# Privacy Policy ## Privacy Policy **Last updated: September, 2025** This Privacy Policy (“Policy”) for XBIT Corp. (“Company”, “we”, “our”, or “us”) describes how we collect, use, and process personal data from users of the Company’s website, [xbit.com](http://app.xbit.com), including any of its subdomains (“Website”), in accordance with applicable law. For purposes of applicable data protection laws, the Company is the controller. For the purposes of this Policy, “you” and “your” refers to you as the user of the Website. Read this Policy carefully to understand your rights regarding your personal data and how we collect, use, and process it. If you do not agree to this Policy, do not use, access, connect to, or interact with the Website, or otherwise provide your information to us. *** ### PERSONAL DATA WE COLLECT, WHY WE PROCESS IT, AND LEGAL BASIS When you access, use, connect to, or interact with the Website, we may collect certain categories of information about you, including personal data, from various sources. #### Information You Provide to Us **Wallet Information:** * Digital-asset wallet addresses * Smart-contract or protocol addresses * Public blockchain transaction history * Token holdings and balances * Transaction data across Fund & Meme Account and Futures Account **Communication Data:** * Content of communications with us * Email addresses used to contact us * Support ticket information * Discord/Telegram usernames (if provided) **Account Data:** * Email address (for Turnkey embedded wallet creation) * Geolocation data (for compliance purposes) * Referral program participation data * Reward system tier information #### Information We Collect Automatically **Technical Data:** * Date and time of access * Country from which the Website is accessed * API endpoints being accessed * User agent details * Operating system and browser information (provider, version, language) * Transmission protocol used (e.g., HTTP/1.1) * IP address **Usage Data:** * Pages visited on the Website * Features accessed (Perpetual Futures, MEME Trading, Smart Money) * Trading activity patterns * Web beacons, geolocation, and tracking technologies * Device information for analytics purposes **Trading Data:** * Perpetual futures positions and P\&L * MEME trading history * Smart Money feature usage * Cross-account fund transfers * Deposit and withdrawal records #### Aggregated and Anonymized Data In our legitimate interests to provide effective services, we may use your data to create aggregated, anonymized, or de-identified data for analytics, research, and service improvement purposes. *** ### THIRD-PARTY INTEGRATIONS #### Wallet Connections The Website supports multiple wallet types: * **Turnkey Embedded Wallets**: Created through email or Google authentication * **Third-Party Wallets**: OKX Wallet, Phantom, Trust Wallet, WalletConnect By connecting a third-party wallet, you agree that your use is governed by that wallet provider’s terms and privacy policy. We do not control third-party wallets and expressly disclaim liability for their privacy practices or security measures. #### Hyperliquid Integration Perpetual futures trading utilizes Hyperliquid infrastructure. Transaction data on Hyperliquid is recorded on a public blockchain and governed by Hyperliquid’s privacy policies. We do not control Hyperliquid’s data collection or processing practices. #### Service Provider Integrations We may share data with third-party service providers, including: * **IPdata**: For geo-blocking based on IP address * **Mixpanel**: For anonymized analytics and device information * **Blockchain explorers**: For transaction verification * **Security providers**: For fraud detection and compliance screening *** ### LEGAL BASIS FOR PROCESSING PERSONAL DATA We process your personal data under the following legal bases: **Contract Performance:** * To enable your access to and use of the Website * To facilitate wallet connections and account management * To process trading activities across all asset types * To manage fund transfers between accounts * To calculate and distribute referral rewards and tier benefits **Legitimate Interests:** * To ensure system security and stability * To conduct troubleshooting, data analytics, testing, and research * To optimize the Website and improve user experience * To prevent fraud and maintain platform integrity * To comply with geo-blocking requirements for Restricted Persons * To provide customer support **Consent:** * To tailor features and content to you * To send marketing communications (if opted in) * To use cookies beyond strictly necessary cookies **Legal Obligations:** * To comply with applicable laws and regulations * To enforce our Terms of Service * To respond to legal requests and prevent harm *** ### COOKIE POLICY We use cookies to enhance your experience on the Website. #### Types of Cookies We Use **Strictly Necessary Cookies:** * Ensure compliance with Terms of Service * Enable core Website functionality * Maintain session security * Support geo-blocking for Restricted Persons **Analytics Cookies:** * Understand usage patterns * Improve Website performance * Track feature adoption **Preference Cookies:** * Remember your settings * Maintain language preferences * Store display preferences These cookies are not used for marketing purposes. By continuing to use the Website, you consent to the placement of these cookies. You may manage cookie preferences through your browser settings, though disabling certain cookies may limit Website functionality. *** ### YOUR RIGHTS Under applicable data protection laws, including GDPR (for EU/UK users), you may have the following rights: **Right to Access:** Request access to personal data we hold about you and information on how we use and share it. **Right to Rectification:** Request correction of inaccurate or incomplete personal data. **Right to Erasure:** Request deletion of your personal data in certain circumstances. **Right to Restriction:** Request that we stop processing your personal data other than for storage purposes. **Right to Data Portability:** Request a copy of your personal data in a structured, machine-readable format. **Right to Object:** Object to processing of your personal data in certain circumstances. **Right to Withdraw Consent:** Where we rely on consent, you may withdraw it at any time without affecting prior processing. **Right to Lodge a Complaint:** File a complaint with your local data protection authority. #### Exercising Your Rights To exercise these rights, submit a written request to: **** We will: * Verify your identity before responding * Respond within one month (extendable by two months in complex cases) * Inform you if we have valid legal reasons to refuse your request Note that these rights may be limited by law, such as when fulfilling your request would adversely affect others or our intellectual property, or where we have legal obligations to retain data. *** ### SHARING OF PERSONAL DATA We may share your personal data in the following circumstances: #### Service Providers We share data with third-party processors who assist us with: * Blockchain analysis and transaction monitoring * Compliance screening and geo-blocking * Analytics and performance monitoring * Content delivery and infrastructure services * Customer support tools * Security and fraud prevention #### Legal and Regulatory Compliance We may share data: * To comply with legal obligations * In response to lawful requests from authorities * To enforce our Terms of Service * To protect our rights, safety, and property * To protect users’ safety and security #### Business Transfers In connection with any merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to this Policy. #### Professional Advisors We may share data with lawyers, accountants, auditors, and other professional advisors in our legitimate interests or as required by law. *** ### INTERNATIONAL DATA TRANSFERS Your personal information may be transferred to and processed in countries outside your jurisdiction, including outside the European Economic Area (EEA) and United Kingdom (UK), and including to the United States. We take appropriate safeguards to ensure secure transfers: * **Standard Contractual Clauses (SCCs)**: Approved by the European Commission (for EEA transfers) and UK Information Commissioner’s Office (for UK transfers) * **Adequacy Decisions**: Transfers to countries deemed to provide adequate data protection * **Appropriate Security Measures**: Encryption, access controls, and contractual protections *** ### DATA RETENTION We retain personal data only as long as necessary to: * Fulfill the purposes for which it was collected * Comply with legal, accounting, or reporting requirements * Resolve disputes and enforce agreements Retention periods vary based on: * **Account Data**: Retained while your account is active and for a reasonable period after closure * **Transaction Data**: Retained for regulatory compliance periods (typically 5-7 years) * **Communication Data**: Retained for customer support purposes * **Analytics Data**: Anonymized and retained for research purposes *** ### CHILDREN’S PRIVACY The Website is not intended for persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware we have collected data from anyone under 18, we will make commercially reasonable efforts to delete such information promptly. *** ### SECURITY MEASURES We implement appropriate technical and organizational measures to protect personal data, including: * Encryption of sensitive data in transit and at rest * Access controls and authentication requirements * Regular security assessments and audits * Turnkey’s enterprise-grade wallet infrastructure with AWS Nitro secure enclaves * Monitoring for unauthorized access attempts However, no security system is perfect. We cannot guarantee absolute security of your information. Any electronic transmission is at your own risk. *** ### SOCIAL MEDIA AND THIRD-PARTY LINKS #### External Links The Website may contain links to: * Social media platforms (Twitter/X, Discord, Telegram, Medium) * Third-party blockchain explorers * Partner websites and services * Community resources We do not control these third-party websites and are not responsible for their privacy practices, security, or content. #### Social Media Interactions When you access social media links from the Website: * A direct connection may be established between your browser and the platform * The platform may receive information about your visit * If logged in, your visit may be linked to your social media profile To prevent this association, log out before clicking social media links. *** ### UPDATES TO THIS POLICY We may review and update this Policy periodically to reflect: * Changes in our data practices * New features or services * Legal or regulatory requirements * Industry best practices Material changes will be indicated by updating the “Last updated” date. Continued use of the Website after changes constitutes acceptance of the updated Policy. *** ### LEGAL FRAMEWORK This Policy complies with: * **Panama Law No. 81 of 2019**: Personal Data Protection Law * **EU GDPR 2016/679**: For European Union users * **UK GDPR**: For United Kingdom users * **Other applicable global privacy laws** EU/UK users may file complaints with their local data protection supervisory authority or the UK Information Commissioner’s Office. *** ### CONTACT US For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us: • Email: \ • Discord: \ • Telegram: We will respond to your inquiry promptly and work to address your concerns in accordance with applicable data protection laws. *** **By using the XBIT Website, you acknowledge that you have read, understood, and agree to this Privacy Policy.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.xbit.com/about-us/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.