Privacy Policy

When we talk about “PiPExchange”, “we” or “us” in this Policy, we mean the company or legal entity that operates the PiPExchange platform and decides how your personal data is used.

The exact legal entity name, address and registration details should be confirmed in your local legal documentation and may appear in your account area, invoices or footer of the website.

This Privacy Policy applies when you:

• visit or browse our website and related pages,
• create and use a PiPExchange account,
• place or manage exchange orders, or
• communicate with us by email, chat or other channels related to the Service.

It does not apply to websites or services we don’t control, even if we link to them. Those services have their own privacy policies.

Our approach to privacy is based on a few simple ideas:

• We only collect what we need to operate the service and stay compliant.
• We keep it as accurate and up to date as we reasonably can.
• We don’t sell your personal data to third parties.
• We are transparent about how we use data and we try to explain it in plain language.

This is information you give us when you use the service, for example:

• Account details – such as your name, email address, password and preferred language.
• Order details – for example payout account details, wallet addresses, bank details, PayPal email or other information we need to complete an exchange.
• Verification documents – when required by AML/KYC rules, such as copies of ID, proof of address or proof of funds.
• Support communication – the content of messages you send us, including attachments like payment screenshots or documents.

When you visit our website or use the platform, some information is collected automatically, such as:

• Technical data – IP address, browser type and version, device type, basic system settings and approximate location based on IP.
• Usage data – which pages you visit, how long you stay, navigation paths, clicks, and actions such as creating an order.
• Log information – server logs that may include timestamps, error messages and other diagnostic data.

We use this data mainly to keep the service secure, improve performance and understand how people use different parts of the site.

In some cases we may receive information about you from third parties, for example:

• Payment providers – to confirm that a transaction was successful, reversed, disputed or flagged for review.
• Verification and compliance partners – if we use external tools to help verify your identity or screen transactions against sanctions or risk lists.
• Analytics and anti-fraud tools – that help us detect suspicious patterns and protect the platform.

We only use such data where it is relevant for providing the Service or fulfilling our legal obligations.

We use your data to:

• create and manage your account,
• allow you to log in securely,
• process and track your exchange orders,
• send payouts to the correct destination accounts or wallets, and
• communicate with you about order status and service updates.

We process data to:

• confirm your identity where required,
• check transactions for unusual or high-risk patterns,
• prevent fraud, abuse, spam and other security risks, and
• comply with AML/KYC, sanctions and other legal requirements.

Without this type of processing, we would not be able to operate PiPExchange as a responsible currency exchange service.

We use aggregated and anonymised data, as well as some usage data, to:

• understand which features are used most or least,
• fix bugs and troubleshoot performance issues,
• make navigation clearer and reduce friction in key flows, and
• plan new features and improvements based on real behaviour rather than guesswork.

We may use your contact details to:

• respond to your support requests,
• notify you of important changes to the Service or these policies,
• send security alerts (for example, if we detect unusual login attempts), and
• with your consent where required, send optional updates, tips or product news that you can unsubscribe from at any time.

We process data because it is necessary to perform our agreement with you – for example:

• to create and manage your account, and
• to process exchange orders you place through PiPExchange.

We are required by law to collect and retain certain information, for example to:

• comply with AML/KYC and sanctions screening rules,
• respond to lawful requests from authorities, and
• keep accounting and tax records for a minimum period.

We may process data where it is in our legitimate interest to do so, provided those interests are not overridden by your rights and freedoms. For example:

• improving and securing our platform,
• protecting our business and users from fraud and abuse, and
• understanding how people use PiPExchange so we can make it better.

In some cases we rely on your consent, for example:

• for certain types of cookies or analytics (depending on your jurisdiction), and
• for optional marketing communications where required by law.

When we rely on consent, you can withdraw it at any time via the tools we provide (such as cookie banners or unsubscribe links) or by contacting us.

Cookies are small text files stored on your device by your browser. They help websites function correctly and remember certain information about your visit.

Depending on your settings and local law, we may use:

• Strictly necessary cookies – required for basic site and security functions (for example, keeping you logged in or preventing CSRF attacks).
• Functional cookies – to remember your preferences, such as language or previously selected currencies.
• Analytics cookies – to understand how visitors use the site so we can improve layout and flows.

We do not use cookies to read personal data from your device that was not originally placed there by our site.

Most browsers allow you to control cookies through their settings, including deleting existing cookies or blocking new ones. Some features of PiPExchange may not work properly if you disable certain types of cookies.

Where required by law, we will show a cookie banner or similar tool when you first visit, so you can make a choice about non-essential cookies.

We may share your data with trusted third parties who help us operate the Service, such as:

• payment processors and banks involved in your transactions,
• identity verification and AML/KYC providers,
• cloud hosting and technical infrastructure providers,
• analytics and security vendors.

These partners only receive the information they need to perform their services and are contractually obliged to protect your data and use it only for our specified purposes.

We may disclose information about you if we reasonably believe it is necessary to:

• comply with a law, regulation or legal request,
• respond to lawful requests from authorities or regulators,
• protect our rights, property or safety, or
• prevent fraud, abuse or other harmful activity.

If PiPExchange is involved in a merger, acquisition, reorganisation or sale of assets, your data may be transferred as part of that transaction. We will ensure that the receiving party respects this Policy or notifies you of materially different practices so you can make an informed choice.

Some of our service providers may be located in countries outside your own, and in some cases outside the European Economic Area (EEA). When we transfer personal data internationally, we will take appropriate measures to protect it under applicable law – for example, by using standard contractual clauses or ensuring that other suitable safeguards are in place.

We keep personal data only for as long as necessary to:

• provide the Services you requested,
• meet our legal and regulatory obligations, and
• resolve disputes, enforce agreements and protect our rights.

Retention periods vary depending on the type of data and context. For example:

• Order and transaction records – may need to be kept for several years for accounting and compliance reasons.
• Verification documents – may be retained for the period required under AML/KYC rules, even after you stop using the Service.
• Support communication – is usually kept for a shorter time, unless it needs to be linked to an ongoing case or legal obligation.

Where data is no longer needed in identifiable form, we may anonymise it for statistical or analytical purposes.

We use a combination of technical and organisational measures to protect personal data, including:

• encrypted connections (HTTPS) for all pages and APIs,
• hardened servers and restricted internal access,
• access controls and logging for sensitive operations,
• regular updates and security monitoring.

While no online service can promise perfect security, we aim to follow industry good practices and continuously improve our defences.

You also play an important role in keeping your data safe. In particular, you should:

• choose a strong, unique password for your PiPExchange account,
• keep it secret and never share it with anyone,
• enable additional security features, such as 2FA, when available, and
• be careful when sharing screenshots or information that may contain sensitive details.

If you believe your account or email has been compromised, please contact us as soon as possible.

Subject to local law and some exceptions, you may have rights such as:

• Access – to ask if we process your data and receive a copy.
• Rectification – to correct inaccurate or incomplete information.
• Erasure – to request deletion of your data in certain situations.
• Restriction – to request that we temporarily limit processing.
• Portability – to receive certain data in a structured, widely-used format.
• Objection – to object to some processing based on legitimate interests.
• Withdraw consent – where we rely on consent, you can withdraw it at any time.

Some of these rights may not apply in full if we must keep processing certain data by law (for example, AML/KYC and accounting records).

You can usually update some basic account information directly in your profile settings. For other requests related to your rights, please contact us using the details in the Contact section.

We may need to verify your identity before responding to your request. We aim to reply within a reasonable time frame, taking into account the complexity and number of requests.

If you have questions, concerns or requests about this Privacy Policy or how we handle your data, you can contact us using the channels listed in the Contact / Support section of the website. Please mention that your question is related to “privacy” or “data protection”.

We may update this Privacy Policy from time to time, for example when we introduce new features, change how we work with partners or when laws change. When we do:

• we will update the “Last updated” date at the top of the page, and
• where appropriate, we may provide additional notice inside your account area or by email.

The latest version of the Policy will always be available on this page.

This Privacy Policy is designed to be clear and practical for typical use of PiPExchange. However, privacy and data-protection rules can be complex and may vary between countries.

Important: this document is a template and starting point. Before using it as your formal Privacy Policy, it should be reviewed and adapted by a qualified lawyer or data-protection specialist to reflect your exact company details, technical setup and legal obligations.