AndX US | Crypto Exchange

Privacy Policy

Last Updated: July 17, 2025

ANDX USA LLC (“we,” “us,” or “our”) is committed to protecting the privacy and security of our users’ personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our cryptocurrency exchange platform and mobile application (collectively, the “Platform”). By using our Platform, you agree to the practices described in this Privacy Policy.

This policy complies with applicable U.S. federal and state regulations, including the California Consumer Privacy Act (CCPA) and the Florida Information Protection Act.

1. Information We Collect

We collect information to provide our services, comply with regulatory requirements, and enhance your experience on the Platform. The types of information we collect include:

1.1 Personal Information

  • Identity Information: Name, date of birth, government-issued identification (e.g., passport, driver’s license) collected during Know Your Customer (KYC) verification.
  • Contact Information: Email address, phone number, and mailing address.
  • Financial Information: Bank account details for fiat-to-cryptocurrency transactions.
  • Transaction Information: Details of your transactions on the Platform, including amounts, dates, and types of digital assets.

1.2 Non-Personal Information

  • Device Information: Device type, operating system, IP address, and unique device identifiers.
  • Usage Data: Information about how you interact with the Platform, such as pages visited, features used, and time spent on the Platform.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance functionality and analyze usage patterns. You may manage cookie preferences through your browser settings.

2. How We Collect Information

We collect information through the following methods:

  • Directly from You: When you register, complete KYC verification, or provide bank account details.
  • Third-Party Service Providers:
    • SumSub: Our KYC provider, SumSub, collects and verifies identity information to ensure compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.
    • ZeroHash: Our payment provider, ZeroHash, collects user information through its Software Development Kit (SDK) to process fiat-to-cryptocurrency transactions and comply with regulatory requirements.
  • Automated Technologies: Through cookies, device information, and usage data collected during your interactions with the Platform.

3. How We Use Your Information

We use your information to:

  • Provide Services: Facilitate fiat-to-cryptocurrency transactions (e.g., conversion to stablecoins such as USDT), manage your account, and process payments.
  • Comply with Regulations: Conduct KYC verification through SumSub and ensure compliance with AML, CTF, and other regulatory requirements via ZeroHash.
  • Secure the Platform: Protect against fraud, unauthorized access, and other security risks using encryption and multi-factor authentication.
  • Improve User Experience: Analyze usage data to enhance Platform functionality and user interface.
  • Communicate with You: Send account-related notifications, updates, and respond to inquiries via email or phone.

4. How We Share Your Information

We share your information only as necessary to provide our services, comply with legal obligations, or with your consent. We do not sell your personal information. Sharing occurs with:

4.1 Third-Party Service Providers

  • ZeroHash: ZeroHash LLC and ZeroHash Liquidity Services LLC process fiat-to-cryptocurrency transactions and collect user information via their SDK for regulatory compliance. ZeroHash holds Money Transmitter Licenses (MTL) in all U.S. states and territories, including a virtual currency license from the New York State Department of Financial Services (NYDFS).
  • SumSub: SumSub conducts KYC verification to ensure compliance with AML and CTF regulations. SumSub adheres to CCPA and other data protection standards.

4.2 Legal and Regulatory Obligations

We may disclose your information to comply with legal obligations, such as responding to subpoenas, court orders, or requests from regulatory authorities (e.g., FinCEN, Florida Office of Financial Regulation).

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to a successor entity, subject to equivalent privacy protections.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption: Data is encrypted in transit and at rest using AES-256 or equivalent standards.
  • Segregation of Funds: User funds are held in segregated accounts, as required by regulatory standards.
  • Multi-Factor Authentication: We use multi-factor authentication to secure user accounts.
  • Regular Audits: We conduct regular security audits to identify and address vulnerabilities.

Despite these measures, no system is entirely immune to risks. Users should take precautions, such as safeguarding their login credentials and private keys.

6. Your Privacy Rights

Under the California Consumer Privacy Act (CCPA), California residents have the following rights:

  • Right to Know: Request details about the personal information we collect, use, or disclose.
  • Right to Delete: Request deletion of your personal information, subject to legal and regulatory obligations.
  • Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

For all users, additional rights are supported by applicable U.S. federal and state laws, including the Florida Information Protection Act, and, for international users, regulations like the EU General Data Protection Regulation (GDPR). To exercise these rights, contact us at compliance@andxus.io. We will respond within 45 days, as required by applicable regulations.

7. Data Retention

We retain personal information only as long as necessary to provide our services, comply with legal obligations, or resolve disputes. For example:

  • KYC data is retained as required by AML/CTF regulations (typically 5 years after account closure).
  • Transaction records are retained in accordance with FinCEN and state regulatory requirements.
  • Non-personal data may be retained indefinitely for analytical purposes, in anonymized form.

8. International Data Transfers

ANDX USA LLC is headquartered in Florida, USA. If you access our Platform from outside the U.S., your information may be transferred to and processed in the U.S., where data protection laws may differ. By using our Platform, you consent to such transfers.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance functionality and analyze usage. You can manage cookie preferences through your browser settings. Disabling cookies may limit certain Platform features.

10. Third-Party Links

Our Platform may contain links to third-party websites (e.g., ZeroHash). We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing information.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of material changes via email or through the Platform. The updated policy will be effective upon posting, with the “Last Updated” date revised.

12. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact our Data Protection Officer at: compliance@andxus.io

ANDX USA LLC
Email: support@andxus.io
Address: 7901 4th St N, Ste 300, St. Petersburg, FL 33702