Privacy Policy

1. Data Controller

Clearex (“the Company”) is the data controller responsible for your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Latvian data protection laws.

2. Data We Collect

We collect the following categories of personal data:

• Identity data: Full name, date of birth, nationality, government ID number
• Contact data: Email address, phone number, Telegram username
• Financial data: Bank account (IBAN), cryptocurrency wallet addresses
• KYC documents: Photos of ID documents, selfies, proof of source of funds
• Transaction data: Exchange history, amounts, rates, timestamps
• Technical data: IP address, browser type, device information (collected automatically)

3. Legal Basis for Processing

4. How We Use Your Data

• To process and complete your cryptocurrency exchanges
• To verify your identity as required by AML/KYC regulations
• To communicate with you about your transactions
• To detect and prevent fraud and financial crime
• To comply with legal and regulatory obligations
• To improve our services and user experience

5. Data Sharing

We do not sell your personal data. We may share data with:

• Banking partners — to process SEPA transfers
• Blockchain analytics providers — to screen transactions for compliance
• Cloud infrastructure providers — for secure data hosting (EU-based servers)
• Regulatory authorities — when required by law (FIU, tax authorities)

6. Data Retention

• Transaction records: 5 years after the last transaction (AML requirement)
• KYC documents: 5 years after end of business relationship
• Technical logs: 12 months
• Marketing consent records: until consent is withdrawn

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encryption at rest and in transit (TLS 1.3), access controls with role-based permissions, regular security audits, and secure backup procedures. KYC documents are stored with AES-256 encryption.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data (subject to legal retention requirements)
• Restriction — restrict processing in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — for processing based on consent, at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

Our website uses essential cookies for functionality (locale preference, theme). We do not use tracking or advertising cookies. Analytics, if implemented, use privacy-respecting alternatives that do not require consent under GDPR.

10. International Transfers

Your data is primarily stored within the EU (Ireland — Supabase cloud). If any data is transferred outside the EU/EEA, we ensure adequate safeguards through Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be published on this page with an updated revision date and communicated via our Telegram channel.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Data State Inspectorate of Latvia (Datu valsts inspekcija) at www.dvi.gov.lv.