Data Protection Policy

Data Protection & Privacy Policy

How we collect, protect, and manage your personal and financial data

AES-256
Encryption Standard
ISO 27001
Certified Security
GDPR
Compliant
24/7
Security Monitoring

Executive Summary

Our data protection policy defines how we collect, store, process, and protect your personal and financial information. This document outlines our commitment to maintaining the highest standards of data security and privacy.

Primary Commitment

To protect your data with industry-leading security measures while maintaining transparency about our data practices and your rights.

Core Principles

  • Data minimization - collect only what's necessary
  • Purpose limitation - use data only as disclosed
  • Data accuracy and integrity maintenance
  • User control and transparency

Security Compliance Metrics

Encryption Coverage 100%
GDPR Compliance 100%
Security Audits Quarterly
Incident Response Time <15 minutes

Zero-Knowledge Architecture

Your API keys and sensitive credentials are encrypted end-to-end and never accessible to our staff.

Data Processing Lifecycle

1

Data Collection

Minimal Collection

We collect only the essential data required to provide our trading services and comply with regulatory requirements.

Account information (name, email, phone)
KYC/AML verification documents
Trading preferences and strategy settings
Transaction and trading history

Legal Basis

Contract Performance
Legal Compliance
Legitimate Interest
User Consent
2

Data Encryption & Storage

Military-Grade

All data is encrypted at rest and in transit using industry-leading cryptographic standards.

Encryption Standards

AES-256

At Rest

TLS 1.3

In Transit

HSM

Key Storage

E2E

API Keys

Storage Architecture

Primary Servers Geo-Redundant
Backup Systems Real-time
Data Centers Tier 4 Certified
3

Data Access Control

Role-Based Access

Strict access controls ensure only authorized personnel can access specific data based on their role and necessity.

Multi-Factor Authentication

Required for all staff and user accounts

Role-Based Permissions

Principle of least privilege enforced

Audit Logging

All access attempts recorded and monitored

Access Levels

Customer Data You Only
Support Team Limited View
Compliance Team Audited Access
4

Data Retention & Deletion

Policy-Driven

We retain data only as long as necessary for legal, regulatory, or operational purposes.

Retention Periods

  • Transaction records: 7 years (regulatory)
  • KYC documents: Duration of relationship + 5 years
  • Marketing data: Until consent withdrawn
  • Inactive accounts: 2 years then archived

Deletion Process

Secure Deletion DOD 5220.22-M
Backup Purge Automated
Verification Certified

You can request data deletion at any time, subject to legal retention requirements.

Your Data Rights

Right to Access

View your data

What You Can Do

Request a copy of all personal data we hold about you in a portable format.

Response Time

We respond to access requests within 30 days.

Cost Free

Right to Rectification

Correct inaccuracies

What You Can Do

Update or correct any inaccurate or incomplete personal information.

How to Exercise

Update directly in settings or contact support.

Availability Anytime

Right to Erasure

"Right to be forgotten"

What You Can Do

Request deletion of your personal data when it's no longer necessary.

Limitations

Some data must be retained for legal compliance.

Process Time 30 Days

Data Portability

Transfer your data

What You Can Do

Receive your data in a structured, commonly used format.

Formats

CSV, JSON, or other machine-readable formats.

Delivery Secure Email

Restrict Processing

Limit data use

What You Can Do

Request that we limit how we use your data in certain circumstances.

When Available

During disputes or when accuracy is challenged.

Effect Immediate

Right to Object

Stop certain uses

What You Can Do

Object to processing for direct marketing or legitimate interests.

Marketing

Opt-out anytime via unsubscribe link.

Response Honored

Security Measures & Compliance

Technical Security

Infrastructure Security

Cloud infrastructure with DDoS protection, firewalls, and intrusion detection systems.

Network Security

Segregated networks, VPN access for staff, and continuous network monitoring.

Vulnerability Management

Regular security assessments, penetration testing, and bug bounty program.

Regulatory Compliance

GDPR Compliance

Full compliance with European data protection regulations and user rights.

ISO 27001 Certified

Information security management system certified to international standards.

Financial Regulations

Compliance with AML, KYC, and cryptocurrency trading regulations.

Data Breach Response Protocol

Detection

Automated systems detect and alert security team within minutes of any suspicious activity.

Containment

Immediate action to isolate affected systems and prevent further unauthorized access.

Notification

Affected users and authorities notified within 72 hours as required by GDPR.

Document Version: 2.1.0 | Last Updated: January 2024

This data protection policy is reviewed annually and updated to reflect changes in data protection laws, industry best practices, and our data processing activities. Users are notified of material changes via email 30 days prior to implementation.

FAQ | OonDex AI
Logo

Menu

Sign In Get Started