Personal Data Processing Agreement (Privacy Notice)
Effective date: 24 December 2025
This Privacy Notice explains how bullup.ai (the “Website”, “Service”, “we”, “us”) collects, uses, stores, and protects personal data of users (“User”, “you”), and what rights you have.
By using the Website and/or creating an account, submitting an exchange order, or contacting support, you confirm that you have read and agree to this Privacy Notice.
1. Data Controller
Data controller: bullup.ai (website bullup.ai).
Privacy contact: [email protected]
2. What data we may collect
Depending on how you use the Service, we may process the following categories:
2.1. Account data:
– login, email, password (stored in a hashed form), PIN/2FA (if enabled), security settings.
2.2. Exchange order data:
– amounts and exchange directions, payout details (crypto wallet addresses, bank details, payment identifiers), order status, txid/transaction hashes, timestamps.
2.3. Communications:
– support requests, messages, files/documents you provide, internal notes related to resolving your request.
2.4. Technical data and logs:
– IP address, device/browser type, cookies/session identifiers, language, time zone, activity logs, suspicious login/abuse signals.
2.5. KYC/AML data (when required):
– full name, date of birth, citizenship/residency, country, identity documents, selfie/video verification (if applicable), source of funds/wealth (SoF/SoW) and other information required for AML/KYC checks.
Important: Please provide only the information necessary for order processing and/or compliance checks.
3. Purposes of processing
We process personal data for:
– account registration and administration;
– creating, executing, and supporting exchange orders;
– communicating with you (support, order-related notifications);
– Website security and fraud/abuse prevention;
– AML/KYC compliance, risk management, and source-of-funds checks;
– fulfilling legal obligations and responding to lawful requests from competent authorities;
– analytics and improving the Service (in an anonymized or minimal-necessary form).
4. Legal bases
We process data under one or more of the following legal bases (as applicable):
– performance of a contract / provision of services;
– compliance with legal obligations (including AML/KYC);
– our legitimate interests (security, fraud prevention, protection of rights and interests);
– your consent (for specific cases, e.g., certain cookies or materials you voluntarily provide).
5. Cookies
We use cookies and similar technologies to:
– authenticate users and maintain sessions;
– remember settings;
– ensure security and prevent abuse;
– collect statistics and improve the Website.
You can restrict cookies in your browser settings, but some features may not work properly.
6. Data sharing
We may share data only to the extent necessary with:
– technical infrastructure providers (hosting, DDoS protection, email/support systems, monitoring, analytics);
– payment/banking and crypto infrastructure, only as required to execute an order;
– AML/KYC/KYT screening providers (when needed);
– competent authorities, where we have a lawful basis to do so;
– professional advisors (lawyers/auditors) to protect our rights and interests.
We do not sell personal data and do not share it for third-party marketing.
7. International transfers
Our service providers may host systems in different countries. Where international transfers occur, we apply reasonable safeguards and work with providers that implement appropriate security measures.
8. Data retention
We keep data no longer than necessary for the purposes described above, and as required to comply with legal obligations and resolve disputes.
As a general approach:
– account and order data: for the period you use the Service plus an additional period for security/audit needs;
– KYC/AML data: for periods required by applicable laws and/or compliance policies;
– technical logs: for a reasonable period for security and incident investigations.
9. Security
We use organizational and technical measures to protect data, including:
– encrypted connections (HTTPS/TLS);
– access controls and need-to-know restrictions;
– logging and monitoring of suspicious activity;
– fraud prevention and security tooling.
However, no method of transmission or storage is 100% secure.
10. Your rights
Depending on applicable law, you may have the right to:
– access information about your data processing;
– correct inaccurate data;
– request deletion (where we have no obligation to retain it);
– restrict processing or object to processing (in certain cases);
– withdraw consent (where processing is based on consent);
– lodge a complaint with a competent authority.
To exercise your rights, contact [email protected] (we may request identity verification to prevent unauthorized requests).
11. Jurisdiction restrictions
The Service may restrict access from certain countries/territories and/or refuse service where required by compliance and AML/KYC policies.
12. Updates
We may updаte this Privacy Notice from time to time. The latest version is always available on the Website, and the effective date is shown at the top.
13. Contact
Email: [email protected]
