Legal

Privacy Policy

Effective date: 1 January 2025 Last updated: March 2025

Dextopus is a business-to-business infrastructure provider. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. We take data privacy seriously and only collect what we need to operate and improve our service.

1. Who This Policy Applies To

This Privacy Policy applies to integration partners: businesses, developers, and organisations that access the Dextopus API directly. It governs data we collect from you as an API user or business contact.

Dextopus does not have a direct relationship with the end users of products built on top of our API. If you are an end user of a product that uses Dextopus infrastructure, your data is primarily governed by the privacy policy of that product. Please contact that product directly with privacy questions.

2. Information We Collect

We collect information in the following categories:

Category	What we collect	Why we collect it
Contact information	Name, email address, company name, role	To communicate with integration partners and provide support
API usage data	Request logs, endpoint usage, error rates, volume metrics	To monitor service health, detect issues, and improve the API
Transaction metadata	Chain IDs, token addresses, transaction hashes, amounts, timestamps	To process transactions, resolve support issues, and maintain audit records
Technical data	IP addresses, request headers, integration patterns	To maintain security, prevent abuse, and debug integration issues
Communication data	Emails, support messages, partnership correspondence	To respond to enquiries and maintain our business relationship

We do not collect sensitive personal data such as government identification numbers, biometric data, or financial account credentials. Wallet addresses processed through the API are pseudonymous and treated as technical identifiers, not personal data.

3. How We Use Your Information

We use the information we collect to:

Operate, maintain, and improve the Dextopus API and infrastructure
Process and settle cross-chain transactions initiated through the API
Provide technical support and respond to integration enquiries
Monitor for security threats, abuse, and policy violations
Communicate service updates, maintenance notices, and material changes to our terms
Comply with applicable legal and regulatory obligations
Conduct analytics to understand how the API is used and where improvements are needed

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing

Where applicable data protection law requires us to identify a legal basis for processing personal data, we rely on the following:

Contractual necessity: Processing required to provide you with the API service under our Terms and Conditions
Legitimate interests: Processing for security, fraud prevention, service improvement, and business communications, where these interests are not overridden by your rights
Legal obligation: Processing required to comply with applicable laws and regulatory requirements
Consent: Where we have asked for and received your explicit consent, such as for marketing communications

5. Data Sharing

We share data only where necessary to operate the service. This includes:

Infrastructure providers: Cloud hosting, database, and monitoring services that process data on our behalf under data processing agreements
Third-party protocols: Transaction data is necessarily shared with the bridge protocols, DEX aggregators, and blockchain networks involved in processing a transaction. These are public blockchains and decentralised protocols. Transactions on public blockchains are permanently public
Legal authorities: Where required by applicable law, court order, or regulatory demand
Business transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred as part of that transaction, subject to equivalent privacy protections

We do not share your data with third parties for their own marketing or commercial purposes.

6. Blockchain Data

Cross-chain transactions processed through the Dextopus API are recorded on public blockchains. Blockchain data is permanent and publicly accessible by design. This includes transaction hashes, wallet addresses, amounts, and timestamps.

Dextopus cannot delete or modify data recorded on a blockchain. If you have concerns about on-chain data, please be aware of this before initiating transactions. We recommend reviewing the public nature of blockchain data with your own users before they transact.

7. Data Retention

We retain data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:

API request and transaction logs: up to 24 months for operational and support purposes
Contact and communication data: for the duration of the business relationship and up to 3 years after it ends
Legal and compliance records: as required by applicable law, typically 5 to 7 years

When data is no longer needed, we delete or anonymise it securely.

8. Your Rights

Depending on your location and applicable data protection law, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data, subject to legal retention requirements
Object to or restrict certain processing activities
Request a copy of your data in a portable format
Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@dextopus.com. We will respond within the timeframe required by applicable law, typically within 30 days.

Note that some rights may be limited where we have a legitimate legal basis for continued processing, or where the data in question is recorded on a public blockchain and is therefore beyond our control.

9. Security

We implement appropriate technical and organisational measures to protect the data we hold against unauthorised access, loss, alteration, or disclosure. These include access controls, encryption in transit and at rest, monitoring, and regular security reviews.

No system is entirely secure. If you believe there has been a security incident involving Dextopus or your integration, contact us immediately at security@dextopus.com. Security reports are treated as a priority and responded to within 4 hours.

10. International Data Transfers

Dextopus operates globally and may process or store data in jurisdictions outside your own. Where we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place in accordance with applicable data protection law, including the use of standard contractual clauses where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will make reasonable efforts to notify active integration partners. Continued use of the Dextopus API after changes take effect constitutes acceptance of the updated policy.

Privacy enquiries

For any questions about this Privacy Policy or how we handle your data, contact our privacy team at privacy@dextopus.com. For general enquiries, reach us at partnerships@dextopus.com.