In today’s digital-first world, protecting your personal data is more important than ever—especially when engaging with online platforms that manage sensitive financial and identity information. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you access or use the OKX platform, including its application programming interfaces (APIs), mobile applications, and related services (collectively referred to as the “Services”). By using the OKX platform, you acknowledge and agree to the practices described herein.
This policy was last updated on October 13, 2023, and applies globally, with specific considerations for users in regulated jurisdictions such as the European Economic Area (EEA), Singapore, Hong Kong, Brazil, and Mexico.
Who Controls Your Data?
The OKX group consists of multiple legal entities responsible for providing services in various regions. These entities act as data controllers for your personal information and are committed to upholding strict data protection standards.
- OKX Bahamas FinTech Company Limited: Serves Mexican residents who registered between November 16, 2022, and August 28, 2023, and institutional users registering after August 29, 2023.
- OKX Hong Kong FinTech Company Limited: Supports Hong Kong residents who registered on or after May 15, 2023.
- OKX Serviços Digitais Ltda.: Provides services to Brazilian residents registering on or after June 15, 2023.
- OKX SG Pte. Ltd.: Serves Singapore residents registering on or after October 13, 2023.
- Aux Cayes FinTech Co. Ltd.: Handles all other eligible users not covered by the above entities.
For privacy-related inquiries, each entity provides a dedicated Data Protection Officer (DPO) email address listed in our official documentation.
👉 Learn how your data is protected across global jurisdictions
Key Definitions
Understanding key terms helps clarify your rights and our responsibilities:
Digital Assets
Digital assets—also known as cryptocurrencies, virtual currencies, or digital commodities—include Bitcoin, Ethereum, and other blockchain-based tokens used as a medium of exchange or store of value. These operate through cryptographic protocols that may be centralized or decentralized, open-source or proprietary.
Personal Data
Personal data refers to any information that directly or indirectly identifies you. This includes your name, email address, phone number, government-issued ID numbers (e.g., passport or social security number), residential address, IP address, device identifiers, and other factors tied to your physical, economic, cultural, or social identity.
What Personal Data Do We Collect?
We collect personal data in several ways: during registration, through customer support interactions, marketing subscriptions, or automated tracking technologies like cookies.
For Individual Users:
- Email address and mobile number
- Full legal name (including aliases or local-language names)
- Nationality and date of birth
- Government-issued identification (e.g., passport, driver’s license)
- Residential address and proof of residence
- Social Security Number (SSN) or equivalent national ID
- Additional documents requested by our compliance team
For Institutional Users:
- Legal company name and registration details
- Names and identification of beneficial owners, directors, and legal representatives
- Business addresses and operational locations
- Proof of active business status
- Ownership structure (including individuals or entities holding 10% or more)
- Source of wealth and expected transaction volumes (fiat and digital assets)
We may also collect publicly available data or information provided via third-party verification services to ensure regulatory compliance.
Transferring Data Outside the European Economic Area (EEA)
We may process personal data collected from EEA-based users outside the region, particularly in Seychelles and other jurisdictions where our systems are hosted. To comply with GDPR requirements, we require explicit user consent before transferring EEA-originated data internationally.
If you're an EEA resident and withdraw consent for international data transfer:
- You can still withdraw your digital assets and fiat funds
- However, most platform functionalities will be disabled
This ensures compliance while safeguarding user autonomy over their personal information.
How We Use Your Personal Data
Your data enables us to deliver secure, personalized, and compliant services. We use it to:
- Manage account creation and verification processes
- Prevent fraud, money laundering, and terrorist financing
- Comply with legal obligations across operating jurisdictions
- Improve platform functionality and user experience
- Communicate service updates, security alerts, and policy changes
We may generate anonymized or aggregated data from your information for internal analytics and product development. Such data does not identify individuals and is used solely to enhance service delivery.
When We Share Your Data
While we do not sell personal data, we may share it under specific circumstances:
- Legal Compliance: In response to subpoenas, court orders, or government requests.
- Service Providers: With trusted partners handling payments, cloud storage, CRM systems, IT infrastructure, tax reporting, and customer support.
- Group Entities: Across OKX subsidiaries and affiliated companies for unified operations.
- Business Transfers: During mergers, acquisitions, or asset sales involving part or all of OKX.
- Professional Advisors: Including auditors, legal counsel, and accounting firms acting on our behalf.
We employ stringent contractual safeguards with all third parties to ensure data protection remains a top priority.
👉 See how OKX maintains transparency in data sharing practices
Data Storage and Security Measures
All collected data may be stored or processed outside Seychelles. Our global infrastructure allows efficient service delivery while adhering to international security standards.
To protect your information, we implement multiple layers of defense:
- SSL encryption for all communications
- Two-factor authentication (2FA) for every session
- Regular audits of data collection and processing procedures
- Strict access controls based on role necessity
- Mandatory confidentiality agreements for employees and vendors
These measures align with global best practices in cybersecurity and regulatory compliance.
Your Rights: Access, Correction & Deletion
You have the right to:
- Request a copy of your personal data
- Verify its accuracy and request corrections
- Ask for deletion under applicable laws
To exercise these rights, send an email titled “Data Request” to the relevant DPO contact listed in Section 2. We will verify your identity before fulfilling any request.
While we aim to respond free of charge, we reserve the right to levy reasonable fees for repetitive or excessive requests.
Marketing Communications
We may send promotional content about new products, features, or events via email or other channels. You can opt out at any time using the unsubscribe link in marketing messages or by contacting [email protected].
Note: Critical service notifications—such as policy updates or security alerts—are essential and cannot be opted out of.
Cookie Usage
When you visit the OKX platform, we use cookies—small text files stored on your device—to:
- Recognize returning users
- Analyze platform usage patterns
- Customize content and improve navigation
- Enhance security through anomaly detection
Most browsers accept cookies by default. You can disable them in your settings, though this may affect certain functionalities.
Cookies also support our BSA/AML (Bank Secrecy Act / Anti-Money Laundering) compliance efforts by monitoring suspicious account activities.
Frequently Asked Questions
Q: Is my personal data ever sold to third parties?
A: No. We do not sell or rent your personal information to marketers or external organizations.
Q: Can I close my account and delete my data completely?
A: Yes. You can request account deletion; however, we may retain certain data as required by law or for dispute resolution purposes.
Q: How long do you keep my data?
A: We retain personal data only as long as necessary to fulfill contractual obligations or meet legal requirements—typically several years post-account closure.
Q: What happens if I refuse data processing for compliance checks?
A: Verification is mandatory under global AML regulations. Failure to provide required information may result in restricted access or account suspension.
Q: Are my digital assets linked to my personal data?
A: Yes—know-your-customer (KYC) procedures link identity verification to wallet addresses to prevent illicit activity.
Q: How often is this privacy policy updated?
A: We review and update this policy periodically. Changes are posted on the platform with a revised effective date.
👉 Stay informed about the latest privacy updates
Policy Updates & Governing Language
We may revise this Privacy Policy at any time by posting an updated version on the OKX platform with a new effective date. Continued use of our Services constitutes acceptance of these changes.
In case of discrepancies between translations, the English version shall prevail.
By choosing OKX, you’re trusting a platform built on transparency, security, and regulatory compliance—where your privacy isn't an afterthought, but a foundation.