Terms and Policies
Privacy Policy
How NODITRA collects, uses, and protects your personal information.
1. Data Controller
NODITRA Exchange Inc. is the data controller for all personal information processed through the NODITRA platform. Registered at NODITRA Tower, 14F, 327 Teheran-ro, Gangnam-gu, Seoul, Republic of Korea. Business Registration No. 220-81-31974.
2. What We Collect
| Category | Data Elements | Purpose |
|---|
| Identity | Full name, date of birth, nationality, government-issued ID scan | KYC compliance, account verification |
| Contact | Email address, phone number, residential address | Account management, security alerts |
| Financial | Bank account details, transaction history, trade records, balance snapshots | Service delivery, AML compliance |
| Device & Usage | IP address, browser fingerprint, device type, access timestamps | Fraud prevention, security monitoring |
| Communications | Support ticket content, chat transcripts (where consent given) | Quality assurance, dispute resolution |
| Behavioral | Page navigation, order patterns, feature usage (anonymized) | Platform improvement, UX optimization |
3. Legal Basis for Processing
- Contract performance: Processing necessary to deliver exchange services you've contracted for
- Legal obligation: AML/KYC obligations under the Act on Reporting & Using Specified Financial Transaction Information (ARUSFTI, νΉμ κΈμ΅μ 보λ²)
- Legitimate interests: Fraud detection, platform security, system integrity
- Consent: Marketing communications, optional analytics features
4. How We Use Your Data
- Identity verification and ongoing KYC/AML compliance monitoring
- Processing deposits, withdrawals, and trades
- Sending security alerts, account notifications, and required regulatory communications
- Fraud detection, account security monitoring, and pattern analysis
- Improving platform features through aggregated, anonymized analytics
- Marketing communications (opt-in only, unsubscribe available at any time)
5. Data Sharing & Third Parties
We do not sell your personal information. We share data only with:
- Service providers: Cloud infrastructure (AWS Seoul region), KYC verification partners (Onfido), payment processors β bound by data processing agreements
- Regulatory bodies: Korea Financial Intelligence Unit (KoFIU), Financial Services Commission (FSC) as required by law
- Law enforcement: When served with legally valid orders from Korean or internationally valid foreign courts
6. Data Retention
- Financial records (trades, deposits, withdrawals): 7 years from date of transaction (required by Korean Electronic Financial Transactions Act)
- KYC documents: 5 years from account closure
- Support communications: 3 years
- Marketing opt-in records: Until withdrawal of consent
- Device/session logs: 90 days
7. Your Rights
You have the following rights under the Personal Information Protection Act (PIPA) and, where applicable, the GDPR:
- Access: Request a copy of your personal data we hold
- Correction: Request inaccurate data be corrected
- Deletion: Request deletion of data where retention is no longer legally required
- Portability: Receive your data in a machine-readable format (where technically feasible)
- Objection: Opt out of marketing communications at any time
To exercise your rights, visit the Privacy Center or email [email protected]. We will respond within 30 days.
8. International Data Transfers
User data is stored primarily on AWS Seoul region (ap-northeast-2) servers. Where data is transferred internationally for operational support, such transfers are subject to adequate safeguards including Standard Contractual Clauses for EU-based users.
9. Cookies & Tracking
NODITRA uses session cookies for authentication and preference storage. We do not use third-party advertising trackers. Analytics are conducted via self-hosted, anonymized tooling. You may disable non-essential cookies in your browser settings.
10. Contact & Complaints
Privacy Officer: Kim Da-eun (κΉλ€μ) Β· [email protected]
If you believe your privacy rights have been violated, you may also file a complaint with the Korea Personal Information Protection Commission (PIPC) at www.pipc.go.kr or call 182.