Privacy Statement

This Privacy Statement applies to all information processed by the GX Coin Foundation ("the Foundation") in the course of operating the core GX Coin Protocol, including the official website (gxcoin.money), official wallet applications, and core identity verification services.

This statement does not cover the practices of independent, third-party licensees who build applications on the protocol. While the Foundation mandates adherence to a strict ethical code of conduct, those parties are responsible for their own privacy policies. Participants are encouraged to review the policies of any third-party service they choose to use.

To uphold a "one person, one account" principle and defend the network against fraud and manipulation, the Foundation must verify the uniqueness of each participant. To achieve this, a limited set of information is collected and securely held in an off-chain Identity Graph.

• Personally Identifiable Information (PII): Legal identity attributes such as name, date of birth, and a government‑issued identification number (where required).
• Verification Data: Encrypted copies or scans of identity documents and, where required, biometric data used solely for a one‑time verification event. Source biometric data is not retained long‑term.

Crucially, none of this source data is ever written to the public blockchain. On‑chain you are represented only by a pseudonymous public address. The raw identity artifacts reside in a segregated, encrypted environment under Foundation stewardship.

The Foundation adheres to strict data minimization. Information is processed only for specific, necessary purposes:

• Account Creation & Security: Verifying uniqueness and establishing your protocol presence.
• Fraud Prevention: Enforcing the one account per person covenant.
• Account Recovery & Inheritance: Powering participant-controlled "Circle of Trust" mechanisms.
• Privacy‑Preserving Verification: Allowing licensed partners to query specific facts (e.g., age threshold) via restricted yes/no attestations never raw personal data.
• Regulatory Compliance: Satisfying AML / CFT obligations where legally required.

The Foundation will never sell personal information, share it for marketing, or repurpose it beyond secure protocol operation and required compliance.

You retain full sovereignty over your personal information. Subject to limited legal and technical constraints, you may:

• Access: Request a copy or summary of personal data the Foundation maintains.
• Rectify: Correct inaccurate or incomplete records.
• Erase: Request deletion of personal information, subject to compliance retention or protocol integrity requirements.

Where cryptographic commitments or anonymized derivatives must persist to maintain network integrity, those constraints are transparently documented.

Protecting your information is a highest‑priority engineering mandate. Safeguards include:

• End‑to‑End Encryption: State‑of‑the‑art cryptography applied to data in transit and at rest.
• Strict Access Controls: Just‑in‑time, least‑privilege access with immutable audit trails.
• Independent Audits: Regular security assessments by external specialists; findings triaged and remediated under transparent change management.

Incident response procedures are rehearsed and versioned; material incidents trigger participant notification consistent with applicable regulations.

This statement may be revised to reflect evolving best practices, stewardship decisions, or legal requirements. Material changes are communicated through official channels prior to or concurrent with effective dates.

Questions or concerns? Contact the Data Protection Office at privacy@gxcoin.money. For general inquiries, use theworld@gxcoin.money.