Privacy Policy

Crosbit LTD · London, United Kingdom · Last updated: 11 June 2026

This Privacy Policy describes how Crosbit LTD ("Crosbit", "we") collects, uses and protects your personal data when you use the Crosbit mobile application and related services (the "Service").

1. Data we collect

Account data: e-mail, name, surname, nickname, phone and date of birth provided on registration or in your profile.

Verification (KYC) data: for merchant accounts — identity and company information (legal name, country, registration numbers, identity document details) as required by anti-money-laundering regulations.

Transaction data: requests, replies, orders, amounts, currencies, cities and statuses created in the marketplace.

Technical data: device identifiers, IP address, app version, language and approximate location (with your permission) — used for security, fraud prevention and service integrity.

Content: posts, comments and media you publish, and evidence attached to appeals.

2. How we use data

To provide the Service: matching requests with merchant replies, executing orders, moderating merchants and points, resolving appeals, charging the platform commission, preventing fraud and abuse, complying with legal obligations and improving the product.

3. Legal bases

Performance of a contract, compliance with legal obligations (AML/KYC) and legitimate interests (security, fraud prevention, analytics). Where required, we ask for consent (e.g. location access).

4. Sharing

We share data only with the counterparty of your order to the extent necessary to complete it, with service providers under data-processing agreements, and with competent authorities where required by law. We do not sell personal data.

5. Storage and security

Data is stored on secured infrastructure within the EU with encryption in transit and at rest, role-based access controls and row-level security. KYC documents are restricted to the compliance team.

6. Retention

Account data is kept while your account is active. KYC and transaction records are retained as required by AML regulations (typically 5 years after the relationship ends), then deleted or anonymised.

7. Your rights

You may access, correct, export or delete your personal data, object to or restrict processing, and lodge a complaint with the UK Information Commissioner’s Office (ICO). You can delete your account in Profile → Delete account; deletion is irreversible.

Contact: support@crosbit.app · privacy@crosbit.app