Privacy Policy

Last Updated: June 22, 2026

This Privacy Policy (Policy) outlines how we collect, use, share, and protect your personal data when you use our Platform. It is an integral part of the general Terms of Use that can be found at Terms. For comprehensive information regarding our use of cookies and similar tracking technologies, please refer to our Cookies Policy.

1. TERMS & DEFINITIONS

1.1. As used in this Policy, the following terms have the meaning set forth below.

Personal Data

Means any information relating to an identified or identifiable natural person that is collected, generated, received, stored, or otherwise processed by the Company in connection with the Platform and Services. Personal Data may include information provided directly by users, information collected automatically through the use of the Platform, information obtained during identity verification procedures, transaction-related information, and information received from third parties.

Personal Data Processing

Means a wide range of operations performed on Personal Data, including by manual or automated means the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.

Platform

The aggregate of the information, web forms, software and intellectual property (including computer software, databases, graphic interface design, content, etc.) belonging to the Company that is accessible from various devices of users connected to the Internet through a special software for viewing web pages (browser) under the domain “stealthex.io”, including the domains of the following levels.

Services

The suite of functionalities and offerings provided by the Company through its Platform, including but not limited to the instant, non-custodial exchange and swapping of digital assets and cryptocurrencies, related account management features, user support, and any associated tools or applications that enable users to transact directly and securely without the Company holding custody of their digital assets.

User, you

Any person conforming to eligibility requirements provided herein that has accepted these Terms and use Platform and Services.

We, Us, Our, Company and StealthEx

Means StealthEx and its affiliates responsible for operating the Platform and providing the Services. References to "we", "us" and "our" in this Privacy Policy refer to the entity responsible for collecting, using, storing, and protecting Personal Data in connection with the Platform and Services.

Where this Policy implements any terms that have not been defined above or under the remaining part of the document, such terms need to be understood in the way they are interpreted in the Terms and their Annexures, applicable laws and regulations and only as a last resort according to the common practice

2. CONSENT TO THE POLICY

2.1. By accessing and using the Platform, you:

a. Acknowledge that you have read, understood, and agreed to this Privacy Policy in its entirety;

b. Explicitly consent to the collection, processing, and storage of your Personal Data as described herein;

c. Recognize that continued use of the Platform constitutes ongoing acceptance of this Policy.

2.2. Should you disagree with any provision of this Policy, you must immediately discontinue all use of the Platform. Your sole remedy for non-acceptance is to cease accessing our services.

3. WHAT DATA COLLECTED

3.1. To facilitate your access to the Platform, we may request essential information about you. During your usage of the Platform and courses as well as other content, the following types of Personal Data may be collected:

Type

Personal Data

Legal basis of processing

Communication Data

Your email address;

Other contact details that you use to contact us.

Any information that you give by communicating with us, whether by email, online, or otherwise;

Performance of a contract between you and us

Automatically Collected Data

Technical information of your device:

Internet protocol (IP) address;

Browser type and version;

Time zone setting;

Browser plug-in types and versions;

Domain name;

Operating system and platform;

Platform usage Data:

Uniform Resource Locators (URL) clickstream to, through, and from partners (including date and time);

Pattern of your service use;

Page response times;

Download errors;

Time of visits to certain pages; 

Website navigation paths;

Language settings;

Methods used to browse away from the page.

Legitimate interests in monitoring and improving our website and services

Profile data

• Your full name; 

Gender; 

Date of birth;

Nationality (citizenship)

Phone number;

Country of residence;

Transaction details, such as asset type, exchange pair, date & timestamp, originating and destination wallet addresses

Performance of a contract between you and us, only where strictly necessary to facilitate transactions or comply with legal and regulatory obligations (e.g., AML/CTF requirements or fiat‑related services).

KYC Verification Data

Provided by you under our request where you fall under the conditions for KYC Verification, including but not limited to the following:

Government-issued identity documents such as passports, National identity card, Driver's license;

Proof of address document, such as utility bills, bank statement, or any other equivalent document.     

Any other information that is required for us to comply with legal obligations under CTF and AML regulations.

Performance of a contract between you and us, only where strictly necessary to facilitate transactions or comply with legal and regulatory obligations (e.g., AML/CTF) and/or Legitimate interest in protecting and asserting legal rights (ours, yours, or others') and in safeguarding our business against legal, operational, and reputational risks

This list is not exhaustive and may include other similar categories of data necessary to provide or improve our Services.

3.2. We are continually developing the Platform, and as new features are introduced, additional information may be requested for access. Providing us with any Personal Data is voluntary. However, if you choose not to share your Personal Data, we may not be able to serve you effectively or enable your access to the Platform and its functionalities.

4. HOW DATA COLLECTED

4.1. We may collect Personal Data from users in a variety of following ways:

Type

Collection Way

Communication Data

We get access to such Personal Data when you reach us for any questions to get customer support or for any other purposes (e.g. by email).

Automatically Collected Data

When you interact with the Platform, we may collect this Personal Data by using cookies and other similar technologies.

Profile data

Provided directly by you during account registration, KYC Verification, or when using the Platform's services; some information may also be obtained from third-party KYC/AML providers or partners.

KYC Verification Data

We receive such Personal Data directly from you, as well as obtain it from other sources based on the Personal Data we have.

5. HOW DATA USED

5.1. We collect the aforementioned Personal Data for the following purposes:

Type

Use Cases

Communication Data

To provide you with relevant feedback.

Automatically Collected Data

It helps us improve functionality, analyze performance, and deliver personalized content.

Contract Execution  & Profile data

To provide access to the Platform and its Services in accordance with the Terms of Use, fulfill contractual obligations, process transactions, ensure compliance with legal obligations, and enhance Platform security.

KYC Verification Data

To conduct enhanced KYC Verification and ensure safety of the Platform and our compliance to the AML and CTF regulations.

5.2. We will only use your Personal Data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court/enforceable orders. Where we need to use your Personal Data for an unrelated purpose, we will notify you, and we will explain the legal basis that allows us to do so.  

5.3. The way we sometimes, where necessary, analyse personal data relating to our Services involves profiling. This means that we process your personal data using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We also use profiling, or other automated methods, to make decisions about you that relate to the following:

AML/CTFs checks, where strictly required;

Identity and address checks, where strictly required;

Monitoring your activity for fraud and other financial crime, either to prevent you committing fraud, or to prevent you becoming a victim of fraud;

This is known as automated decision-making and is only allowed when we have a legal reason for this type of decision-making. We make automated decisions about you in the following circumstances if automated decisions are required by law, for example, to prevent fraud and financial crimes.

6. BLOCKCHAIN DATA

6.1. Due to the decentralized and transparent nature of blockchain networks (such as Ethereum and others), please be aware that your interactions with our Services may result in the public disclosure of certain transaction-related data. While the Company does not store or control blockchain data, the use of blockchain technology inherently involves the processing of publicly accessible information, including but not limited to:

i. Public blockchain wallet addresses;

ii. Transaction amounts;

iii. Token types;

iv. Timestamps;

v. Any additional metadata voluntarily included by users.

6.2. We do not collect or control your private keys or wallet credentials. These remain solely in your possession, stored locally on your device, and are never transmitted to or accessible by us. Your use of any blockchain (e.g., Ethereum) is entirely at your own discretion and subject to the terms and technological constraints of that blockchain network.

6.3. Because blockchain networks are publicly accessible and immutable, transactions recorded on them may be visible to anyone and may be analyzed or linked to your identity by third parties now or in the future. We cannot erase, modify, or control this data once published on a blockchain.

6.4. We may, however, use publicly available blockchain data, including on-chain analytics or intelligence data, for legitimate purposes such as:

i. Transaction analysis;

ii. Security monitoring and fraud detection;

iii. Compliance with applicable laws (e.g., AML/CTF- and sanctions-related regulations);

iv. Supporting law enforcement investigations, where legally required.

6.5. When such blockchain data is correlated with other data (e.g., IP addresses, device data, or KYC information), it may in some cases indirectly identify a user. In these instances, we handle such data in accordance with this Policy and applicable data protection laws.

6.6. We strongly encourage you to familiarize yourself with the privacy characteristics and transparency limitations of blockchain technology before interacting with our Platform or Services.

7. RETENTION PERIOD

7.1. We will retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required or permitted by law. The criteria used to determine the retention periods include:

a. The length of time we have an ongoing relationship with you.

b. Whether there is a legal obligation to which we are subject (e.g., certain laws require us to keep records of your transactions for a certain period before we can delete them, e.g. in accordance with AML/CTF obligations).

c. Whether retention is advisable considering our legal position (such as regarding applicable statutes of limitations, litigation, or regulatory investigations).

7.2. If the information is used for multiple purposes, we will retain it until the purpose with the longest applicable retention period expires. However, we will cease using the data for any purpose whose retention period has expired.

7.3. Once the purpose of retaining your Personal Data is fulfilled, we will securely delete or anonymize it.

8. LEGAL BASIS

8.1. The processing of Personal Data is conducted in strict accordance with applicable privacy laws and regulations, including the Costa Rican Law No. 8968 – Law for the Protection of the Person Regarding the Treatment of Personal Data, its associated regulations, the Terms, and our internal policies. We may implement additional safeguards where required by applicable law.

8.2. The legal grounds for Personal Data Processing include the following:

a. Your Consent: You provide us with consent for the processing of your Personal Data for specific purposes when using our Platform and in other cases as foreseen herein. The lawfulness of such processing is based on your consent. Granting consent is voluntary, and any consent given can be revoked at any time. Please note that the revocation shall only affect future processing; any processing carried out prior to the revocation will not be affected.

b. Contract Performance: This involves processing your Personal Data when necessary for the performance of a contract to which You are a party or to take steps at your request. This includes adherence to the Terms.

c. Our Legitimate Interest: Our interest is to conduct and manage our business affairs appropriately and responsibly, protect the reputation of our business, and provide you with the best possible and secure experience from interaction with the Platform.

d. Compliance with Legal Obligation: We process your Personal Data when necessary for compliance with a legal or regulatory obligation.

9. PRIVACY REQUESTS

9.1. We are committed to handling personal information responsibly and transparently.

9.2. Subject to applicable law and our legal, regulatory, compliance, fraud prevention, and record-keeping obligations, you may contact us to:

a. request information regarding the personal data we hold about you;

b. request correction of inaccurate or incomplete personal data;

c. request deletion of personal data that is no longer required for the purposes for which it was collected;

d. request that we stop using certain personal data where appropriate;

e. withdraw consent where processing is based solely on your consent.

9.3. We will review each request on a case-by-case basis and may request additional information to verify your identity before responding.

9.4. Please note that we may refuse, limit, or delay a request where retention or processing of personal data is required by applicable laws, anti-money laundering obligations, fraud prevention requirements, legal proceedings, regulatory requests, or other legitimate business purposes.

9.5. Nothing in this Policy shall be interpreted as granting rights beyond those available under applicable law.

10. CHILDREN’S DATA

10.1. The Platform and Services are intended for use by individuals who are at least eighteen (18) years old and are not directed at children under this age. We do not knowingly collect personal information from children under eighteen (18). If you believe that personal information of a child under eighteen (18) has been collected in error, please contact us promptly using the details provided in Section 17 (Contact Us).

11. SHARING YOUR PERSONAL DATA

11.1. There are instances when we need to share the Personal Data with third parties. Below is a list of limited third parties with whom we may share your Personal Data:

a. Partners, Suppliers, and Sub-contractors: We share Personal Data with business partners, suppliers, and sub-contractors to provide you with access to the Platform. All these entities are required to respect the security of your Personal Data, treat it in accordance with the law, and are not allowed to use it for their own purposes. They are permitted to process your Personal Data only for specified purposes and in accordance with our documented instructions.

b. Affiliated Entities: We may share your data with our group companies, including subsidiaries and our parent company, where necessary for internal administrative purposes and to provide Services in accordance with this Policy.

c. Professional Advisors and Insurers: We may disclose your personal data to our legal, financial, and insurance advisors where reasonably necessary for risk management, legal compliance, obtaining advice, or defending legal claims.

d. Courts, Government Authorities, and Law Enforcement Officials: We may share your Personal Data with courts, government authorities, and law enforcement officials when required by laws and regulations. We will share your Personal Data when necessary to lawfully carry out our business activities.

e. Analytics and Search Engine Providers: Personal Data may be shared with analytics and search engine providers that assist us in improving and optimizing the Platform.

f. Third-Party Services and Partners: If you access or use third-party services integrated into the Platform (as described in our Terms of Use), you may be required to share your personal data with those third parties. In such cases, your data will be subject to those third parties’ privacy policies and terms, and we bear no responsibility for their data practices.

g. Marketing and Sales Partners (with your consent): Where you have submitted an enquiry or given consent, we may share your data with third-party providers of goods and services so they can contact you with relevant offers. Each such third party acts as a separate controller or processor and will provide you with their own privacy policy when contacting you.

11.2. We assure you that we will not sell, exchange, or share your Personal Data with any third parties without your express consent.

12. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

12.1. In order to provide our services, prevent fraud, comply with legal obligations, and operate our business efficiently, we may transfer personal data to service providers, contractors, affiliates, advisers, and other third parties located in different jurisdictions.

12.2. Where such transfers occur, we implement reasonable contractual, technical, and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, misuse, or loss.

12.3. By using our services, you acknowledge that your personal data may be processed in countries that may have data protection laws different from those in your country of residence.

13. SECURITY

13.1. We have implemented a comprehensive set of technical and administrative measures to ensure the confidentiality, integrity, availability, and privacy of your Personal Data. These measures are designed to safeguard your Personal Data from loss, theft, unauthorized access, misuse, alteration, or destruction, aligning with industry best practices.

13.2. Our security measures include, but are not limited to:

a. Secure Sockets Layered (SSL) Technology: We employ SSL technology to fully encrypt and securely transmit your Personal Data over the Internet. This ensures that your information is protected during transmission.

b. Secure Coding Principles: Our implementation follows secure coding principles to fortify the integrity of our systems and applications.

c. Regular Penetration Testing: We conduct regular penetration testing to assess the resilience of our security measures and identify potential vulnerabilities.

d. Technical and Organizational Measures: We implement appropriate technical and organizational measures to protect your personal data. These include secure transmission protocols (such as HTTPS/TLS), access controls, data minimization, and regular security audits. While no system is completely secure, we are committed to maintaining a high standard of data protection.

13.3. While we implement stringent safeguards to protect your personal data, no electronic transmission over the Internet or information storage technology can be guaranteed to be completely secure. You acknowledge and accept that any data transmission occurs at your own risk.

13.4. Access credentials — such as passwords or similar authentication methods — may be provided in limited situations where necessary to enable secure interaction with the Platform, you agree to:

a. Maintain the confidentiality and security of these credentials and not disclose, share, or transfer them to any unauthorized third party; 

b. Promptly notify us at [email protected] if you suspect or become aware of any unauthorized use, loss, or security breach concerning your account or credentials;

c. Accept full responsibility for all activities and transactions conducted under your account until we receive your notification of any such unauthorized use or breach.

13.5. We maintain a formal Data Breach Response Plan to address suspected security incidents. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the competent authorities, regulators, or other authorities where required by applicable law.

14. EMPLOYEES

14.1. Access to personal data is limited to personnel, contractors, and service providers who require such access for legitimate business purposes and who are subject to appropriate confidentiality and security obligations.

14.2. The Company implements internal policies, procedures, and security measures designed to ensure that personal data is processed responsibly and in accordance with applicable legal requirements.

15. LINKS TO THIRD-PARTY WEBSITES

15.1. This Platform may contain links, content, advertisements, promotions, logos, and/or other materials to websites (Links) that are provided and controlled by third parties. Such third-party websites have their own personal data and privacy practices that may considerably differ from ours.

15.2. You agree that under no circumstances will you hold us liable for any loss or damage to you and your Personal Data caused by or resulting from any access to or use of third-party websites or resources through Links contained on our Platform.

15.3. We strongly advise you to review the privacy statements of all third-party websites before using them or submitting any Personal Data or other information through these websites.

16. AMENDMENT

16.1. This Policy is subject to revision, updates, and(or) amendments at any time without prior notice at the Company’s discretion. In case of amendments, the updated Policy date will be displayed on the first page of the Policy. It is your responsibility to stay informed of Policy amendments. 

16.2. By continuing to use the Platform after the revised Policy is published, you agree to be bound by its updated terms.

17. CONTACT US

17.1. If you have any complaints, feedback, or questions, please contact us at [email protected].

StealthEX.io uses cookies to ensure you get the best experience. Please read our cookies policy