;
  • request data portability;
  • withdraw consent for processing based on consent (without affecting the lawfulness of prior processing);
  • lodge a complaint with your local data protection authority.

To exercise any of these rights, contact privacy@neonex.io. We will respond within the time frame required by applicable law (typically one month).

11. Cookies & Similar Technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the platform, and measure how the Services are used. Strictly necessary cookies are always active; analytics and marketing cookies are loaded only with your consent. You can manage your preferences in your browser settings or via our cookie banner.

12. Children

The Services are not directed at individuals under 18, and we do not knowingly collect personal data from minors. If you believe we have collected such data, please contact us so we can delete it.

13. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by email or by an in-platform notice. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

14. Contact

For privacy-related questions or to exercise your rights, contact privacy@neonex.io or visit our support page.