Privacy Statement

This Privacy Statement applies to all information processed by the GX Coin Foundation ("the Foundation", "we", "us") in the course of operating the core GX Coin Protocol, including our official website (gxcoin.money), official wallet applications, and core identity verification services.

This statement does not cover the practices of independent, third‑party licensees who build applications on our protocol. While we mandate adherence to a strict ethical code of conduct, those parties are responsible for their own privacy policies. We encourage you to review the policies of any third‑party service you choose to use.

To uphold a “one person, one account” principle and defend the network against fraud and manipulation, we must be able to verify the uniqueness of each participant. To achieve this, we collect and securely hold a limited set of information in an off‑chain Identity Graph.

• Personally Identifiable Information (PII): Legal identity attributes such as name, date of birth, and a government‑issued identification number (where required).
• Verification Data: Encrypted copies or scans of identity documents and, where required, biometric data used solely for a one‑time verification event. Source biometric data is not retained long‑term.

Crucially, none of this source data is ever written to the public blockchain. On‑chain you are represented only by a pseudonymous public address. The raw identity artifacts reside in a segregated, encrypted environment under Foundation stewardship.

We adhere to strict data minimization. Information is processed only for specific, necessary purposes:

• Account Creation & Security: Verifying uniqueness and establishing your protocol presence.
• Fraud Prevention: Enforcing the one account per person covenant.
• Account Recovery & Inheritance: Powering user‑controlled “Circle of Trust” mechanisms.
• Privacy‑Preserving Verification: Allowing licensed partners to query specific facts (e.g., age threshold) via restricted yes/no attestations never raw personal data.
• Regulatory Compliance: Satisfying AML / CFT obligations where legally required.

We will never sell your personal information, share it for marketing, or repurpose it beyond secure protocol operation and required compliance.

You retain full sovereignty over your personal information. Subject to limited legal and technical constraints, you may:

• Access: Request a copy or summary of personal data we maintain.
• Rectify: Correct inaccurate or incomplete records.
• Erase: Request deletion of personal information, subject to compliance retention or protocol integrity requirements.

Where cryptographic commitments or anonymized derivatives must persist to maintain network integrity, we transparently document those constraints.

Protecting your information is a highest‑priority engineering mandate. Safeguards include:

• End‑to‑End Encryption: State‑of‑the‑art cryptography applied to data in transit and at rest.
• Strict Access Controls: Just‑in‑time, least‑privilege access with immutable audit trails.
• Independent Audits: Regular security assessments by external specialists; findings triaged and remediated under transparent change management.

Incident response procedures are rehearsed and versioned; material incidents trigger user notification consistent with applicable regulations.

We may revise this statement to reflect evolving best practices, governance decisions, or legal requirements. Material changes are communicated through official channels prior to or concurrent with effective dates.

Questions or concerns? Contact our Data Protection Office at privacy@gxcoin.money. For general inquiries, use theworld@gxcoin.money.