CRYPTER – PRIVACY POLICY

1. INTRODUCTION

1.1 Purpose of this Privacy Policy

This Privacy Policy (“Policy”) is published by Crypter (“Crypter”, “we”, “our”, or “us”), in its capacity as the data controller and/or processor, as applicable, with respect to the personal data and personally identifiable information (“Personal Data”) of individuals who access, interact with, or avail services on the Crypter platform, including but not limited to our websites, mobile applications, APIs, and digital interfaces (collectively, the “Platform”).

This Policy sets forth our practices regarding the collection, use, processing, disclosure, storage, and protection of your Personal Data, and outlines your rights under applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other similar global, national, and regional legal instruments governing the protection of Personal Data (collectively, “Applicable Data Protection Laws”).

1.2 Scope and Applicability

This Policy applies to all natural persons (“Users”, “you”, or “your”) who:

1. visit, register with, or use the Crypter Platform;
2. initiate or attempt to initiate any transaction or communication with Crypter or its affiliates through any means; or
3. are subject to data processing by Crypter, whether directly or indirectly, through our third-party processors, partners, or service providers.

This Policy does not apply to anonymized data or data rendered incapable of identifying a natural person, nor does it apply to third-party websites or services that may be linked to or embedded within the Platform, for which Crypter assumes no liability or responsibility.

1.3 Role of Crypter as Data Controller and/or Processor

Crypter shall act as the “data controller” as defined under Article 4(7) of the GDPR where it determines the purpose and means of processing Personal Data. In limited cases, where Crypter processes Personal Data on behalf of a third-party affiliate, strategic partner, or regulated entity, Crypter may act as a “data processor” under Article 4(8) of the GDPR or a similar designation under other Applicable Data Protection Laws.

Crypter may also engage sub-processors for specific processing activities, subject to contractual safeguards that are equivalent to or exceed the requirements under relevant data protection laws.

1.4 Cross-Border Applicability and Global Operations

Given Crypter’s intended operations across multiple jurisdictions and its commitment to providing borderless crypto asset trading services, Personal Data collected from Users may be transferred to, stored in, or otherwise processed in countries outside the country of origin or residency of the User, including but not limited to the European Economic Area (“EEA”), United States, and other countries that may not provide the same level of data protection.

Crypter shall ensure that such transfers are conducted in accordance with the requirements under the GDPR (including Standard Contractual Clauses), CCPA, and other applicable frameworks, and shall implement appropriate technical and contractual safeguards to ensure an adequate level of data protection.

2. DEFINITIONS

For the purposes of this Privacy Policy, unless the context otherwise requires, the following capitalized terms shall have the meanings ascribed to them hereunder. These definitions shall apply mutatis mutandis across all provisions of this Policy:

2.1 “Personal Data”

Means any information relating to an identified or identifiable natural person (“Data Subject”), including but not limited to identifiers such as name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such individual. This includes information defined as “personal information” under the CCPA, “personal data” under the GDPR, and any similar term under Applicable Data Protection Laws.

2.2 “Sensitive Personal Data” or “Special Categories of Personal Data”

Means a subset of Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, or any other information that is considered sensitive under Applicable Data Protection Laws. For purposes of CCPA, this includes precise geolocation, social security number, and financial account information.

2.3 “Processing”

Means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, including, but not limited to, collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

2.4 “Controller”

Means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, as defined under Article 4(7) of the GDPR and corresponding definitions under Applicable Data Protection Laws.

2.5 “Processor”

Means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller, as defined under Article 4(8) of the GDPR.

2.6 “Data Subject”

Means any identified or identifiable natural person whose Personal Data is processed by Crypter or its affiliates or processors, whether such individual is a User, customer, visitor, vendor, or representative of a corporate client.

2.7 “Consent”

Means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which the Data Subject, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

2.8 “Applicable Data Protection Laws”

Means all data protection, data security, privacy, cyber-security, or similar laws, regulations, directives, statutes, decrees, or rules applicable to Crypter or its operations, including but not limited GDPR (General Data Protection Regulation (EU) 2016/679), CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act); any other equivalent or supplemental national or regional legislation governing the Processing of Personal Data.

2.9 “Third Party”

Means any natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.

2.10 “Profiling”

Means any form of automated processing of Personal Data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

2.11 “Automated Decision-Making”

Means a decision based solely on automated processing, including profiling, which produces legal effects concerning the Data Subject or similarly significantly affects the Data Subject.

2.12 “Anonymization”

Means the process of irreversibly altering Personal Data in such a way that the Data Subject can no longer be identified directly or indirectly, rendering the data outside the scope of data protection laws.

2.13 “Pseudonymization”

Means the processing of Personal Data in such a manner that the data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures.

2.14 “Standard Contractual Clauses (SCCs)”

Means the contractual data protection clauses adopted by the European Commission to provide appropriate safeguards for international data transfers pursuant to Article 46(2)(c) of the GDPR.

2.15 “Supervisory Authority”

Means an independent public authority established under Article 51 of the GDPR or equivalent authority under other Applicable Data Protection Laws that is responsible for monitoring compliance with such laws.

3. TYPES OF DATA COLLECTED

Crypter collects, processes, and stores various categories of Personal Data and Sensitive Personal Data in order to provide its services, comply with statutory obligations, and enhance platform functionality. The scope of data collected may vary depending on the User’s jurisdiction, applicable regulatory requirements, and the nature of the services availed.

The categories of data collected by Crypter include, but are not limited to, the following:

3.1 Identity and Verification Data

Collected for the purposes of identity verification (KYC), anti-money laundering (AML) compliance, and fraud prevention.

1. Full legal name (first name, middle name, surname)
2. Date of birth, nationality, gender
3. Government-issued identification numbers (e.g., passport, national ID, driver’s license)
4. Identification documents and scans (e.g., passport photo, selfie verification)
5. Tax identification number or equivalent (as required by FATCA/CRS)
6. Proof of residency (e.g., utility bills, lease agreements)

3.2 Contact Data

Required for communication, multi-factor authentication, and customer support.

1. Email address
2. Mobile number / telephone number
3. Physical address / mailing address
4. Emergency contact details (where applicable)

3.3 Financial and Transactional Data

Collected to facilitate fiat and crypto transactions, deposits, withdrawals, and trading activities.

1. Bank account information and routing details
2. Credit/debit card details (if applicable)
3. Wallet addresses and blockchain transaction identifiers
4. Transactional history on the Platform (trades, order books, withdrawals)
5. Fiat currency deposit and withdrawal history
6. Crypto asset holdings and portfolio data

3.4 Employment and Business Data

Collected in cases of institutional accounts, corporate onboarding, or source of funds verifications.

1. Company name, incorporation documents, and tax registrations
2. Ultimate Beneficial Owner (UBO) data
3. Board resolutions and signatory lists
4. Employment status and occupation (for retail users, if required by compliance)

3.5 Technical and Device Data

Collected automatically through your interaction with the Platform and used to ensure system security, performance optimization, and fraud detection.

1. Internet Protocol (IP) address
2. Device type, operating system, and browser information
3. Login timestamps, session duration, and access logs
4. Geolocation data (subject to user’s device settings and legal limitations)
5. Device identifiers (IMEI, MAC address, UUID)
6. Platform activity metadata (clickstream data, mouse movements, scrolls)

3.6 Usage and Behavioural Data

Collected through cookies, analytics tools, and behavioural profiling mechanisms.

1. User preferences and settings
2. Navigation history within the Platform
3. Time spent on different features/pages
4. Responses to surveys, feedback forms, or contests
5. Affiliate or referral links followed

3.7 Biometric and Facial Recognition Data

Collected only with the User’s explicit consent and used exclusively for identity verification and fraud prevention.

1. Facial recognition scans used during KYC
2. Biometric identifiers captured by third-party verification vendors
3. Liveness detection and image comparison data

Note: Such data is collected, processed, and stored in strict accordance with the GDPR’s Article 9, and equivalent provisions of other Sensitive Data laws.

3.8 Special Category Data (where legally permitted)

In rare and exceptional cases where legally required or authorized (e.g., politically exposed persons, sanctions screening), Crypter may process:

1. Data revealing political affiliations or exposure
2. Data regarding criminal convictions or offenses (in compliance with AML obligations)
3. Data subject to reporting obligations under FATF or national FIUs

3.9 Communications and Support Data

Collected through direct interactions between the User and Crypter’s customer support or compliance teams.

1. Chat transcripts, email exchanges, and support tickets
2. Voice call recordings (where notified and permitted)
3. Dispute resolution records and internal investigation notes

3.10 Publicly Available and Third-Party Data

Crypter may, where lawful, obtain Personal Data from public sources or third-party service providers to verify information or conduct compliance assessments.

1. Sanctions lists (e.g., OFAC, EU Consolidated List, UN Sanctions)
2. Social media handles (where explicitly linked by the User)
3. Data from blockchain analytics tools (e.g., wallet risk scores)

Crypter does not intentionally collect or process Personal Data of children under the age of 18 or the applicable legal age of majority unless required by law. Users are contractually and legally bound to declare that they are of eligible legal age during onboarding.

4. METHODS AND SOURCES OF DATA COLLECTION

Crypter collects Personal Data through various lawful and secure means, including direct disclosures by Users, automated technologies, external data sources, and through authorized third-party service providers. The specific methods and sources of collection are outlined below:

4.1 Data Provided Directly by the User

Crypter collects data directly from Users during voluntary interactions with the Platform, including, but not limited to, the following circumstances:

1. Account Creation and Registration: Submission of personal and contact details for account setup and identity verification.
2. KYC/AML Compliance Procedures: Uploading of government-issued ID documents, utility bills, selfies, and other proof-of-identity materials.
3. Transaction Execution: Input of financial account details, wallet addresses, and instructions for fiat or crypto transfers.
4. Support and Dispute Resolution: Emails, chat logs, call recordings, and submitted complaints or inquiries.
5. Promotional and Survey Participation: Data voluntarily provided for marketing, contests, or surveys.
6. Corporate Onboarding: Submission of incorporation documents, UBO declarations, and related corporate data.

In such cases, Crypter is deemed to have collected Personal Data with the Data Subject’s knowledge and express or implied consent, subject to applicable legal bases under Section 5 of this Policy.

4.2 Data Collected Automatically

Crypter utilizes automated tools and technologies to collect certain types of Technical and Usage Data during the User’s interaction with the Platform. Such technologies include, but are not limited to:

1. Cookies and Web Beacons
2. Pixel Tags and Local Storage Objects
3. Session Replay Tools and User Analytics Software
4. Log File Analytics and IP Tracking Mechanisms

The automated data collected may include:

1. IP address, device ID, browser type, operating system
2. Date/time of access, session duration, clickstream behavior
3. Geographic location (subject to user device permissions)
4. Referral URLs and in-platform navigation trails

This data enables Crypter to maintain Platform integrity, detect and prevent fraudulent activities, and enhance User experience through analytics and personalization. Consent mechanisms for cookies and similar technologies are governed under Section 12 of this Policy.

4.3 Data Obtained from Third Parties

Crypter may lawfully collect and process Personal Data from external sources where permitted by applicable laws or where required to fulfill contractual or regulatory obligations. Such third-party sources may include:

1. KYC/AML and Sanctions Screening Vendors: External service providers who perform ID verification, liveness checks, database cross-referencing, and PEP/sanctions list screenings.
2. Payment Processors and Banking Partners: For reconciliation of fiat transactions and fraud detection.
3. Blockchain Analytics Providers: To assess wallet activity, on-chain risks, and compliance with FATF Travel Rule requirements.
4. Marketing and Affiliate Networks: To identify referral sources and campaign effectiveness, subject to consent.
5. Publicly Accessible Records and Registries: Including corporate registries, tax authorities, and public sanctions lists (e.g., OFAC, EU, UN).
6. Social Media or Authentication Integrations: Where the User elects to link or sign in via third-party platforms (e.g., “Sign in with Google”).

Crypter ensures that such third parties are contractually bound to adhere to data protection obligations, and that appropriate due diligence is undertaken prior to data ingestion.

4.4 Data Inferred or Derived Internally

In addition to direct and third-party collection, Crypter may generate derivative or inferred data through internal algorithms and behavioural analytics, such as:

1. User risk scoring based on transaction history
2. Trade behaviour and asset allocation patterns
3. Predictive fraud models or suspicious activity indicators
4. Wallet attribution through transaction graphing tools

Such processing is undertaken strictly in accordance with Crypter’s legitimate interests in fraud detection, risk mitigation, and regulatory compliance, as detailed in Section 5.

4.5 Blockchain and Public Ledger Data

Given the immutable and public nature of blockchain technology, Crypter may collect and associate certain blockchain-related data to a User’s account for monitoring purposes, including:

1. Public wallet addresses
2. Transaction hashes and timestamps
3. Smart contract interactions
4. Token balances and movement patterns

While such information may not independently constitute Personal Data, it may be linked to a User profile through KYC or behavioural analysis and shall be treated with appropriate safeguards accordingly.

Crypter does not engage in covert data collection or unauthorized surveillance. All data collection practices are conducted in accordance with the principles of transparency, lawfulness, fairness, and data minimization.

5. LEGAL BASES FOR DATA PROCESSING

Crypter processes Personal Data strictly in accordance with the legal bases established under the General Data Protection Regulation (EU) 2016/679 (GDPR) and comparable data protection frameworks applicable in other jurisdictions. Processing activities are undertaken only where a lawful basis exists, as outlined below:

5.1 Consent of the Data Subject

Where Crypter requests and receives the freely given, specific, informed, and unambiguous consent of the User, such consent forms the legal basis for processing. This is particularly relevant in the following scenarios:

1. Use of non-essential cookies or tracking technologies (see Section 12)
2. Subscription to promotional or marketing communications
3. Participation in surveys, contests, or beta testing programs
4. Biometric data or facial recognition-based KYC solutions
5. Cross-border transfers to countries lacking adequate protection, absent SCCs or BCRs

The Data Subject retains the right to withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Withdrawal may affect the User’s ability to use certain features or services on the Platform.

5.2 Processing Necessary for the Performance of a Contract

Crypter processes Personal Data where such processing is essential for the execution or performance of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract. This includes, inter alia:

1. Account registration and maintenance
2. Execution of crypto or fiat transactions
3. Wallet management and trading functionalities
4. Provision of customer support and technical assistance
5. Enforcement of Crypter’s Terms of Use, Service Agreements, and related contracts

5.3 Compliance with Legal Obligations

Crypter processes Personal Data where necessary for compliance with legal obligations imposed under applicable statutes, regulations, or governmental directives, including but not limited to:

1. Know-Your-Customer (KYC) and Anti-Money Laundering (AML) requirements under EU AMLD, FATF, and local VASP rules
2. Sanctions screening, UBO identification, and reporting to regulatory authorities
3. Tax reporting and compliance with FATCA, CRS, or local income tax authorities
4. Retention obligations under financial laws and audit regulations
5. Responding to lawful requests or subpoenas from law enforcement or courts

This legal basis extends to any jurisdiction where Crypter operates or onboards Users, subject to extraterritorial application of financial and compliance laws.

5.4 Legitimate Interests of Crypter or a Third Party

Crypter may process Personal Data where such processing is necessary for the purposes of legitimate interests pursued by Crypter or a third party, provided that such interests are not overridden by the fundamental rights and freedoms of the Data Subject. Such legitimate interests include:

1. Prevention of fraud, account abuse, and unauthorized access
2. Enhancement of cybersecurity and threat intelligence
3. Improvement of platform performance and UX through analytics
4. Enforcement of internal policies and contractual terms
5. Due diligence during corporate restructuring, M&A, or insolvency proceedings
6. Internal investigations and audit trail maintenance
7. Ensuring network and information security
8. Assessment of eligibility for promotional campaigns or incentives

Where required, Crypter undertakes a Legitimate Interests Assessment (LIA) to ensure proportionality and necessity of such processing.

5.5 Processing in the Vital Interests of the Data Subject

In rare circumstances, Crypter may process Personal Data where such processing is necessary to protect the vital interests of the Data Subject or of another natural person, including situations involving:

1. Detection of imminent cyber-attacks or scams targeting the User
2. Disclosure in case of emergency or where the User is incapacitated
3. Identification of self-harm, coercion, or exploitation patterns (especially in fraud or blackmail cases)

Such processing shall be narrowly interpreted and invoked only in bona fide emergencies or as permitted by applicable law.

5.6 Performance of a Task Carried Out in the Public Interest or Exercise of Official Authority

Where applicable under national or supranational laws (e.g., EU financial regulatory regimes), Crypter may process Personal Data in the exercise of official authority vested in it or where processing is necessary for the performance of a task carried out in the public interest. This may include:

1. Cooperation with financial intelligence units (FIUs)
2. Participation in industry-wide fraud or risk prevention programs
3. Contribution to systemic stability and reporting to central banks or regulators

Crypter does not rely on automated decision-making without human involvement as the sole basis for decisions that produce legal or similarly significant effects, unless explicitly consented to by the User or permitted by applicable law (see Section 11 for details).

6. PURPOSES OF DATA PROCESSING

Crypter processes Personal Data only for specific, explicit, and legitimate purposes, as outlined in this Section. Each processing activity is grounded in a lawful basis (refer to Section 5) and is conducted in accordance with the principles of purpose limitation, data minimization, and storage limitation under Applicable Data Protection Laws.

6.1 Account Creation, Onboarding, and Identity Verification (KYC)

Crypter processes your Personal Data to:

1. Register and authenticate User accounts
2. Verify your identity through KYC/AML protocols in compliance with applicable laws
3. Conduct liveness checks, facial recognition, document authentication, and biometric verification (where permitted by law)
4. Assess politically exposed person (PEP) status and sanctions list inclusion
5. Establish eligibility for specific products or services (e.g., fiat wallet functionality)

This processing is necessary for the performance of the User agreement and compliance with financial and anti-money laundering regulations.

6.2 Execution of Transactions and Provision of Services

Crypter processes data to:

1. Facilitate deposits, withdrawals, trading, and transfers of fiat and virtual assets
2. Generate transaction receipts, confirmations, and account statements
3. Enable access to user wallets, trading pairs, and DeFi or staking interfaces (where applicable)
4. Provide multi-factor authentication and session continuity
5. Integrate with third-party wallets, oracles, APIs, and custodial partners

This processing is essential for the performance of contractual obligations between Crypter and the User.

6.3 Compliance with Legal, Regulatory, and Supervisory Obligations

Crypter is subject to various international and domestic obligations requiring the processing of Personal Data, including to:

1. Comply with the EU AML Directives, FATF Recommendations, Turkish AML Act, and other national AML/CFT regimes
2. File Suspicious Transaction Reports (STRs) or Currency Transaction Reports (CTRs) with competent financial intelligence units (FIUs)
3. Maintain audit trails and transaction histories as required by financial regulators
4. Comply with tax reporting obligations (e.g., FATCA, CRS)
5. Enforce risk-based customer due diligence and ongoing monitoring

Crypter may retain data for statutory retention periods even post-account termination to fulfill these obligations.

6.4 Customer Support and Dispute Resolution

Crypter processes Personal Data to:

1. Provide support via email, phone, chat, or helpdesk integrations
2. Investigate user complaints or transaction disputes
3. Track support history and escalations for quality assurance
4. Record conversations (where permitted) to train personnel and resolve issues

This is done under Crypter’s contractual duties and legitimate interest in service improvement.

6.5 Platform Security and Fraud Prevention

To maintain the integrity of its systems and protect Users and assets, Crypter processes data to:

1. Detect suspicious or anomalous activity
2. Prevent unauthorized access, hacking attempts, and wallet compromises
3. Monitor system logs for unusual patterns, location changes, or bot activity
4. Enforce bans or blacklisting policies against malicious actors

Crypter may use internal risk scoring algorithms or engage third-party fraud prevention tools to this end.

6.6 Marketing, Communications, and User Engagement

Subject to the User’s consent (where required), Crypter may process Personal Data to:

1. Send newsletters, updates, and promotional communications
2. Notify Users of feature releases, system updates, or policy changes
3. Invite Users to participate in surveys, feedback loops, or affiliate programs
4. Conduct referral tracking and reward distribution

Users may opt out of direct marketing communications at any time without prejudice to service access.

6.7 Personalization, Analytics, and Service Enhancement

Crypter may analyse usage data and preferences to:

1. Optimize platform layout, performance, and responsiveness
2. Offer personalized content, such as preferred trading pairs or interface themes
3. Conduct A/B testing and heatmap analysis to improve UI/UX
4. Measure customer satisfaction and behavioural engagement

This processing is based on Crypter’s legitimate interest in improving services and is subject to cookie and analytics governance in Section 12.

6.8 Legal Enforcement, Risk Management, and Corporate Governance

Crypter may process Personal Data to:

1. Establish, exercise, or defend legal claims in litigation, arbitration, or regulatory proceedings
2. Respond to lawful requests from courts, regulators, or law enforcement
3. Assess and manage legal, operational, or reputational risk
4. Enforce Crypter’s Terms of Use, AML Policy, or other contractual documents
5. Execute internal compliance reviews, audits, or investigations
6. Facilitate corporate transactions including mergers, acquisitions, asset sales, or restructuring

Such processing is based on Crypter’s legal obligations and legitimate interests in risk and reputation management.

6.9 Blockchain Analysis and Wallet Attribution

Crypter may associate on-chain data with user profiles to:

1. Monitor for high-risk behaviours (e.g., mixing, gambling, darknet transactions)
2. Comply with Travel Rule obligations under FATF and EU VASP guidance
3. Evaluate wallet provenance or address clustering via blockchain analytics tools

Data derived from public ledgers is processed within strict bounds to avoid re-identification without justification.

Crypter does not process Personal Data for purposes incompatible with those stated herein, unless required or permitted by law, or with the User’s explicit consent.

7. DATA SHARING AND DISCLOSURE

Crypter does not engage in the sale of Personal Data under any circumstances. However, in the ordinary course of its business and to fulfill contractual, statutory, or regulatory obligations, Crypter may disclose Personal Data to third parties, including service providers, affiliates, regulatory authorities, and in connection with business transactions, in each case subject to appropriate legal bases and safeguards.

Disclosures are limited to those that are necessary, proportionate, and lawful, and Crypter ensures that all recipients of such data are bound by equivalent obligations of confidentiality, security, and compliance with Applicable Data Protection Laws.

7.1 Disclosure to Affiliates and Group Companies

Crypter may share Personal Data with its direct or indirect parent entities, subsidiaries, and affiliated companies (collectively, “Crypter Group”) for intra-group data transfers necessary for:

1. Centralized compliance oversight (e.g., KYC/AML coordination)
2. Unified customer support and operations
3. Internal audits, risk assessments, and governance
4. Marketing (subject to consent, where applicable)
5. Corporate accounting, tax reporting, and finance functions

Such transfers are governed by intercompany data sharing agreements incorporating Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) where required.

7.2 Disclosure to Third-Party Service Providers

Crypter engages vetted third-party vendors (“Processors”) to facilitate Platform operations and regulatory compliance. Personal Data may be disclosed to such Processors solely for specified purposes, including:

1. KYC/AML Verification Providers (e.g., Onfido, Jumio, Sumsub)
2. Blockchain Analytics Firms (e.g., Chainalysis, Elliptic)
3. Cloud Infrastructure Providers (e.g., AWS, Google Cloud)
4. Payment Gateways and Banking Partners
5. Email and SMS Delivery Platforms
6. Cybersecurity Firms and Forensics Providers
7. Customer Support and CRM Platforms (e.g., Zendesk, Intercom)

All Processors are contractually bound under Data Processing Agreements (DPAs) incorporating security standards, audit rights, breach reporting obligations, and cross-border transfer compliance mechanisms.

7.3 Disclosure to Regulatory and Government Authorities

Crypter may disclose Personal Data to domestic or foreign government agencies, regulators, tax authorities, law enforcement bodies, and courts of competent jurisdiction, where such disclosure is:

1. Mandated by law (e.g., AML/CFT legislation, tax law, securities law)
2. Required pursuant to subpoena, warrant, or lawful order
3. Necessary to comply with sanctions regimes (e.g., OFAC, EU Sanctions List)
4. Compelled by mutual legal assistance treaties (MLATs) or intergovernmental agreements
5. Essential for defence of legal claims, enforcement of contractual rights, or protection of Platform integrity

Crypter does not make such disclosures arbitrarily, and each request is assessed for legality, jurisdictional authority, scope, and necessity.

7.4 Disclosures to Professional Advisors and Consultants

Crypter may share Personal Data with external legal counsel, auditors, compliance advisors, tax consultants, insurers, and risk managers strictly on a need-to-know basis, and only under confidentiality arrangements. This includes disclosures made for:

1. Internal investigations
2. Statutory audits
3. Regulatory reporting
4. Dispute resolution or litigation
5. Business continuity or insolvency planning

7.5 Disclosures in Connection with Corporate Transactions

In the event of a merger, acquisition, asset transfer, reorganization, investment, or bankruptcy involving Crypter or any part of its business, Personal Data may be disclosed to:

1. Potential or actual acquirers, investors, or merger partners
2. Legal, financial, and transactional advisors of such parties
3. Corporate successors-in-interest

Such disclosures are subject to data room security, non-disclosure agreements, and continued data protection post-transaction.

7.6 Public and Blockchain-Based Disclosures

Crypter may link pseudonymous on-chain data (e.g., wallet addresses, transaction hashes) to User accounts for compliance and monitoring purposes. However, Crypter will never publicly disclose Personal Data (such as full names or ID numbers) on a blockchain or immutable ledger without the User’s explicit and informed consent, except where required by law or lawful order.

7.7 Disclosures with the User’s Consent

In addition to the foregoing, Crypter may disclose Personal Data to other third parties where the User has expressly consented to such disclosure. This includes:

1. Participation in co-branded campaigns or loyalty programs
2. Integration with third-party wallets, DeFi platforms, or NFT marketplaces
3. Referrals and social media linkages

Consent may be withdrawn at any time in accordance with Section 13 of this Policy.

Crypter maintains detailed records of all third-party disclosures in accordance with accountability obligations under GDPR (Art. 30) and other data protection frameworks, and conducts periodic audits of third-party processors to assess security posture and contractual compliance.

8. INTERNATIONAL DATA TRANSFERS

Given Crypter’s global footprint and its use of cloud-based infrastructure, blockchain data analytics, and outsourced compliance services, Personal Data collected and processed by Crypter may be transferred to, stored in, or otherwise accessed from jurisdictions outside the country in which the Data Subject resides — including countries that may not offer a level of data protection equivalent to that guaranteed under the laws of the Data Subject’s jurisdiction.

Crypter ensures that such transfers are conducted in strict compliance with Applicable Data Protection Laws, and are subject to appropriate safeguards, transparency, and accountability mechanisms.

8.1 Transfers Within the European Economic Area (EEA)

Where data is transferred within the EEA, such transfers are not subject to additional restrictions under the GDPR. All Crypter affiliates and Processors operating within the EEA are required to comply with GDPR standards and Crypter’s internal data protection protocols.

8.2 Transfers to Countries Recognized as Providing Adequate Protection

Crypter may transfer Personal Data to jurisdictions outside the EEA that have been deemed to offer an “adequate level of protection” by the European Commission pursuant to Article 45 of the GDPR. Such jurisdictions include, inter alia:

1. United Kingdom
2. Switzerland
3. Israel
4. Japan
5. South Korea
6. Canada (commercial organizations under PIPEDA)
7. Others as updated in the EU’s adequacy list.

No additional authorizations are required for such transfers.

8.3 Transfers to Non-Adequate Jurisdictions

Where Personal Data is transferred to jurisdictions not recognized by the European Commission or equivalent authorities as offering adequate protection, Crypter relies on one or more of the following mechanisms under Article 46 of the GDPR and corresponding provisions of other data laws:

1. Standard Contractual Clauses (SCCs) approved by the European Commission (2021/914/EU)
2. Binding Corporate Rules (BCRs) (where adopted by Crypter Group)
3. Data Transfer Agreements incorporating supplemental technical and organizational safeguards
4. Explicit informed consent of the Data Subject (limited applicability)
5. Derogations under Article 49 GDPR (e.g., contractual necessity or legal claims)

All such transfers are subject to Transfer Impact Assessments (TIAs) to evaluate risks associated with access by foreign governments, enforcement agencies, and to implement encryption, data minimization, and access control measures accordingly.

8.4 Transfers to the United States

Where Crypter engages US-based Processors or Sub-Processors (e.g., for cloud hosting, analytics, or customer support), Crypter ensures that:

1. SCCs are executed between Crypter and the US entity;
2. Supplemental measures such as end-to-end encryption, zero-trust authentication, and pseudonymization are implemented;
3. US entities do not fall within the scope of FISA Section 702 or Executive Order 12333 in a manner that would compromise GDPR-level protections; and
4. The transfer complies with evolving frameworks, such as the EU–US Data Privacy Framework, if and when applicable.

8.5 Transfers to Third-Party Processors and Sub-Processors

All Crypter vendors and service providers receiving cross-border Personal Data are required to:

1. Enter into legally binding data processing agreements (DPAs)
2. Adhere to the principles of purpose limitation, data minimization, and confidentiality
3. Comply with Crypter’s technical and organizational security standards
4. Cooperate in responding to Data Subject access requests or regulatory inquiries

Crypter maintains a list of third-country recipients and will provide specific details upon request, subject to security and confidentiality considerations.

8.6 Transfers Through Decentralized Systems and Blockchains

Personal Data may be indirectly inferred or associated with pseudonymous identifiers (such as wallet addresses or transaction hashes) stored on public or permissionless blockchain networks, which are immutable and globally distributed.

Crypter does not publish Personal Data (such as names, emails, or ID numbers) on-chain, except where:

1. It is required to comply with legal obligations (e.g., FATF Travel Rule, VASP-to-VASP disclosures);
2. The Data Subject has provided explicit, informed consent; or
3. The information published is pseudonymized and non-identifiable in isolation.

Due to the borderless and irreversible nature of blockchain, Data Subjects are advised that such transfers may fall outside conventional legal jurisdiction, and Crypter implements off-chain safeguards wherever feasible.

8.7 User Rights and Remedies in Cross-Border Transfers

Users whose data is transferred internationally retain all their rights under Section 13 of this Policy, including:

1. Right to access copies of the transfer mechanisms (e.g., SCCs, BCR summaries)
2. Right to withdraw consent (where that is the legal basis)
3. Right to object to certain international transfers
4. Right to lodge complaints with a competent Supervisory Authority, such as the Turkish Data Protection Office or equivalent national regulators

9. DATA RETENTION AND STORAGE

Crypter retains Personal Data only for as long as is strictly necessary to fulfil the purposes for which such data was collected, or to satisfy legal, regulatory, contractual, accounting, or operational obligations, subject always to applicable data protection and financial laws.

The retention duration is determined based on a combination of statutory mandates, business necessity, user expectations, and Crypter’s risk posture, with appropriate technical and organizational safeguards implemented throughout the data lifecycle.

9.1 General Retention Periods

Unless otherwise required by law or contract, the general retention periods applicable to different categories of data are as follows:

1. Account Registration and KYC Records: Retained for a minimum of 5 to 10 years following account closure or last transaction, as mandated under the FATF Recommendations, EU AML Directives, and Turkish AML Act.
2. Transactional Data (crypto/fiat): Retained for 7 years to comply with financial reporting, audit, taxation, and anti-fraud requirements.
3. Customer Support Communications: Retained for up to 3 years after the issue is resolved, to ensure auditability and facilitate resolution of repeat queries or disputes.
4. Marketing Consent Records: Retained for as long as consent remains valid and for up to 5 years post-withdrawal, to demonstrate lawful processing under opt-in regimes.
5. Biometric or Sensitive Data (e.g., facial recognition scans): Retained only for the period necessary for verification and onboarding, then securely deleted or irreversibly anonymized, unless mandated otherwise by law.

9.2 Blockchain and On-Chain Data Retention

Due to the immutable and decentralized nature of blockchain technology, data written to public ledgers (e.g., wallet addresses, transaction hashes) may not be capable of erasure or alteration. Crypter does not write personal identifiers directly to any blockchain.

However, where Crypter links Personal Data to blockchain-based identifiers off-chain, the off-chain association shall be subject to this Policy and retained in accordance with:

1. Crypter’s AML/KYC retention policies
2. Legal reporting and disclosure obligations
3. User consent (where applicable)

Once retention obligations lapse, the association between blockchain data and the User’s profile is delinked and anonymized, to the extent technically feasible.

9.3 Legal Holds and Statutory Preservation

Notwithstanding the above retention periods, Crypter may retain certain categories of Personal Data beyond the prescribed limits where such retention is:

1. Required for the establishment, exercise, or defense of legal claims
2. Necessary to comply with a legal hold or regulatory preservation order
3. Mandated by law enforcement, tax authorities, or judicial authorities
4. Connected with ongoing investigations, disputes, or insolvency proceedings

In such cases, data is retained in restricted-access archives with enhanced encryption and access logging, until such obligation ceases to exist.

9.4 Anonymization and Irreversible De-Identification

Where Crypter no longer requires Personal Data for any lawful purpose, it will either:

1. Irreversibly anonymize the data in a manner that renders it no longer capable of identifying any natural person (and thus outside the scope of data protection laws); or
2. Securely delete or destroy the data using industry-standard protocols (e.g., DoD 5220.22-M, NIST SP 800-88)

Anonymized data may be used for statistical, research, or product development purposes, provided it remains non-identifiable.

9.5 Data Storage Location and Format

Crypter stores Personal Data using ISO 27001-compliant cloud infrastructure providers with data centers located in:

1. European Union (e.g., Germany, Netherlands) for GDPR compliance
2. Back-up jurisdictions such as the United States or UAE (subject to SCCs and TIAs)

All stored data is subject to the following safeguards:

1. Encryption at rest and in transit using AES-256 or higher
2. Role-based access control (RBAC) and zero-trust principles
3. Tamper-evident logging and access auditing
4. Multi-region back-ups and disaster recovery protocols

9.6 User-Initiated Account Closure and Data Deletion Requests

Upon verified request for account termination or erasure (pursuant to Section 13), Crypter shall:

1. Mark the account for closure
2. Suspend further processing (except where retention is legally mandated)
3. Delete all non-essential or optional data fields
4. Retain core identification and transactional records for legally required periods

Users will be informed of any data Crypter must retain for regulatory reasons and the timeline for final deletion or anonymization.

10. DATA SECURITY AND INTEGRITY

Crypter is committed to ensuring the confidentiality, integrity, availability, and resilience of the Personal Data it collects, stores, and processes. To that end, Crypter implements and maintains appropriate technical and organizational security measures to protect against accidental, unlawful, or unauthorized access, disclosure, alteration, destruction, loss, or misuse of Personal Data.

These measures are designed in accordance with the risk posed to the rights and freedoms of natural persons, the nature of the data, and the scope and context of processing activities, and are periodically reviewed and updated to maintain effectiveness.

10.1 Information Security Governance and Compliance Framework

Crypter has established a comprehensive internal Information Security Management System (ISMS) that incorporates:

1. Regular risk assessments and vulnerability scanning
2. Formal data classification and access control policies
3. Designated Data Protection Officer (DPO) and Chief Information Security Officer (CISO) roles
4. Security incident response planning and incident escalation protocols
5. Periodic audits by internal and independent third-party assessors

10.2 Technical Safeguards

Crypter deploys industry-standard technologies to ensure secure processing, storage, and transmission of Personal Data, including:

1. End-to-end encryption (AES-256 at rest; TLS 1.2+ in transit)
2. Multi-factor authentication (MFA) for all admin and user accounts
3. Role-based access control (RBAC) to restrict access to authorized personnel only
4. Zero-trust architecture for network segmentation and internal verification
5. Data loss prevention (DLP) mechanisms
6. Tamper-evident audit logs for access monitoring and forensic purposes
7. Backups with geographic redundancy and encrypted storage

10.3 Organizational and Administrative Safeguards

To reinforce security across Crypter’s workforce and service chain, the following practices are in place:

1. Employee background verification for roles handling sensitive or financial data
2. Mandatory confidentiality agreements with all staff, vendors, and contractors
3. Ongoing security awareness training and phishing simulations
4. Privacy-by-design and privacy-by-default principles embedded in system development
5. Vendor due diligence including review of sub-processors’ data protection practices
6. Contractual clauses with third parties mandating equivalent levels of protection and liability

10.4 Breach Detection, Notification, and Response

In the event of an actual or suspected data breach or security incident, Crypter shall:

1. Activate its Incident Response Plan, led by its cross-functional security taskforce
2. Contain the breach and mitigate any harm through forensic and remedial actions
3. Notify the relevant Data Protection Authority (DPA) within 72 hours (as per Article 33 GDPR), if the breach is likely to result in a risk to the rights and freedoms of natural persons
4. Notify affected Data Subjects without undue delay where required under applicable law
5. Maintain a comprehensive breach register documenting the nature, scope, and resolution of each incident

For jurisdictions governed by CCPA/CPRA, LGPD, or DIFC Law, Crypter shall adhere to their respective breach reporting thresholds and timelines.

10.5 Platform-Level and User-Side Security Expectations

While Crypter undertakes best-efforts protection of User data, the User is also responsible for securing their account credentials, and Crypter expressly advises that Users:

1. Use strong, unique passwords and change them periodically
2. Enable multi-factor authentication (MFA) on their accounts
3. Avoid sharing access credentials or using unsecured networks to access the Platform
4. Promptly notify Crypter of any unauthorized use or suspicious activity

Crypter shall not be liable for loss or compromise of Personal Data resulting from negligent User behaviour, unless demonstrably attributable to Crypter’s breach of duty.

10.6 Periodic Testing, Review, and Certification

Crypter’s security infrastructure is subject to:

1. Quarterly penetration testing and ethical hacking assessments
2. Annual third-party security audits (e.g., ISO 27001, SOC 2 Type II)
3. Review of data processing and security policies every 12 months or upon major system changes
4. Security compliance reporting to regulators, clients, and other stakeholders as required

Crypter continuously evaluates and improves its security posture in line with technological advancements, evolving threat landscapes, and global data protection expectations.

11. AUTOMATED DECISION-MAKING AND PROFILING

Crypter employs automated processing technologies, including profiling and algorithmic decision-making, for specific operational and compliance-related purposes. Such processing is conducted in accordance with applicable laws and is subject to appropriate transparency, oversight, and recourse mechanisms, particularly where decisions may produce legal or similarly significant effects on the Data Subject.

11.1 Definitions and Scope

For the purposes of this Section:

1. Automated Decision-Making refers to any decision about a User that is made solely by automated means without human involvement.
2. Profiling refers to the automated processing of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning their economic situation, reliability, behaviour, preferences, or location.

Crypter does not engage in fully automated decision-making that produces legal effects or significantly affects the User, unless:

1. It is necessary for entering into or performance of a contract between the User and Crypter;
2. It is explicitly authorized by applicable law (e.g., for AML risk scoring under FATF guidelines); or
3. The User has provided explicit, informed consent.

In all such cases, Crypter implements meaningful safeguards, including the right to obtain human intervention, to contest the decision, and to express one’s point of view.

11.2 Categories of Automated Decision-Making

Crypter may engage in automated decision-making in the following limited and justified scenarios:

1. KYC and Onboarding Risk Assessment: Automated tools are used to screen submitted documents, facial scans, and metadata for authenticity, duplication, or fraud indicators.
2. AML Risk Profiling and Wallet Analysis: Blockchain analytics systems may assign risk scores to wallets based on interaction with darknet markets, mixers, or sanctioned entities.
3. Transaction Pattern Analysis: Algorithms monitor behavioural anomalies (e.g., sudden volume spikes, jurisdictional risk exposure, timing irregularities) to detect potential suspicious activity.
4. Marketing Segmentation and Product Personalization: Users may be categorized based on location, trading preferences, or activity frequency to tailor platform offerings — though this has no legal or significant effects.
5. Referral and Bonus Fraud Prevention: Automated systems may flag and block suspected abusive or fraudulent activity relating to affiliate programs, referral bonuses, or reward schemes.

11.3 Safeguards and Human Oversight

Crypter ensures that:

1. Any automated decision-making system is audited periodically for bias, accuracy, and fairness.
2. Decisions with potential legal or material effects are subject to review by qualified compliance personnel.
3. Users are informed of the logic involved, significance, and potential consequences of such decisions (in plain terms).
4. Systems are designed to minimize false positives and ensure risk proportionality.
5. Human override mechanisms are available for contested decisions.

11.4 User Rights Concerning Automated Decisions

Subject to applicable law, Users have the following rights in relation to automated decision-making and profiling:

1. Right to request human intervention where a decision is made solely through automated means.
2. Right to contest and seek review of such decisions.
3. Right to receive an explanation of the logic and outcome of the processing.
4. Right to object to profiling, particularly where it is carried out for direct marketing or high-risk classification.
5. Right to withdraw consent, where consent was the legal basis for the automated processing.

Crypter shall respond to such requests within the timeframes prescribed by applicable data protection laws, and without prejudice to Crypter’s statutory obligations under AML, sanctions, and fraud frameworks.

11.5 Exclusions and Limitations

Crypter may use automated decision-making without User consent or right to contest where:

1. Required by law, such as reporting thresholds under AML/CFT laws.
2. Decisions are made with no significant effect, such as internal analytics or low-risk segmentation.
3. The User has voluntarily opted in to a program involving automation (e.g., automatic staking rewards or trading signals).

Crypter does not use automated decision-making for purposes of employment, creditworthiness assessment, or biometric categorization outside KYC compliance.

12. COOKIES AND TRACKING TECHNOLOGIES

Crypter utilizes cookies and other similar tracking technologies on its website, mobile applications, and related digital interfaces (collectively, the “Platform”) to enhance user experience, provide functionality, analyze traffic patterns, and support compliance and security operations. You may refer to our Cookie Policy for more details.

13. DATA SUBJECT RIGHTS

Crypter recognizes and respects the fundamental rights of Data Subjects with regard to the collection, processing, and retention of their Personal Data. Depending on the jurisdiction in which a User resides, and subject to any applicable limitations or exemptions under relevant data protection laws, Users may exercise the rights set forth in this Section.

Crypter facilitates the exercise of these rights in a transparent, timely, and non-discriminatory manner.

13.1 Right to Access (Right to Know)

Users have the right to obtain confirmation as to whether or not Crypter processes Personal Data concerning them and, where that is the case, to access such data along with the following information:

1. The categories and specific pieces of Personal Data collected;
2. The purposes of processing;
3. The recipients or categories of recipients to whom data has been or will be disclosed;
4. The data retention period or criteria used to determine such period;
5. The source of the data, if not collected directly from the Data Subject;
6. The existence of automated decision-making, including profiling.

13.2 Right to Rectification (Correction)

Users have the right to request the correction or update of inaccurate, outdated, or incomplete Personal Data maintained by Crypter, including but not limited to:

1. Identity documentation updates;
2. Contact information changes;
3. Financial or transactional data corrections.

13.3 Right to Erasure (Right to be Forgotten)

Subject to applicable legal and regulatory retention obligations, Users have the right to request the deletion of their Personal Data where:

1. The data is no longer necessary for the purposes for which it was collected;
2. The User withdraws consent (where consent is the legal basis);
3. The User objects to the processing and no overriding legitimate grounds exist;
4. The data has been unlawfully processed;
5. The data must be erased to comply with a legal obligation.

Crypter will assess each deletion request in light of statutory record-keeping requirements, such as AML/KYC retention mandates, and may deny erasure where legally justified.

13.4 Right to Restrict Processing

Users may request the temporary or permanent restriction of processing of their Personal Data in the following circumstances:

1. The accuracy of the data is contested;
2. The processing is unlawful, and the User opposes erasure;
3. Crypter no longer requires the data but the User needs it to establish or defend legal claims;
4. The User has objected to processing pending verification of legitimate interests.

During such restriction, Crypter will store but not otherwise process the data, except with the User’s consent or for legal claims.

13.5 Right to Data Portability

Where processing is based on consent or contractual necessity, and carried out by automated means, Users have the right to receive their Personal Data in a structured, commonly used, and machine-readable format, and to request transmission of such data to another controller, where technically feasible.

This right does not extend to data inferred or derived by Crypter (e.g., risk scores, internal analytics).

13.6 Right to Object to Processing

Users have the right to object, on grounds relating to their particular situation, to the processing of Personal Data where the processing is based on legitimate interests or for public interest purposes, including profiling.

Crypter shall cease such processing unless it can demonstrate compelling legitimate grounds overriding the interests, rights, and freedoms of the User, or where processing is necessary for legal claims.

Users also have the absolute right to object to direct marketing at any time, including profiling related to such marketing.

13.7 Right to Withdraw Consent

Where processing is based on the User’s explicit consent, the User has the right to withdraw such consent at any time. Withdrawal shall not affect the lawfulness of processing carried out prior to such withdrawal.

Withdrawal may affect the availability or functionality of certain services (e.g., biometric verification or targeted recommendations).

13.8 Right Against Automated Decision-Making

Users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, except where:

1. It is necessary for entering into or performance of a contract;
2. It is authorized by law; or
3. The User has given explicit consent.

In such cases, Users shall have the right to request human intervention, express their point of view, and contest the decision (see Section 11).

13.9 Right to Lodge a Complaint

Users have the right to lodge a complaint with a Supervisory Authority in their jurisdiction if they believe Crypter’s processing of their Personal Data violates applicable data protection laws. For EU residents, the lead authority is “Office for Personal Data Protection”.

For other jurisdictions, complaints may be directed to the competent national regulator or consumer protection authority.

13.10 Right to Non-Discrimination (CCPA/CPRA Only)

Users exercising rights under the CCPA/CPRA shall not be subject to discriminatory treatment, including denial of goods or services, differential pricing, or quality reduction.

13.11 Procedure for Exercising Rights

Requests to exercise any of the above rights may be submitted via:

1. Email to Crypter’s Data Protection Officer: [Insert DPO email]
2. Online request form accessible via [Insert URL]
3. In-app settings (where available)

Crypter may require identity verification prior to fulfilling any request. Requests will be processed within one (1) calendar month, extendable by an additional two (2) months for complex or high-volume cases, subject to prior notification.

14. CHILDREN’S PRIVACY

Crypter is a professional digital asset trading platform designed exclusively for adult users. It does not knowingly solicit, collect, or process Personal Data from children or minors under the legal age of majority in their jurisdiction of residence. Crypter is committed to protecting the privacy of children and complying with all applicable data protection laws governing children’s data.

14.1 Age Restriction and Eligibility

Crypter does not offer its services to, and does not knowingly process the Personal Data of, individuals who:

1. Are under 18 years of age, or
2. Are below the age of digital consent as defined by local law (e.g., 16 under GDPR unless Member States provide for a lower age not below 13), or
3. Lack legal capacity to enter into binding contracts as per the applicable laws of their jurisdiction.

By creating an account, Users represent and warrant that they satisfy these eligibility criteria. Crypter reserves the right to terminate any account that it reasonably believes is being used by or on behalf of an ineligible person.

14.2 No Deliberate Collection of Children’s Data

Crypter does not knowingly:

1. Collect, store, or process Personal Data of children;
2. Offer any crypto-related content, promotions, or advertisements directed at children;
3. Use cookies or tracking technologies to monitor or profile users identified as children;
4. Permit registration or identity verification submissions from children.

In the event that Crypter becomes aware that it has inadvertently received or processed Personal Data of a child without verified parental or legal guardian consent, such data will be promptly deleted from all systems, and any associated accounts will be suspended or terminated.

14.3 Parental and Guardian Rights

Where a parent or legal guardian believes that their child may have provided Personal Data to Crypter, they may:

1. Request access to or deletion of the data
2. Request account termination
3. Request restriction of any further processing

Such requests must be accompanied by adequate documentation proving parental or legal authority over the minor in question. Requests can be submitted to legal@crypter.com.

 

14.4 Compliance with Jurisdiction-Specific Requirements

Crypter applies the most restrictive applicable age standard when onboarding users from jurisdictions with divergent rules on the age of digital consent, including but not limited to:

1. GDPR: Minimum age of 16 (or 13 if allowed by Member State law).
2. COPPA (U.S.): Parental consent required for collection from children under 13.
3. CCPA/CPRA: Affirmative authorization required to sell/share data of minors under 16.

Crypter does not operate any distinct version of its Platform that is intended for minors or offers age-appropriate content for children.

14.5 Educational or Regulatory Disclosures

In jurisdictions where financial education programs or sandbox frameworks may involve minors (e.g., under institutional partnerships or school-led initiatives), Crypter shall engage only through:

1. Institutional accounts or regulatory intermediaries;
2. Parental or guardian consent with data minimization safeguards; and
3. Oversight by a designated data compliance officer.

Such activities, if undertaken, shall be governed by a separate data processing agreement or memorandum of understanding tailored to such initiatives.

Crypter reserves the right to update this Section in accordance with future changes in child privacy laws or crypto-specific youth protections introduced by regulators.

15. THIRD-PARTY LINKS AND EMBEDDED CONTENT

Crypter’s Platform may, from time to time, contain links to or embed content from third-party websites, platforms, service providers, social media feeds, blockchain explorers, affiliate partners, or decentralized applications (dApps) (collectively, “Third-Party Services”). These integrations are provided for User convenience, functionality, or informational purposes only, and do not imply any endorsement or control by Crypter over the content, policies, or practices of such third parties.

15.1 No Responsibility for Third-Party Processing

Crypter is not responsible for the privacy practices, data handling standards, or security measures employed by Third-Party Services, including:

1. Websites linked via banner ads, APIs, referral codes, or knowledge base articles;
2. dApps accessed through Crypter’s interface;
3. KYC or payment gateways operated by external vendors;
4. Embedded media (e.g., YouTube videos, Twitter threads, LinkedIn posts);
5. Social media sharing tools, plugins, or widgets.

Users accessing or interacting with such Third-Party Services are encouraged to review their respective privacy policies and terms of use before disclosing any Personal Data. Crypter disclaims all liability for any harm, loss, or unauthorized use of Personal Data arising from such interactions.

15.2 Outbound Links and Redirects

Where the Platform includes hyperlinks to external websites or resources (e.g., knowledge center materials, jurisdictional regulators, wallet providers), the following applies:

1. Clicking such links may result in Users leaving Crypter’s Platform environment.
2. Personal Data shared on such sites shall not be governed by this Privacy Policy.
3. Crypter does not monitor or assume responsibility for the content, accuracy, or availability of such third-party pages.

Users are solely responsible for any transactions, disclosures, or activities undertaken through external websites, and such actions shall be at the User’s own risk.

15.3 Third-Party Embedded Tools and SDKs

Crypter may incorporate third-party technologies into its Platform to enable functionalities such as:

1. Identity verification (e.g., Jumio, Sumsub)
2. Payment processing (e.g., Stripe, MoonPay, Transak)
3. Analytics (e.g., Google Analytics, Hotjar)
4. Chat or ticketing systems (e.g., Intercom, Zendesk)

Where these tools are embedded directly in Crypter’s UI or codebase, Crypter conducts due diligence on the provider’s data protection measures, and data transfers are subject to binding contractual terms, including Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs), where applicable.

Nonetheless, the User remains responsible for reviewing any separate privacy disclosures issued by these service providers.

15.4 Blockchain Explorer Integrations

Crypter may provide Users with access to public blockchain explorers (e.g., Etherscan, BscScan, Blockchain.com) to view transactions and wallet activity. Please note:

1. These explorers are public, decentralized infrastructure outside Crypter’s control.
2. Viewing wallet addresses, smart contracts, or transaction hashes may lead Users to environments where data persists permanently and is not subject to erasure or restriction rights.
3. Crypter does not accept liability for any Personal Data voluntarily entered or linked by Users into such explorers.

15.5 Smart Contract Interactions and DeFi Risk Caveat

If Crypter enables interaction with third-party DeFi protocols, staking pools, or token bridges via its interface, Users should note:

1. Such contracts may execute independently of Crypter’s servers.
2. Crypter does not audit, monitor, or validate the security of externally deployed smart contracts unless explicitly stated.
3. User wallet addresses and transaction metadata may be exposed on-chain and become publicly accessible.

Engaging with third-party smart contracts entails significant privacy and financial risk. Users must exercise informed discretion and caution.

15.6 No Implied Endorsement

The inclusion of third-party content, branding, or referral links on the Crypter Platform shall not be construed as:

1. Endorsement of the third party’s data processing practices;
2. Guarantee of service quality, reliability, or legal compliance; or
3. Representation that the third party is contractually bound to this Privacy Policy.

Crypter disclaims all warranties and liabilities arising from or related to third-party services or integrations.

16. CHANGES TO THIS PRIVACY POLICY

Crypter reserves the right to amend, revise, update, or otherwise modify this Privacy Policy at any time and at its sole discretion, in order to:

1. Reflect changes in applicable laws, regulations, or regulatory guidance;
2. Account for new features, technologies, partnerships, or business operations;
3. Enhance transparency or respond to user feedback and evolving risk landscapes;
4. Address data processing activities arising from the deployment of new products, tokens, or services.

All modifications shall be made in accordance with the principles of transparency, good faith, and legal necessity, and shall be communicated in a manner that provides Users with meaningful awareness and opportunity to review the updated terms.

16.1 Notification of Material Changes

In the event of a material change to this Privacy Policy—defined as any change that significantly alters:

1. The categories of Personal Data collected or processed;
2. The purposes for which such data is used;
3. The legal basis relied upon for processing;
4. The rights available to Users under applicable laws; or
5. The identity of the controller or categories of data recipients—

Crypter shall provide advance notice to Users through one or more of the following methods:

1. Prominent banner or pop-up notice on the Crypter Platform;
2. Email communication to registered Users;
3. Platform push notifications;
4. Revision log posted at the beginning or end of the Policy.

Where legally required (e.g., under GDPR or LGPD), Crypter will seek the User’s explicit consent before applying changes to data processing that is based on prior consent.

16.2 Effective Date and Version Control

Each version of this Privacy Policy shall be dated, and the “Last Updated” timestamp at the top of the document shall reflect the effective date of the most recent revision. Users are encouraged to review the Privacy Policy periodically to remain informed about Crypter’s data protection practices.

Crypter may maintain an archive of previous Privacy Policy versions, which may be made available upon request for audit or reference purposes.

16.3 User Acceptance of Updated Terms

By continuing to access or use the Crypter Platform following the effective date of any updated Privacy Policy, the User shall be deemed to have accepted the revised terms, subject to any applicable laws governing valid consent. If a User does not agree with the modified terms, their sole and exclusive remedy shall be to:

1. Discontinue use of the Platform; and
2. Submit a request for account closure and data deletion pursuant to Section 13.

16.4 Binding Nature of the Policy

This Privacy Policy forms an integral part of Crypter’s Terms of Use and any other contractual arrangements with Users. Updates to this Policy do not require individual agreement renewals, unless otherwise mandated by law or specifically communicated in writing.

17. GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy, and any dispute, controversy, or claim arising out of or relating to the interpretation, validity, breach, termination, enforcement, or subject matter of this Privacy Policy, including any non-contractual obligations arising out of or in connection with it, shall be governed by and construed in accordance with the following legal framework.

17.1 Governing Law

This Privacy Policy shall be governed by and interpreted in accordance with the laws of Turkey, without regard to its conflict-of-laws provisions. Where applicable, mandatory provisions of European Union law, including the General Data Protection Regulation (EU) 2016/679 (GDPR), shall prevail in the interpretation and enforcement of data protection-related rights and obligations.

17.2 Jurisdiction for Data Protection Claims

Any disputes, complaints, or regulatory proceedings concerning the processing of Personal Data by Crypter shall, unless otherwise required by applicable law, fall under the exclusive jurisdiction of Turkey supervisory authority.

17.3 Dispute Resolution Mechanism

In the event of a dispute, claim, or controversy arising from this Policy, Crypter has established a structured resolution framework as specified in its Terms of Use, which is incorporated by reference in the present Policy.

17.4 Consumer Protections and Mandatory Legal Forums

Nothing in this Section shall deprive Users who qualify as consumers under the laws of their habitual residence of the protection afforded to them by mandatory provisions of such laws, including:

1. The right to bring proceedings before courts in their country of residence;
2. The right to lodge complaints before local consumer protection or data protection bodies;
3. The right to participate in collective actions, if permitted by local law (e.g., under EU Representative Actions Directive or California law).

In the event of conflict between this Section and any mandatory legal rights afforded to Users under Applicable Data Protection Laws, the latter shall prevail.

17.5 Injunctive or Emergency Relief

Crypter reserves the right to seek injunctive or equitable relief in any court of competent jurisdiction to protect its confidential information, intellectual property, or system security, without prejudice to the dispute resolution provisions above.

18. CONTACT US

Crypter is committed to maintaining open and transparent communication with all Users regarding the processing of Personal Data. If you have any questions, concerns, requests, or complaints relating to this Privacy Policy or Crypter’s data protection practices, you may contact us at either info@crypter.com or legal@crypter.com.