Home Markets Trade Portfolio Dashboard

Privacy Policy

How NovaTrace collects, uses, and protects your personal data across our platform and services.

Last updated: March 1, 2026

Introduction

NovaTrace ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you use our cryptocurrency exchange platform, mobile applications, APIs, and related services (collectively, the "Services").

By accessing or using NovaTrace, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Services. We may update this policy from time to time, and any changes will be posted on this page with an updated revision date.

This policy applies to all users of NovaTrace worldwide. Depending on your jurisdiction, additional local privacy laws may apply, and we will comply with applicable regulations including but not limited to GDPR, CCPA, and other regional data protection frameworks.

Information We Collect

We collect several categories of information to provide and improve our Services:

Personal Identification Information

When you register for an account, we collect your full legal name, email address, phone number, date of birth, residential address, and nationality. For identity verification (KYC), we may also collect government-issued photo identification such as a passport, driver's license, or national ID card, along with proof of address documents.

Financial Information

To facilitate deposits, withdrawals, and trading, we collect bank account details, payment card information, cryptocurrency wallet addresses, and transaction history. This includes records of all trades executed on the platform, deposit and withdrawal history, and any fiat currency conversions.

Technical and Device Information

We automatically collect information about the devices and software you use to access NovaTrace, including your IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences. We also collect information about how you interact with our platform, including pages visited, features used, and timestamps of activity.

Biometric Data

For advanced identity verification, we may collect facial recognition data through selfie verification or liveness checks. This biometric data is used solely for identity verification purposes and is processed in accordance with applicable biometric data protection laws.

Communications

We retain copies of correspondence when you contact our support team, participate in surveys, or interact with us through social media channels. This includes chat transcripts, email communications, and any feedback you provide.

How We Use Your Data

NovaTrace uses the information we collect for the following purposes:

  • Account Management: To create, maintain, and secure your NovaTrace account, process transactions, and provide customer support.
  • Identity Verification: To verify your identity in compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations across applicable jurisdictions.
  • Trading Services: To execute trades, process deposits and withdrawals, calculate fees, and maintain accurate records of all financial transactions on the platform.
  • Security & Fraud Prevention: To detect, investigate, and prevent fraudulent activity, unauthorized access, and other security threats to protect both our users and the platform.
  • Regulatory Compliance: To comply with legal obligations, respond to lawful requests from regulatory authorities, and meet tax reporting requirements in applicable jurisdictions.
  • Platform Improvement: To analyze usage patterns, conduct research, and improve the functionality, performance, and user experience of our Services.
  • Communications: To send you important account notifications, security alerts, service updates, and, with your consent, marketing communications about new features and promotions.
  • Risk Management: To assess and manage trading risks, enforce trading limits, and maintain the stability of our exchange platform.

Data Sharing & Disclosure

NovaTrace does not sell your personal information to third parties. However, we may share your data in the following circumstances:

Service Providers: We share data with trusted third-party service providers who assist us in operating our platform, including cloud hosting providers, payment processors, identity verification services, and analytics providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Regulatory & Legal Compliance: We may disclose your information to regulatory authorities, law enforcement agencies, or government bodies when required by law, in response to a valid legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Blockchain Networks: When you execute cryptocurrency transactions, certain information such as wallet addresses and transaction amounts are recorded on public blockchain networks. These records are immutable and publicly accessible by design, and NovaTrace has no control over data stored on decentralized blockchains.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.

Data Security

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256 encryption standards.
  • Access Controls: We enforce strict role-based access controls, ensuring that only authorized personnel with a legitimate business need can access personal data. All access is logged and regularly audited.
  • Cold Storage: The majority of digital assets are stored in air-gapped, multi-signature cold storage wallets that are geographically distributed across secure facilities.
  • Two-Factor Authentication: We strongly recommend and support two-factor authentication (2FA) for all user accounts, including hardware security keys, authenticator apps, and SMS verification.
  • Regular Audits: We conduct regular security assessments, penetration testing, and vulnerability scans performed by independent third-party security firms.
  • Incident Response: We maintain a dedicated incident response team and a comprehensive breach notification protocol. In the event of a data breach, we will notify affected users and relevant authorities as required by law.

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We encourage you to take steps to protect your account credentials and report any suspicious activity immediately.

Cookies & Tracking Technologies

NovaTrace uses cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us understand how you interact with our Services and allow us to improve our offerings.

Types of Cookies We Use

Essential Cookies

Required for the platform to function properly. These cookies handle session management, authentication, security tokens, and load balancing. They cannot be disabled.

Analytics Cookies

Help us understand how users interact with our platform by collecting anonymized usage data such as page views, navigation patterns, and feature engagement metrics.

Preference Cookies

Remember your settings and preferences such as language, currency display, chart configurations, and trading interface layouts across sessions.

Marketing Cookies

Used to deliver relevant advertisements and measure the effectiveness of marketing campaigns. These cookies are optional and can be disabled at any time in your settings.

You can manage your cookie preferences through your browser settings or our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our platform.

Third-Party Services

Our platform integrates with various third-party services to provide a comprehensive trading experience. These integrations may involve sharing certain data with third parties, each governed by their own privacy policies:

  • Identity Verification Providers: We use third-party KYC/AML providers (such as Jumio, Onfido, or similar services) to verify user identities. These providers process your identification documents and biometric data according to their own privacy policies and applicable regulations.
  • Payment Processors: Fiat currency deposits and withdrawals are processed through licensed payment service providers and banking partners who handle your financial information in compliance with PCI DSS standards.
  • Analytics Services: We use analytics platforms to monitor platform performance and user behavior in aggregate. These services may collect anonymized technical data through cookies and similar technologies.
  • Cloud Infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure providers that maintain SOC 2 Type II and ISO 27001 certifications, ensuring the highest standards of data security and availability.
  • Communication Services: We use third-party services for email delivery, push notifications, and SMS messaging to communicate with you about your account and our Services.

We carefully vet all third-party providers and require them to maintain appropriate security measures and data protection standards. However, we are not responsible for the privacy practices of third-party services that you access independently.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you, including information about how it is processed and to whom it has been disclosed.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure: You may request that we delete your personal data, subject to our legal obligations to retain certain records for regulatory compliance purposes.
  • Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format and have it transferred to another service provider.
  • Right to Object: You may object to the processing of your personal data for direct marketing purposes or when processing is based on our legitimate interests.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer at privacy@novatrace.com. We will respond to your request within 30 days. Please note that certain rights may be limited by applicable laws, particularly where we are required to retain data for regulatory compliance.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations. The specific retention periods depend on the type of data and the applicable regulatory requirements:

  • Account Information: Retained for the duration of your account relationship and for a minimum of 5 years after account closure, as required by financial regulations.
  • Transaction Records: Retained for a minimum of 7 years from the date of each transaction to comply with tax reporting and anti-money laundering regulations.
  • KYC/Identity Documents: Retained for a minimum of 5 years after the end of the business relationship or the date of the last transaction, in accordance with AML regulations.
  • Communication Records: Customer support interactions are retained for 3 years for quality assurance and dispute resolution purposes.
  • Technical Logs: Server logs and security-related data are retained for up to 2 years for security monitoring and incident investigation purposes.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe from marketing communications, after which it is deleted within 30 days.

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you. We use industry-standard data destruction methods to ensure that deleted data cannot be recovered.

International Data Transfers

NovaTrace operates globally, and your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws in your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards to ensure that your personal data receives an adequate level of protection, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
  • Binding Corporate Rules for intra-group transfers of personal data.
  • Certification under recognized data protection frameworks where applicable.
  • Ensuring that recipient countries provide an adequate level of data protection as determined by relevant authorities.

By using our Services, you acknowledge and consent to the transfer and processing of your data in accordance with this Privacy Policy.

Children's Privacy

NovaTrace does not knowingly collect or solicit personal information from anyone under the age of 18 (or the age of legal majority in your jurisdiction). Our Services are not directed at children, and you must be at least 18 years old to create an account and use our platform.

If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information as quickly as possible. If you believe that a child has provided us with personal data, please contact us at privacy@novatrace.com.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Email

privacy@novatrace.com

Data Protection Officer

dpo@novatrace.com

Mailing Address

NovaTrace Ltd., 42 Blockchain Tower, Fintech District, Singapore 048946

We will acknowledge your inquiry within 48 hours and aim to resolve all privacy-related matters within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.