Privacy Policy

Orexis ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform at orexisvault.com and related services.

By creating an account or using our services, you agree to the practices described in this policy. If you do not agree, please do not use our platform.

This policy is governed by the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

We collect the following categories of personal data:

Account Information: Name, email address, and password (stored in hashed form) provided during registration.

Identity Verification (KYC): Government-issued ID documents and selfie photographs, collected for regulatory compliance. Processed by our licensed KYC partner and not stored on our own servers.

Financial Data: Transaction history, deposit and withdrawal records, asset balances, and staking positions. This data is necessary for providing our services and for regulatory reporting.

Usage Data: IP address, browser type, device identifiers, pages visited, and time spent on the platform. Collected automatically to improve performance and detect fraud.

Communication Data: Messages sent through our Support chat, including content and timestamps.

Referral Data: If you register via a referral link, we record the referral relationship to credit bonuses appropriately.

We use your personal data for the following purposes:

• Providing Services: To operate your account, process transactions, and deliver all platform features.

• Compliance & Legal Obligations: To verify your identity (KYC/AML), comply with Swiss and EU financial regulations, prevent fraud and money laundering, and respond to lawful government requests.

• Security: To detect and prevent unauthorised access, suspicious activity, and platform abuse.

• Communication: To send you transaction confirmations, security alerts, and important account notifications. We do not send unsolicited marketing emails without your explicit consent.

• Platform Improvement: To analyse usage patterns, fix bugs, and improve the user experience. This analysis uses anonymised or aggregated data wherever possible.

• Support: To respond to your inquiries and resolve issues via our support system.

Your data is stored on servers located within the European Economic Area (EEA) and Switzerland. We use the following security measures:

• End-to-end TLS/SSL encryption for all data in transit • AES-256 encryption for sensitive data at rest • Row-Level Security (RLS) policies on our database — each user can only access their own data • Multi-factor authentication for all administrative access • Regular security audits and penetration testing • 95% of digital assets stored in cold wallets with multi-signature protection

We retain your data for as long as your account is active and for 7 years thereafter, as required by Swiss financial regulations. KYC documents are retained for 10 years per AML requirements.

We use carefully selected third-party providers to operate our platform:

• Clerk (clerk.com): Authentication and user identity management. Data processed in the USA under EU Standard Contractual Clauses.

• Supabase (supabase.com): Database hosting and storage. Data stored in EEA data centres.

• Vercel (vercel.com): Platform hosting and content delivery. Data processed under GDPR-compliant terms.

• Upstash (upstash.com): Rate limiting infrastructure. No personal data is stored — only anonymised identifiers.

• Resend (resend.com): Transactional email delivery. Email content and addresses processed under GDPR terms.

None of our third-party providers are permitted to use your data for their own commercial purposes.

Under Swiss law and the GDPR, you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete data.

• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention obligations. Note: financial transaction records must be retained for regulatory compliance.

• Right to Data Portability: Receive your data in a machine-readable format (JSON/CSV).

• Right to Restriction: Request that we limit processing of your data in certain circumstances.

• Right to Object: Object to processing based on legitimate interests, including profiling.

• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us via the Support section in your dashboard or email [email protected]. We will respond within 30 days.

We use the following types of cookies:

Essential Cookies: Required for the platform to function. These include session authentication tokens and security cookies. Cannot be disabled.

Preference Cookies: Remember your settings such as language and theme preferences.

Analytics Cookies: Anonymised usage data to improve platform performance. No personally identifiable information is collected.

We do not use advertising or tracking cookies, and we do not share cookie data with advertising networks. You can manage cookie preferences via your browser settings. Disabling essential cookies will prevent you from logging in.

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has created an account, we will terminate the account and delete associated data immediately. If you believe a minor is using our platform, please contact us via Support.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email and display a notice on the platform at least 14 days before the changes take effect. The date of the last update is shown at the bottom of this page. Continued use of our services after the effective date constitutes acceptance of the updated policy.

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us:

Data Controller: Orexis Zurich, Switzerland

Privacy Inquiries: Use the Support section in your dashboard, or write to [email protected].

Supervisory Authority: If you are in the EU/EEA and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority.