Page 1 of 10
DIFX is a brand name of DIFX TECHNOLOGIES PTE. LTD. (our, us, we, Company, DIFX),
registered under Commercial License No. 202023307N with Accounting and Corporate Regulatory
Authority (ACRA) Singapore which provides the Services to you. In order to provide you with the Services,
we need to collect and process various data and information. We want to notify you of our online privacy
practices, the methods and types of personal information that we received, collect, disclose and store, how
the personal information is used, with whom it may be shared, what choices are available to you regarding
the collection, use and distribution of your personal information, what kind of security procedures are in
place to protect the loss, misuse or alteration of information under our control, your rights regarding your
personal information and who to contact with questions or concerns (Privacy Policy or “Policy).
This Privacy Policy constitutes a part of DIFX’ Terms and Conditions. The terms used in this Privacy Policy
shall have the same meanings as in the Terms and Conditions unless otherwise provided.
This Privacy Policy explains how DIFX as well as its affiliates and all parties that run DIFX (DIFX
Operators), including but not limited to legal persons, unincorporated organizations and teams that
provide Services collect, use, process, disclose, share, transfer, and protect personal information obtained
through DIFX and its partners. So, the terms we, us, and our refer to DIFX and DIFX Operators collectively.
Please carefully read this Privacy Policy, because it applies to the DIFX website or DIFX mobile
application, along with related services, information and communications, materials and any software that
we make available that allows you to access relevant services (collectively Platform) and DIFX software,
communication and mail operations regardless of whether you register or log in to use the Services or not.
When visiting Platforms, you acknowledge, understand, and consent to all provisions described in this
Privacy Policy. We will not use your personal information for any purpose not covered in this Privacy
Policy or the Terms and Conditions (including any other business rules of DIFX) without prior notification
to you and your consent. If you do not agree with any part of this Privacy Policy, please stop using Services
The latest Privacy Policy has incorporated elements from the General Data Protection Regulation
(GDPR) as we act in accordance with its personal information processing rules within the European
Economic Area (EEA). We utilize standard contract clauses, rely on the European Commissions
adequacy decisions about certain countries,as applicable, and obtain your consent for these data transfers
to third countries if required by applicable laws.
This section specifies the methods by which we collect your personal information viz. (a) information that
you provide to us directly; (b) information we collect about you; and (c) and information we automatically
collect about you; and (d) information we collect about you from third parties. It also discusses the personal
information points we collect about you.
Page 2 of 10
1.1. Information You Provide to Us Directly
a) When Registering to Use Services: When you create a DIFX Account, you provide us with your email
address, name, date of birth, nationality, country code, gender, signature, utility bills, home address,
password, and other information to help us identify you (Identification Information). You can also
choose to add a phone number for SMS or Google Authenticator account for Two-Factor Authentication to
improve account security. If you agree to use biometric authentication methods to log in or use Services,
such as fingerprint recognition and facial recognition, you need to provide us with the corresponding
information, such as the fingerprint information and facial information, and your consent to the processing
of your biometric data.
b) To Comply with Regulatory Requirements: To comply with global industry regulatory standards, local
industry regulatory standards, and government orders in different aspects such as Anti-Money Laundering
(AML), Know-Your-Client (KYC), and Counter-Terrorist Financing (CTF), DIFX is required to collect
personal information in addition to Identification Information, such as identity documents (including
passport, drivers license, national identity card, state ID card, tax ID number, passport number, drivers
license details, national identity card details, visa information, etc.), proof of address, source of fund
declaration, purposes of fund documents, and source of wealth (Regulation Information). We will
explain to you the content and requirements of such personal information each time we collect information.
We reserve the right to change the content and requirements of the collected information as the global
industry regulatory standards, local regulatory standards or government orders change. This provision
applies to both personal and institutional DIFX Accounts.
1.2. Information We Collect as You Use Services
1.2.1. Service Usage Information
Through your access to and use of Services, we may monitor and collect tracking information related to
usage including but not limited to your phone number, access date and time, device type and device
identification, operating system and hardware setting, browser type, and information derived from SIM
card, network operator, IP address, GPS, base station and WLAN (Service Usage Information). All of
this information is necessary for us to provide you with Services. This information may be directly obtained
by DIFX or through third-party service providers whom you have given consent to share this data with
other parties. The collection of Service Usage Information helps our systems to ensure that our interface is
accessible for users across all platforms and can aid during criminal investigations.
1.2.2. Transaction Information
For all personal and institutional user accounts, we may collect transaction information as you use Services,
including but not limited to deposit snapshots, account balances, trade history (such as transaction initiation,
payment method, price, quantity, time, withdrawal and authorization information), order activity, and
distribution history (Transaction Information). We collect such Transaction Information to monitor
suspicious trading activity for user fraud protection, legal case resolution, and any other purposes disclosed
in this Privacy Policy.
1.2.3. Communication Information
You agree that, for the purposes disclosed in this Privacy Policy, we are entitled to collect and use the
information contained in or related to the communication that you send to us or generated through your use
Page 3 of 10
of Services (Communication Information). Communication Information may include all messages,
requests or other information you send in the course of your contact with DIFX; all communications and
file attachments in connection with your transactions with other users or other data generated primarily
through your communications with them.
1.2.4. Financial Information
You agree that, for the purposes disclosed in this Privacy Policy, we are entitled to collect and use the
information contained in or related to your financial information when you use Services, including without
limitation, bank account information, payment card primary account number (PAN), transaction history,
trading data, and/or tax identification (Financial Information). We collect such financial information to
monitor suspicious financial activity for user fraud protection, legal case resolution, and any other purposes
disclosed in this Privacy Policy.
1.3. Information DIFX Automatically Collects
Most of the personal information that we collect is directly provided by you. In the following situations, we
will collect and process the information about you using automated tools:
a) where you register for, log in or visit DIFX, or use any Service;
b) where you voluntarily complete any user survey or provide feedback to us via email or any other channel;
c) where you use cookies of the browser or software in visiting or using Platforms;
d) other situations where we may automatically collect your information as mentioned in this Privacy Policy
or our Terms and Conditions.
1.4. Information Collected from the Third-party Sources
We may collect your personal information from third-party sources who you have authorised to share such
personal information with other parties, including but not limited to, the following channels:
a) public databases, credit bureaus and ID verification partners;
b) blockchain data;
c) marketing partners and resellers;
d) advertising partners and analytics providers.
1.5. Anonymized and Aggregated Data
Anonymization is a data processing technique that removes or modifies personal information so that it
cannot be associated with a specific individual. Except for this section, none of the other provisions of this
Privacy Policy applies to anonymized or aggregated personal information (i.e. information about our users
that we combine together so that it no longer identifies or references an individual user).
We may use anonymized or aggregate customer data for any business purpose, including to better
understand users’ needs and behaviors, improve our products and services, conduct business intelligence
and marketing, and detect security threats. We may perform our own analytics on anonymized data or
enable analytics provided by third parties.
We use the personal information about you for the following purposes or in the following ways:
Page 4 of 10
2.1. To Provide and Maintain Services
We use your personal information to deliver, maintain and provide better Services (including but not limited
to processing transactions) and verify users’ identities.
We use the IP address and unique identifiers stored in your device’s cookies to help us authenticate your
identity and activities and provide Services. Given our legal obligations and system requirements, we
cannot provide you with all or some of Services without data like Identification Information, Supervision
Information, Service Usage Information, Communication Information, and Transaction Information.
2.2. To Protect Our Users
We use the information collected to protect our platforms, users’ accounts, and archives.
We use IP addresses and cookies to protect against automated abuse such as spam, phishing, and Distributed
Denial of Service or DDoS attacks. We analyze trading activities with the goal of detecting suspicious
behaviors as early as possible to prevent potential fraud and loss of funds to bad actors.
2.3. To Comply with Legal and Regulatory Requirements
With respect to the privacy and security of personal information, we will use the information in compliance
with our legal obligations, government requests, and reasonable user-generated inquiries. In cases where it
is strictly necessary, such as to protect the vital interests of the users or other natural persons, to fulfill the
purpose of public interest, to pursue our reasonable interests (but not to damage the interests of the users),
we may process your personal information without your consent. Except for the situations stated in this
Privacy Policy or the Terms and Conditions, we will not disclose or provide any of your personal
information to third parties without a review from our legal team and/or prior consent from the user.
2.4. For Measurement, Research and Development Purposes
We actively measure and analyze data to understand the way you use and interact with Services. This review
activity is conducted by our operation teams to continually improve our Platforms’ performance and to
resolve issues with the user experience. In addition, we use such information to customize, measure, and
improve Services and the content and layout of our websites and apps, and to develop new services. We
continuously monitor activity information within our systems and our communications with users to look
for and quickly fix problems.
2.5. To Communicate with You
We use your personal information, such as your phone number or email address to interact with you directly
when providing customer support on a ticket or to keep you informed on logins, transactions, account
security and other aspects. Without collecting and processing your personal information for confirming
each communication, we will not be able to respond to your submitted requests, questions, and inquiries.
All direct communications are properly kept at DIFX or the service provider designated by DIFX, to be
reviewed for accuracy, to be kept as evidence, or to be used to perform other statutory or contractual
2.6. To Enforce Our Terms and Conditions and Other Agreements
Your personal information is also used to continually and actively enforce our Terms and Conditions and
other agreements with our users, including but not limited to reviewing, investigating, and preventing any