Privacy Policy

WB Exchange Digital Systems (“WB Exchange”, “we”, “our”) is the data controller responsible for the personal information collected through our mobile app, website, and Telegram services. This Privacy Policy applies to all of those Services.

We collect the following categories of information:

• Account information — your name, email address, phone number, date of birth, and password (stored as a hash).
• KYC and verification data — government-issued ID, proof of address, selfie or liveness video, and the results of our identity-verification checks.
• Financial and transaction data — your wallet addresses, bank account details, transaction history, gift card submissions, biller account numbers, balances, and the currencies you transact in.
• Communications — messages you send to support, chat transcripts, and content of calls with our team.
• Device and usage data — IP address, device identifiers, operating system, app version, language settings, crash logs, and the pages or features you interact with.
• Location data — approximate location derived from your IP address; precise location only with your explicit permission and only where it is required for compliance or fraud prevention.

We use your information to:

• Create and operate your account;
• Verify your identity and meet our KYC/AML obligations;
• Process trades, gift card redemptions, bill payments, and withdrawals;
• Detect and prevent fraud, account takeovers, and other security incidents;
• Respond to support requests and resolve disputes;
• Send you transactional alerts (e.g., trade confirmations, security notices);
• Send you marketing communications about new features — only where you have opted in, and you can withdraw consent at any time;
• Improve our Services through aggregated and anonymized analytics;
• Comply with our legal obligations and enforce our Terms.

We rely on the following legal bases:

• Contract — to provide the Services you have signed up for;
• Legal obligation — to satisfy regulatory and anti-financial-crime requirements;
• Legitimate interests — to protect our platform from fraud and to improve our products;
• Consent — for optional things like marketing emails or precise location, which you can withdraw at any time.

We share personal information only with:

• Service providers — KYC vendors, payment processors, banking partners, cloud hosting, customer support tooling, and analytics platforms that operate under contract and data-protection terms with us;
• Liquidity and gift-card partners — only the transaction-specific data required to fulfil your order;
• Regulators and law enforcement — where we are legally required to disclose, including suspicious activity reports;
• Acquirers or successors — in the event of a merger, acquisition, financing, or sale of assets, subject to the protections of this Policy.

We do not sell your personal information. We do not share your contact details with third-party marketers.

Our website uses cookies and similar technologies to keep you signed in, remember your preferences, measure usage, and protect against fraud. You can control cookies through your browser settings, but disabling them may break parts of the site. We do not use third-party advertising cookies.

We keep personal information only for as long as we need it for the purposes described in this Policy. KYC records and transaction history are retained for the period required by financial-services regulations — generally five (5) to seven (7) years after account closure. Other data is deleted or anonymized when it is no longer needed.

We protect your information with industry-standard safeguards: encryption in transit (TLS) and at rest, multi-factor authentication, biometric login support, role-based access controls, hardware-secured cold storage for crypto assets, and continuous monitoring of our infrastructure. No system can be guaranteed 100% secure, but we work continuously to reduce risk.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Request deletion of your data, subject to our legal obligation to retain certain records;
• Object to or restrict certain processing;
• Receive a portable copy of your data;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at privacy@wbexchange.com. We will respond within thirty (30) days.

The Services are not intended for anyone under the age of 18. We do not knowingly collect information from minors. If you believe a minor has provided us with information, please contact us so we can delete it.

Some of our service providers operate outside your country of residence. When we transfer personal information across borders, we put in place safeguards such as standard contractual clauses and provider certifications to ensure your information remains protected.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app, by email, or by updating the “Last updated” date above. Please review the Policy periodically.

For questions about this Policy or our data practices, reach us at privacy@wbexchange.com or support@wbexchange.com.