Privacy Policy

When you use GETX, we collect:

• Account info — email, password (hashed), display name, country, and an optional username.
• Identity verification (KYC, only when you request your first withdrawal) — government ID, photo, and other documents required by our payment partners.
• Transaction data — orders, listings, custom requests, offers, messages, reviews, and payment metadata.
• Technical data — IP address, device info, user agent, and usage analytics.

• To run the marketplace — process orders, hold escrow, deliver chat messages.
• To verify your identity when withdrawing funds (legal requirement).
• To prevent fraud, abuse, and account takeovers.
• To resolve disputes between buyers and sellers.
• To comply with applicable law and respond to legal requests.
• To send transactional notifications (order updates, security alerts). Marketing emails require opt-in.

We share data with:

• Payment processors — Paddle (and successors) to charge your card and pay sellers. They receive only the data they need to process the transaction.
• KYC providers — Sumsub or Digio for identity verification, only when you start the withdrawal flow.
• Email and SMS providers — Resend (or successor) to send notifications.
• Cloud and infrastructure — AWS / Neon / Cloudflare host the platform.
• Legal requests — courts and government agencies, where required by law.

We do not sell your data. We don't share it with advertisers.

Passwords are stored as bcrypt hashes (never plain text). Bank account details and 2FA secrets are encrypted at rest. Identity documents collected during KYC (passport, driver's licence, Aadhaar, PAN, national ID) are handled by our verification partner Sumsub and stored only as one-way hashes on our side.

GETX is operated globally. Your data may be processed in the United States (Stripe, Vercel, Cloudflare R2), Singapore (database replicas), and the United Kingdom (support tooling). We rely on Standard Contractual Clauses for EU/UK transfers and Sumsub's adequacy framework for verification data.

• Access — request a copy of everything we hold via Settings → Privacy.
• Erasure — close your account and request deletion. We retain audit + transaction records for legal reasons.
• Portability — your wallet ledger and order history export as JSON.
• Object / restrict — opt out of marketing in Settings → Notifications. We never sell personal data to third parties.

California residents: under the CCPA we do not sell or share your personal information. Submit verifiable consumer requests to support@getx.live.

• Active account: data retained while the account is active.
• Closed account: most personal data deleted within 30 days. Audit logs and transaction records are kept for 7 years for legal and dispute reasons.
• You can request deletion via the contact page; we will comply unless we're legally required to retain specific records.

Depending on your location, you have rights to access, correct, export, or delete your personal data. Email privacy@getx.gg to exercise any of these rights. We will verify your identity before responding.

We use first-party cookies for authentication (HttpOnly, Secure, SameSite=Lax) and a small amount of analytics. We do not use third-party advertising cookies.

We'll let you know about material changes via email or in-app notification at least 14 days before they take effect.

Privacy questions go to privacy@getx.gg, or via the contact page.