Privacy Dashboard
EN

United States

Crypto.com - U.S. Privacy Policy

Introduction
Welcome to the Privacy Policy of Foris DAX, Inc., Foris Services, Inc., Foris DAX Markets, Inc., Foris, Inc., Foris DAX Trust Company LLC, Foris DAX FCM, LLC, and Foris Capital US, LLC (collectively the “Foris Companies”). We respect your privacy, and we are committed to protecting your personal information. This Privacy Policy will inform you as to how the Foris Companies and their affiliates (collectively, “Crypto.com”, we, us, our) handle your personal information when using any of our products, services, or applications (together, the “Services”) or when visiting or using our websites or Crypto.com mobile applications (collectively, “Site”).
Please note that our Services and Site are not intended for minors below the age of 18 years, and we do not knowingly collect data relating to minors.
If you are not a United States resident, please check our Privacy Dashboard.
Last Update: 17 Mar 2025

1. Important information and who we are

Purpose of this Privacy Policy
Crypto.com complies with and respects all privacy laws including, when applicable, the Right to Financial Privacy Act, the Gramm-Leach-Bliley Act (“GLBA”), the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the Illinois Biometric Information Privacy Act (“BIPA”), among others. This Privacy Policy describes your privacy rights and how you can exercise these rights.
It is important that you read this Privacy Policy together with any other notice or policy that we may provide on certain occasions when we are collecting or processing Personal Information about you so that you are fully aware of how and why we are using your information. This Privacy Policy supplements but is not intended to override those other notices or policies. If you do not agree with our policies and practices, your choice is not to use our Services or Site. By accessing or using the Site you agree to this Privacy Policy and consent to our data practices set forth herein.
Changes to the Privacy Policy and Your Duty to Inform Us of Changes
We review and update our Privacy Policy from time to time. Please refer to the effective date at the top to determine when the most recent version took effect. Your continued use of our Services or Site after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes.
Third-Party Services
Some of our Sites and Services may utilize or include links to third-party websites, plug-ins, products, or services (“Third-Party Services”). Visiting or using Third-Party Services may allow third parties to collect or share information about you in accordance with their responsibility for their privacy and data security practices. Except in very limited circumstances, we do not control Third-Party Services and are not responsible for their privacy and data security practices. Further, links to Third-Party Services are not an endorsement or recommendation of such Third-Party Services. We encourage you to read the privacy notice of every Third-Party Service you visit or use.

2. The information we collect about you

Personal information is a broad term which includes information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include data where the identity has been removed (de-identified data).
The definition of personal information includes the specific pieces of personal information which we have described below. Depending on whether and how you use our Services or Site, we may collect, use, store and transfer different kinds of personal information about you which we have grouped in categories as follows:
Category of Personal Information
Specific Pieces of Personal Information
Identity Data
  • full name,
  • maiden name,
  • last name,
  • username or similar identifier,
  • title,
  • date of birth and gender,
  • video and voice recordings,
  • national identity cards, passports, driving licenses or other forms of identification documents.
  • Biometric Data
  • biometric identifiers, including a scan of your face geometry and related information, derived from one or more visual images of your face (e.g., from a selfie photo you provide and/or from photo identification documents that you upload),
  • biometric information based on biometric identifiers.
Social Identity Data
  • your group/company data,
  • information on referrals related to you,
  • political background,
  • close connections,
  • behavioral data,
  • risk assessment,
  • compliance assessment.
Contact Data
  • residence details,
  • billing address,
  • delivery address,
  • home address,
  • work address,
  • email address and telephone numbers,
  • proof of address documentation.
Financial Data
  • bank account,
  • payment card details,
  • virtual currency accounts,
  • stored value accounts,
  • amounts associated with accounts,
  • external account details,
  • source of funds and related documentation.
Transactional Data
  • details about payments to and from you,
  • other details of any transactions you enter into using the Services or Site or App.
Investment Data
  • information about your:
  • investment objectives,
  • investment experience,
  • prior investments.
Technical Data
  • internet connectivity data,
  • internet protocol (IP) address,
  • operator and carrier data,
  • login data,
  • browser type and version,
  • device type, category and model,
  • time zone setting and location data,
  • language data,
  • application version and SDK version,
  • browser plug-in types and versions,
  • operating system and platform,
  • diagnostics data such as crash logs and any other data we collect for the purposes of measuring technical diagnostics, and
  • other information stored on or available regarding the devices you allow us access to when you visit the Site, or use the Services or the App.
Profile Data
  • your username and password,
  • your identification number as our user,
  • information on whether you have Crypto.com account and the email associated with your accounts,
  • requests by you for products or services,
  • your interests, preferences and feedback,
  • other information generated by you when you communicate with us, for example when you address a request to our customer support.
Usage Data
  • information about how you use the Site, the Services, mobile applications and other offerings made available by us, including:
  • device download time,
  • install time,
  • interaction type and time,
  • event time, name, and source.
Marketing and Communications Data
  • your preferences in receiving marketing from us or third parties
  • your communication preferences,
  • your survey responses.
Certain personal information may be sensitive and used only in accordance with applicable law.
Biometric Data
We collect certain biometric data (e.g., visual image of you from a selfie photo and/or a photo identification document, from which we derive face scan information – face geometry and related information), which we use, in conjunction with our sub-contractors (such as identity verification technology vendors), to verify your identity for onboarding purposes and/or to authorize certain transactions or activities.
We collect such biometric data for the purpose of providing to you, in a manner consistent with compliance requirements and applicable law (including but not limited to AML and KYC compliance and applicable biometric data privacy laws, such as the Illinois Biometric Information Privacy Act), the products and services to which you request access. Due to the nature of such compliance and legal obligations, the purpose for which we initially request such biometric information from you may be ongoing, recurring, and/or indefinite for as long as you maintain an account with us.
See Addendum 1 – Biometric Information Privacy Policy.
Aggregate, De-identified, and Anonymized Information
We may also collect, use, and share information that has been anonymized or de-identified, including statistical or demographic data, for any purpose (“Aggregate Consumer Information”). For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregate Consumer Information with your personal information so that it can directly or indirectly identify you, we treat the combined data as Personal Information pursuant to applicable law.
If You Refuse to Provide Personal Information
Where we need to collect personal information by law, or under the terms of a contract we have with you, and you refuse to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you, including the ability to offer or provide or continue to provide Services or other functionality.

3. How is your personal information collected

We use different methods to collect information from and about you including through:
Direct interactions. You may give us your Identity Data, Social Identity Data, Contact Data, Financial Data, Profile Data and Marketing and Communications Data by directly interacting with us, including by filling in forms, providing a visual image of yourself via the Services, by email, through the Crypto.com mobile application or otherwise. This includes personal information you provide when you:
  • Visit the Site
  • Apply for, access or attempt to access the Services
  • Create or modify an account
  • Subscribe to our publications
  • Use any of the Services
  • Request marketing to be sent to you
  • Enter a competition, promotion or survey, including through social media channels
  • Give us feedback or contact us
Automated technologies or interactions. As you interact with us via our Site, we will automatically collect Technical Data about your equipment, browsing actions, activity, and patterns. We collect this data by using cookies, server logs, and other similar technologies. We will also collect Transactional Data, Investment Data and Usage Data. We may also receive Technical Data and Marketing and Communications Data about you if you visit other websites employing our cookies. You may find more information about how we use cookies and make adjustments to certain preferences through the Cookie Preferences section available on the Site.
Third parties or publicly available sources. We also obtain information about you, including Social Identity Data from third parties or publicly available sources. These sources may include:
  • Fraud and crime prevention agencies
  • Credit bureaus
  • Customer referring you
  • Public blockchains
  • Marketing partners and analytics providers
  • Other publicly available databases and information
  • Third-Party Services

4. How we use your personal information

We will only use your Personal Information in accordance with applicable law and in accordance with this Privacy Policy. For the most part, we will use your Personal Information in the following ways:
  • To provide Services
  • When necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • To comply with a legal obligation
  • For business purposes and in accordance with this Privacy Policy
  • When you use our Services, our authorized partners may collect categories of personal information about you and use this data for their own purposes. This activity may qualify as a sale under the California Consumer Privacy Act (“CCPA”). Under the CCPA, you can make choices to allow or prevent such uses.
Purposes for which we will use your personal information
We have set out below an illustrative example of the common ways we may use your Personal Information:
  • To register you as a new customer
  • To carry out and comply with legal and compliance obligations
  • To process and deliver the Services and any features and functionality
  • To prevent abuse of our Services, Site, and promotions
  • To manage our relationship with you which will include notifying you about certain changes to our terms or Privacy Policy, asking you to leave a review, take a survey or keeping you informed of our business and product development
  • To keep our records updated and to evaluate how customers use our products/services
  • To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to use
  • To ensure proper management of our payments, fees and charges and collection and recovery of payments owned to us
  • To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and response to complaints and resolving them
  • To enable you to partake in a prize draw, competition or complete a survey
  • To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business
  • To administer and protect our business, the Site, and social media channels including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data
  • To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
  • To make suggestions and recommendations to you about goods or services that may be of interest to you
  • To use the services of social media platforms or advertising platforms some of which will use the personal information they receive for their own purposes, including marketing purposes
  • To record voice calls and other conversations for compliance, quality assurance, and training purposes
Marketing
We strive to provide you with choices regarding certain Personal Information uses, particularly around marketing and advertising.
Promotional Offers From Us
We may use your Personal Information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you. You may receive marketing communications from us if you have requested information from us or used the Services and have not opted out of receiving that marketing.
Use of AI Technology
We may process your Personal Information using internal and third-party AI tools to improve the efficiency, quality, and speed of our business processes.  For example, we may use AI-assisted tools to help perform sanctions screening during KYC and account onboarding.  We do not use AI tools for profiling purposes or automated, AI-autonomous decision-making.
To the extent we use third-party AI tools, such use and sharing of Personal Information are done in accordance with this Privacy Policy.  See Disclosures of Your Personal Information and GLBA Consumer Privacy Notice.
Opting Out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you. Further, you can let us know directly that you prefer not to receive any marketing messages by emailing [email protected].
When you opt-out of receiving these marketing messages, this will not apply to service messages which are directly related to use of our Services (e.g. change in the terms and conditions or this Privacy Policy).
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Site may become inaccessible or not function properly. For more information about the cookies we use, please review the Cookie Preferences available on the Site.
Sale or Transfer of Business
We may need to process your Personal Information in connection with or during the negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding involving all or a part of our shares, business or assets.

5. Disclosures of Your Personal Information

We may share your Personal Information with our third-party service providers, agents, subcontractors, and other associated organizations, our group companies and affiliates in order to complete tasks, provide the Services, and use of the Crypto.com mobile application to you on our behalf, and otherwise fulfill our obligations. When using third-party service providers, we request they respect the security of your Personal Information and treat it in accordance with the law.
We may share your Personal Information and other data you provide to us for the following purposes:
  • To verify your identity.
  • To detect and prevent fraud, money laundering, terrorist financing, and other financial crimes and illicit activities.
  • To facilitate the provision of services and relevant business operations to support our delivery of the Services and related aspects to you.
  • To improve our information, technology, and security systems including websites and mobile applications.
  • To provide customer service.
  • To promote our Services if you submit a product review or post content on public areas of our Services, or social media accounts.
  • To transfer our rights and duties under the relevant terms and conditions governing the use of any Services (to the extent allowed).
  • To comply, in our belief, with a legal request or to protect or enforce our rights, including to comply with an applicable law or regulation, or in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability, and to protect the rights, property, and safety of us or others.
  • To evaluate, effectuate, or otherwise transfer your personal information as part of a proposed or actual sale, merger, restructuring, transfer, or exchange of all or a portion of our assets to another company.
The categories of third parties with whom we may share your personal information for the purposes listed above include:
  • Companies and organizations that assist us in processing, verifying or refunding transactions or orders
  • Identity verification agencies
  • Fraud or crime prevention agencies
  • Anyone to whom we lawfully transfer or may transfer our rights and duties under the relevant terms and conditions governing the use of any of the Services
  • Any third party because of any restructure, sale or acquisition of our group or any affiliates
  • Regulatory and law enforcement authorities, where the law allows or requires us to do so
We disclose Personal Information to third parties only in accordance with applicable law.

6. Personal Information Security

While there is an inherent risk in any information being shared over the internet, we have put in place commercially reasonable security measures to prevent your Personal Information from being accidentally lost, used, damaged, or accessed in an unauthorized or unlawful way, altered, or disclosed. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a legitimate business need to know. They will only process your Personal Information on our instructions. You are also responsible for taking reasonable steps to protect your information against unauthorized disclosure or misuse such as by maintaining the confidentiality of your Personal Information.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a qualifying breach when required.
If you want to know more about our security practice, please visit this link.

7. Personal Information retention

How long will you use my personal information for?
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Here are some exemplary factors which we usually consider when determining how long we need to retain your Personal Information and data:
  • if we are dealing with a complaint;
  • if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims, the respective personal information (e.g., email addresses and content, chats, letters) will be kept in accordance with the statutory limitation period applicable following the end of our relationship;
  • to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal information, including relevant sanctions regimes:
    • under the Bank Secrecy Act and its related statutes we are obliged to retain your Personal Information for a period of at least 5 years after the end of our relationship;
  • information needed for audit purposes;
  • in accordance with relevant industry standards or guidelines;
  • in accordance with our legitimate business need to prevent abuse of the promotions that we launch. We will retain a customer’s personal information for the time of the promotion and for a certain period after its end to prevent the appearance of abusive behavior.
Illinois Residents – Biometric Information Privacy Act Disclosure
Unless otherwise required by an order from a court of competent jurisdiction or applicable law, if you are an Illinois resident, we may retain your biometric identifiers and biometric information until the earlier of (i) the initial purposes for collecting or obtaining such identifiers or information, including the purposes identified above, have been satisfied, or (ii) for three (3) years following your last interaction with us, whichever occurs first. As set forth in the “Biometric Information” section above, due to the nature of the compliance and legal obligations with which we must comply in order to provide certain services or products to you, the purpose for which we initially request biometric information from you may be ongoing, recurring, and/or indefinite for as long as you maintain an account with us.
See Addendum 1 – Biometric Information Privacy Policy.
Please note that under certain conditions, you can ask us to delete your Personal Information.

8. Your legal rights

Under certain circumstances, you may have certain rights in relation to your Personal Information:
  • Right to know about Personal Information collected, and how it is used and disclosed.
  • Right to request correction of certain Personal Information.
  • Right to request deletion of certain Personal Information.
  • Right to opt-out of the sharing of certain Personal Information.
If you wish to exercise any of the rights set out above or if you want to raise a question, complaint or a concern about our privacy policy and practices, please contact us at [email protected]. You may also contact us at our toll-free telephone number, +1 888-959-8091, or via mail at the physical address first listed above.
When allowed by applicable law and required, we will take steps to disclose and deliver to you, free of charge, your Personal Information accordingly. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you are a California resident, you also have the right to know about Personal Information sold. In addition, you may also opt out of the sale of your personal information by clicking on the “Do Not Sell/Share My Personal Information” link here.
If you are a California resident, please also note that some of your Personal Information is subject to the Gramm-Leach-Bliley Act. Information we collect for the purposes of complying with the GLBA and its implementing regulations is not covered by the CCPA (and therefore may not be subject to deletion requests). However, other Personal Information of yours could still be subject to the CCPA.
Non-Discrimination
You will not receive a discriminatory treatment if you choose to exercise any of the rights conferred to you above.
If you want to make a request under the CCPA through a natural person or a business entity authorized to act on your behalf, please beforehand contact us and in a timely manner we will provide you with a reply on how to designate such a person.

9. Children's Privacy

Crypto.com respects the privacy of children, and we are committed to complying with the Children’s Online Privacy Protection Act (herein called “COPPA”). We do not knowingly collect Personal Information from children under the age of thirteen (13). If you are a parent or guardian and you are aware that your child under the age of 13 has provided us with personally identifiable information, please contact us. If we become aware that we have collected personally identifiable information from children without verification of parental consent, we take steps to remove that information from our servers.

10. Notice to California Residents

This section supplements the information above and applies solely to California residents who use our Sites and Services.
Personal Information Collected and Disclosed
We collect and share personal information that is identified below in addition to the information identified above. The following table describes the collection, use, and sharing of personal information collected by us or our service providers within the last twelve (12) months. For a detailed description of the data included in each category, see Section 2. Personal Information We Collect.
Categories of personal information collected
Sources of information; purposes of processing
Parties to whom data has been disclosed or shared
    Identity Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification and Fraud prevention services; Financial services;
    Identity Data (Biometric Data)
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification and Fraud prevention services;
    Social Identity Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification and Fraud prevention services
    Contact Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification services
    Financial Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification and Fraud prevention services; Financial services;
    Transactional Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification and Fraud prevention services; Financial services;
    Investment Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement;
    Technical Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement; Identity Verification services; Financial services;
    Profile Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement;
    Usage Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement;
    Marketing and Communications Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement;
    Employment Data
    Section 4. How We Use Your Personal Information Subsections 1, 6, 8
    Regulatory and law enforcement;
Opting Out of the Sale/Sharing of Your Personal Information
If you are a California resident, you have the right to know about the sale of your personal information and the right to opt out of the sale of your personal information. When you use our Services, our authorized partners may collect categories of personal information about you and use this data for their own purposes. This activity may qualify as a sale under the California Consumer Privacy Act. To exercise your right to opt out, click on this “Do Not Sell or Share My Personal Information“ link.
Exercising Your Rights as a California Consumer
You may request that we:
  • Provide you with the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
  • Correct your personal information that is inaccurate.
  • Provide access to and/or a copy of certain information we hold about you.
  • Delete certain information we have about you.
If you wish to make a request under the CCPA through a natural person or business entity authorized to act on your behalf, please contact us in a timely manner beforehand and we will provide you with information about how to designate such a person.
To exercise any of the above rights, please contact us at [email protected]. You may also contact us at our toll-free telephone number, +1 (888) 959-8091 or at: 110 N. College Ave, STE 500, Tyler, Texas 75702.
Complying with your request to exercise any of the rights above may require us to verify your identity. Any personal information we collect for this purpose will be used only for the purpose of verification or as otherwise required by law.
Please note that some of your personal information is subject to the Gramm-Leach-Bliley Act. Information we collect for the purposes of complying with the GLBA and its implementing regulations is not covered by California law and therefore may not be subject to deletion requests. You will not receive discriminatory treatment if you choose to exercise any of the rights described in this Privacy Policy.

11. GLBA Consumer Privacy Notice

Please see our GLBA Consumer Privacy Notice below for disclosures under the Gramm-Leach Bliley Act.
FACTS
WHAT DOES CRYPTO.COM DO WITH YOUR INFORMATION?
    Why?
    Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
    What?
    The types of personal information we collect, and share depend on the product or service you have with us. This information can include:
  • Social Security Number and Date of Birth
  • Financial Data and Transactional Data
  • Technical Data and Usage Data
    How?
    All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Crypto.com chooses to share; and whether you can limit this sharing.
Reasons We Can Share Your Personal Information
Does Crypto.com Share?
Can You Limit This Sharing?
For our everyday business purposes
    Yes, to conduct our business activities, we share information with our carefully selected business partners which process the shared information under strict contractual obligations. We also may share information with official authorities if an applicable law requires us to do so.
    Limiting this sharing would depend on the circumstances surrounding the specific processing.
For our marketing purposes –
    Yes, we use digital platforms as a service to run our marketing campaigns. This is not third-party marketing.
    Yes, you can opt-out of receiving marketing messages.
For joint marketing with other financial companies
    Yes, we may conduct joint marketing with other financial companies for jointly-offered products or services.
    Yes, but limiting sharing would amount to account closure as the said sharing is intrinsically related to the provision of certain Services.
For our affiliates’ everyday business purposes
    Yes, to conduct our business activities, we share information with our affiliates.
    Yes, but limiting sharing would amount to account closure as the said sharing is intrinsically related to the provision of our Services.
For our affiliates’ everyday business purposes
    Yes, to conduct our business activities, we share information with our affiliates.
    Yes, but limiting sharing would amount to account closure as the said sharing is intrinsically related to the provision of our Services.
For our affiliates to market to you
    Yes, our affiliates can market to you.
    Yes, you can opt-out of receiving marketing messages.
For nonaffiliates to market to you
    We do not share information with nonaffiliates for marketing purposes.
    We do not share information with nonaffiliates for marketing purposes.
To Limit Our Sharing
    Call 1-888-959-8091, contact us at [email protected], or visit us online at https://crypto.com/us/privacy.
    Please note: If you are a new customer, we can begin sharing information once you have been onboarded. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
Questions
    Call 1-888-959-8091, contact us at [email protected], or visit us online at https://crypto.com/us/privacy.
Who We Are
Who is providing this notice?
    This privacy notice is provided by Crypto.com and is applicable to your use of its U.S. Services and Sites.
What We Do
How does Crypto.com protect my personal information?
    To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Crypto.com collect my personal information?
    We collect your personal information, for example, when you:
  • Visit our Sites or apply for our Services
  • Subscribe to publications or request marketing materials
  • Give us feedback
Why can’t I limit all sharing?
    Federal law gives you the right to limit only:
  • Sharing for affiliates’ everyday business purposes – information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you
    • State laws and individual companies may give you additional rights to limit sharing.
What happens when I limit sharing for an account, I hold jointly with someone else?
    Currently we do not provide a feature which allows for holding an account jointly with someone else.
Definitions
Affiliates
    Companies related by common ownership or control. They can be financial and nonfinancial companies.
    Our affiliates include Foris DAX, Inc., Foris DAX Markets, Inc., Foris Services, Inc., Foris, Inc., Foris DAX Trust Company LLC, Foris DAX FCM, LLC, Foris Capital US, LLC, and certain other companies with a ‘Foris’ name with which we share common ownership or control.
Nonaffiliates
    Companies not related by common ownership or control. They can be financial or nonfinancial companies.
    Our nonaffiliates include service providers that perform services or functions on our behalf.
Joint marketing
    A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
Other Important Information
    Vermont Customers: We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.

12. USA Patriot Act

To help the government fight the funding of terrorism and money laundering activities, the USA Patriot Act, a US Federal law, requires all financial institutions to obtain, verify, and record information that identifies each person and each legal entity that opens an account. What this means for you: When you or your firm open an account, we will ask for some basic information that will allow us to identify you.
If you are opening an account on behalf of a business entity, documents relating to its formation, existence and authority may also be requested.

ADDENDUM 1 – Crypto.com U.S. Biometric Information Privacy Policy

Last Update: June 11, 2024
This Biometric Information Privacy Policy (this “Policy”) is an addendum to the Crypto.com – U.S. Privacy Policy (the “Privacy Policy”) and is applicable to users residing in the United States of America.
In addition to the information we’ve provided to you in our Privacy Policy, we want to help you better understand how Crypto.com collects and treats biometric information. Crypto.com cares about the security of your personal information and seeks to protect you and us against fraud. Where permitted by law, Crypto.com and certain of our service providers use ID scanning and facial recognition technology to verify your identity and safeguard personal information as part of our security, compliance, and fraud prevention efforts. This notice more specifically describes our collection and use of biometric data.
Biometric Data
When we refer to “biometric data,” we mean information about your physical or biological characteristics (sometimes called “biometric identifiers”) that identify you. Information like face scans may be considered biometric data if they are used to identify you by technical means. The definitions of biometric data vary under different states’ laws. For example, some states’ biometric laws don’t apply to driver’s license photos. Photos of you are not necessarily biometric data, but biometric data can be made or derived from processing the photo using certain technology.
As used in this policy, “biometric data” includes “biometric identifiers” and “biometric information”. “Biometric identifier” includes a scan of your face geometry. Biometric identifiers do not include physical descriptions that may appear on your identification documents such as height, weight, hair color, or eye color. “Biometric information” means any information based on an individual’s biometric identifier used to identify an individual by technical means.
Information Collected
When you consent to Crypto.com’s use of your biometric data, Crypto.com (or service providers, such as identification verification technology vendors, working on our behalf) collects face scan information—face geometry information and related information—necessary to accomplish the purposes stated in this Policy, at points of collection, and/or in our Privacy Policy. Crypto.com does not collect, use, store, or disclose your biometric data without your consent.
Purposes
We use your biometric data to verify or authenticate your identity, to detect and prevent fraud, and in furtherance of compliance with applicable anti-money laundering, “know your customer”, and sanctions screening obligations. Subject to the storage and retention guidelines below, we store and use your biometric data for these purposes for the duration of your engagement with us or as otherwise permitted by law.
Disclosure of Biometric Data
Unless otherwise required by law, your biometric data is accessible only to us and our service providers, which process your data only on our behalf to accomplish the purposes above. We do not share biometric data with any other third parties unless required by law. We do not sell, lease, trade or otherwise profit from your biometric data. We may disclose your biometric data to our authorized service providers or other third parties if:
You or your authorized representative consent to the disclosure (for example, by completing the identity verification process during onboarding or at other applicable points of collection using a photo of yourself and a phot ID);
  • the disclosure completes a financial transaction requested or authorized by you or your authorized representative;
  • the disclosure is required pursuant to a valid warrant, subpoena, or court order issued by a court of competent jurisdiction; or
  • the disclosure is required by law.
Retention and Storage
Crypto.com will collect, store, transmit, and protect your biometric data using a reasonable standard of care that is at least as protective as the way Crypto.com collects, stores, transmits, and protects other confidential and sensitive personal information.
Unless otherwise required by an order from a court of competent jurisdiction or applicable law, Crypto.com will only retain biometric data until: (i) the initial purpose for collecting the biometric data has been satisfied, or (ii) for three (3) years following your last interaction with Crypto.com, whichever occurs first, unless legally required to keep it for a different period. As set forth in the Privacy Policy, due to the nature of the compliance and legal obligations with which we must comply in order to provide certain services or products to you, the purpose for which we initially request biometric information from you may be ongoing, recurring, and/or indefinite for as long as you maintain an account with us.
For any questions regarding Crypto.com’s use of biometric data or other privacy inquiries, please submit a request to our privacy team.

ADDENDUM 2 – Customers of Foris DAX FCM, LLC

Last Update: December 19, 2024
This Addendum applies to customers of Foris DAX FCM, LLC (the “FCM”), insofar as their relationship with the FCM is concerned.  In the event of any conflict between this Addendum and other parts of this Privacy Policy, this Addendum governs solely with respect to your relationship with the FCM and your personal information pertaining to such relationship.
Pursuant to the CFTC’s Business Affiliate Marketing Rules (17 C.F.R. §162), institutions are required to provide customers with notice that they can request that the FCM block certain CFTC-regulated entities from soliciting the consumer based on certain financial information, such as transaction information.
Additionally, the FCM and other CFTC-regulated entities that possess or maintain consumer report information in connection with their business activities must develop and implement written policies and procedures for the proper disposal of such information.
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so. To exercise any of these rights, please contact us using the contact details set forth in this Privacy Policy.
If you decide to close your account(s) or become an inactive customer, we will adhere to the privacy policies and practices as described in this Privacy Policy. The FCM will treat personal information collected under prior policies, in the manner described in this Privacy Policy.
We maintain physical, electronic and procedural safeguards to protect your personal information. The FCM has implemented written desk procedures that detail the administrative, technical and physical safeguards that protect FCM customer records and information. These procedures have been designed to keep customer records secure and confidential.
Additionally, the FCM’s site utilizes various information security measures such as secured files and buildings, internet firewalls, an intrusion detection system, encrypted data transmission, and operating procedures to protect your personal information.  Although the FCM takes these measures, attacks by hackers and other unpreventable circumstances may compromise the security of your personal information. The FCM will notify, via email, customers, former customers, vendors, and potentially impacted third parties, such as clearing firms, should a suspected or actual data breach occur.
The CFTC’s “Red Flags” Rules (17 C.F.R. §162) requires the FCM to implement a written identity theft prevention program designed to detect, thwart, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. Thus, pursuant to this requirement, the FCM has a written identity theft prevention program designed to:
  • Detect and identify red flags, for example, a suspicious change of address;
  • Respond to the red flags to prevent and mitigate identity theft;
  • Regularly review and update the program to reflect changes in risks to customers and changes in business operations;
  • Require approval by the board of directors or an appropriate committee; and
  • Ensure employee training.

ADDENDUM 3 – Customers of Foris Capital US, LLC

Last Update: 18 March, 2025
This Addendum applies to customers of Foris Capital US, LLC (“Foris Capital”), insofar as their relationship with Foris Capital is concerned.  In the event of any conflict between this Addendum and other parts of this Privacy Policy, this Addendum governs solely with respect to your relationship with Foris Capital and your personal information pertaining to such relationship.
Affiliate Marketing Opt-Out
You have the ability to limit the use of certain information we share with our affiliates for marketing purposes.  You can limit Foris Capital’s affiliates from using your “eligibility information” (such as information about your transactions and experiences with us) to market their products or services directly to you.  These limits apply only to marketing solicitations.  They do not apply to everyday business communications or to other information sharing not prohibited by law.  For information about how to opt out, please see Section 8 (Your Legal Rights).
You agree that we can share information about your transactions and experiences with Foris DAX, Inc. d/b/a Crypto.com and our other affiliates for the everyday business purposes of such affiliates. We do not disclose any non-public information about our current or former customers to any non-affiliates, except as permitted by law or in order to provide the current services. We do not disclose information related to creditworthiness with any other parties, including affiliates.
Identity Theft Prevention
In compliance with the “Red Flags” rules under Regulation S-ID, we implement a written identity theft prevention program designed to detect, thwart, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. Our written identity theft prevention program is designed to:
  • Detect and identify red flags, for example, a suspicious change of address;
  • Respond to the red flags to prevent and mitigate identity theft;
  • Regularly review and update the program to reflect changes in risks to customers and changes in business operations;
  • Require approval by the board of directors or an appropriate committee; and
  • Ensure employee training.
Safeguarding Your Information
We maintain physical, electronic, and procedural safeguards to protect your personal information. Foris Capital has implemented written policies and procedures that detail the administrative, technical, and physical safeguards that protect Foris Capital customer records and information. These procedures have been designed to keep customer records secure and confidential by preventing unauthorized access to your data, protecting against anticipated threats to the security or confidentiality of your information, and ensuring proper handling and disposal of your information in compliance with regulatory requirements.
Disposal of Your Information
We ensure the proper and secure disposal of documents and electronic files that contain nonpublic personal information.  We use secure shredding, deletion, erasure, and destruction techniques to prevent unauthorized access to discarded information.  If you decide to close your account or become an inactive customer, we will adhere to the privacy policies and practices as described in this Privacy Policy.