This Privacy Policy explains how CoinSMD Ltd (“the Company” or “the Platform”) collects, uses, stores, protects, and shares users’ personal information.
By accessing or using any product, website, mobile application, or API of the Platform, users acknowledge that they have fully understood and agreed to all the contents of this Policy.
This Privacy Policy applies to all services related to the CoinSMD Platform, including but not limited to registration, login, identity verification, asset trading, copy trading, data access, and customer interactions.
The Company is committed to processing personal information in a lawful, fair, and transparent manner, operating in compliance with global data protection frameworks such as GDPR, CCPA, MiCA, and PDPA.
CoinSMD attaches great importance to personal data protection and privacy rights, adhering to the principles of data minimization, encrypted storage, limited use, and transparent compliance.
Users have the right to know how their data is used and stored, and may exercise their rights of access, correction, or deletion in accordance with applicable laws.
If you do not agree with any part of this Policy, you must immediately stop using all services of the Platform. Continued use constitutes full acceptance and ongoing compliance with this Privacy Policy.
To provide efficient, secure, and compliant services, the Platform may collect the following categories of data:
Basic Information: Username, identity verification (KYC) materials, transaction history, account activity data, and usage preferences.
Technical Information: Device model, operating system, browser type, IP address, cookies identifiers, access time, and session duration, used to improve experience and security.
Behavioral and Interaction Data: Copy-trading behavior, strategy selection, order execution records, risk ratings, and interaction logs within the Platform.
Compliance and Legal Data: Documentation required for AML/CFT (Anti-Money Laundering / Counter-Terrorist Financing), source of funds, and compliance investigations.
Blockchain Data: Information recorded via smart contracts or on-chain transactions, which may be publicly accessible on the blockchain.
All collection activities are based on the principle of necessity, meaning only data required for service functionality, security, or legal compliance will be collected. The Platform will not collect irrelevant or excessive information.
CoinSMD collects user information in accordance with lawful, transparent, and auditable standards through the following means:
User-Provided Data: Information voluntarily submitted during registration, identity verification, transactions, copy-trading, or form submissions. Data is collected only for clearly stated purposes.
Automated System Collection: Technical data such as device fingerprints, cookies, and clickstream records may be automatically collected to enhance performance and detect risks—never to capture sensitive content.
Third-Party Sources: The Platform may receive data from authorized partners such as payment processors, identity verification providers, blockchain explorers, or risk control partners. All third parties are bound by confidentiality and security agreements.
Prohibition of Unauthorized Collection: The Company never collects personal data through illegal, deceptive, or covert means.
CoinSMD strictly follows the principles of lawful source, clear purpose, and secure storage, ensuring every collection process is verifiable and compliant.
CoinSMD uses collected data solely to deliver lawful, transparent, and efficient fintech services, based on user consent, legal obligations, or operational necessity. Data is not used beyond the following purposes:
Identity Verification & Compliance: For registration, login, 2FA, AML, KYC, and risk assessment to ensure account security.
Service Delivery & Transaction Execution: To facilitate order matching, copy trading synchronization, profit distribution, and account balance updates.
System Optimization: To analyze user behavior, improve UI design, and enhance trading performance and stability.
Risk Management & Fraud Prevention: To detect abnormal activities or malicious behavior through monitoring and device identification.
Statistical & Research Use: For internal analytics or algorithm training on anonymized data.
Legal & Regulatory Disclosure: To comply with requests from regulatory or judicial authorities.
The Platform does not use user data for advertising, marketing, or unauthorized commercial purposes.
All data usage follows the principles of transparency, necessity, and accountability.
To maintain data integrity and availability, CoinSMD employs industry-leading security measures:
Encrypted Storage: Personal data is stored using AES-256 encryption and multi-layer key management. Sensitive materials (e.g., ID documents) are encrypted during transfer and storage.
Access Control: Only authorized staff may access data within their designated roles, with all access logged and auditable.
Retention Period:
Account and KYC data are retained for at least five years after account closure for regulatory compliance.
Transaction and financial records are retained for a minimum of seven years.
Expired data is deleted or anonymized securely.
Backup & Recovery: Multi-node backups are performed daily across secure data centers to ensure rapid recovery in case of system failure or disaster.
Audit Logging: All access and modifications are logged for compliance and forensic review.
Data is never stored in unauthorized locations or countries lacking adequate data protection standards.
CoinSMD respects user data sovereignty and will not disclose user information except in the following cases:
Legal or Regulatory Requirements: When requested by courts, regulators, or law enforcement.
Authorized Partners: For essential services such as payments, identity verification, or blockchain operations, with strict contractual safeguards.
Internal Systems: Secure, encrypted sharing within CoinSMD’s business units without altering the original purpose.
Risk & Compliance Audits: Anonymized or pseudonymized data may be shared with external auditors for compliance verification.
User Consent: Information may be shared with third parties only when explicitly authorized by the user.
CoinSMD strictly prohibits unauthorized sale, exchange, or commercialization of user data.
All third-party access is subject to legal, contractual, and technical controls.
As a global fintech company, CoinSMD may process encrypted data across different jurisdictions while fully complying with GDPR, CCPA, MiCA, PDPA, ADGM, and other international standards.
Encryption & Isolation: All cross-border transfers use TLS 1.3 or higher encryption and multi-node isolation.
Compliance Framework: Standard Contractual Clauses (SCCs) or equivalent safeguards are applied to ensure lawful transfers.
Access Control: Only authorized personnel performing essential tasks may access data, and all cross-border activities are logged and reviewed.
Transparency: Users are informed of the regions where their data is stored and processed.
CoinSMD will never transfer user data to jurisdictions with inadequate data protection levels.
All cross-border activities adhere to legality, transparency, and controllability principles.
CoinSMD respects user control over personal data and upholds the following rights under applicable law:
Right of Access: Users may request access to their personal data and processing history.
Right of Rectification: Users may request correction of inaccurate or incomplete information.
Right of Erasure: Users may request deletion of data, except where retention is legally required.
Right to Restrict Processing: Users may request limited processing of their data.
Right to Data Portability: Users may export their data in a structured, commonly used format to another service.
Right to Object: Users may refuse automated processing or profiling.
Users can manage privacy preferences—including cookie settings, account deletion, and data export—via the Privacy Control Center.
Upon account deletion, the Platform will erase or anonymize user data as required by law.
CoinSMD is committed to data sovereignty and enabling users to manage their digital identities transparently and securely.
To prevent loss, misuse, or unauthorized access, CoinSMD implements multi-layer security measures combining technology and management controls:
Security Architecture: Uses MPC (Multi-Party Computation) and HSM (Hardware Security Module) for secure multi-signature operations.
Data Encryption: Employs AES-256 and RSA-2048 encryption with distributed key management.
Access Monitoring: Fine-grained permissions and real-time monitoring detect suspicious activity.
Penetration Testing: Regular third-party audits and penetration tests ensure resilience.
Incident Response: In case of data breach or intrusion, immediate isolation, recovery, and regulatory notifications are executed, with users promptly informed.
CoinSMD adopts a “prevention-first” approach to security, ensuring the resilience of its infrastructure and the protection of user assets and data integrity.
This Privacy Policy may be updated due to legal, regulatory, or operational changes.
CoinSMD will always publish updates transparently and notify users through announcements or system alerts for significant changes.
Update Principle: Modifications will not weaken user privacy rights.
Effective Date: Updated policies take effect immediately upon publication unless stated otherwise.
User Review: Users are encouraged to review the Policy regularly.
Applicable Law: Governed by international data protection regulations and interpreted under local law.
CoinSMD pledges to handle user data with the highest standards of security and compliance.
The Platform believes that transparency, trust, and continuous improvement are the cornerstones of a sustainable digital finance ecosystem.
Security is not a promise — it is our responsibility.
