Information we collect
We collect the following categories of personal data:
a. Personal Identification Data
Full name, date of birth, gender, nationality, government-issued identity document, facial image, proof of address.
b. Contact Data
Email address, phone number, residential address, correspondence address.
c. Technical and Device Data
Device model, browser type, operating system, IP address, geolocation, Wi-Fi identifiers, session logs, cookies, and usage data (such as clickstream and session duration).
d. Transaction and Financial Data
On-chain activity, wallet addresses, ELQR and ACH transaction data, merchant information, transaction values, timestamps, and payment behavior.
e. Support and Communications Data
Customer support messages, support tickets, chat records, and other communications with Lavex.
f. Employment and Income Data (BlindPay)
Employment status, employer name, income range, account verification data, and related identifiers where required for payment eligibility by BlindPay.
g. Biometric and Verification Data
Facial biometrics, liveness checks, and digitized identity documents processed by Sumsub and other regulated compliance providers.
h. Marketing and Analytics Data
User preferences, referral sources, and platform behavior collected through analytics tools.
2. Purpose of Processing
We process personal data for the following purposes:
identity verification (KYC/KYB) and fraud prevention
account creation and platform access
provision of digital asset wallets
execution of on-chain and fiat transactions through infrastructure partners
customer support and user communication
platform security and service improvement
compliance with legal and regulatory obligations
enforcement of our Terms of Service and prevention of misuse
3. Legal Basis for Processing
Depending on your location, we rely on one or more of the following legal bases:
performance of a contract
compliance with a legal or regulatory obligation
legitimate interests (such as fraud prevention and platform security)
your consent, where required
4. Data Sharing with Third Parties
We share personal data only where necessary and with appropriate safeguards.
a. Identity Verification and Compliance
Sumsub and other compliance providers.
b. Wallet Infrastructure
Circle (Wallet-as-a-Service).
c. Fiat Payment Infrastructure
BlindPay and its regulated financial partners.
d. Technology Infrastructure and Analytics
Cloud hosting providers, content delivery networks, analytics tools, CRM and customer support platforms.
e. Legal and Regulatory Authorities
Where required by law, court order, or for AML/CFT and sanctions compliance.
5. Specific Data Usage for BlindPay
For fiat payment eligibility and transaction processing:
relevant personal and financial data is shared with BlindPay
BlindPay may independently retain data in accordance with its regulatory obligations
retention periods may be 5–7 years or longer, where required by financial regulations
For data held directly by BlindPay, users must contact BlindPay in accordance with its privacy policy.
6. International Data Transfers
Your data may be processed in:
United States
European Union / United Kingdom
Kyrgyz Republic
other jurisdictions where our service providers operate
We use appropriate safeguards such as:
Standard Contractual Clauses (SCCs)
encryption
access controls
in accordance with applicable data protection laws.
7. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
confirm whether your data is processed
access your personal data
correct inaccurate or outdated data
request deletion or anonymization
request data portability
object to certain types of processing
withdraw consent where processing is based on consent
lodge a complaint with a competent data protection authority
To exercise your rights, contact:
8. Data Retention
We retain personal data:
for as long as necessary to provide services
for the duration of your account
as required by AML/CFT and financial regulations (typically 5–7 years minimum for transaction data)
After this period, data is deleted or anonymized unless further retention is legally required.
9. Information Security
We implement industry-standard safeguards including:
encryption of sensitive data in transit and at rest
role-based access control
multi-factor authentication
secure cloud infrastructure
regular security audits
incident response procedures
Biometric data is processed only through certified third-party providers.
10. Children’s Privacy
The platform is not intended for individuals under the age of 18.
We do not knowingly collect data from minors.
If such data is identified, it will be deleted.
11. Cookies and Tracking Technologies
We use:
session cookies
security cookies
analytics and behavioral tracking tools
You may disable cookies in your browser settings, but some features may not function properly.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically.
Material changes will be communicated via:
website notice
email
in-app notification
Contact
Lavex LLC
Delaware, United States
📧 compliance@lavex.app
🌐 www.lavex.app