Privacy policy

Preamble

This Privacy Policy ("Policy") describes how DexRailsand its operator ("we," "us," or "our") collect, use, disclose, and safeguard personal data in connection with the DexRailswebsites, applications, and services (the "Service"). By using the Service, you acknowledge this Policy. Capitalized terms used in this Policy and not defined here have the meaning given in the Terms of Service.

ARTICLE I — Data controller and contact

1.1 Controller. The entity identified as operator ofDexRails acts as the data controller for personal data processed through the Service, except where we process data solely on behalf of another controller under a written agreement.

1.2 Contact. For privacy inquiries, use the support or contact channel published in the Service. We may request information to verify your identity before fulfilling rights requests.

ARTICLE II — Categories of personal data

We may process the following categories, depending on how you use the Service:

• Account and identity data: name, email address, authentication identifiers, profile preferences.
• Technical data: IP address, device type, browser type, approximate location derived from IP, logs, timestamps, crash diagnostics.
• Usage data: feature interactions, settings, in-app events, aggregated analytics.
• Trading configuration metadata: non-secret descriptors of strategies, pairs, and limits you configure (secrets themselves should be stored using our designated secret mechanisms).
• Support communications: content you send when you contact us.

We do not intentionally collect special categories of data (such as health data). Please do not submit such information through support tickets or free-text fields.

ARTICLE III — Purposes and legal bases (EEA / UK reference)

We process personal data for purposes that may include:

• Service delivery — account creation, authentication, syncing settings, providing core functionality. Legal bases (where GDPR/UK GDPR applies): performance of a contract; legitimate interests in operating a secure service.
• Security and abuse prevention — fraud detection, rate limits, integrity monitoring. Legal bases: legitimate interests; legal obligations where applicable.
• Analytics and product improvement — understanding usage patterns in aggregated form. Legal bases: legitimate interests; consent where required for non-essential cookies or similar technologies.
• Legal compliance — responding to lawful requests, enforcing our Terms, protecting rights. Legal bases: legal obligation; legitimate interests.
• Marketing — only where permitted and, where required, with your consent.

ARTICLE IV — Retention

We retain personal data only as long as necessary for the purposes above, including to comply with law, resolve disputes, and enforce agreements. Retention periods vary by data category and may be tied to the life of your account plus a reasonable cooling-off period, unless a longer period is required by law.

ARTICLE V — Sharing and subprocessors

We may share personal data with service providers that host infrastructure, send email, process payments, or provide analytics, subject to contractual confidentiality and security obligations. We may disclose information if required by law or to protect the rights, safety, or security of users, the public, or the Service.

A non-exhaustive list of categories of recipients appears in Appendix A.

ARTICLE VI — International transfers

If you access the Service from outside the country where our servers or subprocessors are located, your data may be transferred across borders. Where required, we implement appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

ARTICLE VII — Your rights

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, or port your personal data, and to object to certain processing. You may withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority. To exercise rights, contact us through the Service; we will respond within timelines required by applicable law.

ARTICLE VIII — Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit where standard for the Service, access controls, and vendor review. No method of transmission or storage is completely secure; you use the Service at your own risk as further described in our Disclaimer.

ARTICLE IX — Children

The Service is not directed to individuals below the age of digital consent in their jurisdiction. We do not knowingly collect personal data from children.

ARTICLE X — Changes to this Policy

We may update this Policy by posting a revised version and updating the "Last updated" date. Material changes may be communicated through the Service or email where appropriate.