Last update: January 29, 2026

Privacy Policy

I. Introduction

PAX Markets USA, Inc. and PAX Markets International, Ltd., as applicable (collectively, "we," "us," "our", or "PAX") are committed to protecting the personal information of our customers and users of the www.pax.markets website ("Website") or our online platform. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our services ("Services"), such as when you:

  • Visit, sign up, or access our Website or our online platform
  • Download and use any application of ours that links to this Privacy Policy
  • Use or access any of our application programming interfaces ("APIs") or software development kits ("SDKs")
  • Engage with us in other related ways, including any sales, marketing, or events

Additionally, this Privacy Policy describes how and for which purposes we may use information we collect, where we store it, with whom we may share it, your choices and rights regarding such information, and how to contact us if you have any concerns.

If you do not agree with our policies and practices, please do not use our Services. By accessing or using our Website and any applicable Services, you agree to this Privacy Policy. Your continued use of our Website and Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates. We reserve the right in our sole discretion to change, modify, amend, or supplement this Privacy Policy from time to time.

When we say "you", we mean you or any individual whose personal information you provide, whether it's those who explore our Services or those who sign up for and access our Services. Before you provide information about an individual connected to your business to us, you must make sure that you have a lawful purpose or the agreement of the relevant individual and that they've been provided with this notice.

Please note that we do not control websites, applications, decentralized applications, networks, protocols, blockchains, or services operated by any third parties, and we are not responsible for their actions. We encourage you to review the privacy policies of other services you use to access or interact with our Services.

II. Scope of the Privacy Policy

This Privacy Policy applies to all users of our Website and those who access our online platform. We explain how we collect, use, store, and share personal data and business information in compliance with applicable laws and outline the rights of individuals located in the European Economic Area ("EEA"), the United Kingdom ("UK"), Switzerland, Bermuda, Brazil, and certain U.S. states, including, as applicable, under the General Data Protection Regulation ("GDPR"), the UK Data Protection Act 2018, Bermuda's Personal Information Protection Act 2016 ("BPIPA"), Brazil's General Personal Data Protection Law ("LGPD"), the California Consumer Privacy Act ("CCPA"), the Colorado Privacy Act ("CPA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Illinois Personal Information Protection Act ("ILPIPA"), and the New Jersey Consumer Privacy Act ("NJCPA").

III. Information We Collect

1. Categories of Information Collected

Personal Information Provided by You. We collect various types of personal information when you interact with our Services, including but not limited to:

  • Personal Identification Information: Names, addresses, email addresses, and other contact details.
  • Profile Information: Username and password that you may set to establish an online account with us.
  • KYC and Due Diligence Information: Identity verification data such as government-issued IDs (e.g., passports or driver's licenses), beneficial ownership details, and background checks to comply with Anti-Money Laundering ("AML"), Counter-Terrorism Financing ("CTF"), and sanctions obligations.
  • Biometric Information (Identity Verification; Liveness; Fraud Prevention). When you create an account or undergo identity verification, we and/or our identity verification service providers may collect and process biometric information and biometric identifiers, such as a scan of face geometry derived from a selfie image or video ("Biometric Data"), to verify your identity, confirm "liveness," prevent fraud, secure accounts, and comply with legal and regulatory obligations.
  • Financial Information: Bank account details, tax identification numbers, payment records, and transaction details.
  • Wallet Address: Your public wallet address, digital transaction information, and information related to cryptographic integrations.
  • Blockchain Data: Publicly available blockchain data.
  • Transaction Data: Data about transactions you complete on our platform, including blockchain addresses, currency (fiat and/or digital), payment method, timestamps, digital signatures, transaction amounts, and counterparties.
  • Device and Usage Data: Information collected through cookies and tracking technologies, such as IP addresses, browser types, operating systems, device identifiers, geolocation data, and website usage patterns.
  • Aggregated Data: Non-personally identifiable information derived from personal data, used for analytical and reporting purposes.
  • Feedback or Correspondence: Emails and information you provide when you contact us or otherwise correspond with us online.
  • Marketing Information: Your preferences for receiving communications about our activities, events, and publications.

Information You Provide When Using Our Services:

  • When you sign up for Services and/or login to our platform
  • When you execute trades or transactions on our exchange
  • When you deposit or withdraw digital assets or fiat currency
  • When you contact us (e.g., customer support)
  • When you subscribe to our email list

Information automatically collected. Some information—such as your IP address and/or browser and device characteristics—is collected automatically when you visit our Services.

We, our service providers, and third-party sources may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Log and Usage Data: Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
  • Device Data: Information about your computer, phone, tablet, or other device you use to access the Services.
  • Location Data: Information about your device's location, which can be either precise or imprecise.
  • Blockchain Data: We may analyze public blockchain data, including timestamps of transactions, transaction IDs, digital signatures, transaction amounts, and wallet addresses.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2. Biometric Data Notice; Consent; Retention and Destruction

A. Notice of Collection and Use of Biometric Data. We collect, store, and use Biometric Data only for: (i) identity verification and authentication; (ii) liveness testing; (iii) fraud prevention, security, and risk management; (iv) onboarding eligibility and account protection; and (v) complying with applicable laws and regulations.

B. Consent / Written Release. Where required by applicable law, we will obtain your informed, written consent (which may include an electronic signature or affirmative electronic action) before collecting or otherwise obtaining your Biometric Data. By submitting your Biometric Data and completing the identity verification process, you authorize us and our service providers to collect, store, use, and disclose your Biometric Data for the purposes described above.

C. Retention Schedule and Permanent Destruction. We do not retain Biometric Data longer than necessary for the purposes described above. Unless a longer period is required by law, court order, or a valid legal process, we will permanently destroy Biometric Data on or before the earliest of: (i) the date the initial purpose for collecting or obtaining the Biometric Data has been satisfied; (ii) twelve (12) months after the purpose for collection has expired; and (iii) three (3) years after your last interaction with us (for Texas residents, we will comply with the one-year destruction timing).

D. No Sale / No Profiting. We do not sell, lease, trade, or otherwise profit from Biometric Data.

E. Disclosure Limitations. We disclose Biometric Data only to service providers and processors that assist us with identity verification, security, fraud prevention, and compliance, and only for the purposes described in this Privacy Policy, unless disclosure is required or permitted by law.

F. Safeguards. We store, transmit, and protect Biometric Data using a reasonable standard of care within our industry and in a manner that is at least as protective as the manner in which we protect other confidential and sensitive information.

3. How We Collect Information

We collect data in several ways:

  • Directly From You: When you apply or register for our Services, provide information through forms, complete identity verification, or communicate with us.
  • Automatically Through Your Use of Our Services: When you use our Services or Website, we automatically collect data through cookies, server logs, and other tracking technologies.
  • From Third Parties: We may receive information from third-party services, such as identity verification providers, public databases, and financial institutions to meet our compliance requirements.
  • From Affiliates: We may obtain information about you from PAX affiliates as part of normal business practices or to adhere to applicable legal and regulatory requirements.
  • From public, on-chain data.

IV. How We Use Information

1. Primary Uses

We use your personal information for a variety of reasons, depending on how you interact with our Services or Website, including but not limited to:

  • Facilitate Transactions: Process trades, deposits, withdrawals, and other transactional services on our exchange.
  • Verify Your Identity: Conduct KYC/AML/CTF checks as required by law.
  • Facilitate account creation and authentication: Process your information so you can create and log in to your account.
  • Deliver Services: Provide you with the requested Services, present our Website and its contents to you.
  • Provide Support: Respond to your inquiries, offer technical assistance, and resolve issues.
  • Send information to you: Send you details about our products and services, changes to our terms and policies, and other similar information.
  • Improve Our Services: Conduct analytics, fraud detection, and performance optimization to enhance our platform functionality.
  • Third-Party Access: Provide tools such as APIs, SDKs, or other infrastructure for accessing our Services.
  • Protect our Services: Keep our Services and Website safe and secure, including preventing security incidents and fraud.
  • Identify usage trends: Better understand how our Services are used so we can improve them.

2. Legal and Regulatory Compliance

We use your information to comply with legal obligations, including:

  • Responding to Legal Requests: Access, read, preserve, and share your data to comply with applicable law, regulations, subpoenas, legal orders, and investigations from regulatory authorities or law enforcement.
  • AML and KYC Obligations: Verify your identity and conduct due diligence to comply with U.S. and international regulations.
  • Determine your legal eligibility: Carry out additional checks for certain regulated products or advanced trading activities.

3. Marketing Communications

We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You may opt-out of receiving these communications at any time by contacting us or using the unsubscribe option in the email.

4. Cookies and Performance Optimization

We use aggregated and anonymized data to:

  • Analyze Platform Performance: Understand how users interact with our platform and improve our services.
  • Enhance Security: Detect and mitigate fraud or suspicious activities.
  • Optimize User Experience: Tailor the website to your preferences based on your usage.

V. What Legal Basis Do We Rely On To Process Your Information?

We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, the GDPR and UK Data Protection Act 2018 require us to explain the valid legal bases we rely on in order to process your personal information:

  • Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

If you are located in Brazil and the LGPD applies to our processing of your personal information, we will process your personal information only where we have a legal basis to do so under the LGPD, including consent, compliance with legal or regulatory obligations, performance of a contract, and legitimate interests.

VI. Cookies and Tracking Technologies

We use cookies and similar technologies (like web beacons and pixels) to gather information about your interaction with our Website and Services. The types of cookies we use include:

  • Necessary Cookies: Essential for the core functionality of our services (e.g., to authenticate users or secure transactions).
  • Analytical Cookies: Help us understand how our users navigate and use the platform to improve performance.
  • Security Cookies: Provide protection against security threats by preventing fraudulent or malicious activity.
  • Tracking and Marketing Cookies: Track how you use our website and provide analytics to better target future communications.

You can control or disable cookies through your browser settings, but please note that disabling some cookies may limit the functionality of our platform or services.

VII. Information Sharing

We do not sell your personal data. However, we share information with third parties only when necessary:

  • Affiliates. We may share your personal information with our affiliates for purposes consistent with this Privacy Policy.
  • Service providers, processors, contractors and other third parties: Third parties that we use to support our Services and who are bound by contractual obligations to keep personal information confidential. This includes identity verification providers, IT infrastructure providers, and our token custodians.
  • Legal compliance, fraud prevention, and safety: If we believe disclosure is necessary or appropriate to protect our rights, property, or safety, or if required by law.
  • Financial Institutions: Your data may be shared with banks or financial institutions as part of transaction processing.

VIII. International Transfers of Data

We may transfer, store, and process your information in countries other than your own. Our servers are located in various regions, including but not limited to the United States and Japan. If you are accessing our Services from outside these regions, please be aware that your information may be transferred to, stored, and processed in these or other jurisdictions.

For users located in the EEA, UK, or Switzerland, we use measures such as Standard Contractual Clauses ("SCCs") and adequacy decisions to ensure the protection of personal data transferred internationally.

For users located in Brazil, we will only carry out international transfers of personal data in accordance with the LGPD and applicable ANPD regulations.

For users located in Bermuda, we assess the level of protection afforded by the overseas third party and take appropriate steps to ensure compliance with BPIPA.

IX. Data Protection for Customers in the EEA, UK, Switzerland, and Bermuda

For individuals in the EEA, UK, and Switzerland, we comply with GDPR, the UK Data Protection Act 2018, and the Swiss Federal Act on Data Protection. You have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to any inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): Request that we delete your personal data, subject to legal or regulatory obligations.
  • Right to Restrict Processing: Request that we limit the processing of your data in specific situations.
  • Right to Data Portability: Request the transfer of your personal data to a third party.
  • Right to Object: Object to our processing of your data for specific purposes, such as direct marketing.

To exercise any of these rights, please contact us via the details in Section XIV.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us at [email protected].

Notice to Bermuda Users: Individuals in Bermuda are entitled under BPIPA to request access to personal information, request corrections, request cessation of use for marketing purposes, request erasure, be informed of personal information breaches, and complain to the Privacy Commissioner.

Notice to Brazil Users (LGPD): For individuals located in Brazil, you have rights under the LGPD including confirmation and access, correction, anonymization/blocking/deletion, data portability, deletion of consent-based data, information about sharing, and the right to withdraw consent. You may exercise your rights by contacting us at [email protected] with "LGPD Request" in the subject line.

X. State Privacy Rights

We comply with privacy requirements across the U.S. We may collect categories of personal information including identifiers, personal information, biometric information, commercial information, internet activity, geolocation data, and sensitive personal information.

We do not disclose, sell, or share any personal information to third parties for profit or commercial purposes.

California: For customers located in California, we comply with the CCPA as amended by the CPRA. California residents have rights including the right to know, delete, opt-out of sale, correct, and limit use of sensitive data.

Colorado: For customers located in Colorado, we comply with the CPA. Colorado residents have rights including the right to opt-out, access, correct, delete, and data portability.

Illinois: In Illinois, we comply with ILPIPA. Illinois Biometric Information Privacy Act ("BIPA") Notice: If you are an Illinois resident, this Privacy Policy informs you that Biometric Data is being collected or stored and the specific purpose and length of term for which it is being used.

New Jersey: For customers in New Jersey, we observe the NJCPA with rights including notice, access, correction, deletion, and opt-out.

Texas: If you are a Texas resident, we may capture biometric identifiers for identity verification and fraud prevention and will destroy them within one (1) year after the purpose for collection has expired.

Virginia: For customers in Virginia, we adhere to the VCDPA with rights including access, correct, delete, data portability, and opt-out.

Washington State: If you are a Washington resident, our identity verification process may "enroll" a biometric identifier for identity verification, fraud prevention, and account security.

To exercise your rights, contact us at [email protected].

XI. How We Protect Personal Data and Data Retention

We implement advanced security measures to protect your data, including:

  • Encryption: All data is encrypted in transit and at rest.
  • Access Controls: We limit access to personal data to authorized personnel only.
  • Security Audits: Regular audits are conducted to ensure compliance with cybersecurity requirements.
  • Incident Response Plan: We have a plan in place to address data breaches and other security incidents quickly.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law:

  • KYC Data: Retained for the duration of the business relationship and five years afterward, as required by AML/CTF laws.
  • Transactional Data: Retained for a minimum of five years, as mandated by regulatory requirements.
  • Aggregated Data: Retained indefinitely for reporting and analytics purposes, as it does not identify specific individuals.

XII. Do We Collect Information From Minors?

We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

XIII. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our platform. The latest version of this Privacy Policy will be posted on our website.

XIV. Questions About This Privacy Policy

If you have any questions, concerns, or requests regarding this Privacy Policy or your data protection rights, please contact us:

PAX Markets USA, Inc.
626 Jefferson Ave, Suite 6
Redwood City, CA 94063
Email: [email protected]

PAX Markets International, Ltd.
Park Place, 55 Par La Ville Road, Third Floor
Hamilton HM 11, Bermuda
Email: [email protected]