Xylos

Privacy Policy

Last updated: March 2, 2026

1. Information We Collect

We collect the following categories of information:

  • Account Information: Email address and hashed password when you register.
  • Trading Data: Orders, positions, trades, balances, and transaction history.
  • Device & Usage Data: IP address, browser type, device identifiers, pages visited, and session duration.
  • Wallet Data: Blockchain addresses used for deposits and withdrawals.
  • Communication Data: Support tickets and correspondence.

2. How We Use Your Information

  • Providing, maintaining, and improving the Platform.
  • Processing trades, deposits, and withdrawals.
  • Verifying identity and preventing fraud.
  • Sending transactional notifications (trade confirmations, withdrawals, security alerts).
  • Calculating referral commissions and bonuses.
  • Analyzing usage patterns to improve performance and features.
  • Complying with legal obligations.

3. Data Security

We implement industry-standard security measures including: encrypted data transmission (TLS 1.3), bcrypt password hashing, TOTP-based two-factor authentication, rate limiting, and encrypted wallet key storage. All sensitive data is stored in encrypted databases with restricted access controls.

4. Data Sharing

We do not sell your personal data. We may share information with:

  • Payment Processors: To process fiat on-ramp transactions (e.g., Plutope).
  • Blockchain Networks: On-chain transactions are inherently public.
  • Legal Authorities: When required by law, subpoena, or court order.
  • Service Providers: Infrastructure and hosting providers who process data on our behalf under strict confidentiality agreements.

5. Cookies & Tracking

Xylos uses essential cookies for authentication and session management. We use localStorage to persist your trading preferences and theme settings. We do not use third-party advertising cookies. Analytics cookies, if enabled, are used solely to improve Platform performance.

6. Data Retention

Account data is retained for as long as your account is active. Trading history is retained for a minimum of 5 years for compliance purposes. Upon account deletion request, personal data is anonymized within 30 days, while aggregated trading data may be retained indefinitely in anonymized form.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your trading history and account data.
  • Withdraw consent for optional data processing.

To exercise these rights, contact privacy@xylos.io.

8. Children

Xylos is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we become aware that a user is under 18, we will terminate the account and delete associated data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. Your continued use of the Platform after changes constitutes acceptance.

10. Contact

For privacy-related inquiries, contact privacy@xylos.io.

Privacy Policy | Xylos