Introduction

Thank you for visiting the OKX Platform. As a data controller, the relevant OKX entity provides this Privacy Notice to outline how we collect, store, use, disclose, and otherwise process your Personal Data. By accessing or using the OKX Platform—including its application programming interfaces (APIs) and mobile applications—you acknowledge that you have read and understood this Privacy Notice, consent to its terms, and confirm that you have the legal capacity to do so.

This document explains what personal information we collect, why we collect it, how it is used and protected, with whom it may be shared, your rights regarding your data, and how to contact us about privacy-related matters. If you do not agree with these practices, please refrain from using the OKX Platform and any services offered through it.

👉 Discover how OKX safeguards your data with advanced security protocols

Controller and Contact Information

The OKX group consists of multiple legal entities responsible for handling your personal data depending on your jurisdiction. These entities act as data controllers when determining the purposes and methods of processing your information.

• OKX Bahamas FinTech Company Limited: For users residing in Mexico who registered between November 16, 2022, and August 28, 2023, or institutional users registering on or after August 29, 2023.
• OKX Serviços Digitais Ltda.: For Brazilian residents registering on or after June 15, 2023.
• OKX SG Pte. Ltd.: For Singaporean or Bruneian residents registering on or after October 13, 2023.
• Aux Cayes FinTech Co. Ltd.: For all other users not covered above.
• OKX Australia Pty Ltd and OKX Australia Pty Financial Ltd: For customers who have entered into contracts with these Australian entities.
• OKCoin USA Inc: For users under contract with this U.S.-based entity.

For privacy inquiries, contact [email protected] or reach out via postal mail using the addresses listed per entity.

Definitions

• Data Protection Officer (DPO): The designated officer responsible for overseeing compliance with data protection laws.
• Personal Data: Any information relating to an identifiable individual, such as name, ID number, email, location, or online identifiers. Anonymous data is excluded.
• Sensitive Information: Data revealing racial origin, political opinions, religious beliefs, biometric data, health status, or criminal records.

What Personal Data We Collect and How

We collect Personal Data directly from you during registration, transactions, customer support interactions, marketing subscriptions, or device usage on our platform. This includes:

• Identity details: Name, date of birth, address, government-issued ID
• Institutional data: Corporate registration, beneficial ownership
• Financial information: Bank accounts, credit/debit card numbers
• Transaction records: Activity logs and commercial history
• Device data: IP address, MAC address, geolocation, device fingerprint
• Optional inputs: Avatar, nickname, or handle

We may also obtain data from third parties like identity verification services (e.g., Jumio, Sumsub), marketing partners, or analytics providers. We ensure these partners comply with applicable privacy regulations.

We do not collect Sensitive Information without explicit consent unless required by law—for instance, to prevent fraud or comply with regulatory mandates.

👉 See how identity verification enhances platform safety and trust

Unsolicited Personal Data

If we receive unsolicited personal information about you, we will either destroy it or de-identify it unless it aligns with our stated data processing purposes. If integrated with existing records, it will be managed under the same privacy standards.

Who We Collect Data About

Our data collection covers users, potential users, service providers, suppliers, job applicants, employees, contractors, and other individuals interacting with OKX.

How We Use Your Personal Data

We process your Personal Data for the following primary purposes:

• Service Delivery: To provide account access, process transactions, and fulfill contractual obligations.
• Fraud Prevention: Detect and block suspicious activities.
• Security Protection: Monitor device behavior and account access patterns.
• Customer Support: Respond to inquiries and resolve issues efficiently.
• Service Improvement: Analyze usage trends to enhance user experience.
• Marketing Communications: Share product updates and promotions—only with consent.
• Social Features: Enable contact integration for peer-to-peer interactions (with permission).
• Legal Compliance: Fulfill anti-money laundering (AML), know-your-customer (KYC), and reporting duties.

We may also process data without consent under specific legal bases:

• Performance of a contract
• Legal obligation
• Protection of vital interests
• Public interest
• Legitimate business interests

Disclosure of Personal Data

We may share your data with:

• Affiliated companies within the OKX group
• Trusted service providers (e.g., payment processors, IT infrastructure)
• Regulatory authorities upon lawful request
• Legal advisors during disputes or investigations
• Third parties involved in corporate transactions (e.g., mergers)

Third-party processors are bound by strict confidentiality agreements and may only use your data for specified purposes. We employ rigorous due diligence to prevent money laundering and terrorism financing.

Identity verification is conducted via trusted providers such as Au10tix, Jumio, and Sumsub. These services may process biometric data solely for authentication purposes.

Data Storage Practices

Your Personal Data is stored securely in internal databases or with vetted third-party storage providers. We implement encryption, access controls, and regular audits to protect against unauthorized access or loss.

Data may be transferred outside your country of residence—for example, to Malaysia, Vietnam, or Argentina—where we operate or partner with service providers. Such transfers are governed by contractual safeguards ensuring protection equivalent to this Privacy Notice.

We retain your data only as long as necessary: for service provision, legal compliance (e.g., AML recordkeeping), or legitimate business needs. Even after account closure, certain records may be preserved per regulatory requirements.

International Data Transfers

Given our global operations, your data may be processed in jurisdictions beyond your own. While local privacy laws may differ, we ensure all cross-border transfers meet applicable legal standards through binding agreements and compliance frameworks.

You acknowledge and consent to such international processing when engaging with OKX electronically.

Your Rights: Access, Correction & Deletion

You have the right to:

• Access your Personal Data
• Correct inaccuracies
• Request deletion (subject to legal exceptions)

We respond to verified requests within 30 days. Identity verification is required before disclosure. To exercise your rights, email [email protected] with “DATA INQUIRY REQUEST” in the subject line.

Frequently Asked Questions

Q: Can I remain anonymous while using OKX?
A: No. Due to regulatory requirements like KYC and AML checks, we require verified identity information to provide our services.

Q: Do I need to give consent for all data processing?
A: Not always. While marketing uses require consent, core services rely on contractual necessity or legal obligations.

Q: How does OKX protect my financial information?
A: We use tokenization and work with secure payment processors. Full financial details are not stored on our systems.

Q: What happens if there's a data breach?
A: We have incident response protocols in place. In case of a notifiable breach under laws like Singapore’s PDPA, we will inform affected users promptly.

Q: Can I opt out of marketing emails?
A: Yes. Use the unsubscribe link in any marketing message or contact customer support.

Q: Is my biometric data stored by OKX?
A: No. Biometric templates generated during identity verification are handled by third-party providers and not retained by OKX.

Children’s Privacy

We do not knowingly collect or serve individuals under 18 years of age. If underage usage is detected, we will promptly delete associated data. Please report any such instances to help us maintain compliance.

Marketing Communications

We send promotional content only with your consent and provide easy opt-out options via unsubscribe links. Operational messages—such as policy updates or transaction alerts—are essential and cannot be disabled.

Cookie Usage

We use cookies to improve site functionality and user experience. Types include:

• Session Cookies: Temporary, deleted upon browser closure
• Persistent Cookies: Remain until expiry

Cookies help remember preferences, analyze traffic patterns, detect fraud, and ensure secure logins. You can manage cookie settings via your browser, though disabling them may affect service functionality.

Information Security

We employ industry-standard safeguards:

• End-to-end encryption
• Mandatory two-factor authentication (2FA)
• Regular security audits
• Need-to-know access restrictions

For security concerns, email us with “INFORMATION SECURITY REQUEST” in the subject line.

Jurisdiction-Specific Addendums

European Residents (GDPR)

If located in the EEA, you benefit from GDPR protections:

• Right to access, correct, delete, or restrict processing
• Right to data portability
• Right to object to automated decision-making
• Right to lodge complaints with supervisory authorities

Data transfers outside the EEA follow EU-approved mechanisms like Standard Contractual Clauses (SCCs).

Singapore Residents (PDPA)

Under Singapore’s PDPA:

• Cross-border transfers require comparable protection levels
• Notifiable breaches are reported to both PDPC and affected users
• Third-party processors must comply with strict handling instructions

Australian Customers

For Australian users:

• Deletion rights are limited due to AML obligations
• Overseas disclosures occur for operational and compliance reasons
• Complaints are acknowledged within 2 working days and resolved within 30 days
• Unresolved issues may be escalated to the OAIC

U.S. State Privacy Rights (CPRA, CTDPA, CDPA, UCPA, CPA)

Eligible U.S. consumers may:

• Access or delete their data
• Opt out of targeted advertising
• Request data portability
• Appeal denials of requests

Note: We do not respond to “Do Not Track” signals but adhere to state-specific opt-out mechanisms.

👉 Learn more about regional privacy protections and your rights as a user

Changes to This Privacy Notice

We may update this notice periodically. The latest version will be posted on the OKX Platform with the effective date. Continued use constitutes acceptance of changes.

Language Version Control

This Privacy Notice may be available in multiple languages. In case of discrepancies, the English version prevails.

Contact Us

For questions or concerns regarding this Privacy Notice or your personal data, email [email protected] with “PRIVACY REQUEST” in the subject line.