Privacy Policy

Last Updated: March 26, 2026

1. Introduction

1.1 Bit1 Ventures ("Bit1", "we", "us", "our") operates a digital asset trading platform accessible at bit1.com and through our mobile applications (collectively, the "Platform").

1.2 This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Platform and services. This policy applies to all users of our spot trading and perpetual futures trading services.

1.3 Your Consent: By creating an account, accessing our Platform, or using our services, you consent to the collection, use, and sharing of your personal information as described in this Privacy Policy.

1.4 Scope: This Privacy Policy covers all personal information we collect through our Platform, mobile applications, customer support interactions, and related services.

1.5 Updates: We may update this Privacy Policy from time to time. Material changes will be communicated through our Platform and via email, and your continued use constitutes acceptance of the updated policy.

2. Information You Provide

2.1 Account Registration Information:

• Full legal name

• Email address

• Phone number

• Date of birth

• Nationality and country of residence

• Physical address

2.2 Identity Verification (KYC) Information:

• Government-issued identification documents (passport, driver's license, national ID)

• Proof of address documents (utility bills, bank statements, government correspondence)

• Selfie photographs for identity verification

• Additional identification documents as required for enhanced due diligence

2.3 Financial Information:

• Source of funds documentation

• Source of wealth documentation

• Bank account information for deposits and withdrawals

• Financial statements and income verification (when required)

• Employment information and business activities

2.4 Communication Data:

• Support ticket communications

• Email correspondence

• Chat messages and customer service interactions

• Survey responses and feedback

2.5 Optional Information:

• Profile preferences and settings

• Marketing communication preferences

• Referral information

3. Information Collected Automatically

3.1 Device and Technical Information:

• IP address and geographic location

• Device type, operating system, and version

• Browser type and version

• Device identifiers and mobile advertising IDs

• Screen resolution and device specifications

3.2 Usage Data:

• Pages visited and features accessed

• Time spent on Platform sections

• Click patterns and navigation paths

• Session duration and frequency

• Login timestamps and frequency

• Search queries and filters used

3.3 Transaction Data:

• Trade history and order details

• Transaction amounts and frequencies

• Digital asset holdings and balances

• Deposit and withdrawal records

• Fee payments and calculations

3.4 Blockchain Data:

• Digital asset wallet addresses

• Transaction hashes and blockchain confirmations

• On-chain transaction history and patterns

• Smart contract interactions

3.5 Technical Logs:

• Error logs and system performance data

• API usage logs and access patterns

• Security event logs

• Network connection details

4. Information from Third Parties

4.1 Identity Verification Providers:

• KYC verification results and risk assessments

• Document authentication results

• Biometric verification data

• Identity matching and validation scores

4.2 Blockchain Analytics Providers:

• Transaction monitoring and risk scoring

• Sanctions screening results

• Blockchain address clustering and analysis

• Suspicious activity alerts and intelligence

4.3 Legal and Compliance Sources:

• Sanctions list screenings

• Politically Exposed Person (PEP) database matches

• Adverse media screening results

• Law enforcement and regulatory notifications

4.4 Service Providers:

• Fraud prevention and security intelligence

• Email deliverability and engagement metrics

• Customer support platform data

• Marketing analytics and attribution data

5. How We Use Your Information

5.1 Account Creation and Management:

• Creating and maintaining your account

• Processing registration and account verification

• Managing account settings and preferences

• Providing customer support services

5.2 Identity Verification and Compliance:

• Conducting Know Your Customer (KYC) verification

• Screening against sanctions lists and databases

• Verifying source of funds and wealth

• Performing enhanced due diligence when required

• Meeting anti-money laundering (AML) obligations

5.3 Transaction Monitoring and Fraud Prevention:

• Conducting Know Your Transaction (KYT) monitoring

• Detecting suspicious or fraudulent activities

• Preventing market manipulation and abuse

• Protecting against security threats and unauthorized access

• Investigating and reporting suspicious transactions

5.4 Providing and Improving Services:

• Processing trades and managing orders

• Facilitating deposits and withdrawals

• Calculating and collecting fees

• Providing real-time market data and analytics

• Developing and improving Platform features

5.5 Communication and Account Management:

• Sending account notifications and alerts

• Providing customer support and assistance

• Communicating service updates and maintenance

• Delivering important security notifications

5.6 Legal and Regulatory Compliance:

• Complying with applicable laws and regulations

• Responding to legal processes and court orders

• Reporting to regulatory authorities as required

• Maintaining records for audit and examination purposes

5.7 Terms of Service Enforcement:

• Monitoring compliance with our Terms of Service

• Investigating violations and taking appropriate action

• Preventing unauthorized access and account abuse

• Protecting our rights and interests

5.8 Security Monitoring and Incident Response:

• Monitoring for security threats and vulnerabilities

• Investigating security incidents and breaches

• Implementing security controls and measures

• Maintaining system integrity and availability

5.9 Analytics and Service Improvement:

• Analyzing usage patterns and user behavior

• Measuring Platform performance and reliability

• Conducting research and development activities

• Optimizing user experience and interface design

5.10 Marketing (With Explicit Consent Only):

• Sending promotional communications and newsletters

• Providing information about new features and services

• Conducting marketing campaigns and promotions

• Measuring marketing effectiveness and engagement

6. How We Share Your Information

6.1 Identity Verification Providers:

• Sharing necessary personal information for KYC processing

• Transmitting identity documents for verification services

• Receiving verification results and risk assessments

• Maintaining ongoing monitoring for regulatory compliance

6.2 Blockchain Analytics Providers:

• Sharing transaction data for KYT monitoring

• Providing wallet addresses for risk assessment

• Receiving suspicious activity alerts and intelligence

• Conducting ongoing transaction screening

6.3 Law Enforcement and Regulatory Authorities:

• Responding to valid legal processes and court orders

• Complying with subpoenas and regulatory investigations

• Reporting suspicious transactions as required by law

• Providing information for criminal investigations

• Cooperating with anti-money laundering enforcement

6.4 Service Providers (Under Strict Confidentiality):

• Cloud infrastructure and hosting providers

• Cybersecurity and fraud prevention services

• Customer support and communication platforms

• Payment processors and banking partners

• Data analytics and research providers

6.5 Professional Advisors (Under Professional Obligations):

• Legal counsel for advice and representation

• External auditors for financial and compliance audits

• Accounting firms for tax and financial reporting

• Regulatory consultants for compliance guidance

6.6 Corporate Transactions:

• Potential acquirers in connection with mergers or acquisitions

• Investment banks and advisors for corporate restructuring

• Due diligence providers for transaction evaluation

• Successor entities following business transfers

6.7 With Your Explicit Consent:

• Third-party services you authorize us to share data with

• Business partners for joint services or promotions

• Research institutions for anonymized studies

• Any other sharing specifically requested by you

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use:

Essential Cookies:

• Authentication and login session management

• Security features and fraud prevention

• Platform functionality and user preferences

• Load balancing and system performance

Functional Cookies:

• User interface customization

• Language and regional preferences

• Trading interface settings

• Notification preferences

Analytics Cookies:

• Usage statistics and traffic analysis

• Feature adoption and user behavior tracking

• Performance monitoring and optimization

• A/B testing and experience improvement

Marketing Cookies (With Consent):

• Advertising campaign measurement

• Social media integration features

• Retargeting and personalized advertising

• Marketing attribution and effectiveness

7.2 Cookie Management:

• You can manage cookies through your browser settings

• Most browsers allow you to block or delete cookies

• You can set preferences for different cookie types

• Mobile app settings allow similar control over tracking

7.3 Impact of Disabling Cookies:

• Essential cookies are required for Platform functionality

• Disabling functional cookies may limit user experience

• Analytics cookies help us improve our services

• Marketing cookies can be disabled without affecting core functionality

7.4 Third-Party Tracking:

• We may use third-party analytics and advertising services

• These services may collect information about your browsing activities

• We contractually require these providers to protect your data

• You can opt out of interest-based advertising through industry tools

8. Data Retention

8.1 Active Accounts:

• Personal information is retained while your account remains active

• Transaction and trading data is maintained for ongoing service provision

• Communication records are kept for customer support purposes

• Security logs are retained for monitoring and incident response

8.2 Closed Accounts:

• Minimum retention period of five (5) years after account closure

• Extended retention may be required for ongoing legal matters

• Some data may be retained longer for regulatory compliance

• Anonymized data may be retained indefinitely for analytics

8.3 Specific Retention Periods:

8.4 Deletion When No Longer Needed:

• Data is deleted when retention periods expire

• Deletion is subject to ongoing legal and regulatory requirements

• We maintain policies for systematic data destruction

• Backups and archived data are also subject to deletion schedules

8.5 Legal Holds:

• Data subject to legal proceedings may be retained longer

• Regulatory investigations may extend retention periods

• Law enforcement requests may prevent scheduled deletion

• We will notify you when legal holds affect your data where permitted

9. Data Security

9.1 Encryption:

• All data transmissions use industry-standard TLS encryption

• Personal information is encrypted at rest using AES-256 encryption

• Database encryption protects stored personal information

• Backup systems employ additional encryption layers

9.2 Access Controls and Authentication:

• Multi-factor authentication required for employee access

• Role-based access controls limit data exposure

• Regular access reviews and permission audits

• Privileged access monitoring and logging

9.3 Regular Security Audits:

• Third-party security assessments and penetration testing

• Code reviews and vulnerability assessments

• Compliance audits and regulatory examinations

• Continuous security monitoring and threat detection

9.4 Employee Training and Access Limitations:

• Comprehensive security awareness training programs

• Background checks for employees with data access

• Confidentiality agreements and security policies

• Regular training updates on privacy and security practices

9.5 Incident Response Procedures:

• Documented incident response and breach notification procedures

• Security incident monitoring and alerting systems

• Forensic investigation capabilities for security events

• Coordination with law enforcement and regulatory authorities

9.6 Digital Asset Security:

• Cold storage for the majority of user digital assets

• Multi-signature wallet controls and segregation

• Regular security assessments of custody infrastructure

• Insurance coverage for digital asset holdings

10. International Data Transfers

10.1 Global Processing:

• Your personal information may be processed in multiple jurisdictions

• Data may be transferred to countries with different privacy laws

• Processing locations are determined by business needs and service providers

• We maintain global infrastructure to support our services

10.2 Appropriate Safeguards:

• Contractual protections for international data transfers

• Due diligence on data protection laws in processing countries

• Regular assessments of international privacy compliance

• Implementation of supplementary measures where required

10.3 Service Provider Locations:

• Cloud infrastructure providers may process data globally

• Identity verification services may operate in multiple countries

• Customer support services may be provided from various locations

• We maintain visibility into all processing locations

10.4 Consent to International Transfers:

• By using our services, you consent to international data transfers

• You acknowledge that privacy laws may vary by jurisdiction

• We will notify you of significant changes to processing locations

• You may contact us with concerns about international transfers

11. Your Rights

11.1 Access Rights:

• Request a copy of the personal information we hold about you

• Obtain details about how your information is processed

• Receive information about data sharing and recipients

• Access your transaction history and account data

11.2 Correction Rights:

• Request correction of inaccurate personal information

• Update your profile and account information directly

• Provide additional information to complete records

• Contest the accuracy of automated decisions

11.3 Deletion Rights:

• Request erasure of your personal information

• Delete your account and associated data

• Remove consent for processing activities

• Subject to legal and regulatory retention requirements

11.4 Restriction Rights:

• Limit the processing of your personal information

• Suspend certain automated processing activities

• Restrict data use while disputes are resolved

• Limit marketing communications and analytics

11.5 Portability Rights:

• Receive your data in a machine-readable format

• Transfer your information to another service provider

• Obtain structured data exports from your account

• Access standardized data formats where available

11.6 Objection Rights:

• Object to processing based on legitimate interests

• Opt out of marketing communications and profiling

• Contest automated decision-making processes

• Withdraw consent for voluntary processing activities

11.7 Withdrawal of Consent:

• Withdraw previously given consent at any time

• Change your privacy preferences and settings

• Opt out of non-essential processing activities

• Note that withdrawal may affect service availability

11.8 How to Exercise Your Rights:

11.9 Response Timeline:

• We will respond to rights requests within thirty (30) days

• Complex requests may require additional time with notification

• We may request additional information to verify your identity

• Responses will be provided in a commonly used electronic format

12. Children's Privacy

12.1 Age Restriction:

• Our services are not directed at individuals under 18 years of age

• We do not knowingly collect information from minors

• Account registration requires age verification

• Users must represent that they meet minimum age requirements

12.2 Discovery and Deletion:

• If we discover an account belonging to a minor, we will immediately suspend it

• Personal information of minors will be deleted promptly

• We will notify parents or guardians where required by law

• We may report violations to appropriate authorities

12.3 Parental Rights:

• Parents may contact us regarding a minor's data

• We will verify parental authority before providing information

• Parents may request deletion of a minor's information

• We will cooperate with parents to protect children's privacy

13. Third-Party Links

13.1 External Websites:

• Our Platform may contain links to external websites and services

• These links are provided for convenience and information

• Third-party sites are not under our control

• We are not responsible for their privacy practices

13.2 Third-Party Privacy Policies:

• External sites have their own privacy policies and terms

• You should review their privacy practices before providing information

• We recommend reading privacy policies of all websites you visit

• Third-party data collection is governed by their own policies

13.3 Integration Services:

• Some features may integrate with third-party services

• You may choose to connect external accounts or services

• Integration requires your explicit consent

• You can disconnect integrated services at any time

14. Changes to This Policy

14.1 Amendment Rights:

• We may update this Privacy Policy from time to time

• Changes will be posted on our Platform with the updated date

• We will review and update the policy regularly to maintain accuracy

• Updates may reflect changes in law, regulation, or business practices

14.2 Material Changes Notification:

• For significant changes, we will provide email notification

• Important updates will be prominently displayed on our Platform

• We may require additional consent for expanded data processing

• Major changes will be announced through multiple communication channels

14.3 Continued Use and Acceptance:

• Continued use of our services constitutes acceptance of updated terms

• You will have thirty (30) days to review changes before they take effect

• If you disagree with changes, you may close your account

• Previous versions of this policy are available upon request

14.4 Version History:

• We maintain records of all policy versions and changes

• You may request information about specific changes

• Significant revisions will be documented and dated

• We can provide explanations of material changes upon request

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Response Expectations:

• Privacy rights requests: within 30 days

• General support inquiries: within 24-48 hours

• Urgent security matters: immediate escalation

• Complex legal matters: within 5-7 business days

Written Correspondence: For formal privacy rights requests or legal notices, please email [email protected] with detailed information about your request, including:

• Your full name and account information

• Specific rights you wish to exercise

• Any supporting documentation

• Preferred response format and contact method