1. Introduction
BybitFX Ltd. ("BybitFX", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use the BybitFX platform and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Policy.
2. Information We Collect
2.1 Information you provide:
- Account registration data: name, email address, phone number, date of birth, password.
- Identity verification (KYC) data: government-issued ID, selfie, proof of address.
- Financial data: bank account or payment method details provided for deposits/withdrawals.
- Communications: messages sent to our support team, feedback, or surveys.
2.2 Information collected automatically:
- Device and browser information: IP address, browser type and version, operating system.
- Usage data: pages visited, features used, time and duration of visits, clickstream data.
- Trading data: orders placed, positions held, trade history.
- Cookies and similar tracking technologies (see Section 7).
3. How We Use Your Information
We use your personal information to:
- Provide, operate, and maintain the Service.
- Process transactions and send related notices.
- Verify your identity and comply with KYC / AML legal requirements.
- Communicate with you, including responding to support requests.
- Send promotional materials and product updates (you may opt out at any time).
- Monitor for and prevent fraud, security incidents, and policy violations.
- Analyse usage trends and improve platform performance and features.
- Comply with applicable laws and regulatory obligations.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Contract performance: To provide the Service as agreed when you register.
- Legal obligation: To comply with KYC, AML, and other regulatory requirements.
- Legitimate interests: To improve our services, detect fraud, and maintain security.
- Consent: For marketing communications and optional data processing activities.
5. Sharing Your Information
We do not sell your personal data. We may share information with:
- Service providers: Cloud hosting, payment processors, identity verification services, and customer support tools — bound by confidentiality obligations.
- Regulators and authorities: When required by law, court order, or government authority.
- Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction.
- With your consent: In any other circumstances where you have explicitly agreed.
6. Data Retention
We retain your personal data for as long as your account is active and for a period thereafter as required by applicable law (typically 5–7 years for AML/KYC records). When data is no longer required, it is securely deleted or anonymized.
7. Cookies
We use the following types of cookies:
- Essential cookies: Required for the platform to function (session management, security).
- Analytics cookies: Help us understand how users interact with the platform (e.g., Google Analytics). These may be disabled without affecting core functionality.
- Preference cookies: Remember your settings such as language, theme, and layout.
You can manage cookie preferences via your browser settings. Note that disabling cookies may affect some platform features.
8. Data Security
We implement industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include TLS/SSL encryption for data in transit, AES-256 encryption for sensitive data at rest, two-factor authentication, and regular internal security audits. However, no Internet transmission is 100% secure, and we cannot guarantee absolute security.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to certain types of processing, including direct marketing.
- Restriction: Request that we limit how we use your data.
To exercise any of these rights, contact us via our Customer Support page or email privacy@bybitfx.io. We will respond within 30 days.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. When we transfer data from the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
11. Children's Privacy
The Service is not directed to, or intended for use by, individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the platform or by email before the change takes effect. Your continued use of the Service after any change constitutes your acceptance of the updated Policy.