Privacy Policy

1. Introduction

BlackLabel Exchange Services Co., Ltd. (“BlackLabel,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, store, and share information when you use our Platform and services.

This policy applies to all users of the BlackLabel Exchange Services platform, including administrators, agents, and customers. By using our services, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Company name, contact person name, business email address, phone number, company registration number.
• Identity Verification: Government-issued identification documents, proof of business registration, beneficial ownership information as required for KYC compliance.
• Financial Information: Bank account details, cryptocurrency wallet addresses, transaction amounts, exchange rate preferences.
• Communication Data: Messages sent through the Platform, Telegram communications, support requests, and application form submissions.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, timestamps, session duration, and interaction patterns.
• Device Information: Browser type, operating system, device identifiers, and IP address.
• Cookies: Essential cookies for session management and optional analytics cookies for platform improvement. See Section 8 for details.

2.3 Information from Third Parties

• Authentication Providers: When you sign in via Google OAuth, we receive your name, email address, and profile photo.
• Blockchain Networks: Transaction confirmations, wallet balances, and verification data from Ethereum and Tron networks.
• Telegram: When you link your Telegram account, we receive your Telegram user ID and username for notification delivery.

3. How We Use Your Information

We use collected information to:

• Provide Services: Process exchange orders, verify transactions, deliver USDT, and manage your account.
• Verify Identity: Conduct KYC/AML checks as required by Thai law and international regulations.
• Communicate: Send order confirmations, status updates, security alerts, and system notifications via the Platform and Telegram.
• Improve the Platform: Analyse usage patterns to enhance features, fix issues, and optimise performance.
• Ensure Security: Detect and prevent fraud, unauthorised access, and other security threats.
• Comply with Law: Meet legal obligations, respond to lawful requests from authorities, and maintain audit trails as required by financial regulations.

4. Data Storage & Security

4.1 Storage

Your data is stored on secure infrastructure provided by Supabase (PostgreSQL 17) with servers located in regions compliant with our data residency requirements. Backups are maintained in encrypted form.

4.2 Security Measures

• Encryption: All data in transit is protected with TLS 1.3. Sensitive credentials are encrypted at rest using AES-256-GCM.
• Access Controls: Row-level security (RLS) ensures users can only access data they are authorised to view. Administrative access requires multi-factor authentication.
• Audit Trail: All data access and modifications are logged with timestamps, user identity, and IP address for compliance and security review.
• Infrastructure: Our production environment uses hardened Ubuntu servers with UFW firewalls, fail2ban intrusion prevention, and SSH key-only authentication.

4.3 Retention

We retain your personal data for as long as your account is active and for 7 years thereafter to comply with Thai financial record-keeping requirements. Transaction records and audit logs are retained permanently for regulatory compliance. You may request deletion of non-essential data by contacting us.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

• Exchange Partners: Minimal transaction data shared with exchange platforms (Binance, Bitkub, Bitazza, MaxBit) as required to execute your orders.
• Blockchain Networks: Transaction data is broadcast to public blockchain networks as an inherent part of cryptocurrency transactions.
• Legal Requirements: When required by law, court order, or governmental request, we may disclose information to appropriate authorities.
• Service Providers: Trusted third-party services that assist in operating our Platform (e.g., hosting, analytics) receive only the minimum data necessary and are bound by confidentiality agreements.

6. Your Rights

Under the Thailand Personal Data Protection Act (PDPA) and applicable international privacy laws, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing of your data for specific purposes.
• Withdrawal of Consent: Withdraw consent for optional data processing at any time.

To exercise these rights, contact our Data Protection Officer at privacy@blacklabel.exchange. We will respond to requests within 30 days.

7. International Data Transfers

Your data may be processed in jurisdictions outside of Thailand where our service providers operate. When data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy assessments as required by the PDPA.

8. Cookies & Tracking

8.1 Essential Cookies

Required for Platform operation: session management, authentication tokens, and security features. These cannot be disabled.

8.2 Analytics Cookies

Optional cookies that help us understand how the Platform is used. You may accept or decline these via the cookie consent banner. Declining analytics cookies does not affect Platform functionality.

8.3 No Third-Party Advertising

We do not use advertising cookies or share data with advertising networks. BlackLabel is a B2B service platform and does not serve ads.

9. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email and/or in-platform notification at least 14 days before taking effect. The “Last updated” date at the top reflects the most recent revision.

11. Contact Us

For privacy-related inquiries or to exercise your data rights:

• Data Protection Officer: privacy@blacklabel.exchange
• General Inquiries: partnerships@blacklabel.exchange
• Telegram: @BlackLabelExchange