Privacy Policy

Elexa ('we', 'us', or 'our') operates a peer-to-peer cryptocurrency exchange platform accessible at elexa.io. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our services.

We are committed to handling your data responsibly and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

We collect the following categories of personal data:

• Account information: email address, username, profile picture, and bio you provide at registration.
• Communication data: messages sent via our trade chat system and support tickets.
• Transaction data: trade history, wallet addresses, transaction IDs, and amounts.
• Technical data: IP address, browser type, operating system, device type, and session timestamps.
• Usage data: pages visited, features used, search queries, and interaction logs.
• Notification preferences and push notification tokens.
• Referral codes and partner program activity.

We do not collect government-issued identification, passport numbers, or any biometric data. Elexa is a no-KYC platform.

We use your personal data for the following purposes:

• To create and manage your account and authenticate your identity.
• To facilitate trades between users, including managing the escrow process.
• To process wallet transactions and send/receive notifications.
• To resolve disputes between trading partners.
• To provide customer support and respond to tickets.
• To detect, investigate, and prevent fraudulent activity, abuse, and violations of our Terms of Service.
• To send transactional emails (trade updates, verification codes, security alerts).
• To improve our platform through analytics and usage data.
• To operate the partner referral program and calculate commissions.

We process your personal data under the following legal bases:

• Contract performance: processing necessary to provide you with the services you signed up for.
• Legitimate interests: fraud prevention, platform security, and improving our services.
• Legal obligation: where we are required to retain or disclose data by applicable law.
• Consent: for optional communications such as marketing emails, which you may withdraw at any time.

We do not sell your personal data. We may share limited data with trusted third parties only where necessary:

• Cloud infrastructure providers for hosting and data storage.
• Email delivery services for sending transactional notifications.
• Analytics services to understand platform usage (data is anonymised where possible).
• Law enforcement or regulatory authorities when legally required.
• Your trading partner receives only the information necessary to complete a trade (username, online status, feedback history).

We retain your personal data for as long as your account is active or as necessary to provide our services. Specifically:

• Account data is retained for the duration of your account and for up to 12 months after deletion.
• Transaction records are retained for up to 5 years for legal and compliance purposes.
• Support ticket communications are retained for up to 3 years.
• Technical and usage logs are retained for up to 12 months.

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your data, subject to legal retention obligations.
• Right to restriction: request that we limit how we use your data.
• Right to data portability: request your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests.
• Right to withdraw consent: for any processing based on your consent.

To exercise any of these rights, contact us at privacy@elexa.io or via our contact page.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS), hashed password storage, two-factor authentication options, and regular security reviews.

Despite our efforts, no method of internet transmission is 100% secure. We encourage you to use strong passwords and enable 2FA on your account.

We use cookies and similar technologies to operate our platform and improve your experience. Please refer to our Cookie Policy for full details on the cookies we use and how to manage them.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by posting a notice on the platform. The 'Last updated' date at the top of this page reflects the most recent revision.

Your continued use of Elexa after changes are posted constitutes your acceptance of the updated policy.