Our Commitment to Privacy
At Blockchain X, a subsidiary of Blockchain Capital Solutions LLC, privacy is the foundation of trust in our AI-driven quantitative trading platform. This policy details how we protect personal and transactional data, adhering to global standards like GDPR, CCPA, and FINRA guidelines. By using our services, you agree to the data practices outlined here, covering account registration, trading activity, and algorithmic datasets.
Data Collection Practices
We collect essential information during account creation: full legal names, government-issued IDs for KYC/AML verification, proof of residence, and professional credentials for institutional clients. Corporate accounts provide employment details to establish trading permissions. Trading activity monitoring records order timestamps (accurate to 43 microseconds), position sizes, risk adjustments, IP addresses, and device fingerprints (browser, OS, hardware specs). AI training uses anonymized market data from 23 exchanges—order books, trade logs, liquidity depths—plus NLP-processed social sentiment from Reddit, Twitter, and Bloomberg, stripped of personal identifiers. Third-party data from S&P Global and Coin Metrics supplements this without direct user links.
How We Use Your Data
Data supports four key functions: service delivery (portfolio balances, margin limits, counterparty exposure), regulatory compliance (FINRA Rule 3110 monitoring for manipulation or insider trading), system optimization (aggregated trading patterns for AI enhancement), and opt-in marketing (product updates, educational content). Real-time processing ensures platform functionality, while compliance teams and machine learning pipelines operate on anonymized datasets to maintain privacy.
Data Sharing and Disclosure
We share data only when legally or operationally required. Banking partners (e.g., Signature Bank, Silvergate Capital) receive account and transfer details for fiat settlements. Cloud providers (AWS GovCloud, Snowflake) store encrypted trading logs under zero-knowledge proofs. Regulators may access records under Section 314(b) of the USA PATRIOT Act, with user notification where permitted. In corporate actions like mergers, user data remains protected under NDAs with successor entities.
Security and Retention Measures
Our security includes AES-256 encryption for data at rest, TLS 1.3 for in-transit communications, and mandatory 2FA with hardware tokens. Biometric validation via YubiKey is required for API keys and withdrawals. Annual penetration tests by HackerOne-certified experts ensure robustness, with critical patches applied within 72 hours. KYC documents are retained for 7 years per SEC 17a-4, and AI datasets are audited quarterly for anonymization.
Your Privacy Rights
Through our Privacy Dashboard, you can exercise GDPR Article 15 access requests (fulfilled within 30 days), update KYC records, request CCPA-compliant account deletion (excluding regulatory records), restrict marketing data use, export trading histories in FIXML, or seek human review of AI trading signals. Cookie settings prioritize functionality—essential cookies maintain trading sessions, while performance and advertising cookies require opt-in, with third-party trackers (Google Analytics, Hotjar) sandboxed to prevent leakage.
Global Data Transfers and Protections
Cross-border transfers comply with the EU-US Data Privacy Framework. Asia-Pacific data is hosted in Singapore’s SOC 2 Type II facilities, and European data in Frankfurt’s AWS regions. Vendor agreements include GDPR Standard Contractual Clauses. Breaches trigger notifications within 72 hours via email and in-app alerts. Minors under 18 are barred per Terms of Service Section 4.2, with age checks via Trulioo GlobalGateway and immediate data purges for violations.
Policy Updates and Contact
Updates are announced 30 days in advance via dashboard banners and email, with material changes requiring re-consent. Historical versions are archived for auditing. Disputes are resolved via JAMS arbitration in New York County.