Version: V1.0 | Effective Date: June 30, 2026 www.perpvia.com
Article 1 Overview and Commitment
1.1 Purpose of the Policy
1.2 Core Commitments
- We only collect the minimum amount of data necessary to achieve the service purposes;
- We do not sell users' personal data;
- We will not use user data for purposes not disclosed in this policy;
- We adopt industry-leading technologies and management measures to protect user data security;
- We respect and effectively safeguard users' rights to be informed about and control their own data.
1.3 Scope of Application
This policy applies to all users who visit www.perpvia.com, use the platform’s mobile applications, or interact with the platform through API interfaces. Using the platform's services signifies that you have read and agreed to this policy.
Article 2 Data Controller Information
| Item | Content |
|---|---|
| Data Controller | PERPVIA TECH LTD |
| Registered Address | 1521 Blake St Ste 47009, Denver, CO 80202, USA |
| Data Protection Officer | it@perpvia.com |
| Official Website | www.perpvia.com |
Article 3 Types of Data We Collect
3.1 Identification Data
- Name, date of birth, nationality;
- Scanned copies or photos of government-issued identification documents (ID card, passport, driver’s license);
- Facial recognition data (used for liveness detection and KYC verification);
- Tax Identification Number (TIN) or Social Security Number (only when required by applicable regulations).
3.2 Contact Data
- Email address;
- Mobile phone number;
- Residential address and postal code;
- Emergency contact information (for institutional accounts).
3.3 Account and Transaction Data
- Account username and encrypted password;
- Deposit, withdrawal, and transaction history;
- Wallet address;
- Account balance and position data;
- Order records (including filled, canceled, and expired orders);
- Funding rate settlement records.
3.4 Financial Due Diligence Data
- Statements and supporting documents for source of funds;
- Bank account information (only applicable when fiat deposit and withdrawal functions are used);
- Source of wealth explanation (for high-net-worth or large transaction users);
- Anti-money laundering screening results.
3.5 Technical Data
- IP address and geographic location information;
- Device identifiers (device ID, MAC address);
- Browser type and version;
- Operating system information;
- Login timestamps and session records;
- API key access logs.
3.6 Behavioral and Preference Data
- Platform page browsing records;
- Search and filter preferences;
- Click paths and interaction behaviors;
- Customer service communication records (including online chat and email correspondence);
- User feedback and survey responses.
3.7 Cookie Data
See Article 11 "Cookie Policy" in this policy for details.
Article 4 Methods of Data Collection
4.1 Voluntary Provision
You actively provide data when registering an account, completing KYC verification, submitting transactions, contacting customer service, or participating in surveys.
4.2 Automatic Collection
When you use the platform’s services, we automatically collect technical and behavioral data through cookies, web beacons, log files, and analytics tools.
4.3 Third-Party Sources
To complete compliance review and risk control, we obtain necessary data from the following sources:
- KYC service providers — identity verification results
- Blockchain public ledgers — on-chain transaction verification
- Sanctions lists and PEP databases — compliance screening results
- Credit risk assessment agencies — used only in applicable scenarios
- Social login services — if you choose to use third-party accounts to log in
Article 5 Purpose of Data Use and Legal Basis
| Purpose of Use | Legal Basis |
|---|---|
| Account registration and identity verification | Performance of contract |
| KYC/AML compliance review | Legal obligation |
| Order matching and transaction settlement | Performance of contract |
| Risk control and fraud detection | Legitimate interest |
| Customer support and complaint handling | Performance of contract |
| Reporting to regulatory authorities | Legal obligation |
| Platform security and technical maintenance | Legitimate interest |
| Product improvement and user experience optimization | Legitimate interest |
| Marketing and promotion (with user consent) | User consent |
| Legal dispute handling | Legitimate interest / Legal obligation |
Article 6 User Location Data Compliance Obligations
6.1 General Explanation of Applicable Laws
Due to differences and ongoing evolution in personal data protection legislation across global jurisdictions, we commit to processing your personal data in accordance with the personal data protection, data security, and cybersecurity laws applicable in your jurisdiction when collecting, using, storing, sharing, and cross-border transferring your personal data. We will implement protection measures no less stringent than those stated in this policy to the extent reasonably feasible.
6.2 User Compliance Obligations and Confirmation
Before accessing or using the platform’s services, users must understand and confirm the legal provisions regarding digital asset-related activities and personal data processing in their country or region (including but not limited to nationality, tax residence, actual residence, and network access location). By providing personal data to the platform, users confirm that their actions do not violate any binding laws or regulations.
6.3 General Framework of User Data Rights
To the extent permitted by applicable law, you have the following rights regarding your personal data: right of access, correction, deletion, restriction of processing, data portability, and objection. The specific methods for exercising these rights and response times are subject to Article 10 of this policy and the laws applicable in your jurisdiction. If applicable law grants you additional rights or shorter response times, we will handle your requests according to the standards most favorable to you.
6.4 Regulatory Cooperation and Service Restrictions
If the platform, based on its internal compliance policies, KYC information, IP identification, or other reasonable judgments, determines that the user’s location is unsuitable for continued service provision, or if local laws prohibit related business activities, the platform reserves the rights to: (1) refuse registration applications; (2) restrict or suspend all or part of the account’s functions; (3) require users to withdraw assets and close accounts; (4) cooperate with regulatory authorities for necessary information disclosure and data localization in accordance with local laws. Users who attempt to circumvent compliance reviews using VPNs, proxies, false identities, or other means will have their data handled according to applicable laws, and will bear all legal responsibilities arising therefrom.
Article 7 Data Sharing and Third-Party Disclosure
7.1 We do not sell users' personal data.
7.2 Under the following circumstances, we may share your data with specific third parties:
- Service providers: strictly vetted KYC verification service providers, cloud storage providers, data analytics platforms, and customer service system providers, who process data only to the extent necessary to provide services to the platform and must sign data processing agreements (DPA);
- Regulatory and law enforcement agencies: disclose necessary information to financial regulators, tax authorities, law enforcement agencies, or courts as required by applicable laws;
- Anti-money laundering screening databases: submit necessary data to sanction list checks, PEP screening, and suspicious transaction report (STR) related agencies;
- Group affiliates: when sharing data within the group, data protection standards equivalent to this policy must be followed;
- Business restructuring: in the event of mergers, acquisitions, or asset sales involving the platform, user data may be transferred as business assets, and affected users will be notified in advance.
7.3 Aggregated Anonymous Data
The platform may use anonymized aggregated data that cannot identify specific individuals for market research, product improvement, or public reporting. Such data is not subject to the data sharing restrictions in this policy.
Article 8 Cross-Border Data Transfer
8.1 Scope of Transfer
The platform operates globally, and your personal data may be transferred to the platform’s registration location, server location, or third-party service provider locations for processing.
8.2 Protective Measures
When performing cross-border data transfers, the platform takes the following protective measures:
- Signing internationally recognized data transfer agreements with recipients (such as Standard Contractual Clauses (SCCs)) or agreements providing equivalent levels of protection.
- Ensuring the recipient country or region has adequate data protection levels.
- Encrypting data during transfer.
- Complying with specific data localization storage requirements applicable in your jurisdiction.
Article 9 Data Retention Period
| Data Type | Retention Period | Basis |
|---|---|---|
| KYC identity verification data | At least 5 years after account cancellation | AML/CFT regulatory requirements |
| Transaction records | At least 5-7 years | Financial record retention requirements of various jurisdictions |
| Communication records (customer service) | 3 years | Evidence requirements for contract disputes |
| Technical logs | 90-180 days | Security audit needs |
| Marketing preference data | Until user withdraws consent | User consent |
| Sanctions screening records | At least 5 years | OFAC and international sanctions regulations |
After the data retention period expires, the platform will permanently delete or anonymize the relevant data in a secure manner.
Article 10 Data Security Measures
10.1 Technical Measures
- Data transmission uses TLS 1.3 or higher encryption protocols;
- Stored data uses AES-256 encryption standard;
- Passwords are stored using salted hash algorithms and are not saved in plaintext;
- Sensitive operations require mandatory two-factor authentication (2FA);
- Regular penetration testing and vulnerability scanning are conducted;
- Intrusion detection systems (IDS) and anomaly behavior monitoring are deployed;
- The principle of least privilege is implemented; internal staff can only access data necessary for their job responsibilities.
10.2 Organizational Measures
- Establish and regularly drill data breach emergency response plans;
- Provide regular data protection training to all employees who handle user data;
- Engage independent third parties to conduct regular data security audits;
- Sign data processing agreements (DPA) with all data processing service providers.
10.3 Data Breach Notification
In the event of a security incident involving users' personal data, the platform will:
- Assess the scope of the incident within 72 hours of discovery;
- Report to relevant regulatory authorities in accordance with applicable laws;
- Promptly notify affected users, explaining the types of data leaked, potential impacts, and protective measures users can take;
- Publicly release incident notifications (for major incidents).
Article 11 Cookie Policy
11.1 Types of Cookies
| Type | Purpose | Can be Disabled |
|---|---|---|
| Necessary Cookies | Ensure basic platform functions operate properly (login status, security verification) | No |
| Functional Cookies | Remember user preferences (language, time zone, interface layout) | Yes |
| Analytical Cookies | Collect platform visit data to improve user experience | Yes |
| Marketing Cookies | Display relevant advertising content to users | Yes |
11.2 Cookie Management
Users can manage non-essential cookies through browser settings or the platform’s cookie preference center. Disabling some cookies may affect normal platform functionality.
11.3 Third-Party Cookies
The platform uses third-party analytics tools (such as Google Analytics) that may place cookies on users’ devices. Users can opt out of data collection through the official channels of these tools.
Article 12 Policy Updates
12.1 Updates and Notifications
The platform will update this privacy policy from time to time to reflect business changes, legal requirements, or adjustments in data processing practices. For major updates, we will notify you 30 days in advance through official announcements.
12.2 User Rights
By continuing to use the platform’s services after updates take effect, you are deemed to accept the updated privacy policy. If you do not agree with the updates, you may request account cancellation within the notification period. Historical versions of this policy will be retained on the platform’s archive page for your reference at any time.
© 2026 PERPVIA TECH LTD. All Rights Reserved. www.perpvia.com