Privacy Policy
Last updated on April 1, 2024
1. Scope and Updates to this Privacy Policy
SwapSpace respects your privacy and is committed to protecting your personal data. This Privacy Policy aims to give you information on what personal data we collect, how we process and protect it, and tell you about your privacy rights and how the law protects you as we provide you with access and utility through our digital asset trading platform via software, API (application program interface), technologies, products and/or functionalities ("Service").
Please read this Privacy Policy carefully as it explains our practices regarding your personal data and how we will treat it, and the basis on which any personal data will be processed by us. References in this Privacy Policy and on our Website to “we”, “our” or “us” are references to SwapSpace as a data controller - SWAPSPACE LLC. References to “you” and “your” means each person who interacts with us, uses our website or the products and services we provide.
By accessing our Website and Service, or otherwise howsoever providing us with your Personal Data, you are agreeing to our collection of your information pursuant to this Privacy Policy. Should you disagree with any clause hereby stated, please immediately cease your access to, participation in, and use of our Website, and our Service.
The processing of Personal Data is regulated by the European Union General Data Protection Regulation EU 2016/679 (GDPR), California Consumer Privacy Act (CCPA), California Online Privacy Protection Act (CalOPPA), California Consumer Privacy Act/Privacy Rights Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), Colorado Privacy Act (CPA), and applicable privacy laws. We will not divulge any of your private information unless you approve in writing such disclosure or unless such disclosure is required under applicable law or is required in order to verify your identity.
If you would like more information about how we collect, use and store your personal data, you can contact us at any time by emailing to legal@swapspace.co.
Updates: We may revise this Privacy Policy from time to time in our sole discretion. The updated version of this Privacy Policy will be indicated on our Website with the exact date and a sign ‘Last updated’. If there are any material changes to this Privacy Policy, we will notify you to the extent required by applicable law. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your data.
2. Data Collection
The term ‘Personal data’ refers to any information relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person. We collect Personal data that you directly provide to us when registering at Website, expressing an interest in using our Service, complying with our Know-Your-Customer procedures or when participating in our activities or otherwise contacting us. Personal data we collect depends on the context of your interactions with us, the choices you make and the products and features you use.
1. Data provided by you directly
| Identification Data | We collect your identification data including full name, e-mail address, gender, home address, country of residence, phone number, date of birth, nationality, signature, utility bills, government issued identity document. |
| Biometric Data | We may ask you to provide the sensitive biometric information such as a video recording of you or a selfie to verify your identity by comparing it with the photo in your identity document. |
| Transaction Data | We may collect Information about the transactions including the names of the sender and the recipient, the amount of the transaction, payment method, data and other data. |
| Financial Data | We may ask you to provide your source of funding, source of wealth as part of our KYC procedure. |
| Wallet Data | If you use your wallet, we may collect your Wallet address, recipient wallet address, recipient memo, deposit memo, and information related, user agent to it. |
| Credentials Data | We collect your passwords and similar security data used for authentication and account access. |
2. Data provided by third parties
We will use the information we receive only for the purposes that are described in this Policy or that are otherwise made clear to you on the Website. Please note that we are not responsible for the ways in which any third party service provider processes any of your personal data and encourage you to read their privacy notices and policies for further information on how they process your Personal data.
All personal data that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal data.
| Third Party Service Providers Data | We provide you with the option to register using any service provider's account details like your Google account, Hotjar, Apple account and social media accounts. Where you choose to do this, we will receive certain profile information about you from such third party service providers. The profile information we receive may vary depending on the service provider concerned, but such information may often include your name, e-mail address, profile picture as well as other information you choose to make public. |
| Blockchain Data | We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses. |
| Marketing, Analytics and Advertising Data | Identifiers – the IP address, or other online identifiers of a person, e-mail address if used for direct marketing, and name and address Browser/web history data and preferences expressed through selection/viewing/purchase of goods, services and content, information about your mobile device including (where available) type of device, device identification number, mobile operating system. Analytics and profiles of the individuals based on the data collected on them. For more information about this please see our Cookie Policy. Interests or inferred interests and marketing preferences. |
| Retail Merchant Data | If you use your account to conduct a transaction with a third party merchant, the merchant may provide us with data about you, such as your name and contact details, and your transaction with that merchant. |
3. Data collected automatically
We automatically collect certain information through cookies and similar technologies when you visit, use or navigate the Website.
This information does not reveal your specific identity (like your name or contact information) and does not allow us to identify you, but helps us address customer support issues, improve the performance of our sites and services, maintain and or improve your user experience, and protect your account from fraud by detecting unauthorized access.
| Category of Data | Description |
| Browsing Data |
Information about the device, operating system, and browser you’re using
Other device characteristics or identifiers (e.g. plugins, the network you connect to) IP address Device name Country Location |
| Usage Data | Activity information: Information about what you view or click on while visiting our Website and how you use our Service Diagnostic and Troubleshooting Information: Information about how our Service are performing when you use them, i.e. service-related diagnostic and performance information, including timestamps, crash data, website performance logs, and error messages or reports |
| Information from cookies and similar technologies | See our Cookies Policy for more information |
3. Data Usage and Legal Basis
We use your Personal data primarily for the following purposes on the following legal basis.
| Purpose | Category of Data | Legal Basis |
| To create, verify and maintain your account |
Identification Data Biometric Data Credentials Data Service Providers Data | Performance of the contract |
| To provide Service to you |
Identification Data Biometric Data Transaction Data Financial Data Wallet Data Credentials Data Blockchain Data Retail Merchant Data Usage Data Service Providers Data | Performance of the contract |
| To send communications |
Identification Data Transaction Data | Performance of the contract |
| To verify your identity |
Identification Data Biometric Data Transaction Data | Legal obligations |
| To provide marketing communication and promotions to you |
Identification Data Usage Data Transaction Data Marketing, Analytics and Advertising partners’ Data |
Legitimate interest Consent |
| To provide customer support service |
Identification Data Transaction Data Financial Data Wallet Data |
Performance of the contract Legitimate interest |
| To maintain safety, security and integrity of the Service |
Identification Data Biometric Data Transaction Data Financial Data Wallet Data Browsing Data Usage Data Blockchain Data |
Performance of the contract Legitimate interest |
| To improve our Service |
Identification Data Transaction Data Browsing Data Usage Data Marketing, Analytics and Advertising partners’ Data | Legitimate interest |
| To customize your experience |
Identification Data Transaction Data Browsing Data Usage Data Information from cookies and similar technologies | Legitimate interest |
| To enable device-based settings (Cookies) | Information from cookies and similar technologies | Consent |
Consent: if the processing of Personal data is carried out based on your specific consent, you have the right to withdraw it at any time by sending us a request to legal@swapspace.co. or following the instruction given in our Cookies Policy.
Legitimate interest: we may process your Personal data when it is reasonably necessary to achieve our legitimate business interests such as developing and improving our Service, marketing communication, making our Service safe and secure.
Legal obligations: we may process your Personal data and disclose your Personal data where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, a court order and similar requests.
Performance of the contract: where we have entered into a contract with you, we may process your Personal data to fulfill the terms of our contract, and for the following purposes: to provide support services, to maintain your account, to send you communications.
We may combine all the information we collect from or receive about you for the outlined purposes. We may aggregate or de-identify your information and may use or share aggregated or de-identified information for any purpose, and such information is not subject to this Privacy Policy.
4. Cookies
We may use cookies and similar tracking technologies to access or store Personal data.
You may refuse the use of cookies by selecting the appropriate settings on your browser. Note however that this may affect your experience of our Website.
Please read our Cookie Policy to understand how we collect data via cookies technology.
5. Data Sharing
We do not sell your Personal data as the term “sell” is traditionally understood. However, your Personal data will be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal data. These parties have been designated as data processors and carry out their activities according to the instructions given by us and under our control.
We may share your Personal data with the following categories of third parties:
Service Providers. We may share your Personal Data with our third-party service providers and vendors that assist us with the provision of our Service. This includes service providers and vendors that provide us with IT support, KYC procedures, authentication, security, hosting, payment processing, analytics, alerting, customer service, and related services.
Third-Party Service you share or interact with. Certain features and functionalities of our Service may link to or allow you to interface, interact, or share information with, access and/or use third-party websites, services, products, and technology (collectively, “Third-Party Services”). Any information shared with or otherwise collected by a Third-Party Service may be subject to the Third-Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.
Business Partners.. We may share your personal information with business partners to provide you with a product or Service. We may also share your personal information with business partners with whom we jointly offer products or services.
Affiliates.. We may share your personal information with our company affiliates, if any.
Legal authorities:. We may be required by law or by judicial authorities to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities. We will disclose information about you to legal authorities to the extent we are obliged to do so according to the law. We may also need to share your information to comply with Anti-Money Laundering, Terrorist Financing and Transfer of Funds laws, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others.
6. Cross-border Transfer
To facilitate our global operations, we may transfer, process, and store your Personal Data anywhere in the world, including but not limited to other countries that may have data protection laws that are different from the laws where you live.
If you reside in the EEA, Switzerland, or the United Kingdom, we rely upon a variety of legal mechanisms to facilitate these transfers of your Personal data. In cases where we intend to transfer your Personal data to third countries outside of the EEA that has not been found to provide an adequate level of protection under applicable data protection laws, we use suitable technical, organizational and contractual safeguards including Standard contractual clauses (SCC) adopted by the European Commission as a mechanism to transfer data from the EU countries in compliance with applicable data protection rules.
7. Data Retention
We will retain Your Personal Data only for as long as it is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with AML/CFT regulation and applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
As soon as information stops serving these purposes, we delete it.
After you close your account and/or upon your request we will delete and/or anonymize your Personal data without undue delay, but no later than 30 days.
8. Data Protection
We have implemented a robust set of security measures to safeguard Personal data we process and protect it from unauthorized access, disclosure, alteration, or destruction. Our commitment to data security includes ongoing updates and rigorous testing of our security technology.
To ensure the highest level of data protection, we adhere to industry-leading practices. We employ secure socket encryption (HTTPS) to safeguard data during transmission and utilize encryption services provided by Google Cloud. Our servers are hosted in Germany, in full compliance with data protection regulations.
However, it's important to recognize that the internet is not entirely immune to security risks. While we take every precaution to protect your Personal data, the transmission of such data to and from our website carries inherent risks. We strongly advise you to access our services within a secure environment.
Additionally, we maintain strict access controls to limit access to your Personal data to only those employees who require it to provide you with our services. Our employees undergo regular training to emphasize the significance of confidentiality and the need to uphold the privacy and security of your personal data. We are dedicated to enforcing our employees' privacy responsibilities through appropriate measures.
9. Privacy Rights
Depending on where you live, you may be able to exercise certain privacy rights related to your personal information.
- Right to access - you may request a copy of your Personal data and/or the way we store it;
- Right to rectification - you may request us to change some of your Personal data and/or correct it if this is incomplete or inaccurate;
- Right to deletion/ erasure - you may request to delete all or some of your Personal data, for example, if they are no longer needed for any processing purposes, or consent has been used as a legal basis for their processing, or there is no legitimate interest in the further processing of personal data;
- Right to object - you may object to the processing of your personal data on grounds relating to your particular situation and/or to object processing it for direct marketing purposes;
- Right to object to automated processing - you may object to a decision based on automated processing. This means that you may request to review your Personal data manually if you believe that automated processing may not consider your unique situation;
- Right to data portability - you may request to provide a copy of your Personal data in a structured, commonly used, and machine-readable format (e.g. xml, csv). Furthermore, you have the right to request to transmit the said personal data directly to another controller;
- Right to withdraw your consent - to the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. The lawfulness of processing before you withdraw your consent will not be affected by such withdrawal;
- Right to non-discrimination - we will not discriminate against you for exercising any of your rights provided to you under law;
- Right to lodge a complaint - you have the right to lodge a complaint with a supervisory authority. If you are resident in the EEA and you believe we are unlawfully processing your personal data, you have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
To protect your privacy and security, we may take steps to verify your identity before complying with your request and we may decline your request if we are unable to verify your identity.
Please contact us by email at legal@swapspace.co to exercise your rights.
10. California Residents Privacy Notice
California Consumer Privacy Act (CCPA) provides our users who are California residents, with the following rights listed below in relation to personal information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
Right to know. You have a right to request the following information about our collection, use and disclosure of your personal information over the prior 12 months, and ask that we provide you with a copy of the following::
- categories of and specific pieces of personal information we have collected, sold, or shared about you;
- categories of sources from which we collect personal information;
- the business of commercial purposes for collecting personal information;
- categories of third parties to whom the personal information was disclosed for a business purpose; and
- categories of personal information disclosed about you for a business purpose.
Right to correct. You have a right to request that we correct inaccurate personal information maintained about you.
Right to delete. You have a right to request that we delete personal information, subject to certain exceptions.
Right to opt out of Selling or Sharing. You have the right to direct a business that sells or shares personal information about you to third parties to stop doing so.
Right to non-discrimination. We will not discriminate against you for exercising any of these rights.
We do not sell the data of users under 16 years of age, unless affirmatively authorized, as specified, to be referred to as the right to opt in. The act will prescribe requirements for receiving, processing, and satisfying these requests from consumers. The act will prescribe various definitions for its purposes and would define “personal information” with reference to a broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this in.
Please contact us by email at legal@swapspace.co to exercise your rights.
11. Children’s Privacy
We do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 19. If you are a parent or guardian and you are aware that your child has provided us with Personal data, please contact us. If we become aware that we have collected Personal data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.
Cookie Policy
This Cookie Policy is an integral part of the Privacy Policy. Capitalized terms used herein without definition shall have the meanings assigned to them in Privacy Policy. In Cookie Policy, we explain what cookies are and how we use them.
Cookies and similar technologies (e.g., web beacons, pixels, ad tags, and device identifiers) (together referred to as “cookies”) are files created by websites that you visit. Simply put, it is a technology that allows collecting information about your device, location, and your acts on the websites you visit.
Cookies set by SwapSpace are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
We process Personal data obtained via Cookies for the purposes and on the legal basis described in Privacy Policy.
What Cookies we use and why
Necessary cookies help make Websites/ Apps usable by enabling essential functions like page navigation and access to secure website areas. The Websites/ Apps cannot function properly without these Cookies.
Marketing cookies are used for personalizing the contents and ads on and off Websites/ Apps. They are also used to assess advertising efficiency.
Preference cookies let us remember user personal settings.
Analytics/ Statistics cookies help us understand how visitors interact with Websites/ Apps by collecting and reporting information anonymously. They greatly help us improve our Services.
| Name | The Processor | Storage period | Purpose |
| Necessary cookies | |||
| auth._refresh_token_expiration.affiliate | SwapSpace | Session | User authorization token on the site for the participants of the Affiliate programme |
| auth._token_expiration.affiliate | SwapSpace | Session | User authorization token on the site for the participants of the Affiliate programme |
| auth._refresh_token.affiliate | SwapSpace | Session | User authorization token on the site for the participants of the Affiliate programme |
| auth._token.affiliate | SwapSpace | Session | User authorization token on the site for the participants of the Affiliate programme |
| auth.strategy | SwapSpace | Session | User authorization token on the site for the participants of the Affiliate programme |
| Marketing cookies | |||
| _ga_* | 2 years | Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions | |
| _ga | 2 years | Records a particular ID used to come up with data about website usage by the user | |
| Analytical/Statistics cookies | |||
| _hjSession_* | Hotjar | 30 min | Used to hold the current session data. This ensures that subsequent requests within the session window will be attributed to the same Hotjar session. |
| _hjSessionUser_* | Hotjar | 1 year | Used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
| _ss_id | SwapSpace | 1 year | Used for internal analytical services to ensure that behavior in subsequent visits to the same site will be attributed to the same user ID. |
| Preference cookies | |||
| i18n_redirected | SwapSpace | Session | Used to hold the information about the redirection to the website. |
| ref | SwapSpace | 3 months | Used for accounting of actions of the participants of the Affiliate Programme. |
How can I control cookies on my browser?
When you visit our Website for the first time we ask for your consent to use cookies. At this time you may either agree to the use of cookies or disagree with cookie settings.
As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. The following is information about how to manage cookies on the most popular browsers:
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
Please note: disabling Cookies may reduce the quality of your experience on the Websites. Irrespective of your choice and/or your device settings, you will continue to see non-customized advertising (e.g. “contextual” advertising) and you may continue to receive personalized ads from third-party ad networks that have obtained your consent on other apps and/or websites.
Changes to Cookie Policy
We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore revisit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.
The date at the top of this Cookie Policy indicates when it was last updated.