Privacy Policy
Last updated: June 2026
Overview
Gryllex collects only the data necessary to operate a regulated custodial exchange, prevent fraud, and comply with applicable financial regulations. We do not sell your personal information.
Data we collect
- Account data: name, email, phone number, password (hashed)
- Identity data (KYC): date of birth, address, occupation, government ID when required
- Transaction data: trades, deposits, withdrawals, transfers, payment orders
- Security data: device fingerprints, IP addresses, 2FA status, audit logs
Why we collect KYC data
Anti-money laundering (AML) and counter-terrorist financing laws require us to identify customers and monitor transactions. We use tiered verification so you can start with minimal data and provide more only when your activity requires higher limits.
How we use your data
- Process transactions and maintain your ledger balance
- Detect fraud, abuse, and sanctions violations
- Comply with legal requests from competent authorities
- Improve platform security and user experience
Data retention
Transaction and KYC records are retained for the period required by applicable law (typically 5–7 years after account closure). You may request account deletion subject to regulatory retention obligations.
Your rights
Depending on your jurisdiction, you may have rights to access, correct, or export your data. Contact privacy@gryllex.com. See also our Trust Center.