Privacy Policy

QOVA Exchange ("QOVA," "we," "our," or "us") is committed to protecting the privacy and security of your personal and institutional data. This Privacy Policy explains how we collect, use, store, and protect information in connection with our services.

This Policy applies to all clients, users, and visitors who interact with QOVA Exchange services, website, and APIs. By using our services, you consent to the data practices described in this Policy.

Identity and KYC Data: Corporate registration documents, beneficial ownership information, identification documents of authorized representatives, proof of address, and all information required for regulatory KYC compliance.

Transaction Data: All transaction records, including amounts, currencies, counterparties, timestamps, blockchain transaction hashes, wallet addresses, and associated metadata.

Technical Data: IP addresses, device information, browser data, API access logs, and usage patterns for security and fraud prevention purposes.

Communications: All communications between you and QOVA, including emails, support tickets, and any correspondence related to your account or transactions.

QOVA processes your data under the following legal bases:

• ◈Contractual necessity — to provide the services you have requested
• ◈Legal obligation — to comply with AML, KYC, and regulatory requirements
• ◈Legitimate interest — to prevent fraud, ensure security, and improve services
• ◈Consent — where explicitly provided for optional processing activities

QOVA uses collected data to: process and settle transactions; verify identity and conduct due diligence; comply with regulatory and legal obligations; detect and prevent fraud and financial crime; maintain audit trails required by law; improve platform security and performance; and communicate important account and service information.

We do not sell, rent, or trade your personal data to third parties for marketing or commercial purposes. All data sharing is limited to what is required for service delivery and regulatory compliance.

QOVA retains all transaction records, KYC documents, and account data for a minimum of 5 years following account closure or the last transaction date, as required by applicable AML regulations in El Salvador and relevant international standards.

Blockchain transaction data is immutable and permanently recorded on-chain as part of the public ledger. This data cannot be deleted and is outside of QOVA's control once a transaction is confirmed.

Upon expiration of the mandatory retention period, data is securely deleted or anonymized in accordance with our data destruction policy.

QOVA implements institutional-grade security measures including: 256-bit TLS encryption for all data in transit; AES-256 encryption for data at rest; multi-factor authentication for all account access; regular security audits and penetration testing; and strict access controls on a need-to-know basis.

In the event of a data breach that affects your information, QOVA will notify affected clients and relevant authorities within 72 hours of discovery, as required by applicable law.

QOVA may share your information with: regulatory authorities and law enforcement when legally required; licensed compliance and AML screening service providers; banking and payment partners necessary for transaction execution; and auditors and legal counsel for compliance and legal purposes.

All third-party service providers are bound by strict data processing agreements and may only use your data for the specific purpose for which it was shared.

Subject to applicable law and regulatory constraints, you have the right to: access your personal data held by QOVA; request correction of inaccurate data; request deletion of data no longer required (subject to regulatory retention requirements); object to certain processing activities; and lodge a complaint with the relevant supervisory authority.

To exercise any of these rights, contact our Data Protection Officer at privacy@qova.exchange. We will respond within 30 business days.

Our website uses essential cookies necessary for operation and security. We do not use tracking cookies for advertising purposes. Analytics data is collected in anonymized form to improve site performance. You may disable cookies in your browser settings without affecting core functionality.

For privacy inquiries, contact QOVA Exchange at: