Flex Exchange

Privacy Policy

Last updated: 17 September 2025

We designed Flex Exchange to collect as little personal data as possible. This page explains what we do—and don’t—collect and how we handle it.

1) Who we are

Flex Exchange (the “Service”) provides online software for digital‑asset trading. This page describes how we handle personal data for the Service.

Primary contact: support@flexex.io

Privacy contact: privacy@flexex.io

2) What we do NOT do

No KYC

We do not ask for passports, IDs, selfies, or proof of address.

No cookies

We set no browser cookies (including analytics or marketing cookies).

No third‑party ad tracking

No tracking pixels, fingerprinting scripts, or cross‑site advertising beacons.

No marketing email lists

We don’t auto‑subscribe you to newsletters.

3) Data we collect (minimal)

A. You provide

  • Account: email and password (stored as a one‑way hash).
  • Two‑factor (optional): TOTP secret if you enable 2FA (stored securely).
  • Support: messages and attachments you send to support@flexex.io.

B. Collected automatically (kept minimal)

  • Basic server logs: timestamp, IP address, and requested paths to operate the service and prevent abuse (short retention; see Retention).
  • Operational metrics: aggregate performance and reliability measurements (without cookies).

C. Public blockchains

When you deposit, withdraw, or interact on‑chain, related transaction data is public and permanent on the relevant blockchain network(s).

4) On‑device storage (we don’t receive)

To make the app fast and responsive, your browser may store data locally on your device that we do not receive, such as:

  • price‑chart caches (IndexedDB/Dexie),
  • UI preferences (theme, language),
  • temporary state needed for smooth navigation.

You can clear this anytime in your browser settings.

5) Cookies & tracking

We set no cookies. We do not use third‑party analytics, advertising cookies, tracking pixels, or browser fingerprinting.

6) How we share data

We don’t share your data. We never sell, rent, or exchange personal data, and we don’t use third-party analytics or advertising. We may disclose information only if required by law or to protect the security of the service and its users.

7) Data retention

  • Account data: kept while your account is active; deleted upon verified request or account closure (subject to operational needs such as abuse prevention).
  • Server logs: kept for a short period (typically 30–90 days) for security and reliability, then deleted or anonymized.
  • Support threads: kept as long as needed to handle your request and for a short audit period.
  • On‑chain records: controlled by the blockchain network and may be permanent.

8) Security

  • encryption in transit (TLS),
  • hashed passwords and optional 2FA,
  • least‑privilege access and basic monitoring.

No system is perfectly secure. If we discover a breach that affects you, we will notify you when feasible.

9) Your choices & rights

  • Delete: you can request deletion of your account and associated data we control.
  • Corrections: update your email or settings where available.

Rights vary by region. Where laws like GDPR/CCPA apply, we aim to honor those rights. Contact privacy@flexex.io.

10) Changes to this Policy

If we change how we process data, we will update this page and adjust the “Last updated” date.

11) Contact us

Questions about privacy? Email privacy@flexex.io. For general support, use support@flexex.io.

Anti‑scam note: we will never ask for your password, 2FA codes, or private keys.

Back to top