Privacy Policy

Dear CoinQ Users,

CoinQ Exchange (hereinafter referred to as "CoinQ" or "we") respects and protects the privacy of users (hereinafter referred to as "you" or "users"). When you use CoinQ, CoinQ will collect and use your personal information in accordance with this Privacy Policy (hereinafter referred to as "this Policy").

CoinQ recommends that you carefully read and understand all the contents of this Policy before using our product (hereinafter referred to as "CoinQ"). Important information, including disclaimers, will be presented in bold. The definition of key terms in this Policy is consistent with the CoinQ Terms of Service.

This Policy may be updated online by CoinQ at any time. The updated Policy will replace the original one once published. If you do not accept the modified terms, please stop using CoinQ immediately. Your continued use of CoinQ will be deemed as your acceptance of the modified Policy. The modified Policy will become automatically effective immediately upon publication on CoinQ.

You acknowledge that this Policy and other relevant provisions apply to CoinQ and the App owned by CoinQ.

I. What Information We Collect

Please be aware that we collect your information for the purpose of meeting your needs when using CoinQ services, and we attach great importance to protecting your privacy. When collecting your information, we strictly adhere to the principles of "lawfulness, legitimacy, and necessity". You acknowledge that if you do not provide the information required for our services, your service experience on CoinQ may be affected accordingly.

We will collect your mobile device information, operation records, transaction records, transaction addresses, and other personal information.

To meet your specific service needs, we will collect your name, mobile phone number, email address, and other information.

To meet the requirements of legal real-name (KYC) identity verification, liveness detection, anti-fraud, and compliance obligations, when you use specific services (such as increasing trading limits, conducting fiat currency transactions, etc.), we will collect your facial geometry scan, selfie photos, identity document photos, and liveness detection short videos, as well as other facial recognition information and identity certification information. We will only collect the above sensitive personal information based on the purposes stated in this Policy after obtaining your explicit authorization.

You acknowledge that: your account password, private key, mnemonic phrase, and Keystore on CoinQ are not stored or synchronized to CoinQ servers. CoinQ does not provide services to retrieve your account password, private key, mnemonic phrase, or Keystore.

In addition to the above, you acknowledge that when you use specific functions of CoinQ, we will give you a special notice before collecting your personal information and may request additional personal information from you. If you choose not to agree, you will be deemed to have waived the use of that specific function of CoinQ.

When you jump to a third-party DApp, the third-party DApp will collect your personal information. CoinQ does not hold the personal information collected by third-party DApps.

To the extent permitted by laws and regulations, CoinQ may collect and use your personal information without obtaining your authorization or consent in the following circumstances:
(1) Related to national security and national defense;
(2) Related to public safety, public health, and major public interests;
(3) Related to criminal investigation, prosecution, trial, and enforcement of judgments;
(4) The personal information collected is information you have made public yourself;
(5) Collecting your personal information from legally and publicly disclosed information, such as legal news reports, government information disclosure, etc.;
(6) Necessary for maintaining the security and compliance of services, such as discovering and handling product and service faults;
(7) Other circumstances stipulated by laws and regulations.

The ways we collect information are as follows:
(1) Information you provide to us. For example, when you fill in your name, mobile phone number on the "Personal Center" page, or provide an email address when submitting feedback, or actively provide your selfie photos, identity document photos, and liveness detection short videos during identity verification, or when using our specific services, you additionally provide them to us.
(2) Information we obtain during your use of CoinQ, including your mobile device information and your operation records on CoinQ;
(3) We copy all or part of your transaction records through the blockchain system. However, the transaction records are subject to the records on the blockchain system.

II. How We Use Your Information

We use the unique serial number of your mobile device to confirm the correspondence between you and your trading account.

We will send you important notifications in a timely manner, such as software updates, changes to the Terms of Service and this Policy.

We provide you with the "Fingerprint Login" option in the "System Settings" of CoinQ, allowing you to manage your digital tokens conveniently and more securely.

We process the feedback you submit to us by collecting your public account address and the mobile device information you provide.

We will use the collected facial recognition information (including facial geometry scan, selfie photos, identity document photos, liveness detection short videos) for the following purposes:
(1) Complete the legal real-name (KYC) verification process to verify your identity authenticity;
(2) Perform liveness detection to prevent forgery attacks such as photos, videos, or masks;
(3) Conduct anti-fraud monitoring and risk control to ensure account security;
(4) Fulfill compliance obligations required by laws and regulations, such as anti-money laundering (AML) and counter-terrorist financing (CFT).

We collect your personal information for internal auditing, data analysis, and research at CoinQ, with a view to continuously improving our service level.

In accordance with the CoinQ Terms of Service and other relevant provisions of CoinQ, CoinQ will use user information to manage and process user behavior.

Requirements of laws, regulations, and cooperation with regulatory authorities.

III. How You Can Control Your Information

You have the following rights to control your personal information on CoinQ:

1. You acknowledge that you can modify your digital token types, make transfers and receive payments through the "Assets" section.
2. You acknowledge that in the "Profile" section of CoinQ, you are free to choose the following actions:
   (1) In the "Personal Center", you do not need to provide your name, mobile phone number, bank card information, etc., but when you use specific services, you need to provide the above information;
   (2) In "Submit Feedback", you can raise questions and suggestions for improvement about CoinQ at any time, and we will be very happy to communicate with you and actively improve our services.
3. You acknowledge that when we collect information from you for a specific purpose (including but not limited to facial recognition information collection), we will notify you in advance, and you have the right to refuse. At the same time, you acknowledge that if you choose to refuse to provide relevant information, it means you give up using the relevant services of CoinQ.
4. You acknowledge that neither you nor we have control over whether your transaction records are made public, because due to the open-source nature of the blockchain trading system, your transaction records are transparent and public throughout the blockchain system.
5. You acknowledge that when you use CoinQ's functions to jump to a third-party DApp, our Terms of Service and Privacy Policy will no longer apply. Regarding the control of your personal information on the third-party DApp, we recommend that you carefully read and understand its privacy rules and relevant user service agreements before using the third-party DApp.
6. You have the right to request that we update, correct, or delete your relevant information. For facial recognition information, your deletion request will be subject to the data retention period stipulated by laws and regulations (see Article V of this Policy).
7. You acknowledge that we may collect your information as required in Article I, paragraph 6 of this Policy without obtaining your authorization or consent.

IV. How We May Share or Transfer Your Information

The user personal information collected and generated by CoinQ will be stored on servers. If CoinQ indeed needs to transfer your personal information to other countries outside the region, we will obtain your authorization in advance, conduct cross-border data transmission in accordance with relevant laws, regulations, and policies, and fulfill our confidentiality obligations for your personal information.

Without your prior consent, CoinQ will not share or transfer your personal information to any third party, except in the following circumstances:
(1) Obtaining your explicit consent or authorization in advance;
(2) The personal information collected is information you have made public yourself;
(3) The personal information collected is obtained from legally and publicly disclosed information, such as legal news reports, government information disclosure, etc.;
(4) Sharing with CoinQ's affiliates. We will only share necessary user information and it will be subject to the purposes stated in this Privacy Policy;
(5) Providing information in accordance with applicable laws, regulations, legal procedures, requirements of administrative or judicial authorities;
(6) In the event of a merger or acquisition involving the transfer of personal information, CoinQ will require the recipient of the personal information to continue to be bound by this Policy.
(7) To achieve the KYC identity verification, liveness detection, and anti-fraud purposes described in this Policy, we will share your facial recognition information and identity certification information with our KYC service providers (such as Sumsub, ChainUp). We will require, through contractual restrictions and other means, that such service providers process your personal information in accordance with this Policy and applicable laws, and adopt security protection measures no less than our own.

V. How We Protect Your Information

If CoinQ ceases operations, CoinQ will promptly stop further collection of your personal information, announce the cessation of operations on CoinQ, and delete or anonymize your personal information held within a reasonable period.

To protect your personal information, CoinQ will adopt data security technologies, improve internal compliance levels, increase internal employee information security training, set secure access permissions for relevant data, and make efforts to use various security technologies and supporting management systems to minimize the risk of your information being leaked, damaged, misused, unauthorized accessed, disclosed, or altered. In addition, CoinQ will take other reasonable and necessary measures to protect your information. For example, in the technology development environment, only de-identified information is used for statistical analysis; when external research reports are provided, the information contained in the reports is de-identified. CoinQ will store de-identified information separately from information that can be used to restore identification, ensuring that individuals are not re-identified in subsequent processing of de-identified information.

Special protection measures for facial recognition information:
(1) No local retention of raw data: CoinQ's local servers do not store any raw facial images or videos. We only receive an encrypted credential indicating that "the user has passed facial verification" through technologies such as Zero-Knowledge KYC.
(2) Entrusted to third parties for processing: Your facial recognition information will be entrusted to our identity service providers (such as Sumsub, ChainUp) for comparison and storage. We will strictly review the security capabilities of such service providers and enter into data protection agreements with them.
(3) Retention period and destruction mechanism: In accordance with the anti-money laundering laws of major global jurisdictions, we retain KYC data, including facial images and identity documents, for a period of 5 years. This period is calculated from the date you cancel your account or terminate your business relationship. After you cancel your account, we will issue a destruction instruction to the service provider, requiring it to complete the logical destruction of your facial data on its servers within the statutory period (usually within 24-72 hours). The service provider must issue a formal Certificate of Destruction to CoinQ periodically or upon completion of destruction.
(4) De-identification: When used for internal auditing, analysis, or other non-identity verification purposes, we will de-identify facial recognition information so that it cannot identify a specific individual.

CoinQ has established a department responsible for personal information protection, conducting personal information security impact assessments for the collection, use, sharing, and entrusted processing of personal information. At the same time, CoinQ has established relevant internal control systems, adopting the principle of minimum necessary authorization for staff who may have access to your information; systematically monitoring staff’s handling of your information; and continuously training staff on relevant laws, privacy security standards, and security awareness.

We will send you messages about information security in the "Message Center" of CoinQ, and update account usage and information protection materials in the "Help Center" section of CoinQ from time to time for your reference.

Please be sure to keep your account password, Keystore, and other identity elements on CoinQ safe. When you use related services, CoinQ will identify you through your login information and other identity elements. Once you leak the aforementioned information, you may suffer losses and it may have an adverse effect on you. If you find that your login information and/or other identity elements may have been or have been leaked, please contact us immediately so that we can take appropriate measures to avoid or reduce related losses.

VI. Protection of Minors

We make the following special provisions for the protection of minors under the age of 18:

Minors should use CoinQ related services under the guidance of their parents or guardians.

We recommend that parents and guardians of minors guide minors in using CoinQ after reading this Policy, the CoinQ Terms of Service, and our other relevant rules.

CoinQ will protect the confidentiality and security of minors' personal information in accordance with relevant national laws and regulations.

VII. Disclaimer

Please note that after you access a third-party DApp through CoinQ, the privacy policy published by that third-party DApp will apply. The collection and use of your personal information by the third-party DApp is not controlled by CoinQ and is not subject to this Policy. CoinQ cannot guarantee that the third-party DApp will take personal information protection measures in accordance with CoinQ's requirements. You should also be aware that the KYC service providers we entrust are not the third-party DApps referred to in this disclaimer, and their actions are governed by this Policy and the agreements we sign with them.

You should carefully choose and use third-party DApps and properly protect your personal information. CoinQ assumes no responsibility for the privacy protection of other third-party DApps.

CoinQ will take reasonable security measures as far as possible under the existing level of technology to protect your personal information from leakage, tampering, or damage. CoinQ uses wireless means to transmit data; therefore, CoinQ cannot guarantee the privacy and security of data transmitted over wireless networks.

VIII. Miscellaneous

You need to fully understand and comply with all relevant laws, regulations, and rules in your jurisdiction regarding the use of CoinQ services.

If you encounter any questions regarding the use of personal information during your use of CoinQ services, you can contact us by submitting feedback on CoinQ.

You can view this Policy and other service rules of CoinQ on CoinQ. We encourage you to review CoinQ's Terms of Service and Privacy Policy each time you visit CoinQ.

Any translated version of this Policy is provided solely for your convenience and is not intended to modify the terms of this Policy. If there is any conflict between the Chinese version and a non-Chinese version, the Chinese version shall prevail.

This Policy applies from June 1, 2026.

Matters not covered in this Policy shall be subject to the announcements and related rules updated by CoinQ from time to time.

Please understand that the services CoinQ provides to you are constantly being updated and developed. If you choose to use other services not yet covered in the above description, and CoinQ needs to collect your information for such services, CoinQ will separately explain the scope and purpose of information collection to you through page prompts, interaction processes, or agreements, and obtain your consent. CoinQ will use, store, provide externally, and protect your information in accordance with this Policy and the corresponding user agreements. If you choose not to provide the aforementioned information, you may not be able to use a certain service or part of the services, but it will not affect your use of other services provided by CoinQ. In addition, third-party entities may provide services to you through CoinQ. When you enter a service page operated by a third party, please note that the relevant services are provided to you by the third party. Regarding the collection of personal information by third-party entities, we recommend that you carefully review the third party's privacy policy or agreement terms.