Privacy Policy

1 Introduction

This Privacy Policy describes how Dox Elite Traders ("we," "us," or "our") collects, uses, stores, shares, and protects your personal data when you access or use the Dox Elite Traders platform, including all associated websites, APIs, mobile applications, and trading interfaces (collectively, the "Platform").

We are committed to protecting your privacy and handling your data in an open and transparent manner in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other applicable privacy frameworks.

For the purposes of GDPR, Dox Elite Traders acts as a data controller for the personal data we collect. Our registered address is 535 Mission Street, 14th Floor, San Francisco, CA 94105, United States.

2 Data We Collect

We collect the following categories of personal data to provide and improve our services:

2.1 Identity and Contact Data

Full legal name, date of birth, nationality, residential address, email address, and telephone number. This data is collected during account registration and is required to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.

2.2 Financial and Transaction Data

Bank account details, cryptocurrency wallet addresses, deposit and withdrawal records, trading history, account balances, profit and loss records, and payment card information (processed through PCI-DSS compliant third-party payment processors; full card numbers are not stored on our servers).

2.3 Technical and Usage Data

IP address, browser type and version, device identifiers, operating system, referring URLs, page interaction data, session duration, login timestamps, and diagnostic logs. We use this data to maintain platform security, detect fraud, and improve user experience.

2.4 Verification and Compliance Data

Government-issued identification documents (passport, driver's license, or national ID card), proof of address documents (utility bills or bank statements), facial recognition data for identity verification, and results of sanctions and politically exposed person (PEP) screening checks.

This data is collected through our third-party identity verification provider and is retained in accordance with applicable record-keeping requirements. Biometric data derived from identity verification is deleted within 30 days of account approval.

3 How We Use Your Data

We use your personal data for the following purposes, relying on the legal bases indicated:

3.1 Contractual Necessity

To create, maintain, and administer your account. To execute and settle trades on your behalf. To process deposits and withdrawals. To communicate service-related announcements and updates. These processing activities are necessary for the performance of our contract with you.

3.2 Legal Obligations

To comply with KYC/AML regulations, counter-terrorist financing laws, and sanctions screening requirements. To respond to lawful requests from regulatory authorities, law enforcement agencies, and courts. To maintain records as required by applicable financial services regulations. To fulfill our tax reporting obligations.

3.3 Legitimate Interests

To monitor and improve the security, performance, and reliability of the Platform. To detect, prevent, and investigate fraud, unauthorized access, and other illegal activities. To develop and enhance our products and services based on aggregated usage analytics. To send you relevant marketing communications about our products and services (you may opt out at any time).

3.4 Consent

To send you promotional communications where required by applicable law. To process special categories of data (such as biometric data for identity verification) where we are required to obtain your explicit consent. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

4 Data Sharing and Disclosure

We do not sell your personal data. We may share your data with the following categories of recipients:

4.1 Service Providers

Third-party vendors who perform services on our behalf, including identity verification providers, payment processors, cloud hosting providers, customer support platforms, email delivery services, and blockchain analytics firms. These providers are contractually bound to process your data only on our instructions and in compliance with this Privacy Policy.

4.2 Regulatory and Legal Disclosures

We may disclose your data to regulatory authorities, law enforcement agencies, courts, or other government bodies when we believe disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of the Company, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your data may be transferred as part of that transaction. We will notify you via email and a prominent notice on the Platform of any change in ownership or use of your personal data.

5 International Data Transfers

As a global platform, your data may be transferred to and processed in countries other than your country of residence, including the United States, the United Kingdom, Singapore, and the United Arab Emirates, where we maintain offices or engage service providers.

When we transfer personal data from the EEA, the United Kingdom, or Switzerland to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement, and supplementary technical and organizational measures as required.

You may request a copy of the relevant transfer safeguards by contacting us at the email address provided in Section 9.

6 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

Specifically: Account and transaction data is retained for a minimum of seven years following account closure to comply with financial services record-keeping obligations. Identity verification data is retained for five years following the last transaction. Technical logs and usage data are retained for up to two years. Marketing consent records are retained indefinitely or until consent is withdrawn.

When data is no longer required, we securely delete or anonymize it using industry-standard methods.

7 Your Data Protection Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

7.1 Access and Portability

You have the right to request a copy of the personal data we hold about you in a structured, commonly used, and machine-readable format. We will respond to access requests within 30 days, subject to identity verification.

7.2 Rectification and Erasure

You have the right to request correction of inaccurate personal data and, in certain circumstances, the deletion of your personal data. Please note that legal and regulatory obligations may require us to retain certain data even after an erasure request.

7.3 Restriction and Objection

You have the right to request restriction of processing in certain circumstances and to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing for direct marketing upon your objection.

7.4 Automated Decision-Making

We use automated decision-making in limited contexts, including identity verification, fraud detection, and sanctions screening. Where such decisions produce legal effects or similarly significantly affect you, you have the right to request human intervention, express your point of view, and contest the decision.

8 Cookies and Tracking Technologies

We use essential cookies and similar technologies to operate the Platform, maintain session state, and ensure security. We also use analytics cookies to understand how users interact with the Platform and to improve our services.

You may control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Platform.

We do not currently respond to Do Not Track (DNT) signals. For more information about DNT, visit www.allaboutdnt.org.

9 Security Measures

We implement and maintain appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption of data in transit (TLS 1.3) and at rest (AES-256), multi-factor authentication for account access, cold storage for the majority of digital assets under custody, regular penetration testing and security audits by independent third-party firms, SOC 2 Type II certified infrastructure, and ongoing security training for all employees.

10 Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.

11 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes via email and through a prominent notice on the Platform at least 30 days before the changes take effect.

Your continued use of the Platform after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms.

12. Contact and Complaints

For questions about this Privacy Policy or to exercise your data protection rights, please contact our Data Protection Officer:

Email: support@doxelitetraders.com

Postal: Dox Elite Traders, Data Protection Officer, 535 Mission Street, 14th Floor, San Francisco, CA 94105, United States

You have the right to lodge a complaint with your local data protection supervisory authority. For EEA users, you may contact the supervisory authority in your member state of residence. For UK users, you may contact the Information Commissioner's Office (ICO). For California residents, you may contact the California Attorney General.