Effective: June 8, 2026 · Last updated: June 8, 2026
This Privacy Policy explains how IPX Platform LLC and its affiliates (“IPX,” “we,” “us,” or “our”) collect, use, disclose, transfer, retain, and protect personal information in connection with the IPX platform, websites, applications, and related services (the “Services”). It also describes the rights and choices available to you. We do not sell your personal information for money. You can request deletion of your data at any time — see Section 25 or our Data Deletion page.
This Policy applies to personal information we process about visitors, account holders, creators, investors, brand and agency users, talent, crew, and other individuals who interact with the Services, available at ipx.exchange and its subdomains and applications.
This Policy does not apply to third-party products, websites, or services that we do not own or control, even if they link to or from the Services. Where we act as a service provider or processor on behalf of a business customer, that customer’s privacy notice and our agreement with them govern that processing.
Please also review our Terms of Service and Risk Disclosure, which are incorporated by reference.
For most processing described here, the data controller is:
IPX Platform LLC
1209 Orange Street, Wilmington, DE 19801, United States
Privacy team: privacy@ipx.exchange
Data Protection Officer: dpo@ipx.exchange
If you are located in the EEA or UK and have questions we cannot resolve, you may also contact our EU/UK representative at privacy@ipx.exchange (Attn: EU/UK Representative).
We collect the following categories, depending on how you use the Services:
| Category | Examples | Sensitive? |
|---|---|---|
| Identifiers | Name, username, email, phone, postal address, account ID, IP address | No |
| Account & profile | Password (hashed), profile bio, avatar, role, preferences, entity affiliations | No |
| Identity / KYC | Government ID, date of birth, nationality, selfie/verification images, tax identifiers | Yes |
| Financial | Payment method details, billing address, transaction & payout history, subscription status | Yes |
| Wallet & blockchain | Public wallet addresses, on-chain transaction data, token holdings | No |
| Connected social data | Platform user ID, handle, public profile, follower/engagement metrics, OAuth tokens | No |
| Usage & device | Log data, device/browser identifiers, pages viewed, referring URLs, cookies | No |
| Communications | Support messages, emails, survey responses, call/SMS metadata | No |
| Location | Approximate location derived from IP (we do not collect precise GPS unless you opt in) | Varies |
We do not intentionally collect special categories of data (e.g., health, religion, political opinions). Please do not submit such information unless specifically requested.
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
We use the following categories of cookies and similar technologies:
You can manage cookies via your browser and, where offered, our cookie controls. We honor recognized opt-out signals such as Global Privacy Control (GPC) where required by law.
We disclose personal information to the following categories of recipients:
We do not sell personal information for monetary consideration. To the extent certain analytics or advertising activity is considered “sharing” or a “sale” under certain U.S. state laws, see Sections 19–20 for your opt-out rights.
We engage vetted providers under contracts requiring appropriate safeguards. Key categories include:
| Function | Examples of providers |
|---|---|
| Cloud hosting & infrastructure | Vercel, cloud database and storage providers |
| Payments & crypto on/off-ramp | Stripe, Coinbase |
| Identity verification (KYC/AML) | Identity verification and sanctions-screening vendors |
| Communications | Email and SMS delivery providers (e.g., Resend, Twilio) |
| Social platform APIs | Meta, Google/YouTube, TikTok, X, Snapchat |
| Analytics & monitoring | Product analytics and error-monitoring tools |
| AI features | Model providers powering optional AI assistance |
A current list of material sub-processors is available on request at privacy@ipx.exchange.
When you connect a social account, the platform asks you to authorize specific permissions, and we access only the data covered by those permissions (typically your public profile and aggregate audience metrics). We store access tokens securely and use them solely to display and refresh metrics you authorized. You can disconnect any account from your dashboard, which revokes and deletes our stored tokens for that account.
Meta (Facebook & Instagram). Our use of information received from Meta complies with the Meta Platform Terms and Developer Policies. You may request deletion of Meta-sourced data via our Data Deletion page.
Google / YouTube. Our use of information from YouTube API Services complies with the YouTube Terms of Service and the Google Privacy Policy. You can manage or revoke IPX’s access via the Google security settings page.
TikTok, X, and Snapchat. Our use of data from these platforms complies with their respective developer terms and policies, and is limited to the scopes you authorize.
Because the Services involve financial transactions and digital assets, we are subject to “know your customer” (KYC), anti-money-laundering (AML), counter-terrorist-financing, and sanctions screening obligations. To comply, we collect and verify identity information, screen against watchlists, monitor for suspicious activity, and may share information with regulators, financial partners, and law enforcement as required by law. We may be legally required to retain certain records for multi-year periods (Section 15) and may be prohibited from deleting them on request.
Immutability notice
Blockchain transactions are public, permanent, and pseudonymous. Once recorded on-chain, they cannot be changed or deleted by IPX or anyone else, including in response to a deletion request.
We use embedded/non-custodial wallet infrastructure for wallet management. Private keys are encrypted and are never accessible to IPX or third parties. Public wallet addresses and on-chain activity are inherently transparent by design of the blockchain.
We are based in the United States and may process personal information in the U.S. and other countries that may not provide the same level of protection as your home jurisdiction. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum/IDTA), supplemented by additional measures where necessary. You may request a copy of the relevant safeguards by contacting privacy@ipx.exchange.
We retain personal information only as long as necessary for the purposes described in this Policy, after which we delete or de-identify it. Typical retention periods include:
| Data type | Typical retention |
|---|---|
| Account & profile data | Life of account, then deleted/de-identified after closure |
| Connected social tokens & metrics | Until you disconnect or delete the account |
| KYC / identity records | As required by law, typically up to 5–7 years after relationship ends |
| Transaction & financial records | As required by tax/AML law, typically 5–7 years |
| Support communications | Up to 3 years after resolution |
| Server & security logs | Generally 12–24 months |
| On-chain data | Permanent (cannot be deleted) |
We maintain administrative, technical, and organizational safeguards designed to protect personal information, including:
No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal information, we will notify you and regulators as required by law.
Subject to applicable law and verification, you may have the right to:
To exercise your rights, email privacy@ipx.exchange or use our Data Deletion page. We will respond within the timeframes required by applicable law (generally 30–45 days). You may use an authorized agent where the law permits.
If you are in the EEA, UK, or Switzerland, you have the rights described in Section 17 under the GDPR/UK GDPR, including the right to lodge a complaint with your local supervisory authority (for example, your national Data Protection Authority, or the UK Information Commissioner’s Office). We encourage you to contact us first so we can help.
California residents have the rights to know, access, correct, delete, and opt out of the “sale” or “sharing” of personal information, and to limit the use of sensitive personal information. In the preceding 12 months, we have collected the categories of personal information described in Section 4 and disclosed them to the categories of recipients in Section 9 for the business purposes in Section 6.
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale, and certain profiling. You may exercise these rights as described in Section 17, and — where the law provides — appeal a decision by replying to our response or emailing privacy@ipx.exchange.
We may use automated tools for fraud detection, identity verification, and risk scoring. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing without a lawful basis and, where required, human review. You may contact us to request human review of such decisions.
We may send you marketing communications where permitted. You can opt out at any time via the unsubscribe link in our emails or by contacting privacy@ipx.exchange. We will still send you transactional and service messages (e.g., security alerts, billing notices).
The Services are intended for individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact privacy@ipx.exchange and we will delete it.
The Services may link to third-party websites or integrate third-party services. We are not responsible for the privacy practices of those third parties; please review their privacy notices.
You control your data and can delete it at any time.
Disconnect a single social account from your dashboard, or delete your entire IPX account and request deletion of platform-sourced data. Full step-by-step instructions, timelines, and legal retention exceptions are on our dedicated page:
Data Deletion InstructionsWe may update this Policy periodically. We will post the updated version here with a new “Last updated” date and, for material changes, provide additional notice (e.g., email or in-product notification). Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
For privacy questions, requests, or complaints, contact:
IPX Platform LLC — Privacy Team
Email: privacy@ipx.exchange
Data Protection Officer: dpo@ipx.exchange
Address: 1209 Orange Street, Wilmington, DE 19801, USA