SotaEx Logo SotaEx

Privacy Policy

Last Updated: 2025年9月12日

Overview

This Privacy Policy explains how SotaEx Wallet (the "Platform", "we", "us") collects, uses, discloses, transfers and protects personal information when you access or use our services (the "Services"). By creating an account or using the Services, you acknowledge that you have read this Policy. Where required by applicable law, we will rely on your explicit consent for specific processing activities and you may withdraw your consent at any time as described below.

This Policy applies to all Services provided on or through the Platform. It should be read together with our User Agreement and any product-specific notices we provide at the time of data collection. For users in India, this Policy is designed to align with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules, as well as the Information Technology rules on reasonable security practices, as amended from time to time. References to “you” as a data principal and to SotaEx as a data fiduciary are used where required by Indian law.

Definitions

  • Personal Information: Any information that relates to an identified or identifiable individual, including identification data, contact details, identifiers, and online identifiers.
  • Usage Information: Information about how you interact with the Platform and Services (e.g., device information, logs, IP address, transactions, page interactions).
  • KYC/Verification Providers: Third-party service providers engaged to perform identity verification, anti-money laundering (AML) and countering the financing of terrorism (CFT) checks, which may include biometric comparisons of your selfie or video with your identification documents.
  • Processing: Any operation performed on Personal Information, such as collection, storage, use, disclosure, transfer, retention or deletion.

Information We Collect and How We Use It

1) Identification Information

When you register and use the Services, we may collect your name, valid email address, and any information necessary to enable account creation, secure access, and regulatory compliance, including identity verification.

2) Usage Information

We collect information relating to your use of the Services, including account balances, trading activity, deposits, withdrawals, device and browser information, IP address, logs, location (if enabled), interactions with our support, and survey responses.

3) Third-Party Information

We may receive information about you from third parties such as banks, analytics providers, identity verification partners, public databases, credit bureaus, and authorities as permitted by law and subject to your consent where required.

Purposes of Use

  • Provide, operate, maintain and improve the Services.
  • Register and secure your account; protect the integrity and security of the Platform.
  • Comply with legal and regulatory obligations, including AML/CFT and identity verification.
  • Process transactions, provide customer support, and communicate important updates.
  • Conduct analytics and internal business operations.
  • With your consent, send marketing communications and conduct surveys.

We apply data minimization and collect only what is reasonably necessary for the purposes described.

Cookies and Similar Technologies

We use cookies and similar technologies to recognize you, remember your preferences, and analyze how the Services are used. We will not use non-essential cookies (e.g., analytics/marketing) without your consent where required by law. You can manage cookie preferences via your browser settings and, where available, through in-product settings. Disabling certain cookies may impact functionality.

Sharing and Disclosure

  • Affiliates and Service Providers: We share Personal Information with our affiliates and trusted providers that perform services on our behalf (e.g., KYC/verification, payments, analytics, cloud hosting, security). They are bound by contractual obligations to process data only for specified purposes and to implement appropriate safeguards.
  • Compliance and Legal Requests: We may disclose information when required by applicable laws or to respond to valid legal requests by public authorities, including to meet national security or law enforcement requirements.
  • Safety, Security, and Integrity: We may disclose information when necessary to protect our users, the Platform, or to prevent fraud and abuse.
  • Business Transfers: In connection with a merger, acquisition, or asset sale, your information may be transferred as permitted by law, subject to continued protections.

We do not sell Personal Information.

Security

We implement organizational, technical and physical safeguards to protect Personal Information, including access controls, encryption in transit and at rest where appropriate, security monitoring, and staff training. While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and enabling additional security controls such as two-factor authentication.

Data Retention

We retain Personal Information for as long as necessary to fulfill the purposes described in this Policy, to comply with legal, regulatory or compliance requirements (including AML/KYC obligations), to resolve disputes, and to enforce our agreements. Retention periods may vary by data category and jurisdiction. Where feasible, we will anonymize or securely delete data that is no longer needed.

Your Rights and Choices

Subject to applicable laws, you may have the right to:

  • Request access to your Personal Information and obtain a copy.
  • Request correction of inaccurate or incomplete Personal Information.
  • Request deletion of your Personal Information when it is no longer necessary or when required by law.
  • Withdraw consent for processing where processing is based on consent.
  • Object to or request restriction of certain processing.
  • Request data portability where applicable.
  • Nominate an individual to exercise your rights on your behalf in the event of incapacity or death, where supported.

We may request information to verify your identity before processing your request. We will respond within 15 days or within such other period as permitted by applicable law. Requests may be declined where an exception applies (e.g., legal obligations). We do not charge fees for ordinary requests; a reasonable fee may be charged for repetitive or manifestly unfounded requests as permitted by law. Where supported by law or product capability, you may also route or manage consent through a consent manager.

Children and Age Restrictions

The Services are intended for individuals 18 years and older and are not directed to children. We do not knowingly process Personal Information of children (under 18) without verifiable consent as required by applicable law. We do not undertake targeted advertising or tracking directed at children, and we will delete children’s data upon verified notice, subject to legal retention requirements.

International Transfers

Your Personal Information may be transferred to and processed in countries other than your own. We implement appropriate safeguards and comply with applicable legal requirements for cross‑border transfers. For India, we comply with transfer conditions under the DPDP Act and any notified restrictions or whitelists by competent authorities, and ensure recipients provide a level of protection comparable to that required by applicable laws.

Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights, we will notify competent authorities and affected individuals as required by applicable laws. In India, we will follow the timelines and processes prescribed under applicable laws and notify the appropriate authority (including the Data Protection Board of India when required) and affected users, and take steps to mitigate potential harm.

Grievance Officer and Contact

If you have questions, concerns, or wish to exercise your rights, please contact our Grievance Officer:

  • Team: SotaEx Legal
  • Email: legal@sotaex.com
  • Response time: We aim to respond within 15 days, unless a different period is required by law.

Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated Policy on the Platform and adjust the "Last Updated" date above. Where required by law, we will provide additional notice or seek your consent for material changes.

India-specific Disclosures

  • Legal Framework: We align with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules, and observe relevant Information Technology rules on reasonable security practices.
  • Notice and Consent: We provide clear notices describing purposes and seek consent where required. You may withdraw consent at any time via the contact above or, where supported, via in‑product settings or a consent manager.
  • Legitimate Uses: We may process data without consent where permitted by law (e.g., compliance with legal obligations, responding to lawful requests, prevention and detection of fraud or offenses, or for employment‑related purposes), subject to safeguards.
  • Children: For individuals under 18, we obtain verifiable consent as required by law and do not undertake tracking or targeted advertising directed at children.
  • Data Principal Rights: You may request access, correction, erasure, grievance redressal, and nominate an individual to exercise your rights on incapacity or death, subject to verification and legal limitations.
  • Security and Breach Response: We implement reasonable security practices and will notify as required by law in the event of a personal data breach.
  • Cross‑border Transfers: We follow any government‑notified transfer restrictions and ensure comparable protection by recipients where applicable.
  • Retention: We retain data only for as long as needed for the stated purposes or as required by law, and delete or anonymize thereafter where feasible.