BloxZap Privacy Policy

Last Updated: August 5, 2025
Version: 1.0

1. INTRODUCTION

BloxZap ("BloxZap," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bloxzap.com (the "Site") or subscribe to our early access newsletter.

Important: BloxZap is currently in development and no peer-to-peer exchange services are available. We currently only collect email addresses for our early access newsletter.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Email Newsletter Subscription:

Email address (required for newsletter signup)
Subscription preferences and trading interests
Date and time of subscription
Communication preferences

Contact Communications:

Email address and message content when you contact us
Any additional information you choose to provide
Support inquiries and feedback about trading features

2.2 Information Collected Automatically

Technical Information:

IP address and general location
Browser type and version
Device information (type, operating system)
Referring website
Pages visited and time spent on Site
Date and time of visits
Screen resolution and device capabilities

Cookies and Similar Technologies:

Essential cookies for website functionality
Session identifiers and security tokens
We do not currently use analytics or advertising cookies

2.3 Information We Do NOT Collect

We do not currently collect:

Names or personal identifiers (beyond email)
Financial information or payment data
Cryptocurrency addresses or wallet information
Trading history or transaction data
Identity verification documents
Social media information

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

Newsletter Communications:

Send early access updates and development news
Notify subscribers about platform launches and beta testing
Provide information about BloxZap features and trading capabilities
Share regulatory updates and compliance news
Communicate security enhancements and audit results

Website Operations:

Ensure proper website functionality
Improve user experience and interface design
Maintain website security and prevent fraud
Analyze website performance and usage patterns

Legal and Compliance:

Comply with applicable laws and regulations
Respond to legal requests and enforcement actions
Protect our rights and interests
Investigate potential violations of our terms

3.2 Future Service Preparation

We may use collected information to:

Gauge interest in planned trading features and cryptocurrencies
Plan service capacity and geographic availability
Improve our development roadmap and priorities
Prepare for regulatory compliance requirements
Design user verification and security systems

3.3 Marketing and Communications

Send promotional content about BloxZap services
Conduct surveys about trading preferences and feature requests
Provide customer support and technical assistance
Send security alerts and important service notifications

You can opt out of marketing communications at any time using the unsubscribe link in our emails.

4. HOW WE SHARE YOUR INFORMATION

4.1 Third-Party Service Providers

Email Service Provider (Brevo):

We use Brevo (formerly Sendinblue) to manage our email newsletter
Brevo processes your email address and subscription preferences
Brevo is located in Europe and complies with GDPR
View Brevo's privacy policy at: https://www.brevo.com/privacy-policy/

Website Hosting and Security:

Our website hosting provider processes technical information
This includes IP addresses, browser information, and usage data
Security services may process data to prevent fraud and attacks

4.2 Legal Disclosures

We may disclose your information when required by law or to:

Comply with legal obligations, court orders, or government requests
Respond to subpoenas, warrants, or regulatory investigations
Protect our rights, property, or safety
Protect the rights, property, or safety of others
Investigate fraud, money laundering, or securities violations
Respond to claims that content violates third-party rights

4.3 Business Transfers

If BloxZap is involved in a merger, acquisition, or asset sale, your information may be transferred to the new entity, subject to the same privacy protections.

4.4 What We DON'T Do

We do not:

Sell your personal information to third parties
Share your information for third-party marketing purposes
Use your information for advertising tracking
Share your information with data brokers
Provide information to other exchanges or competitors

5. INTERNATIONAL DATA TRANSFERS

5.1 Cross-Border Processing

Your information may be transferred to and processed in:

United States (our planned headquarters)
European Union (Brevo servers)
Other countries where our service providers operate

5.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

Adequacy decisions by relevant data protection authorities
Standard contractual clauses approved by regulators
Service provider privacy certifications and commitments
Other legally recognized transfer mechanisms

6. DATA SECURITY

6.1 Security Measures

We implement appropriate technical and organizational security measures:

Encryption of data in transit and at rest
Access controls and authentication systems
Regular security assessments and penetration testing
Incident response and breach notification procedures
Employee training on data protection practices

6.2 Trading Platform Security

When we launch our peer-to-peer exchange, we will implement additional security measures:

Multi-signature wallet security
Cold storage for platform funds
Real-time fraud detection systems
Advanced encryption for all communications
Regular security audits by third-party experts

6.3 Data Breach Notification

In case of a data breach that poses risks to your rights:

We will notify relevant authorities within 72 hours (where required)
We will notify affected users without undue delay
We will provide information about the breach and steps taken
We will offer assistance and remediation where appropriate

6.4 Limitation of Security

While we strive to protect your information, no method of transmission or storage is 100% secure. You provide information at your own risk.

7. YOUR PRIVACY RIGHTS

7.1 General Rights

All Users:

Unsubscribe from emails at any time
Contact us with privacy questions
Request information about our data practices
Update your communication preferences

Email Management:

Update your email preferences and trading interests
Unsubscribe using the link in any email
Contact us to remove your email: [email protected]

7.2 Rights for EU/UK Residents (GDPR)

If you are in the European Union or United Kingdom, you have additional rights:

Access: Request a copy of your personal data we hold Rectification: Correct inaccurate or incomplete data Erasure: Request deletion of your personal data Restriction: Limit how we process your data Portability: Receive your data in a portable format Objection: Object to processing based on legitimate interests Complaint: Lodge a complaint with your data protection authority

Legal Basis for Processing:

Consent (newsletter subscription)
Legitimate interests (website functionality, security, service development)
Legal obligation (compliance with financial regulations)

7.3 Rights for California Residents (CCPA)

If you are a California resident, you have these rights:

Know: What personal information we collect and how we use it Delete: Request deletion of your personal information Opt-Out: Opt out of sale (we don't sell personal information) Non-Discrimination: We won't discriminate for exercising your rights

Categories of Information Collected:

Identifiers (email address, IP address)
Internet or electronic network activity (website usage data)

7.4 Rights for Canadian Residents (PIPEDA)

If you are a Canadian resident:

Access your personal information we hold
Request correction of inaccurate information
Withdraw consent for marketing communications
File complaints with the Privacy Commissioner of Canada

7.5 Exercising Your Rights

To exercise any privacy rights:

Email: [email protected]
Subject line: "Privacy Rights Request"
Include: Your email address and specific request

We will respond to valid requests within:

30 days (GDPR/UK GDPR)
45 days (CCPA)
30 days (PIPEDA)

8. DATA RETENTION

8.1 Retention Periods

Newsletter Subscriptions:

Retained until you unsubscribe
Retained for up to 30 days after unsubscribe for processing
May be retained longer if required by law

Website Data:

Technical logs retained for up to 12 months
Contact communications retained for up to 3 years
Security incident data retained as required by law

Future Trading Data:

Transaction records retained per regulatory requirements (typically 5-7 years)
User verification data retained for compliance purposes
Trading communications retained for dispute resolution
Compliance data retained per AML/KYC obligations

8.2 Deletion Process

When data is deleted:

Removed from active systems within 30 days
Removed from backup systems within 90 days
Some data may remain in encrypted backups for technical reasons
Regulatory data follows compliance-mandated retention schedules

9. COOKIES AND TRACKING

9.1 Current Cookie Use

Essential Cookies Only:

Session management and security
Basic website functionality
Load balancing and performance

We Do NOT Currently Use:

Analytics cookies (Google Analytics, etc.)
Advertising or marketing cookies
Social media tracking cookies
Cross-site tracking technologies

9.2 Future Cookie Use

As we develop our peer-to-peer exchange, we may implement:

Analytics cookies to understand user preferences (with consent)
Performance monitoring cookies for trading platform optimization
Security cookies for fraud prevention and user verification
Trading-related cookies for order management and history

Any additional cookies will require your consent and will be disclosed in an updated Cookie Policy.

9.3 Managing Cookies

You can control cookies through your browser settings:

Block all cookies (may affect website functionality)
Delete existing cookies
Receive notifications before cookies are set
Set preferences for different types of cookies

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

Our Site is not intended for children under 18. We do not knowingly collect personal information from children under 18.

10.2 Discovery of Children's Data

If we discover we have collected information from a child under 18:

We will delete the information immediately
We will not use the information for any purpose
We will notify parents if contact information is available
We will implement additional safeguards to prevent recurrence

11. FUTURE TRADING SERVICES PRIVACY

11.1 Additional Data Collection

When we launch our peer-to-peer exchange, we may collect:

Identity Verification Data:

Government-issued identification documents
Proof of address documentation
Biometric data for enhanced security
Employment and income information
Source of funds verification

Trading Activity Data:

Transaction histories and patterns
Order book interactions
Trading partner communications
Dispute resolution records
Platform usage analytics

Compliance Data:

AML/KYC verification records
Suspicious activity monitoring
Regulatory reporting information
Tax reporting data (where required)

11.2 Enhanced Privacy Protections

Strong Privacy Safeguards:

We will NOT have access to your private keys
We will NOT store your cryptocurrency balances
We will use privacy-preserving technologies where possible
We will minimize data collection to regulatory requirements
We will implement advanced encryption for all sensitive data

11.3 Regulatory Compliance Requirements

Know Your Customer (KYC):

Identity verification and documentation
Risk assessment and monitoring
Ongoing due diligence procedures
Enhanced due diligence for high-risk users

Anti-Money Laundering (AML):

Transaction monitoring and analysis
Suspicious activity reporting
Customer risk profiling
Compliance with sanctions screening

Financial Intelligence Requirements:

Reporting to financial intelligence units
Cooperation with law enforcement investigations
Maintenance of compliance records
Regular regulatory audits and reviews

11.4 Data Sharing for Compliance

We may be required to share information with:

Regulatory Authorities:

Financial Crimes Enforcement Network (FinCEN)
Securities and Exchange Commission (SEC)
Commodity Futures Trading Commission (CFTC)
State financial regulators
International regulatory bodies

Law Enforcement:

FBI and other federal agencies
Local and state law enforcement
International law enforcement agencies
Court orders and legal processes

Financial Partners:

Banking partners for fiat transactions
Payment processors for compliance verification
Compliance service providers
Legal and audit firms

11.5 Trading Privacy Features

User Control:

Granular privacy settings for trading profiles
Optional public/private trading modes
Control over information shared with trading partners
Ability to limit data collection where legally permissible

Data Minimization:

Collect only information necessary for compliance
Automatic deletion of unnecessary trading data
Privacy-preserving analytics where possible
Minimal data sharing with trading partners

11.6 Updated Privacy Notice

We will provide updated privacy notices before launching new services that collect additional information types, including:

Detailed explanations of new data collection
Updated legal bases for processing
Enhanced user rights and controls
Clear opt-out mechanisms where permitted

12. INTERNATIONAL COMPLIANCE

12.1 Multi-Jurisdictional Requirements

Our platform may need to comply with regulations in multiple jurisdictions:

United States:

Bank Secrecy Act (BSA)
USA PATRIOT Act
State money transmission laws
Securities and derivatives regulations

European Union:

Markets in Crypto-Assets Regulation (MiCA)
Anti-Money Laundering Directives
Payment Services Directive (PSD2)
GDPR data protection requirements

Other Jurisdictions:

Canadian AML/CTF requirements
UK Financial Conduct Authority rules
Australian AUSTRAC obligations
Asian financial services regulations

12.2 Data Localization

Some jurisdictions may require:

Local data storage for certain types of information
Restrictions on cross-border data transfers
Local regulatory reporting and compliance
In-country service providers for certain functions

13. CHANGES TO THIS PRIVACY POLICY

13.1 Modification Rights

We may update this Privacy Policy to reflect:

Changes in our data practices
New trading features or services
Legal or regulatory requirements
Industry best practices and standards
Enhanced security measures

13.2 Notification of Changes

Material Changes:

Email notification to newsletter subscribers
Prominent notice on our website for at least 30 days
Updated "Effective Date" at the top of this policy
Clear explanation of significant changes
Opportunity to opt out where legally permissible

Minor Changes:

Updated "Effective Date"
Notice on website footer
Summary in next newsletter

13.3 Continued Use

Your continued use of our Site after changes constitutes acceptance of the updated Privacy Policy, except where additional consent is required by law.

14. CONTACT INFORMATION

14.1 Privacy Questions

For privacy-related questions or concerns:

Data Protection Officer: [email protected]
General Legal: [email protected]

14.2 Privacy Rights Requests

To exercise your privacy rights:

Email: [email protected]
Subject: "Privacy Rights Request"
Include: Your email address and specific request type

14.3 Compliance Inquiries

For regulatory or compliance-related inquiries:

Legal Department: [email protected]

14.4 Supervisory Authorities

EU/UK Residents: You have the right to lodge a complaint with your local data protection authority

California Residents: You may file a complaint with the California Attorney General

Canadian Residents: You may file a complaint with the Privacy Commissioner of Canada

15. EFFECTIVE DATE AND VERSION

This Privacy Policy is effective as of August 5, 2025 and supersedes all previous versions.

Version History:

Version 1.0: August 5, 2025 - Initial policy