Privacy and Data Protection Policy

Version 2.0 – Revision Date: April 8, 2026

Article 1: Identification of the Data Controller and DPO

The company Swap Inomax Opt (hereinafter "the Platform"), with its registered office at Business Center George V, 10 Avenue George V, 75008 Paris, France, acts as the Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR). For any questions regarding the integrity of your personal data, a Data Protection Officer (DPO) can be reached at: [email protected].

Article 2: Categories of Data Collected (Minimization)

As part of operating its data exchange and optimization services, Swap Inomax Opt collects the following categories:

Identity Data

Name, first names, date of birth, nationality, and certified copy of official identity documents (KYC).

Contact Information

Verified email address, active mobile phone number, residential address, and proof of address.

Technical Data

IP addresses, device identifiers, browsing data, connection logs, and interaction metadata.

Compliance Data

Origin of funds, wallet addresses, and data necessary for compliance with AML/CFT regulations.

Article 3: Legal Bases and Purposes of Processing

The processing of your data is carried out on the legal bases provided by Art. 6 of the GDPR:

Contract Performance: Account infrastructure management and the provision of Swap/Optimization services.
Compliance with Legal Obligations: Compliance with French financial regulations and the directives of the AMF and Tracfin.
Legitimate Interest: Securing the platform against cyberattacks, fraud prevention, and technical improvement of algorithms.
Consent: For sending analytical reports, personalized offers, and using cookie files.

Article 4: Data Security and Encryption

Swap Inomax Opt implements institutional-grade security protocols:

AES-256 Encryption: For storing all data at rest.
TLS 1.3 Transport: Systematic encryption of data flows between the User and our servers.
Storage Architecture: Hosting on secure servers located exclusively within the European Economic Area (EEA).

Article 5: Retention Period and Archiving

Active Data: For the entire duration of the contractual relationship.
Regulatory Archives: Kept for a period of five (5) years after account closure, in accordance with the obligations of the Monetary and Financial Code.
Cookies: Maximum lifespan of 13 months in accordance with CNIL directives.

Article 6: Exercise of Your Rights

In accordance with the GDPR, you have the rights of access, rectification, erasure ("right to be forgotten"), restriction, portability, and opposition. These rights can be exercised with our DPO at [email protected]. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).