Coin Nerds logo

Legal

Coin Nerds Global Privacy Policy

Effective Date: February 16, 2026

Previous Version: January 3, 2024

Coin Nerds (defined below under "Our Relationship to You") is committed to protecting the privacy of visitors to our websites and our customers. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you access our services, which include our content on the websites located at coinnerds.com or any other websites, pages, features, or content we own or operate (collectively, the "Site(s)"), any Coin Nerds API or third-party applications relying on such an API, and related services (referred to collectively hereinafter as "Services").

This Privacy Policy applies globally to all users of our Services regardless of where you are located. Certain sections of this Policy apply only to residents of specific jurisdictions and are clearly identified. Where local law grants you greater rights than those described in this Policy, those local rights prevail.

If you have any questions about this Policy, please contact our Data Protection Officer at [email protected].

Changes to This Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on our Site with a new effective date and, where required by applicable law, by sending you a notification via email or through our Services. We encourage you to review this Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the updated Policy, to the extent permitted by applicable law.

Our Relationship to You

Coin Nerds operates internationally through different entities (together "Coin Nerds", "we", "us", "our") in order to provide Services to our customers. The following describes which entity (or entities) you are contracting with and which acts as the data controller responsible for your personal information:

Where You Reside, Your Operating Entity, and Contact Address

  • United States

    • Operating Entity: Coin Nerds Inc. (Delaware registration number 7915104)
    • Contact Address: 1935 Addison St, Ste A, Berkeley, CA 94704

  • Canada

    • Operating Entity: Coin Nerds Inc.
    • Contact Address: 500 4 AVE SW, Ste 2500, Calgary, AB T2P 2V6

  • United Kingdom and European Economic Area

    • Operating Entity: [UK Entity Name] (Company Number: [Number])
    • Contact Address: [UK Entity Address]

  • Rest of the World

    • Operating Entity: Nerds Technology Services Ltd (Company Number: 207216)
    • Contact Address: Suite 108, Premier Building, Victoria, Mahe, The Republic of Seychelles

The Coin Nerds entity you contract with decides how your personal information is processed in relation to the Services provided to you (typically referred to as a "data controller" or, in certain Canadian jurisdictions, the organization accountable for your personal information).

Coin Nerds entities may share your personal information with each other and use it in accordance with this Privacy Policy. For example, even if you reside in the United States, your information may be shared with Coin Nerds Inc. (Canada), which provides support functions for our Services including technical infrastructure and customer support.

Data Protection Officer

We have designated a Data Protection Officer ("DPO") who is responsible for overseeing our compliance with applicable data protection laws. If you have questions about this Privacy Policy or how we handle your personal information, or if you wish to exercise any of your rights, you may contact our DPO at:

  • Email: [email protected]
  • Mail: Data Protection Officer, Coin Nerds Inc., 500 4 AVE SW, Ste 2500, Calgary, AB T2P 2V6, Canada

Personal Information We Collect

"Personal information" means any data which relates to a living individual who can be identified from that data, or from that data and other information which is in the possession of, or is likely to come into the possession of, Coin Nerds (or its representatives or service providers). The definition of personal information depends on the relevant law applicable to your physical location. We collect only the personal information that is reasonably necessary and proportionate to provide our Services and comply with our legal obligations.

Information You Provide to Us

This includes information you provide to us in order to establish an account and access our Services. This information is either required by law (e.g., to verify your identity under anti-money laundering regulations), necessary to provide the requested Services (e.g., you will need to provide your bank account number if you would like to link that account to Coin Nerds), or is relevant for our legitimate interests described in greater detail below.

The nature of the Services you are requesting will determine the kind of personal information we might ask for, but may include:

  • Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email address.
  • Formal Identification Information: Government-issued identity documents such as passport, driver's license, national identity card, state ID card, tax identification number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
  • Biometric Information: Facial imagery and facial geometry data collected through our third-party identity verification providers during selfie or liveness verification checks. This data is classified as sensitive personal information under applicable laws.
  • Institutional Information: Employer Identification Number (or comparable number issued by a government), proof of legal formation (e.g., Articles of Incorporation), personal identification information for all material beneficial owners.
  • Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, tax identification, and information obtained through connections to your external financial accounts via third-party financial data aggregation services.
  • Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
  • Employment Information: Office location, job title, and/or description of role.
  • Correspondence: Survey responses, information provided to our support team or user research team.

Information We Collect Automatically

This includes information we collect automatically whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

  • Device and Browser Information: Operating system, browser name and version, device type, device identifiers, screen resolution, and language settings.
  • Network Information: IP address, internet service provider, and connection type.
  • Precise Geolocation Data: GPS coordinates and location information derived from your device (with your permission where required by your device settings) and approximate location derived from your IP address.
  • Usage Data: Authentication data, security questions, click-stream data, pages visited, links clicked, time spent on pages, referring URLs, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.
  • Advertising Data: Information collected through advertising pixels, tags, and similar technologies from our advertising partners, including conversion data and interaction data used for measuring advertising effectiveness and delivering targeted advertisements.

Information Collected from Third Parties

This includes information we may obtain about you from third-party sources. The main types of third parties we receive your personal information from are:

  • Identity Verification and KYC Providers: We use third-party identity verification services to verify your identity in accordance with applicable anti-money laundering and know-your-customer regulations. These providers use a combination of government records, publicly available information, biometric verification, and other data sources to confirm your identity. Such information may include your name, address, date of birth, government ID details, facial biometric data, status on sanctions lists maintained by public authorities, and other relevant data.
  • Credit Bureaus and Public Databases: Information about your credit history, public records, and other publicly available information used for identity verification and risk assessment.
  • Blockchain Analytics Providers: We use blockchain analytics services to ensure parties using our Services are not engaged in illegal or prohibited activity, to comply with sanctions screening requirements, and to analyze transaction trends for compliance and research purposes.
  • Financial Data Aggregation Services: If you choose to link external financial accounts, we receive account and transaction information from third-party financial data aggregation providers.
  • Advertising and Marketing Partners: Information about your interactions with our advertisements on third-party platforms, so that we can measure advertising effectiveness and understand which of our Services may be of interest to you.

Sensitive Personal Information

In the course of providing our Services, we may collect categories of information that are classified as "sensitive" under applicable laws. These categories include:

  • Government-issued identification numbers (e.g., Social Security Number, passport number, driver's license number, tax identification number)
  • Financial account credentials (e.g., bank account and routing numbers, payment card numbers)
  • Biometric information (facial imagery collected during identity verification)
  • Precise geolocation data

We process sensitive personal information only as reasonably necessary to provide our Services, comply with legal obligations, prevent fraud, and ensure security. Where required by applicable law, we obtain your explicit consent before collecting or processing sensitive personal information.

Anonymized and Aggregated Data

Coin Nerds may create anonymized or aggregated data from personal information by removing or altering information that makes the data personally identifiable. Types of data we may anonymize include transaction data, click-stream data, performance metrics, and fraud indicators. Anonymized data is not personal information and may be used for any lawful business purpose, including analytics, research, and service improvement. We apply anonymization techniques that meet the standards required under applicable law, including Quebec's Act respecting the protection of personal information in the private sector.

Job Applicants

If you apply for a job posting, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your name, contact information (email address and phone number), CV/resume, and national identifier (e.g., Social Security Number). Providing this information is required for employment. We have a legitimate interest in using your information to evaluate candidates for job openings. We also use information about job applicants in anticipation of a contract of employment. In some contexts, we are also required by law to collect information about applicants.

How We Use Your Personal Information

We use your information for the following purposes and on the following legal bases:

1) To Maintain Legal and Regulatory Compliance

Legal bases: Legal obligation; public interest; legitimate interests

We process your personal information to comply with anti-money laundering ("AML"), know-your-customer ("KYC"), counter-terrorism financing, sanctions screening, tax reporting, and other regulatory requirements under the laws of the United States (Bank Secrecy Act, FinCEN regulations), Canada (Proceeds of Crime (Money Laundering) and Terrorist Financing Act), the United Kingdom (Money Laundering Regulations), and other applicable jurisdictions. When you seek to link a bank account to your Coin Nerds account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. We also process your personal information to detect, prevent, and mitigate fraud and abuse of our Services and to protect you against account compromise or funds loss. If you do not provide personal information required by law, we will have to close your account.

2) To Provide Coin Nerds Services

Legal bases: Performance of a contract; legitimate interests

We process your personal information to provide Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact, and payment information. Third-party service providers (such as identity verification services) may also access and/or collect your personal information when providing identity verification and/or fraud prevention services on our behalf. We collect information about your account usage and monitor your interactions with our Services. The consequence of not processing your personal information for such purposes is the termination of your account.

3) To Provide Communications and Customer Services

Legal bases: Consent (for marketing); legitimate interests (for service communications); performance of a contract

According to your preferences and in compliance with applicable law, we may send you marketing communications to inform you about events, to deliver targeted marketing, and to share promotional offers. We will only send you marketing communications where you have opted in to receive them during account creation or thereafter. You may withdraw your consent to receive marketing communications at any time by using the unsubscribe link in any marketing email, adjusting your account settings, or contacting us at [email protected]. We will process your unsubscribe request within 10 business days.

We may send you service updates regarding administrative or account-related information, security issues, or other transaction-related information. These communications are important to share developments relating to your account that may affect how you can use our Services. You cannot opt out of receiving critical service communications.

We also process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

4) For Automated Decision-Making

Legal bases: Legal obligation; legitimate interests; performance of a contract

We use automated systems to make certain decisions that may significantly affect your account or access to our Services. These automated decisions include:

  • Account approval or denial based on identity verification results, risk scoring, and regulatory screening;
  • Transaction blocking or flagging based on AML rules, fraud detection algorithms, and sanctions screening;
  • Assignment of service tiers, trading limits, and withdrawal limits based on your verification level and risk profile; and
  • Account suspension or restriction based on detection of suspicious activity patterns.

You have the right to request information about the automated decision-making processes that affect you, to make representations about such decisions, to request human review of any automated decision, and to contest the outcome. To exercise these rights, contact our Data Protection Officer at [email protected].

5) For Advertising and Analytics

Legal bases: Consent; legitimate interests

We share certain information with advertising partners through pixels, tags, and similar tracking technologies for the purpose of measuring advertising effectiveness and delivering targeted advertisements to you on third-party platforms. This may constitute a "sale" or "sharing" of personal information under certain US state privacy laws. You have the right to opt out of this sharing as described in the "Your Privacy Rights" section below.

6) In Our Legitimate Business Interests

Legal basis: Legitimate interests

Sometimes the processing of your personal information is necessary for our legitimate business interests, such as:

  • Recruitment and hiring;
  • Quality control and staff training;
  • Enhancing security, monitoring and verifying identity or service access, and combating spam or other malware or security risks;
  • Research and development purposes;
  • Enhancing your experience of our Services and Sites; and
  • Facilitating corporate acquisitions, mergers, or transactions.

Legal Bases for Processing Your Information

For individuals located in the European Economic Area, United Kingdom, or Switzerland at the time their personal data is collected, we rely on the following legal bases under the UK General Data Protection Regulation (as amended by the Data (Use and Access) Act 2025), the EU GDPR, and the Swiss Federal Act on Data Protection:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications or non-essential cookies.
  • Performance of a Contract (Article 6(1)(b)): Where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject, such as AML/KYC regulations, tax reporting, or responding to lawful requests from public authorities.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests. We conduct Legitimate Interest Assessments for processing relying on this basis.
  • Recognised Legitimate Interests (Article 6(1)(ea), UK GDPR only): For purposes listed in Annex 1 to the UK GDPR, such as disclosing data to public authorities for law enforcement purposes or safeguarding vulnerable individuals.

For individuals in Canada, we rely on your meaningful consent (express or implied, as appropriate to the sensitivity of the information) for the collection, use, and disclosure of your personal information as required under the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy legislation, including Quebec's Act respecting the protection of personal information in the private sector. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.

We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission.

Disclosing Your Personal Information to Third Parties

We allow your personal information to be accessed only by those who require access to perform their work, and share it only with third parties who have a legitimate purpose for accessing it. We will only share your personal information with the following categories of third parties:

  • Identity Verification and KYC Providers: To verify your identity, including through biometric verification (selfie and liveness checks), in accordance with applicable AML/KYC regulations. These providers compare your information against public records, government databases, and sanctions lists.
  • Financial Institutions and Payment Processors: To process payments you have authorized and to facilitate connections to your external financial accounts.
  • Blockchain Analytics Providers: To monitor transactions for compliance with AML regulations, sanctions requirements, and fraud prevention.
  • Cloud Infrastructure and Hosting Providers: To store and process your data on secure cloud infrastructure. Our contracts require these providers to maintain appropriate security measures and process data only on our instructions.
  • Customer Relationship Management (CRM) Providers: To manage customer communications, support interactions, and account information.
  • Customer Support Platforms: To manage and respond to your support requests and inquiries.
  • Email and Communications Providers: To deliver transactional emails, service notifications, and marketing communications (where you have opted in).
  • Advertising and Analytics Providers: To measure advertising effectiveness, analyze website usage, and deliver targeted advertisements. This sharing may constitute a "sale" or "sharing" of personal information under certain US state laws. See the "Your Privacy Rights" section for opt-out information.
  • Professional Advisors: Including lawyers, auditors, and consultants, where necessary to obtain their professional services.
  • Business Transfer Parties: Companies or other third parties in connection with business transfers, acquisitions, mergers, or bankruptcy proceedings. If such a transaction occurs, the acquiring entity will be bound by this Privacy Policy with respect to your personal information.
  • Law Enforcement and Regulators: When we are compelled to do so by applicable law, regulation, legal process, or governmental request, or if we have a good-faith belief that disclosure is reasonably necessary to: protect the rights, property, or safety of Coin Nerds, our customers, or the public; comply with legal obligations or requests; enforce our terms and other agreements; or detect or otherwise address security, fraud, or technical issues.

All third-party service providers are bound by contractual obligations to process your personal information only for the purposes we specify and to maintain appropriate security measures. We conduct due diligence on our service providers and require them to comply with applicable data protection laws.

Sale and Sharing of Personal Information

Coin Nerds does not sell your personal information for monetary consideration. However, our use of advertising tracking technologies (such as pixels and tags) on our Sites may constitute a "sale" or "sharing" of personal information under certain US state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"). The categories of personal information that may be shared with advertising partners through these technologies include:

  • Identifiers (e.g., IP address, device identifiers)
  • Internet or other electronic network activity information (e.g., browsing history, interactions with our Site)
  • Geolocation data (approximate location derived from IP address)

We do not sell or share the personal information of individuals we know to be under 16 years of age. You have the right to opt out of this sharing as described in the "Your Privacy Rights" section below. We honor Global Privacy Control ("GPC") signals transmitted by your browser as a valid opt-out request.

Third-Party Sites and Services

If you authorize one or more third-party applications to access your Coin Nerds Services, the information you have provided to Coin Nerds may be shared with those third parties. A connection you authorize or enable between your Coin Nerds account and a non-Coin Nerds account, payment instrument, or platform is considered an "account connection." Unless you provide further permissions, Coin Nerds will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using Coin Nerds Services. Third parties you interact with have their own privacy policies, and Coin Nerds is not responsible for their operations or their use of data they collect.

Examples of account connections include:

  • Merchants: If you use your Coin Nerds account to conduct a transaction with a third-party merchant, the merchant may provide data about you and your transaction to us.
  • Your Financial Services Providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction.

How We Protect and Store Personal Information

Coin Nerds implements and maintains reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of personal information in transit (TLS) and at rest;
  • Access controls limiting access to personal information to authorized personnel on a need-to-know basis;
  • Regular security assessments and penetration testing;
  • Employee training on data protection and security obligations; and
  • Physical security measures at facilities where personal information is processed.

We may store and process all or part of your personal and transactional information, including certain payment information such as your encrypted bank account and/or routing numbers, in the United States, Canada, the United Kingdom, and other countries where our facilities or service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with applicable laws and regulations.

As a condition of employment, Coin Nerds employees are required to follow all applicable laws and regulations, including in relation to data protection law. Unauthorized use or disclosure of confidential customer information by a Coin Nerds employee is prohibited and may result in disciplinary measures.

You play a vital role in protecting your own personal information. When registering with our Services, choose a password of sufficient length and complexity, do not reveal it to any third parties, and immediately notify us if you become aware of any unauthorized access to or use of your account.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law. Specifically:

  • United Kingdom: We will notify the Information Commissioner's Office within 72 hours of becoming aware of a qualifying breach, and notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
  • Canada (Federal): We will report breaches involving a real risk of significant harm to the Office of the Privacy Commissioner of Canada and notify affected individuals as soon as feasible, as required under PIPEDA.
  • Canada (Quebec): We will report confidentiality incidents presenting a risk of serious injury to the Commission d'acces a l'information du Quebec and notify affected individuals promptly.
  • United States: We will notify affected individuals and relevant state attorneys general in accordance with applicable state breach notification laws.

Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. The retention period is determined by the following criteria:

  • Regulatory and legal obligations: KYC/AML records, transaction records, and identity verification documents are retained for a minimum of seven (7) years from the date of the transaction or from the date the account is closed, whichever is later. This exceeds the five-year minimum required under the Bank Secrecy Act (US), the Money Laundering Regulations (UK), and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) to provide additional protection for legal claims and regulatory inquiries.
  • Account data: For the duration of your account relationship and for seven (7) years following account closure.
  • Marketing and communications data: Until you withdraw your consent or opt out, and for a reasonable period thereafter to process the withdrawal.
  • Customer support data: For three (3) years from the date of resolution of your support inquiry.
  • Biometric data: Biometric data collected during identity verification is retained by our third-party identity verification provider for the period required to complete verification and as required by applicable AML/KYC regulations, after which it is deleted.

If you have further questions about our data retention practices, please contact us at [email protected].

If we anonymize your personal information so that it can no longer be associated with you, it will no longer be considered personal information and we can use it without further notice to you.

Children's Personal Information

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from any person under the age of 18. We verify age through our identity verification process, which includes review of government-issued identification documents. If we discover that a user is under the age of 18, we will promptly close their account and delete their personal information as soon as reasonably practicable. If you believe that we have inadvertently collected personal information from an individual under 18, please notify us immediately at [email protected] so we can take appropriate action.

Cross-Border Transfers

Coin Nerds is an international business with operations in countries including Canada, the United Kingdom, and the United States, among others. Your personal information may be transferred to, stored in, and processed in countries other than the country in which it was collected. These countries may have data protection laws that differ from the laws of your country of residence.

When we transfer your personal information across borders, we ensure that it is protected by appropriate safeguards, including:

  • Transferring to countries that have been recognized as providing an adequate level of data protection by the relevant authority (e.g., UK adequacy regulations, European Commission adequacy decisions);
  • Using the UK International Data Transfer Agreement (IDTA), the UK Addendum to EU Standard Contractual Clauses, or EU Standard Contractual Clauses (as applicable);
  • Where applicable, relying on the UK-US Data Bridge extension to the EU-US Data Privacy Framework for transfers to certified US organizations; and
  • Conducting data protection assessments where required to evaluate the level of protection afforded in the recipient country, applying the "not materially lower" standard for UK transfers and the "essentially equivalent" standard for EEA transfers.

For transfers from Canada, including Quebec, we conduct privacy impact assessments before transferring personal information outside of Quebec and ensure that the recipient jurisdiction provides protection equivalent to Quebec law. We inform you that your personal information may be accessible to law enforcement and national security authorities in the countries where it is stored or processed, pursuant to lawful orders or legal processes in those jurisdictions.

You can obtain more details about the safeguards applied to international transfers of your personal information (including a copy of the relevant transfer mechanism) by contacting our Data Protection Officer.

Your Privacy Rights

Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information. We will respond to your request in accordance with applicable law. Please note that certain rights may be limited where we have a legal obligation to retain data (such as under AML/KYC regulations) or where an exemption applies.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

Rights of EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the UK GDPR (as amended by the Data (Use and Access) Act 2025), the EU GDPR, and the Swiss Federal Act on Data Protection:

  • Right of Access: The right to obtain confirmation of whether we process your personal data and to access the personal data we hold about you. We will conduct a reasonable and proportionate search in response to your request.
  • Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure: The right to request deletion of your personal data in certain circumstances. This right is subject to legal retention obligations (e.g., AML/KYC record-keeping requirements).
  • Right to Restriction: The right to request that we restrict processing of your personal data in certain circumstances.
  • Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and to request transmission to another controller where technically feasible. This right applies to personal data you have provided to us and that we process based on consent or contract performance.
  • Right to Object: The right to object to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes.
  • Rights Related to Automated Decision-Making: The right to information about automated decisions, to make representations, to obtain human review, and to contest the outcome.
  • Right to Withdraw Consent: Where processing is based on consent, the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing performed before the withdrawal.
  • Right to Complain: The right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner's Office. For EEA residents, you may contact the supervisory authority in your member state of residence.

Rights of Canadian Residents

If you reside in Canada, you have the following rights under PIPEDA and applicable provincial privacy legislation (including Quebec's Act respecting the protection of personal information in the private sector):

  • Right of Access: The right to access the personal information we hold about you and to be informed of how it has been used and to whom it has been disclosed.
  • Right to Rectification: The right to challenge the accuracy and completeness of your personal information and have it corrected.
  • Right to Withdraw Consent: The right to withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide Services to you.
  • Right to Deletion: The right to request deletion of your personal information where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
  • Right to Data Portability (Quebec residents): The right to receive your personal information in a structured, commonly used technological format and to request its transfer to another organization, where technically feasible.
  • Right to Information About Automated Decisions (Quebec residents): The right to be informed when a decision about you is made exclusively by automated processing, to be informed of the personal information used and the main factors and parameters leading to the decision, and to have the decision reviewed by a person.
  • Right to Complain: You may file a complaint with the Office of the Privacy Commissioner of Canada (federal), the Commission d'acces a l'information du Quebec (Quebec residents), the Office of the Information and Privacy Commissioner of Alberta (Alberta residents), or the Office of the Information and Privacy Commissioner of British Columbia (BC residents), as applicable.

US Consumer Privacy Notice

This section applies if you are a resident of the United States. It supplements the information in this Privacy Policy with disclosures required under applicable US federal and state laws.

Financial Privacy Notice (Gramm-Leach-Bliley Act)

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

The types of personal information we collect and share depend on how you use our Services. This information can include:

  • Social Security number, passport number, or driver's license number
  • Bank account information, trading data, or transaction history
  • Identification information such as your name, date of birth, nationality, or signature

When you are no longer our customer, we continue to share your information as described in this notice.

Why Coin Nerds Shares Your Personal Information

  1. Everyday Business Purposes (Coin Nerds shares; you cannot limit):

    • Process your transactions
    • Maintain your accounts
    • Respond to court orders and legal investigations
    • Report to credit bureaus

  2. Marketing Purposes (Coin Nerds shares; you cannot limit):

    • Offer our products and services to you

  3. Joint Marketing (Coin Nerds shares; you cannot limit):

    • Collaborate with other financial companies to market products

  4. Affiliates' Everyday Business Purposes - Transaction and Experience Information (Coin Nerds shares; you cannot limit):

    • Share information about your transactions and experiences

  5. Affiliates' Everyday Business Purposes - Creditworthiness (Coin Nerds shares; you can limit):

    • Share information about your creditworthiness

  6. Marketing by Affiliates (Coin Nerds shares; you can limit):

    • Allow our affiliates to market directly to you

  7. Marketing by Non-Affiliates (Coin Nerds does not share):

    • We do not share your personal information with non-affiliates for their own marketing purposes

To limit our sharing of your creditworthiness information with affiliates or to limit affiliate marketing, contact us at [email protected] or call +1 385-247-8887.

Why You Cannot Limit All Sharing

Federal law gives you the right to limit only: sharing of creditworthiness information for affiliates' everyday business purposes; affiliates from using your information to market to you; and sharing for non-affiliates to market to you. State laws may give you additional rights to limit sharing. See the state-specific sections below for more information.

GLBA Definitions

  • Affiliates: Companies related by common ownership or control. They can be both financial and nonfinancial companies. Our affiliates include Coin Nerds Inc. (US), Coin Nerds Inc. (Canada), [UK Entity Name], and Nerds Technology Services Ltd (Seychelles).
  • Non-Affiliates: Companies not related by common ownership or control. They can also be financial and nonfinancial companies.
  • Joint Marketing: A formal agreement between non-affiliated financial companies that together market financial products or services to you.

US State Privacy Rights

If you are a resident of a US state with a comprehensive consumer privacy law, including California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, New Jersey, New Hampshire, Nebraska, Minnesota, Maryland, Kentucky, and Rhode Island, you may have additional rights regarding your personal information. To the extent these rights apply to you and are not subject to an applicable exemption, you have the following rights:

  • Right to Know/Access: The right to confirm whether we are processing your personal information and to access the specific pieces and categories of personal information we have collected, the categories of sources, the purposes of collection and use, and the categories of third parties with whom we share it.
  • Right to Delete: The right to request deletion of personal information we collected from you, subject to certain exceptions (including legal retention obligations under AML/KYC regulations).
  • Right to Correct: The right to request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: The right to opt out of the "sale" or "sharing" of your personal information, including for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals as a valid opt-out request.
  • Right to Limit Use of Sensitive Personal Information (California): The right to limit our use of your sensitive personal information to purposes that are necessary to provide the Services.
  • Right to Data Portability: The right to receive your personal information in a portable and readily usable format.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Appeal: If we deny your privacy request, you have the right to appeal our decision. To appeal, contact us at [email protected] with the subject line "Privacy Rights Appeal." If you are not satisfied with our response to your appeal, you may contact your state attorney general.

To exercise your rights, contact us at [email protected] or call +1 385-247-8887. We will verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf. Authorized agents must provide proof of authorization (such as a power of attorney or written signed permission) and we may still verify your identity directly.

We aim to fulfill all verified requests within 45 days. If necessary, we may extend this period by an additional 45 days with notice and an explanation for the delay.

California Privacy Rights (CCPA/CPRA)

Pursuant to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), California residents have certain rights in relation to their personal information, subject to limited exceptions. Any terms defined in the CCPA/CPRA have the same meaning when used in this section.

Categories of Personal Information Collected and Disclosed

Over the past 12 months, we have collected and may have disclosed the following categories of personal information from or about consumers for the business and commercial purposes described in this Privacy Policy:

  • Identifiers (e.g., name, phone number, date of birth, IP address, email address, driver's license number, passport number). Sources: directly from you, your device, third-party verification services.
  • Personal information categories listed in Cal. Civ. Code Section 1798.80(e) (e.g., name, address, nationality, gender, bank account number, financial information). Sources: directly from you, financial institutions.
  • Protected classification characteristics (e.g., age, date of birth, nationality, gender). Sources: directly from you, government-issued documents.
  • Commercial information (e.g., payment card information, transaction history, trading data). Sources: directly from you, payment processors.
  • Biometric information (e.g., facial imagery from selfie verification). Sources: directly from you via our third-party identity verification provider.
  • Internet or other electronic network activity information (e.g., browser type and version, time zone settings, operating system, website visit information, browsing history, interaction with our advertisements). Sources: your device, cookies, advertising partners.
  • Geolocation data (e.g., precise GPS location, approximate location from IP address). Sources: your device.
  • Sensory data (e.g., audio recordings from customer support calls, photographs). Sources: directly from you.
  • Professional or employment-related information (e.g., job title, employer). Sources: directly from you.
  • Sensitive personal information (e.g., Social Security number, driver's license number, passport number, financial account credentials, precise geolocation, biometric data). Sources: directly from you, your device, third-party verification services.

We may disclose each category of personal information listed above to the categories of third parties described in the "Disclosing Your Personal Information to Third Parties" section of this Policy.

We use sensitive personal information only for the purposes permitted under Section 1798.121 of the CCPA/CPRA, including providing Services, verifying your identity, preventing fraud, ensuring security, and complying with legal obligations.

Vermont Privacy Rights

Vermont residents have certain rights in relation to their personal information under Vermont law. We will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows. For example, we may share information with your consent, to service your accounts, or under joint marketing agreements with other financial institutions. We will not share information about your creditworthiness within our corporate family except with your consent, but we may share information about our transactions or experiences with you within our corporate family without your consent.

Canadian Anti-Spam Legislation (CASL)

In compliance with Canada's Anti-Spam Legislation (CASL), we will only send you commercial electronic messages (emails, SMS) where we have your express consent or where an implied consent exception applies (such as an existing business relationship). All commercial electronic messages will identify Coin Nerds as the sender, include our contact information and physical address, and contain a clear and prominently displayed unsubscribe mechanism. We will process unsubscribe requests within 10 business days.

Cookies and Tracking Technologies

We use cookies, pixels, tags, and similar tracking technologies on our Sites. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please read our Cookie Policy.

We honor Global Privacy Control (GPC) signals. If your browser transmits a GPC signal, we will treat it as a valid request to opt out of the sale or sharing of your personal information via cookies and tracking technologies on our Sites.

Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no common understanding of how to interpret DNT signals, our Sites do not currently respond to browser DNT signals. However, we do honor Global Privacy Control (GPC) signals as described above.

Dispute Resolution

If you have a concern about our privacy practices, please contact us first at [email protected]. We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of personal information in accordance with this Privacy Policy.

Binding Arbitration (US Residents):

If you are a US resident and we are unable to resolve your privacy complaint through our internal process, any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the collection, use, or handling of your personal information shall be resolved through final and binding arbitration administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules, rather than in court, except that either party may bring qualifying claims in small claims court. The arbitration will be conducted in the English language in the county where you reside or in a location mutually agreed upon. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

Class Action Waiver (US Residents):

You agree that any arbitration or proceeding shall be limited to the dispute between us individually. To the fullest extent permitted by law: (a) no arbitration or proceeding shall be joined with any other; (b) there is no right or authority for any dispute to be arbitrated or resolved on a class-action basis or to utilize class-action procedures; and (c) there is no right or authority for any dispute to be brought in a purported representative capacity on behalf of the general public or any other persons. This class action waiver does not apply where prohibited by applicable law.

UK and EEA Residents:

If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner's Office. If you are located in the EEA, you may lodge a complaint with the supervisory authority in your member state of residence.

Canadian Residents:

If you are located in Canada, you may file a complaint with the Office of the Privacy Commissioner of Canada, or with your provincial privacy commissioner as applicable.

Regulatory Retention and Deletion Limitations

As a financial services provider subject to anti-money laundering and know-your-customer regulations in multiple jurisdictions, we are legally required to retain certain personal information for prescribed periods, even after you close your account or request deletion. This includes identity verification records, transaction records, and related compliance documentation. These legal obligations override deletion requests under privacy laws. We will inform you if we cannot fully comply with a deletion request due to regulatory retention requirements.

How to Contact Us

If you have questions or concerns regarding this Privacy Policy, wish to exercise your privacy rights, or have a complaint, please contact us through any of the following methods:

  • Email: [email protected] (Attention: Data Protection Officer)
  • Phone: +1 385-247-8887
  • Mail: Data Protection Officer, Coin Nerds Inc., 500 4 AVE SW, Ste 2500, Calgary, AB T2P 2V6, Canada

For privacy requests from UK residents, you may also write to: [UK Entity Name], [UK Entity Address].

We will acknowledge receipt of your request and respond within the timeframes required by applicable law.

Coin Nerds logo

Social

Facebook icon
X logo
Instagram iconLinkedin iconReddit icon

Trustpilot Reviews

Trustpilot

© 2026 Coin Nerds, Inc. Coin Nerds, Inc. is a registered money service business (NMLS ID: 2071000). For Law Enforcement requests please direct your official document to our compliance team here.

Products

Express Trade

Private Wealth OTC

Corporate Solutions

Foreign Exchange

Transfer Money

Learn

Affiliate Program

Referral Program

Blog

FAQ

Company

About Us

Careers

Media

Legal

Buying Guides

Crypto In PersonBitcoinEthereumDASHBitcoin CashUSDC or USDTDogecoin

Contact Us

Prices