Privacy Policy

This Privacy Policy describes the manner in which IronXLedger Holdings Ltd. and its duly authorised affiliates (collectively, "IronXLedger") collect, process, store, transfer, disclose, and protect personal data relating to natural persons who access, register for, or otherwise interact with the IronXLedger platform. This Policy is to be read in conjunction with our Terms of Service, AML / KYC Policy, and Cookie Policy. Capitalised terms not defined herein bear the meaning ascribed to them in the Terms of Service.

1. Data Controller and Scope

IronXLedger Holdings Ltd. acts as the data controller in respect of the personal data described in this Policy, save where it acts as a processor on behalf of an institutional Client and a separate data-processing addendum has been executed between the parties. This Policy applies globally, subject to overriding mandatory provisions of local law applicable to the Data Subject's place of residence.

2. Categories of Personal Data Processed

We process the following categories of personal data, depending on the nature of your engagement with the Platform: (i) Identification data, including full legal name, date of birth, nationality, place of birth, and photograph or video likeness captured during identity verification; (ii) Contact data, including residential address, email address, and telephone number; (iii) Government-issued identifiers, including passport, national identity card, driver's licence, and tax identification numbers; (iv) Financial and transactional data, including deposit and withdrawal addresses, transaction amounts, counter-party identifiers, and source-of-funds documentation; (v) Authentication and security data, including hashed passwords, second-factor secrets (held in encrypted form), session metadata, and device fingerprints; and (vi) Behavioural and technical data, including Internet Protocol address, user-agent string, language preferences, and product interaction logs.

3. Lawful Bases of Processing

IronXLedger processes personal data on one or more of the following lawful bases: (a) the performance of a contract to which you are party, or in order to take pre-contractual steps at your request; (b) compliance with legal obligations to which IronXLedger is subject, including obligations under anti-money-laundering, counter-terrorism financing, sanctions, and tax reporting regimes; (c) the legitimate interests pursued by IronXLedger or a third party, including the prevention of fraud, the protection of the Platform's integrity, and the management of operational risk; and (d) where required by applicable law, your freely given, specific, informed, and unambiguous consent.

4. Purposes of Processing

Personal data is processed for the purposes of (i) onboarding and ongoing customer due diligence; (ii) the provision and operation of the Platform; (iii) detection, prevention, investigation, and reporting of unlawful activity; (iv) regulatory and tax reporting; (v) information security, fraud prevention, and incident response; (vi) communication regarding service-related matters; and (vii) the enforcement, defence, or exercise of legal claims.

5. Disclosures to Third Parties

IronXLedger may disclose personal data to (a) regulated processors providing identity verification, fraud-screening, blockchain analytics, customer support, infrastructure, and email delivery services, in each case under written agreements imposing confidentiality and data-protection obligations no less stringent than those set out herein; (b) governmental, regulatory, tax, or law-enforcement authorities where compelled or expressly permitted by applicable law; (c) professional advisers including external counsel, auditors, and accountants under conditions of professional confidentiality; and (d) successors-in-interest in connection with any actual or contemplated reorganisation, merger, sale, or transfer of all or part of the IronXLedger business or assets.

6. International Transfers

Personal data may be transferred to, stored in, and processed in jurisdictions other than your country of residence. Where such jurisdictions have not been recognised as affording an adequate level of data protection, IronXLedger relies on appropriate safeguards, including European Commission Standard Contractual Clauses or equivalent instruments, and applies supplementary measures consistent with regulatory guidance.

7. Data Retention

Personal data is retained for the duration of the Client relationship and for the period thereafter mandated by applicable anti-money-laundering, tax, and statute-of-limitations regimes, which generally require retention for a minimum of five (5) years and may, in certain jurisdictions, require retention for up to ten (10) years from the date of the last transaction or account closure. Anonymised or aggregated data not capable of identifying a natural person may be retained indefinitely for analytical purposes.

8. Data Subject Rights

Subject to applicable law, you may have the right to (a) request access to and a copy of your personal data; (b) request rectification of inaccurate or incomplete data; (c) request erasure of personal data, subject to overriding retention obligations; (d) request restriction of, or object to, certain processing; (e) request portability of data provided to us; and (f) lodge a complaint with the supervisory authority of your habitual residence. Requests should be addressed to support@ironxledger.com with the subject line marked PRIVACY REQUEST. We may require additional information to verify your identity before acting on a request.

9. Security Measures

IronXLedger implements technical and organisational measures designed to ensure a level of security appropriate to the risks presented by processing, including encryption of personal data at rest and in transit, segregation of production environments, least-privilege access control, periodic third-party assessments, and structured incident-response procedures. Notwithstanding the foregoing, no method of transmission or storage is impervious; you accept that absolute security cannot be guaranteed.

10. Children

The Platform is not directed at, and IronXLedger does not knowingly process personal data of, individuals below the age of legal majority in their jurisdiction of residence. Where IronXLedger becomes aware that such data has been collected without appropriate authorisation, it shall be deleted without undue delay.

11. Amendments

We may update this Policy from time to time to reflect operational, legal, or regulatory developments. Material changes will be communicated by appropriate means, including notice within the Platform.

12. Contact

For all matters relating to the processing of personal data, write to support@ironxledger.com marked DATA PROTECTION OFFICER.