Changelly — Privacy

Information We Collect on Changelly

When users interact with Changelly, certain categories of information are collected to facilitate transactions and maintain service quality. Personal identification data, such as name and email address, may be collected when a user creates an account or initiates a transaction requiring verification. The platform also gathers technical data including IP addresses, browser types, device identifiers, and operating system details through standard server logging processes. Transaction data — including wallet addresses, selected currencies, exchange amounts, and timestamps — is recorded for each swap initiated through the service. In cases where fiat payment methods are used, additional financial information such as payment card details or bank account references may be processed by authorized third-party payment processors. Voluntary information, such as support ticket content or feedback submissions, is also retained to improve customer service. All collection practices are designed to be proportionate to the service being provided.

How Changelly Uses Your Data

Data collected by Changelly is used primarily to execute cryptocurrency exchange transactions accurately and securely. The service relies on user-provided information to match swap requests with appropriate liquidity sources, confirm transaction status, and deliver completed exchanges to the correct wallet addresses. Beyond transaction processing, the platform uses data to comply with anti-money laundering regulations and to fulfill legal obligations in the jurisdictions where it operates. Aggregated and anonymized analytics data is used internally to identify usage trends, optimize platform performance, and guide product development decisions. With explicit user consent, contact information may be used to send transactional notifications, service updates, or promotional communications. The service does not sell personal data to advertisers or use it for purposes unrelated to the provision and improvement of the exchange service.

Cookies and Tracking Technologies

Like most web services, Changelly uses cookies and similar tracking technologies to enhance the user experience and gather operational insights. Essential cookies are required for the platform to function correctly — they maintain session states, remember user preferences, and enable secure authentication flows. Analytical cookies help the service understand how users navigate the interface, which features are most used, and where friction points may exist, allowing the team to make data-driven improvements. Functionality cookies remember selections such as preferred currency or language settings between visits. Third-party cookies from analytics and fraud prevention partners may also be set when users interact with embedded tools. Users can manage cookie preferences through their browser settings or through the consent management interface provided on the site. Disabling non-essential cookies may limit certain personalized features but will not prevent core swap functionality from operating.

Third-Party Sharing and Changelly Partners

Changelly shares user data with a limited set of third parties strictly for the purpose of delivering, securing, and improving the exchange service. Liquidity providers and partner exchanges may receive relevant transaction parameters — such as currency pairs and amounts — to process swap orders, though personal identity data is not shared beyond what is operationally necessary. Payment processors authorized to handle fiat transactions receive only the financial data required to complete those specific transactions. Compliance and analytics providers may access anonymized or pseudonymized data sets to assist with regulatory reporting and fraud detection. The platform does not sell, rent, or trade personal information to marketing companies, data brokers, or unrelated third parties. All partner relationships are governed by data processing agreements that establish strict obligations regarding data use, storage security, and confidentiality.

Data Security Practices

Protecting user data is treated as a core operational responsibility by Changelly. The service employs industry-standard encryption — including TLS protocols for data in transit and AES-256 encryption for sensitive data at rest — to guard against unauthorized access. Access to personal data within the organization is role-restricted, meaning only personnel with a verified operational need can retrieve specific user records. The platform conducts regular penetration testing and vulnerability assessments to proactively identify and address security weaknesses. In the event of a data breach that poses a risk to users, the service has established incident response procedures that include timely notification to affected individuals and relevant regulatory authorities in accordance with applicable law. While no system can guarantee absolute security, the technical and organizational measures implemented represent a serious and ongoing commitment to data protection.

Your Rights as a Changelly User

Users of Changelly retain meaningful rights over their personal data, consistent with applicable privacy laws including the General Data Protection Regulation where relevant. The right of access allows users to request a copy of the personal information the platform holds about them. The right to rectification enables users to correct inaccurate or incomplete data. Where data processing is based on consent, users may withdraw that consent at any time without affecting the lawfulness of prior processing. The right to erasure — commonly known as the right to be forgotten — allows users to request deletion of their data, subject to legal retention obligations. Users may also request restriction of processing or object to certain types of data use. To exercise any of these rights, users can submit a request through the official support channels, and the service commits to responding within the timeframe required by law.

Data Retention Policy

Changelly retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, regulatory, and audit requirements. Transaction records are typically retained for a minimum of five years following the completion of a swap, consistent with anti-money laundering regulations that mandate financial record preservation. Account data for registered users is retained for the duration of the account's active status and for a defined period after account closure to support dispute resolution and compliance inquiries. Analytical and aggregated data that has been stripped of personally identifiable information may be retained indefinitely for platform improvement purposes. When data reaches the end of its retention period, the service uses secure deletion and data anonymization practices to ensure it cannot be reconstructed or misused. Users may request information about specific retention periods applicable to their data through the support team.

International Data Transfers

As a globally operating platform, Changelly processes and stores data in multiple countries, which may involve transferring personal information across international borders to jurisdictions with varying levels of data protection. When transferring data outside of regions with established adequacy decisions, the service relies on recognized legal mechanisms such as Standard Contractual Clauses approved by relevant data protection authorities to ensure an adequate level of protection is maintained. Partner agreements governing international transfers include provisions that require recipients to uphold data protection standards equivalent to those applied domestically. The platform continuously reviews its international transfer practices to remain aligned with evolving regulatory guidance from bodies such as the European Data Protection Board. Users who have concerns about cross-border data transfers or wish to understand which countries may process their data can request this information through the designated privacy contact.

Children's Privacy

Changelly is not designed for, marketed to, or intended for use by individuals under the age of 18. The service does not knowingly collect personal information from minors, and the terms of use explicitly require users to confirm they meet the minimum age requirement before initiating any transaction. If the platform becomes aware that personal data has been collected from a user under the age threshold without appropriate parental consent, it will take immediate steps to delete that information from its systems. Parents or guardians who believe their child has submitted personal information to the service are encouraged to contact the support team promptly so the issue can be investigated and resolved. This commitment to protecting minors reflects both legal obligations and a broader ethical responsibility to ensure the platform is used appropriately.

Privacy Policy Updates

This privacy policy is reviewed and updated periodically to reflect changes in the service, applicable law, or industry best practices. When material changes are made to the policy, Changelly will provide notice to users through appropriate channels, which may include a prominent notice on the platform website, an email notification to registered users, or an in-app alert. The date of the most recent revision is always displayed at the top of the policy document so users can easily identify when updates occurred. Continued use of the service following the effective date of a revised policy constitutes acceptance of the updated terms. Users who do not agree with a revised policy are encouraged to discontinue use of the platform and may contact support to request deletion of their account and associated data in accordance with the rights described above.

Contact Information for Privacy Inquiries

Users with questions, concerns, or requests related to this privacy policy or the handling of their personal data can reach the Changelly privacy team through the official support portal at changelly.com. The platform is committed to acknowledging privacy inquiries within a reasonable timeframe and resolving them in accordance with applicable data protection law. For users located in the European Economic Area who wish to escalate a privacy concern beyond the platform's internal resolution process, the option exists to file a complaint with the relevant national data protection supervisory authority. When submitting a privacy request, users should include sufficient identifying information to allow the team to locate their records while taking care not to transmit sensitive data through unsecured channels. The service treats all privacy communications with confidentiality and processes them with the seriousness they deserve.

Consent and Legal Basis for Processing

Changelly processes personal data on the basis of several legal grounds depending on the nature of the data and the purpose of processing. For the execution of a cryptocurrency swap, processing is necessary for the performance of a contract between the user and the service. Compliance-related processing, including AML and fraud screening, is carried out to fulfill legal obligations to which the platform is subject. Where the service sends optional marketing communications or deploys non-essential cookies, it relies on the user's freely given, specific, and informed consent as the legal basis. Legitimate interests of the platform — such as improving service quality, detecting abuse, or ensuring network security — serve as the basis for certain analytical and operational processing activities, provided those interests are not overridden by users' fundamental rights. Users may contact the support team to inquire about the specific legal basis applied to any particular processing activity.