Privacy Policy

Version 1.0 · Last updated 11 June 2026

This Privacy Policy explains how mSamex OÜ ("mSamex", "we", "us") collects, uses, shares and protects personal data when you use the mSamex P2P Platform. It forms part of, and should be read with, our Terms of Service and AML, KYC & Sanctions Policy.

Controller. mSamex OÜ, Tallinn, Estonia, is the data controller for personal data processed through the Platform. For privacy requests contact privacy@msamex.com.

1. Data we collect

Category	Examples
Account data	Nickname, linked wallet addresses, email or messaging handle (e.g. Telegram), language and market preferences, reputation and standing.
Identity / KYC data	Legal name, date of birth, nationality, residential address, government ID documents, selfie/liveness images, and verification results — collected when verification is required (see our AML Policy).
Transaction data	On-chain wallet activity and Trade records, ad details, payment-method metadata you enter, counterparties, amounts, timestamps, dispute records, chat messages and uploaded evidence (images, PDFs, video).
Financial-receipt data	Fiat payment receipts and confirmations you upload, including data extracted from them by automated text recognition (OCR), to help verify payment.
Technical data	IP address, approximate location/geo derived from IP, device and browser information, timestamps, and security/usage logs.
Communications	Messages with support, notifications you opt into (web push, Telegram, email), and related metadata.

We collect data you provide directly, data generated as you use the Platform, public blockchain data, and data from verification, screening and analytics providers.

2. Why we use your data (purposes & legal bases)

To provide the Platform — create and operate your Account, match Trades, facilitate escrow interactions, run chat and disputes (performance of our contract with you).
Compliance & safety — identity verification, sanctions and PEP screening, transaction monitoring, fraud and abuse prevention, tainted-funds screening, and regulatory reporting (legal obligation and legitimate interests).
Security — authenticating users, securing accounts and infrastructure, detecting and investigating misuse (legitimate interests / legal obligation).
Dispute resolution — reviewing evidence and reaching arbitration decisions (performance of contract / legitimate interests).
Communications — service messages and notifications you request (contract / consent).
Improvement & analytics — maintaining, analysing and improving the Platform (legitimate interests).
Legal — establishing, exercising or defending legal claims and complying with lawful requests (legal obligation / legitimate interests).

3. Who we share data with

Verification & compliance providers — KYC/identity vendors, sanctions-screening and blockchain-analytics providers, to verify identity and screen risk.
Service providers — cloud hosting, infrastructure, OCR/text-recognition and communications providers that process data on our behalf under contract.
Counterparties — limited information necessary for a Trade or dispute (e.g. nickname, reputation, and evidence you choose to share or that is relevant to a dispute). Be mindful of what you disclose in chat and evidence.
Authorities — regulators, law-enforcement, tax authorities, courts and financial institutions, where we believe in good faith it is required by law, requested by a competent authority, or necessary to prevent fraud, abuse or harm.
Corporate transactions — a successor or acquirer in connection with a merger, acquisition, financing or sale of assets.

We do not sell your personal data.

4. Blockchain & public data

Transactions executed through the Escrow Contract are recorded on public blockchains. Blockchain data is public, permanent and outside our control; wallet addresses and on-chain activity cannot be edited or erased by us. Information that links an address to your identity is held off-chain and governed by this Policy.

5. International transfers

Your data may be processed in countries outside your own, including outside the European Economic Area. Where it is, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) as required by applicable law.

6. Retention

We keep personal data for as long as needed to provide the Platform and for the periods required to meet our legal, regulatory, accounting, security and fraud-prevention obligations. Identity and transaction records are typically retained for at least five (5) years after the end of our relationship or a transaction, as required by anti-money-laundering law, and longer where necessary to establish, exercise or defend legal claims.

7. Your rights

Subject to applicable law and our legal obligations, you may have the right to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw consent. Some data cannot be deleted while we are legally required to retain it (for example, AML records) or where it is recorded immutably on a blockchain. To exercise rights, contact privacy@msamex.com. You may also lodge a complaint with your local data-protection authority (in Estonia, the Andmekaitse Inspektsioon).

8. Security

We use technical and organisational measures to protect personal data, including encryption in transit, access controls and monitoring. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for safeguarding your own wallet keys and credentials.

9. Cookies & local storage

The Platform uses cookies and similar technologies (including browser local storage) to keep you signed in, remember preferences, secure the service and understand usage. You can control cookies through your browser; disabling some may affect functionality.

10. Children

The Platform is not directed to and may not be used by anyone under 18. We do not knowingly collect data from minors.

11. Changes

We may update this Policy by posting a revised version with a new "last updated" date. Continued use after changes take effect constitutes acceptance.

12. Contact

Privacy questions: privacy@msamex.com · mSamex OÜ, Tallinn, Estonia.