Privacy Policy

NIXAFIRM Ltd ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our platform, website, and related services.

1. Introduction

This Privacy Policy applies to NIXAFIRM Ltd, a company registered in England and Wales, authorised and regulated by the Financial Conduct Authority (FCA). This policy covers all personal data processed when you use our website, platform, mobile application, and any related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information as described in this policy. If you disagree with this policy, please discontinue use of our Services.

2. Data We Collect

We collect personal data in the following categories:

2.1 Information You Provide

• Account Registration: Full name, email address, date of birth, country of residence, phone number
• KYC Verification: Government-issued ID documents, selfie photographs, proof of address, nationality
• Financial Information: Payment details, bank account information, cryptocurrency wallet addresses, transaction history
• Communications: Support tickets, live chat conversations, email correspondence

2.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns, trading activity
• Cookies: Session tokens, preferences, analytics identifiers (see Section 7)
• Location Data: General geographic location derived from IP address

2.3 Information from Third Parties

• Identity verification services (for KYC/AML compliance)
• Credit reference agencies (for fraud prevention)
• Social login providers (Google, if used)
• Payment processors and banking partners

3. How We Use Your Data

We use your personal data for the following lawful purposes:

4. Data Sharing

We do not sell your personal data. We may share your data with:

• Regulatory authorities when required by law (FCA, HMRC, NCA)
• Banking and payment partners to process your transactions
• KYC/AML service providers for identity verification
• Cloud hosting providers (data processed within the EEA or under adequacy decisions)
• Analytics providers using anonymised or pseudonymised data
• Professional advisors (lawyers, auditors) bound by confidentiality

Any third-party data processors are contractually bound by GDPR-compliant Data Processing Agreements.

5. Data Security

We implement industry-standard and beyond-standard security measures:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for all data in transit
• Multi-factor authentication for staff and optionally for users
• Regular penetration testing and security audits
• Staff security training and access controls
• 24/7 intrusion detection and monitoring
• Segregated production and development environments

Despite these measures, no transmission over the internet is 100% secure. Please use strong, unique passwords and enable 2FA on your account.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Active accounts: Data retained for the duration of your account
• Closed accounts: Financial records retained for 7 years (regulatory requirement)
• KYC documents: Retained for 5 years after account closure (AML Regulations 2017)
• Support communications: Retained for 3 years
• Marketing data: Until consent is withdrawn or 3 years of inactivity

7. Cookies

We use the following categories of cookies:

• Essential cookies: Required for the platform to function (session management, security). Cannot be disabled.
• Analytics cookies: Help us understand how the platform is used (Google Analytics, anonymised). Opt-out available.
• Preference cookies: Remember your settings (language, dark/light mode, currency). Can be cleared.
• Marketing cookies: Used with your consent to show relevant advertisements. Opt-in required.

Manage your cookie preferences at any time via your browser settings or our cookie preference centre.

8. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

• Right of access: Request a copy of your personal data (Subject Access Request)
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data (subject to regulatory retention obligations)
• Right to restrict processing: Limit how we use your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making: Not be subject to solely automated decisions with significant effects

To exercise any of these rights, contact our Data Protection Officer at privacy@nixafirm.com. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

9. Children's Privacy

Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it promptly.

10. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Material changes will be notified via email and/or a prominent notice on our platform at least 30 days before taking effect. Continued use of our Services after the effective date constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related enquiries, data subject requests, or to contact our Data Protection Officer: