Privacy Policy


Effective Date: November 1st, 2025

NitinX Inc. (“NitinX,” “we,” “us,” “our”) values your privacy. This Privacy Policy explains how we collect, use, share, and protect information about you when you access or use our websites, apps, APIs, and related products and services (collectively, the “Services”).

By using the Services, you acknowledge that you have read and understand this Privacy Policy.

Contact: All privacy inquiries should be directed to contact@nitinx.com.

1) Scope

This Privacy Policy applies to information we collect:

·       Through our Services (web, mobile, API)

·       From you directly (e.g., onboarding, support)

·       From third parties (e.g., identity verification providers)

·       Automatically (e.g., device data, cookies)

This policy does not cover third-party websites, wallets, block explorers, or services you may access through links or integrations, which have their own privacy practices.

2) Information We Collect

We collect information in three main ways: (A) you provide it, (B) we collect it automatically, and (C) we receive it from third parties.

A. Information you provide

Depending on how you use NitinX, you may provide:

·       Identity & onboarding (KYC) information: full name, date of birth, government ID details, selfies/biometric liveness checks (where enabled), address, nationality, and other verification details

·       Contact information: email, phone number, mailing address

·       Account credentials: username, password (hashed), security settings

·       Financial information: bank account details, payment card details (often handled by payment processors), funding/withdrawal instructions

·       Transaction and account information: orders, trades, deposits/withdrawals, redemptions, metal delivery preferences (if offered), account balances

·       Communications: support tickets, chat/email content, call recordings (if you contact us by phone and recording is permitted)

B. Information collected automatically

When you use our Services, we may automatically collect:

·       Device & network data: IP address, device identifiers, operating system, browser type, language, approximate location derived from IP

·       Usage data: pages/screens viewed, clicks, referring/exit pages, performance logs, crash reports

·       Cookies and similar technologies: to operate the Services, keep you logged in, prevent fraud, and analyze usage (see Section 6)

C. Information from third parties

We may receive information from:

·       Identity verification, fraud, and compliance providers (KYC/AML/sanctions, device reputation, fraud signals)

·       Blockchain data and analytics providers (e.g., to detect fraud, theft, sanctions risk, or suspicious activity)

·       Banking/payment partners (e.g., confirmation of funding/withdrawals, returns, chargebacks)

·       Public sources (e.g., government watchlists, adverse media where permitted)

3) Why We Use Your Information

We use information to:

Provide and operate the Services

·       Create and maintain your account

·       Process trades, transfers, and redemptions

·       Provide customer support and respond to requests

Meet legal and compliance obligations

·       Verify identity and conduct due diligence

·       Comply with AML, sanctions screening, tax reporting (where applicable), and lawful requests

·       Monitor for suspicious activity and report as required

Secure and protect the Services

·       Prevent and investigate fraud, account takeover, and security incidents

·       Debug, monitor, and improve reliability and performance

Improve and develop products

·       Analyze usage trends and improve user experience

·       Develop new features and offerings

Marketing and communications (where permitted)

·       Send service messages (security alerts, confirmations, policy updates)

·       Send marketing communications where allowed by law; you can opt out (see Section 7)

4) How We Share Information

We do not share information except as described below. We generally do not sell personal information.

A. Service providers (processors)

We may share information with vendors that help us operate, such as:

·       Identity verification and compliance screening

·       Fraud prevention and cybersecurity

·       Cloud hosting, analytics, customer support tools

·       Payment processors and banking partners

These providers are authorized to use information only as needed to provide services to us and must protect it.

B. Financial and operational partners

Because NitinX is a tokenized precious metals exchange, we may share necessary information with:

·       Metal custody and logistics providers (if you request redemption or delivery)

·       Tokenization, issuance, and settlement partners (as needed to mint/burn, settle, or support tokenized metal operations)

·       Liquidity, execution, and market integrity partners (as applicable)

C. Legal, compliance, and safety

We may disclose information if we believe it is reasonably necessary to:

·       Comply with law, regulation, subpoena, court order, or government request

·       Enforce our terms and protect rights, property, and safety of NitinX, users, or others

·       Detect/prevent fraud, security issues, or technical problems

 

D. Business transfers

If NitinX is involved in a merger, acquisition, reorganization, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.

E. Aggregated or de-identified data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5) Blockchain Transparency and On-Chain Data

Blockchain networks are generally public. If you interact with tokenized assets or provide a wallet address:

·       Your wallet address and on-chain transactions may be visible to the public and may be linked to your activity on the network.

·       We may associate wallet addresses and transaction hashes with your account for compliance, fraud prevention, and service operations.

·       We may use blockchain analytics to assess risk and comply with legal requirements.

6) Cookies and Similar Technologies

We use cookies, SDKs, pixels, and similar technologies to:

·       Authenticate users and maintain sessions

·       Remember preferences

·       Measure performance and understand usage

·       Help prevent fraud and abuse

You can control cookies through your browser settings. If you disable cookies, some parts of the Services may not function properly.

7) Your Choices

Account information

You may be able to access and update certain profile information through your account settings (if available).

Marketing communications

You can opt out of marketing emails by using the “unsubscribe” link in the message or by contacting contact@nitinx.com. Even if you opt out, we may still send non-marketing service messages (e.g., security alerts, transactional notices).

 

Location permissions (mobile)

If our mobile app requests device permissions (e.g., location), you can control these via your device settings.

8) Data Retention

We retain personal information for as long as necessary to:

·       Provide the Services

·       Meet legal and regulatory obligations (including AML and recordkeeping requirements)

·       Resolve disputes and enforce agreements

·       Maintain security and prevent fraud

Retention periods vary depending on the data type and applicable legal requirements.

9) Security

We implement administrative, technical, and physical safeguards designed to protect information, such as:

·       Encryption in transit (e.g., TLS) and, where appropriate, at rest

·       Access controls and least-privilege policies

·       Monitoring, logging, and anomaly detection

·       Vendor security reviews where appropriate

No method of transmission or storage is 100% secure. You are responsible for protecting your credentials and using account security features we provide (e.g., MFA).

Important: Email is not always secure. Please do not send sensitive information (like passwords or full ID numbers) by email.

10) Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or a higher age where required by local law). If you believe a child has provided us information, contact contact@nitinx.com.

11) Your Privacy Rights (U.S. and International)

Your rights depend on where you live.

A. U.S. state privacy rights

If applicable, you may have rights to:

·       Request access to information we collect about you

·       Request deletion (subject to exceptions, including legal/compliance retention)

·       Correct inaccurate information

·       Opt out of certain “sales” or “sharing” (if applicable)

·       Limit use/disclosure of sensitive personal information (where required)

To submit a request, contact contact@nitinx.com. We may need to verify your identity before fulfilling a request.

B. EEA/UK (GDPR) rights (if applicable)

You may have rights to access, rectification, deletion, restriction, objection, and data portability, and to lodge a complaint with a supervisory authority.

Legal bases for processing may include performance of a contract, compliance with legal obligations, legitimate interests, and consent (where required).

12) International Transfers

If you access the Services from outside the country where our systems are located, your information may be transferred and processed in other jurisdictions. Where required, we use appropriate safeguards for cross-border transfers.

13) Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services or other appropriate means. The “Last Updated” date will reflect the latest version.

14) Contact Us

For questions, concerns, or requests related to privacy, contact:

NitinX Inc.

Email: contact@nitinx.com