Privacy policy
Effective June 15, 2026
1. Who we are
NexaCapitalPro operates the digital-asset investment platform available at nexacapitalpro.com. This policy explains what personal and financial information we collect, how we use and protect it, and the rights you have over it.
2. Information we collect
Account: email, password hash, OAuth identifiers, full name, profile photo, referral code. Financial: wallet balance, deposit and withdrawal records, on-chain transaction hashes, investment subscriptions, referral commissions. Identity verification (when requested): government-issued ID, selfie, proof of address. Operational: device, browser, IP address, approximate location, session and security event logs. Support: ticket content and attachments.
3. How we use this information
Provide and secure the service (authentication, account, portfolio, transactions). Verify on-chain deposits and process withdrawals. Detect and prevent fraud, money laundering, sanctions evasion, and abuse. Meet legal and regulatory obligations, including KYC/AML record-keeping. Communicate transactional notifications and respond to support requests. Improve performance and reliability with aggregated analytics.
4. Legal basis (GDPR)
We process your data to perform the contract you enter into with us, to comply with legal obligations, to protect our legitimate interests in operating a secure platform, and, where required, with your consent (for example, optional analytics or marketing).
5. Sharing with third parties
We share only what is needed with: cloud infrastructure providers, authentication providers, payment-related compliance vendors (sanctions and chain-analysis screening), blockchain data providers, customer-support tooling, and email delivery. We do not sell personal information. We never share your password or full ID documents with any party that does not require them for the service. Government or regulatory disclosure is only made when legally compelled.
6. Cookies and analytics
We use strictly necessary cookies to keep you signed in and to protect your session. Optional analytics or product-improvement cookies are only set if you accept them via the privacy banner. You can change your choice at any time.
7. Data retention
Account and financial records are retained for the life of the account and for any period required by law (typically up to seven years for financial records). Identity-verification documents are retained for the regulatory minimum. Security logs are retained for up to twenty-four months. After retention, records are deleted or anonymized.
8. International transfers
Your data may be processed in countries other than your own. Where required, we use approved transfer mechanisms (such as Standard Contractual Clauses) to protect it.
9. Your rights
Depending on your jurisdiction, you have the right to access, correct, export, restrict, or delete your personal data; to object to certain processing; and to withdraw consent. EU/UK residents may lodge a complaint with their local data-protection authority. California residents have rights under the CCPA, including the right to know and the right to delete. To exercise any right, contact us via the support flow.
10. Security
Access is restricted by account identity and role. Data is encrypted in transit and at rest. Service-role keys are kept server-side and never shipped to the browser. Sensitive actions require re-authentication. We continuously monitor for suspicious activity and respond to incidents under a documented procedure.
11. Children
The platform is not intended for anyone under 18. We do not knowingly collect data from minors and will delete any such data we become aware of.
12. Changes to this policy
We will post material changes at least seven days before they take effect and notify signed-in users in the app.
13. Contact
Privacy requests should be sent through the support flow in the app.