Last updated: May 2, 2023
We at Coinbase (the Coinbase entities listed in , referred to here as “we”, “us” or “our”) respect and protect the privacy of those who explore our Services (“Users”) and Users who sign up for and access our Services (“Customers”) (together referred throughout this policy as “you” and “your”).
It is important that you understand how we use your information. You should read this page in full, but below are the key highlights and some helpful links:
We collect and use your information in order to provide and improve our Services and your experience, protect the security and integrity of our platform, and meet our legal obligations.
We share your information with other Coinbase companies, as well as trusted third parties and service providers, in order to offer our Services and fulfill legal requirements.
We offer privacy tools for you to request access to or deletion of information we hold about you. You can use these tools by visiting your . Depending on where you live, you may also have other privacy rights under law.
We collect the following personal information and documentation:
Information You Provide to Us
Information Collected Automatically
Information we obtain from Affiliates and third parties
We use your personal information to deliver, personalize, operate, improve, create, and develop our Services, to provide you with a secure, smooth, efficient and customized experience as you use them, and for legal compliance, loss prevention, and anti-fraud purposes. Learn more about how we use your personal information and our legal basis for each such data use:
Data use necessary to perform our contract with you
Data use to comply with our legal obligations
Data use for our Legitimate Interests
Data use based on your consent
Data use to protect your or others’ vital interests
We work with service providers, partners and other third parties to help us provide our Services, and as a result we need to share certain information with these third parties. Here’s how:
Linked Third Party Websites
Professional advisors, industry partners, authorities and regulators
Asset Transfer or Company Acquisition
Third-Party Service Providers
We retain your information as needed to provide our Services, comply with legal obligations, or protect our or others’ interests. While retention requirements vary by country, we maintain internal retention policies on the basis of how information needs to be used. This includes considerations such as when the information was collected or created, whether it is necessary in order to continue offering you our Services, whether we are required to hold the information to comply with our legal obligations, including AML/KYC compliance or other financial regulatory obligations, or information preservation requirements. We also keep certain information where necessary to protect the safety, security and integrity of our Services, Customers, and Users.
We retain biometric information (as part of our retention of Supplemental Identification Information) for the period required for financial regulatory compliance or otherwise as required by applicable law. Our third party identity verification service providers retain this information for as long as set out in their .
In line with these considerations, we delete information that is no longer needed for the above purposes when you close your account, or when you request deletion of your information (which you can initiate through your ).
The Sites and Services are not directed to persons under the age of 18, and we do not knowingly request or collect any information about persons under the age of 18. If you are under the age of 18, please do not provide any personal information through the Sites or Services. If a User or Customer submitting personal information is suspected of being younger than 18 years of age, Coinbase will require the relevant Customer or User to close his or her account, and will take steps to delete the individual’s information as soon as possible.
To facilitate our global operations, Coinbase, its Affiliates, third-party partners, and service providers may transfer, store, and process your personal information throughout the world, including Ireland, Germany, Singapore, the UK, the US, and the Philippines. .
If you reside in the EEA, Switzerland, or the United Kingdom, we rely upon a variety of legal mechanisms to facilitate these transfers of your personal information (collectively, “European Personal Data”).
We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of European Personal Data to third countries, including from our EU operating entities to Coinbase, Inc. in the United States. For a copy of the Standard Contractual Clauses, please contact email@example.com.
We also rely on from the European Commission where available and exemptions provided for under data protection law. For example, because Coinbase operates and provides its Services globally, we need to share information with our Affiliates and to data centers outside the EEA in order to develop, offer, and improve our Services (Article 49(1)(b) GDPR). In addition, we may rely on certain exemptions for sharing personal information with law enforcement outside of the EEA in emergency situations (Article 49(1)(f) GDPR).
Depending on where you live, you may be able to exercise certain privacy rights related to your personal information. You can make privacy rights requests relating to your personal information by logging into your account and going to your . If any of the rights listed below are not provided under law for your operating entity or jurisdiction, Coinbase has absolute discretion in providing you with these rights.
Right to access and portability:
Right to rectification:
You may request us to rectify or update any of your personal information held by Coinbase that is incomplete or inaccurate by logging in to your account and clicking the Profile or My Account tab.
Right to deletion/erasure:
Right to withdraw your consent:
To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. The lawfulness of Coinbase’s processing before you withdraw your consent will not be affected by such withdrawal.
Right to object to or restrict processing:
You may have the right to restrict or object to us using or transferring your personal information based on our legitimate interests, in the public interest, or for direct marketing. We may continue to process your personal information where permitted or required by applicable law. You can opt-out of receiving marketing communications from Coinbase through your account settings or by submitting a request via our .
Right to non-discrimination: We will not discriminate against you for exercising any of your rights provided to you under law.
Right to lodge a complaint:
If you reside in the EEA, Switzerland, or the UK, you have the right to lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country or state. In the UK, the relevant data protection authority is the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, +44 (0303) 123 1113, email: firstname.lastname@example.org. In Ireland, the relevant data protection authority is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, +353 017650100 / + 353 1800437737, email: email@example.com or by using the following online form: .
If you reside in Australia or the Philippines, you may lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country. In Australia, the relevant data protection authority is the Office of the Australian Information Commissioner, and complaints may be made through their website at . In the Philippines, the relevant data protection authority is the National Privacy Commission, email: firstname.lastname@example.org.
To protect your privacy and security, we may take steps to verify your identity before complying with your request and we may decline your request if we are unable to verify your identity.
Under certain US data privacy laws, as well as in Brazil, you may also designate an authorized agent to make these requests on your behalf.
These rights are not absolute, and may be denied: (a) when granting access or assisting portability would adversely affect the rights and freedoms of others (b) to protect our rights and properties; (c) where the request is frivolous or vexatious; or (d) as otherwise permitted by law.
We may provide additional "just-in-time" disclosures or information about how we collect or use your information in the context of specific Services; these in-product notices may supplement or clarify our privacy practices or may provide you with additional choices about how we use your information.
If you reside in the EEA or Switzerland, Coinbase Ireland Limited, Coinbase Europe Limited and Coinbase Germany GmbH act as joint controllers in respect of your personal information. Coinbase Ireland Limited is the joint controller with primary responsibility for your personal information, including with respect to providing you with information and responding to any requests you may make under the GDPR. Please see more about how you can exercise your rights under the GDPR through our .