Privacy Policy


This Nexo Privacy Policy (the “Privacy Policy”) governs the privacy relations between you (“Client” or “you”) and any holding company, subsidiary or entity belonging to the Nexo group of companies (“Nexo” or “we”), in regard to how we process and protect your personal data as you use the Nexo Services provided on any Nexo website, including (the “Website”), mobile application(s) and any other official Nexo communication channel including the content and services made available on or through the same, and any updates, upgrades, and versions thereof, and constitutes a legally binding agreement (the “Agreement”) between the parties. We encourage you to seek out and read the Privacy Policy to understand how the information that we collect about you is used and protected.

The Privacy Policy is reviewed regularly to ensure that any new services or updates, as well as any changes to our business model and practices are taken into consideration. We will alert you of material changes by, for example, placing a notice on the Website, the Nexo Platform and/or by sending you an email. Your continued use of the Nexo Platform after we make changes is deemed to be acceptance of those changes, so please review the Privacy Policy periodically for updates.

Unless stated otherwise herein, references shall be made to the Nexo Services General Terms and Conditions, Nexo Crypto Credit General Terms and Conditions, Nexo Earn Interest Product General Terms and Conditions, Nexo Exchange Service General Terms and Conditions, Nexo Cookies Policy,and any other terms and conditions governing the relevant Nexo’s service (jointly the “Nexo General Terms”),for the access to the Nexo Platform and all Nexo Services, and all the defined terms, used in this Privacy Policy, shall have the same meaning as the one given to them in the Nexo General Terms as the case may be.



Nexo may collect the following types of Personal Data when you visit the Website, register on the Nexo Platform, use Nexo Services, and when you interact and communicate with Nexo through any media or channel:

1. User-provided information:

2. Information we collect automatically
When you visit the Nexo Platform, we automatically collect the following information:

3. Information we get from third parties

Please note that if you refuse to provide Personal Data when requested, especially where we need to collect it by law, or under the terms of a contract we have or are looking to enter into with you, we may not be able to perform the relevant contract, including the ability to offer or continue to provide our services to you.


Nexo may process your Personal Data only in accordance with the applicable Privacy Laws and this Privacy Policy for the following purposes:

To achieve the purposes listed above, Nexo collects and processes your Personal Data in a legitimate and transparent manner under the Privacy Laws, and namely:


Automated decision making is the ability to make decisions by technological means without human involvement. We use automated decision making, for example, because it:

Automated decisions can be based on any type of data, for example:


Nexo may disclose your Personal Data to other Nexo companies within the Nexo group for the purposes of providing our services to you. We have undertaken all necessary measures to ensure that all Nexo companies handle your Personal Data with the same degree of care. We may also disclose your Personal Data to other selected third parties outside of the Nexo group – service providers for the performance of our contractual obligations with you, and for other purposes described in this Privacy Policy and the Nexo General Terms.

We may share your Personal Data with the following categories of external third parties:

You should also note that the Website includes links to third-party websites, plug-ins, handles and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Data. Nexo does not control these third-party websites and is not responsible for their personal data processing activities. When you leave the Website, we encourage you to read the privacy policy/notice of every third-party website you visit.


When transferring Personal Data, we are committed to ensuring that the data importer maintains materially similar security measures for storage and Processing of Personal Data as we do. Your Personal Data may be processed, stored and transferred to third parties in the manner and amount as provided in this Privacy Policy, the contract(s) concluded between you and us, and consents you give to us from time to time.

Locations outside your country of residence may be used for Processing (including storage) the data we collect about you. The information we transfer may be shared with our service providers. It may include such processes as Processing a payment, data analysis (including fraud, risk and compliance checks), collecting data on use of our websites and services, for advertising purposes (including behavioural advertising), or offering support for your service or product needs.  We take all reasonable action to ensure the safety of your Personal Data in agreement with this Privacy Policy and applicable local and international legislation.

You can find below a non-exhaustive list of the bases of international transfers of Personal Data that may apply depending on you citizenship:


Subject to the applicable legislation, Nexo may from time to time send direct marketing materials promoting its services and/or activities to its existing clients and Website users who have subscribed for updates. You may, at any time, opt out of such communications by utilising the marketing preferences centre provided with each direct marketing communication. You may also opt out of direct marketing by communicating your preferences to Nexo’s DPO at [email protected], who will add to the marketing suppression list in due course and confirm to have done so in writing.


Personal Data collected by Nexo through the Nexo Platform or otherwise is kept on secure servers, hosted in a cloud environment in the EU. Nexo is ISO 27001 certified and uses security measures appropriate to the provision of the relevant Nexo Services, such as reasonable administrative, technical, personnel, and physical measures to protect your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We may use network safeguards such as firewalls and data encryption. In addition, we provide a limited need-to-know access to your Personal Data to those employees, agents, contractors, and other third parties who require access to fulfil their legal obligations. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. Those with access to your Personal Data are carefully screened, periodically re-evaluated, and are required to keep all your Personal Data confidential. 

In the event of a security breaching leading up to the unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Data as transmitted, stored or otherwise Processed by Nexo, we shall inform you, without undue delay, where that Personal Data breach is likely to result in a high risk to your rights and freedoms in order to allow you to take the necessary precautions. Any actual personal data breach will also be reported to the relevant data protection authority.

If you want to know more about Nexo’s security practice, please visit our Website’s security panel by clicking here.

To help us protect your privacy, you should maintain the secrecy of your username and password used to log in to the Nexo Platform. Please note that a Nexo employee will never ask for your credentials. Nexo uses regular malware scanning.


Personal Data is stored for variable periods of time depending on the category of Personal Data and its usage:


Depending on the jurisdiction you access the Nexo Platform from, your residency, or your citizenship, you may have one or more of the following Data Subject rights. Upon receipt of your requests at the contact details provided below, Nexo shall reply without undue delay and within the applicable statutory deadlines (as a rule of thumb, thirty (30) days extendable by two further months as per Art. 12 GDPR unless otherwise provided for by other applicable Privacy Laws).

List of Rights

To help protect your privacy and security, we will take reasonable steps to verify your identity before granting access to your Personal Data. We will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Depending upon the circumstances and the request, we may not be permitted to provide access to Personal Data or otherwise fully comply with your request; for example, producing your information may reveal the identity of someone else. We reserve the right to deny your requests where, at Nexo’s sole discretion, they may be manifestly unfounded or excessive, or otherwise unacceptable under applicable law.

Please note that any request with regards to Personal Data, which is publicly available, should be submitted directly to the third-party supplier of the information.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded or excessive.


We value your opinion, if you have any comments or questions about this Privacy Policy, Nexo’s handling of your Personal Data, a possible Personal Data Breach, or to exercise your rights, please send an email to Nexo’s Data Protection Officer (DPO). Nexo will treat your requests or complaints confidentially.

Data Protection Officer (DPO):

[email protected].

Please include the following information in your email:

If you do not think we have been able to resolve your complaint, you can lodge a complaint directly to your data protection authority. For example, a list of all European supervisory bodies is available here.


Our services are not directed to persons under the age of 18 (eighteen) years old or of legal age to enter into contractual relations with Nexo (whichever is later) hereinafter “Children”, “Child” and we do not knowingly collect or process the Personal Data of Children. If we learn that we have inadvertently gathered Personal Data from a Child, we will take legally permissible measures to remove that information from our records. Nexo will require the user to close his or her account and will not allow the use of our services.

If you are a parent or guardian of a Child, and you become aware that a Child has provided Personal Data to us, please contact us at [email protected] immediately.