Privacy Policy

Nvio Pagos El Salvador, S.A. de C.V. is a Bitso group company incorporated in the Republic of El Salvador, registered address Calle Llama del Bosque Poniente, Edificio Avante, Local 3-13, Urbanización Madre Selva III, Antiguo Cuscatlán, La Libertad, NIT 0501-101121-102-0.

Nvio is the data controller for personal information collected through the Service.

This Privacy Policy applies to information we collect through the Service, including the onchain.cc website, any related mobile or desktop applications, and any associated features such as Spot, Perps, Trenches, Colosseum, and the referral program.

This Privacy Policy does not apply to:

• Third-party services accessible through the Service (such as DEX aggregators, perps protocols, oracle providers, RPC providers, and wallet providers), which are governed by their own privacy policies; or
• Public blockchain data, which is permanently recorded on a Blockchain and accessible to anyone.

3.1 Information you provide

We collect information you give us directly, including:

Account information

Email address, username, profile picture, authentication data.

Wallet information

Public wallet address, public Blockchain address.

Communications

Messages you send to support, feedback, survey responses.

Identity verification

Where required, government-issued ID, proof of address, source-of-funds documentation, photographs.

Referral information

Referral codes you create or submit.

Public content

Usernames, comments, social posts, leaderboard entries, or other content you choose to make visible through Colosseum or other public Service features.

3.2 Information we collect automatically

When you use the Service, we and our service providers may automatically collect:

Device data

Device type, operating system, browser type and version, language, time zone.

Identifiers

IP address, device identifiers, session identifiers, advertising identifiers.

Usage data

Pages and features viewed, actions taken, click events, search queries, session duration, error events.

Approximate location

Country and region inferred from IP address.

Cookies and similar technologies

Cookies, web beacons, pixels, local storage, fingerprinting signals.

3.3 Information from third parties

We may receive information about you from:

• Public blockchains, including transaction hashes, transaction amounts, timestamps, wallet addresses, and on-chain activity associated with wallets you connect;
• Third-party wallet providers (such as Phantom or other connected wallets), where you choose to authenticate or interact through them;
• Analytics, fraud-prevention, and compliance providers, who may share device, behavior, or risk signals with us;
• Public sources, including social media posts you publicly associate with your wallet address or username;
• Affiliates, including other Bitso group entities, where permitted by law and consistent with this Privacy Policy.

3.4 Sensitive information

We do not seek to collect sensitive personal information except where required for compliance verification (for example, government identification documents). We do not solicit passwords, seed phrases, or private keys, and you should never share them with us.

We use information for the following purposes:

• Provide the Service, including authenticating you, maintaining your account, executing actions you initiate, and supporting your use of features such as Spot, Perps, Trenches, Colosseum, and referrals;
• Improve the Service, including analytics, debugging, and product development;
• Personalize your experience, including remembering preferences and surfacing relevant content;
• Communicate with you, including transactional notifications, support responses, security alerts, and (where you have not opted out) product updates and marketing;
• Security and fraud prevention, including detecting suspicious activity, sybil attacks, wash trading, multi-accounting, manipulation of reward programs, and unauthorized access;
• Compliance, including sanctions screening, anti-money-laundering controls, regulatory reporting where required, and responding to lawful requests from authorities;
• Enforce our Terms of Service and protect the rights, property, or safety of Nvio, our users, or others;
• Aggregate and de-identified analysis, including statistical and research purposes.

Where required by Applicable Law, we rely on the following legal bases:

• Performance of a contract, when we process information to provide the Service to you;
• Legitimate interests, including operating, securing, and improving the Service, preventing fraud and abuse, and communicating with users;
• Compliance with legal obligations, including sanctions, anti-money-laundering, and reporting requirements;
• Consent, for cookies and similar technologies that are not strictly necessary, and for marketing communications where consent is required.

You may withdraw consent at any time where processing is based on consent. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

We do not sell your personal information.

We may share information in the following circumstances:

Service providers. We share information with third-party providers who help us operate the Service, including hosting, analytics, customer support, fraud prevention, identity verification, communications, and security. These providers are bound by contractual obligations to protect your information.

Bitso group affiliates. As a Bitso group company, Nvio may share information with other Bitso group entities for operational, security, and compliance purposes, consistent with this Privacy Policy.

Other users. Information you make public through the Service (including usernames, profile pictures, leaderboard entries, public posts, and Colosseum or referral activity) is visible to other users and may be visible to anyone.

Public blockchains. Wallet addresses, transaction hashes, and other on-chain data are publicly visible by design and cannot be made private.

Legal and regulatory disclosures. We may disclose information when we believe in good faith that disclosure is required to comply with Applicable Law, respond to lawful requests from public authorities, enforce our Terms of Service, or protect the rights, property, or safety of Nvio, our users, or others.

Business transfers. If Nvio or any of its assets are involved in a merger, acquisition, financing, reorganization, or sale, your information may be transferred as part of that transaction.

With your direction. We may share information with third parties where you direct us to do so, including through login integrations or by interacting with Third Party Services.

We use cookies and similar technologies to operate, secure, and improve the Service.

Strictly necessary

Authentication, security, fraud prevention, basic functionality. These cannot be turned off.

Performance and analytics

Measure usage, diagnose errors, improve the Service.

Preferences

Remember your settings and preferences.

Marketing

Where consented, measure effectiveness of campaigns.

You can control cookies through your browser settings. Disabling some cookies may degrade Service functionality. We currently do not respond to "Do Not Track" signals due to the lack of an industry standard.

Nvio is based in El Salvador. The Service relies on infrastructure and service providers located in multiple jurisdictions. Your information may be processed and stored outside the country in which you are located, including jurisdictions that may not have data protection laws equivalent to those of your home country.

Where required by Applicable Law, we use appropriate safeguards for international transfers, including standard contractual clauses or other lawful transfer mechanisms.

We retain personal information only as long as necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, prevent fraud, resolve disputes, and enforce our agreements.

Indicative retention periods:

Public blockchain data

Wallet addresses and transaction hashes — indefinite, by nature of the Blockchain.

Account and transaction records

Up to seven (7) years from account closure or last transaction, to support compliance, dispute resolution, and regulatory reporting.

Device data and session logs

IP addresses and session logs — up to five (5) years for security, fraud prevention, and audit.

Identity verification documents

Where collected — as required by Applicable Law, typically up to seven (7) years.

Marketing data

Until you withdraw consent or unsubscribe.

Aggregated and de-identified data

Indefinite.

Where shorter periods are required by Applicable Law in your jurisdiction, those shorter periods will apply.

We implement reasonable technical and organizational measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. No system is fully secure, and we cannot guarantee the security of information transmitted to or stored by us or by our service providers.

We do not store your private keys, seed phrase, or wallet authentication credentials. You are solely responsible for securing them. If you believe your account or wallet has been compromised, contact us through the official Nvio support channels published on the Service immediately.

Depending on your jurisdiction, you may have rights in relation to your personal information, including:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete personal information, subject to legal retention requirements;
• Object to or restrict certain processing;
• Portability of information you provided to us;
• Withdraw consent where processing is based on consent;
• Opt out of marketing communications at any time, by using the unsubscribe link in our emails or by contacting us;
• Lodge a complaint with a supervisory authority in your jurisdiction.

Some rights are limited by law and may not apply in all circumstances. For example, we may need to retain certain information to comply with legal obligations or to prevent fraud, even if you request deletion.

To exercise your rights, contact us through the official Nvio support channels published on the Service. We may need to verify your identity before responding. Where you make a request through an authorized agent, we may require proof of authorization.

We will not discriminate against you for exercising your privacy rights.

The Service is not intended for, and is not offered to, children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will take reasonable steps to delete it.

The Service is not offered to residents of the United States or other Restricted Jurisdictions, as described in our Terms of Service. We do not knowingly collect personal information from Restricted Persons. If we identify a user as a Restricted Person, we may suspend access and retain limited information as required by law.

The Service may contain links to or integrations with third-party websites and services, including DEX aggregators, perps protocols, wallet providers, oracle providers, and social media platforms. We are not responsible for the privacy practices of these third parties. Their privacy policies govern your interactions with them.

We may update this Privacy Policy from time to time. We will update the "Last Updated" date at the top. Material changes will be communicated through the Service or by other reasonable means. Your continued use of the Service after changes are posted constitutes acceptance.

For privacy questions, requests, or complaints, contact us through the official Nvio support channels published on onchain.cc, by support ticket, or by written notice to the registered address listed in Section 1.