# Privacy Policy

1\. Introduction

This Privacy Policy explains how **CaviarNine Limited (BVI)** (“CaviarNine”, “we”, “our”, “us”) collects, uses, and protects information relating to your use of the **Cantex** trading platform and associated websites (“Platform”). We respect your privacy and collect only the minimum information required to operate, secure, and improve the Platform. Cantex is a non-custodial, institutional-grade exchange built on the Canton Network that allows users to configure the types of counterparties they wish to interact with.

<br>

2\. Controller

The data controller for the Platform is: **CaviarNine Limited BVI** Rodus Building, P.O. Box 3093, Road Town, Tortola VG1110, British Virgin Islands Email: <privacy@cantex.io>

<br>

3\. Information We Collect

Cantex does not collect personal identifiers such as names, addresses, or national IDs unless explicitly provided by users for compliance or institutional verification purposes. We may collect the following limited categories of data:

* **Wallet Data:** Public blockchain addresses you connect to the Platform.
* **Counterparty Preference Data:** Settings you select (e.g., “institutional-only,” “KYC-verified,” or “open-market”).
* **KYC/Verification Data (optional):** If you participate in verified or restricted-access markets, we may collect and process documentation submitted via authorised third-party verification partners.
* **Usage and Technical Data:** Browser type, IP address, device identifiers, session duration, API calls, and log events used to ensure performance and security.
* **Communication Data:** Emails or messages sent to support or legal contacts. We do **not** collect private keys, passwords, or custodial information, and we cannot access your wallets.

<br>

4\. How We Use Your Information

We process the above data solely to:

* Operate, secure, and optimise the Platform;
* Facilitate counterparty discovery and user-selected trading preferences;
* Comply with applicable laws (including sanctions screening and AML obligations);
* Detect and prevent fraudulent or abusive activity; and
* Respond to technical or compliance enquiries. We do not sell, rent, or monetise user data.

<br>

5\. Counterparty Preferences and Verification

Users may configure counterparties they wish to interact with. These classifications (e.g., “KYC Verified,” “Institutional”) are based on user input or third-party attestations and are informational only. CaviarNine does **not** verify, certify, or warrant the accuracy of any counterparty designation. Users are responsible for performing their own due diligence and compliance assessments before transacting.

<br>

6\. Legal Basis for Processing

Processing is carried out where necessary to:

* Perform our contractual obligations in providing the Platform;
* Comply with legal or regulatory requirements;
* Pursue our legitimate interest in securing and improving the Platform; or
* With your consent, where expressly provided (e.g., voluntary KYC submission). You may withdraw consent at any time by contacting <privacy@cantex.io>.

<br>

7\. Disclosure to Third Parties

We may share limited data with:

* **Technical Service Providers** (hosting, analytics, verification, or security partners) bound by confidentiality obligations;
* **Regulatory or Legal Authorities** when required by law or in response to lawful requests; and
* **Blockchain Networks**, where on-chain activity by nature becomes public and outside our control. We do not disclose personal data for marketing or advertising purposes.

<br>

8\. International Transfers

Data may be processed outside your country of residence. We take reasonable steps to ensure equivalent protection through confidentiality and technical safeguards.

<br>

9\. Data Retention

We retain data only as long as necessary to provide the Platform, comply with legal obligations, or resolve disputes. Blockchain records are immutable and remain publicly visible.

<br>

10\. Security

We use technical and organisational measures to protect information from unauthorised access or loss, including encryption, limited employee access, and continuous network monitoring. However, no system is completely secure, and you use the Platform at your own risk.

<br>

11\. Your Rights

Depending on your jurisdiction, you may have rights to:

* Access, correct, or delete your personal data;
* Restrict or object to certain processing;
* Withdraw consent where applicable; and
* Lodge a complaint with a relevant data-protection authority. Requests may be sent to <privacy@cantex.io>. We may require proof of identity before acting on such requests.

<br>

12\. Children’s Privacy

Cantex is not intended for individuals under 18 years of age, and we do not knowingly collect information from minors.

<br>

13\. Cookies and Analytics

We use only strictly necessary cookies for session management and basic analytics. You can disable cookies in your browser, though some functions may not operate correctly. We do not employ behavioural or advertising tracking.

<br>

14\. Policy Updates

We may update this Privacy Policy periodically. The latest version will always be available on Cantex.io, with the effective date shown at the top. Continued use of the Platform signifies acceptance of any changes.

<br>

15\. Contact

Questions or requests regarding this Privacy Policy should be sent to: [**privacy@cantex.io**](mailto:privacy@cantex.io)