Privacy Policy
Effective Date: 28 January 2026
Last Updated: 28 January 2026
GalaxySpaceAI Ltd (“we”, “us”, “our”) respects your privacy and is
committed to protecting your personal data in compliance with the
**General Data Protection Regulation (GDPR)** (Regulation (EU) 2016/679),
the **ePrivacy Directive** (as implemented in Poland), the **UK GDPR**,
the **Data (Use and Access) Act 2025**, and applicable anti-money
laundering (AML) regulations. This Privacy Policy explains how we collect,
use, disclose, transfer, and protect your personal data when you use our
website, mobile application, trading platform, wallets, and related
services (the “Platform”).
This Policy forms part of our
Terms of Service and
Cookie Policy.
1. Who We Are (Data Controller)
GalaxySpaceAI Ltd is the data controller responsible for your personal
data.
Registered in England and Wales.
Data Protection Officer (DPO): [email protected]
For users in Poland / EEA: We are subject to the supervisory authority of
the Polish Urząd Ochrony Danych Osobowych (UODO) and other relevant EU
authorities.
2. Personal Data We Collect
We collect the following categories of personal data:
-
Identity & Contact Data: name, email, phone, date of
birth, nationality, residential address
-
KYC/AML Data: ID/passport, proof of address, selfie,
source of funds/wealth documentation (required for compliance with
AML/CTF laws)
-
Financial Data: wallet addresses, transaction history,
deposit/withdrawal details (on-chain and off-chain)
-
Technical & Usage Data: IP address, browser type,
device info, OS, cookies & trackers, login times, pages visited
-
Communication Data: support tickets, chat logs, emails
-
Marketing & Preferences Data: consent choices,
marketing preferences
We do **not** collect sensitive data (e.g., racial/ethnic origin, political
opinions) unless strictly required for AML screening.
3. How We Collect Your Data
-
Directly from you (registration, KYC, support requests,
deposits/withdrawals)
- Automatically (cookies, analytics tools, server logs)
-
From third parties (blockchain explorers for on-chain verification,
credit/reference agencies for AML, payment processors)
4. Purposes & Lawful Basis for Processing
| Purpose |
Lawful Basis (GDPR Art. 6)
|
| Account creation & authentication |
Contract (Art. 6(1)(b)) |
| KYC/AML compliance & fraud prevention |
Legal obligation (Art. 6(1)(c)) + substantial public interest (Art.
9(2)(g))
|
| Providing Platform services (trading, wallet, staking) |
Contract (Art. 6(1)(b)) |
| Analytics & service improvement |
Legitimate interests (Art. 6(1)(f)) or Consent (Art. 6(1)(a)) |
| Marketing communications |
Consent (Art. 6(1)(a)) or Legitimate interests (soft opt-in) |
| Security & platform integrity |
Legitimate interests (Art. 6(1)(f)) |
5. Third Parties & International Transfers
We share data with:
-
Service providers: Google (Analytics/Ads – Consent Mode v2 applied),
cloud providers (AWS/Azure), payment processors
- AML/KYC tools: Chainalysis, Elliptic, Sumsub
-
Regulators & authorities: FCA (UK), UODO (PL), law enforcement (if
required)
Data may be transferred outside the EEA (e.g., USA). We use **Standard
Contractual Clauses (SCC)** + supplementary measures (encryption, access
controls) to ensure adequate protection.
6. Cookies & Tracking Technologies
We use cookies and similar technologies as described in our
Cookie Policy. You can manage preferences via our
consent banner. Google acts as a third-party processor for analytics and
advertising.
7. Data Retention
We retain personal data only as long as necessary:
-
KYC/AML data: 5 years after account closure (AML legal requirement)
- Transaction data: 5–10 years (regulatory)
- Marketing data: until consent withdrawn
- Technical logs: up to 2 years
8. Your Rights (GDPR/UK GDPR)
You have the right to:
- Access your data
- Rectify inaccurate data
- Erase data (subject to legal retention obligations)
- Restrict processing
- Data portability
- Object to processing (including profiling)
- Withdraw consent (where applicable)
- Lodge a complaint with UODO (Poland) or ICO (UK)
To exercise rights: [email protected]
9. Security
We implement technical and organisational measures (encryption, 2FA,
multi-sig wallets, regular audits) to protect your data. However, no system
is 100% secure — you are responsible for securing your credentials and
devices.
10. Changes to This Policy
We may update this Policy. Changes will be posted here with the updated
date. Significant changes will be notified via email or in-app notice.