Home
Fees
Assets
Log in
Create account

Privacy Policy

Elbaite USA

Elbaite Privacy Policy (U.S.A.)

Effective date: 12 August 2025
Contact: compliance@elbaite.com.au

This Privacy Policy explains how Elbaite Pty Ltd (ACN 623 185 875) ("Elbaite", "we", "us") collects, uses, discloses, and protects personal information for our California-only marketplace and related services (the Services). If you do not agree with this Policy, please do not use the Services.

1) Quick Summary (Plain English)

  • We collect personal information to verify identity (KYC), prevent fraud, meet legal/FinCEN obligations, run the marketplace, and support you. We do not collect or use your KYC information for marketing.
  • We share KYC data with Bridge Building Arx LLC (our payments partner) so you can fund/withdraw. We also use vetted service providers (identity verification, cloud hosting, SMS, support desk) under contracts that restrict their use of your data.
  • We use Google Analytics and the Meta Pixel. We run ads on Meta and may use analytics data to measure and improve those ads.
  • We store data primarily in AWS Sydney (Australia). Some processors may handle data in the U.S./EU/UK under contractual safeguards.
  • We are currently below California CPRA thresholds (an “exempt business”). We do not offer CPRA rights at this time. If/when CPRA applies, we’ll update this Policy, add a “Do Not Sell/Share” option, and honor Global Privacy Control (GPC) signals.
  • We send security-only SMS (e.g., 2FA, login alerts)—not marketing. Reply STOP to opt out of non-essential texts.
  • Minimum age is 18.

2) Who We Are & Scope

Elbaite Pty Ltd is an Australian company that operates the Elbaite marketplace. This Policy applies to personal information collected through our website, app, and related tools when you create an account or use the Services.

We are currently an exempt business under California privacy law (CPRA). If our status changes, we will update this Policy and provide the additional rights and tools required by law.

3) Information We Collect

Information you provide

  • Identification: full legal name, date of birth, residential address, email, phone, SSN/TIN.
  • KYC: Additional information and documentation to complete enhanced due diligence, which may include information about source of funds or source of wealth, and occupation/employer details. The specific documents we request may vary by case.
  • Account & activity: wallet addresses you provide, your offers/purchases, withdrawal instructions, and your communications with support.

Information we create or collect automatically

  • Transaction & balance records.
  • Device/usage data (IP address, browser, device type, timestamps, pages viewed, referral URLs).
  • Risk & sanctions results (e.g., match/no-match, score, review status).
  • Cookies and pixels data from Google Analytics and Meta Pixel.

Information from third parties

  • KYC vendors: FrankieOne and Onfido (document and liveness checks, match outcomes).
  • Payments partner: Bridge Building Arx LLC (funding/withdrawal status and reference IDs).
  • Fraud/sanctions/chain analytics: screening databases and blockchain analytics providers (if used).

We do not collect information for marketing lists; we collect and use data to operate safely and compliantly.

4) How We Use Personal Information

  • Compliance & KYC/EDD: to verify identity, run sanctions/PEP screening, and request any additional information we reasonably require to satisfy anti-money-laundering obligations and confirm that illicit funds are not being used, and to maintain legally required records.
  • Provide the Services: to run the marketplace, lock & settle trades, process funding/withdrawals with Bridge, and provide support.
  • Security & fraud prevention: to detect, investigate, and prevent fraud/abuse and protect accounts.
  • Tax reporting: to prepare and deliver required reports (e.g., Form 1099‑DA, when applicable).
  • Analytics & measurement: to understand usage, improve features, and measure/improve our Meta ads using aggregated analytics from GA/Meta Pixel.
  • Legal obligations & rights: to comply with laws, respond to lawful requests, and defend our rights.

We do not use your KYC documents for marketing.

5) How We Share Personal Information

We do not sell personal information. We share it only as follows:

  • Bridge (payments). We share KYC and necessary account information so Bridge can onboard you and process USD↔USDC funding/withdrawals. Bridge is an independent provider with its own privacy policy. If you do not consent to this sharing, you cannot fund or withdraw.
  • Analytics/ads measurement: Google Analytics and the Meta Pixel for aggregated analytics and to measure and improve our Meta ads.
  • Regulatory & legal: government agencies, law enforcement, tax authorities, courts, or as required by law.
  • Corporate transactions: if we undergo a merger, acquisition, or asset sale.

6) Cookies, Analytics, and Advertising

We use cookies and pixels for:

  • Strictly necessary functions (security, session management).
  • Analytics (Google Analytics) to understand usage and performance.
  • Advertising measurement (Meta Pixel) to improve our Meta ads.

California status. We are currently CPRA-exempt and therefore do not provide a "Do Not Sell or Share" control or cookie banner today. If/when we become subject to CPRA, we will: (i) update this Policy; (ii) add a “Do Not Sell/Share My Personal Information” option; and (iii) honor Global Privacy Control (GPC) signals for applicable browsers.

Your controls. You can manage cookies through your browser settings. Google and Meta also provide their own controls for analytics/ads.

7) SMS/Text Messages (Security-Only)

We may send text messages for security purposes (e.g., 2FA codes, login alerts, critical account notices). We do not send marketing texts. You may opt out of non-essential texts at any time by replying STOP (reply HELP for help). Message and data rates may apply. Opting out of security texts may impact your ability to access the Services.

8) Data Location and Cross‑Border Transfers

We store personal information primarily in AWS Sydney (Australia). Some processors may process data in the U.S., EU, or UK. Where required by law, we use contractual safeguards (e.g., standard contractual clauses or equivalent) for cross‑border transfers.

9) Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information (including encryption in transit, access controls, and logging). No method of transmission or storage is 100% secure. If you believe your account or data has been compromised, email compliance@elbaite.com.au.

10) Retention

We keep personal information only as long as needed for the purposes above or as required by law. In particular:

  • KYC & key compliance records: at least 5 years after account closure (or longer if law requires).
  • Transaction records/logs: 7 years.
  • Support tickets: 2 years.
  • Web analytics logs (GA/Meta): 12–24 months.
    We may keep minimal data as necessary to prevent fraud, comply with legal holds, or resolve disputes.

11) Your Choices and Legal Rights

We are currently below California CPRA thresholds and treat ourselves as an exempt business. As such, we do not offer CPRA rights (access, deletion, correction, opt‑out of sale/share) at this time. If/when we become subject to CPRA or another law that grants you rights, we will update this Policy, provide the required tools (including a Do Not Sell/Share option), and honor GPC signals.

Account closure does not automatically delete all data. You may request account closure at any time; we will delete information we are not legally required to retain. Certain records (e.g., KYC and transaction data) must be retained for compliance.

12) Children

The Services are intended for adults 18+ and are not directed to children. We do not knowingly collect personal information from individuals under 18.

13) Automated Decision‑Making and AI Tools

We use automated systems to perform sanctions, fraud, and risk screening. These may flag activity for manual review by our compliance team. We may use third‑party AI tools for support/operations analytics.

14) Third‑Party Links

The Services may link to third‑party sites. We are not responsible for their privacy practices. Review their policies before providing personal information.

15) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email and/or an in‑app notice and post the updated Policy with a new effective date. Your continued use of the Services after the effective date means you accept the updated Policy.

16) How to Contact Us

If you have questions about this Policy or our privacy practices, email compliance@elbaite.com.au.

Copyright © 2025 Elbaite Pty Ltd. All rights reserved.

Why self custody?

Freedom - sovereignty - control.

True ownership

Your keys, your choice.

Direct custody

Your wallet, not anyone elses.

User control

Approve every transaction.

Lower fees

Fewer middlemen = more crypto.

Escrow protection

On-chain verification.

Freeze resistant

Forget crypto getting stuck.

Wallet choice

Any wallet, any time.

Custom security

Build your security, your way.

What the FAQ?

The answers await.

What is Elbaite?

Founded in 2017, Elbaite was one of the first self-custody crypto exchanges, giving investors full control over their digital assets from day one. Today, Elbaite is a trusted platform serving a global audience of the next generation of crypto investors.

How does USD escrow protect me as a buyer?

USD escrow, unique to the Elbaite Marketplace, safeguards your purchase by securely holding your funds in escrow until your crypto is delivered, reducing the risk of fraud and ensuring a safe, transparent transaction.

How long does a trade take?

On the Elbaite Marketplace, sellers send crypto directly to your self-custody wallet. Most trades are completed withing a few minutes to a few hours, depending on blockchain network speeds.

How do I fund my account with USD?

Elbaite accepts Wire transfer as payments.

Why Elbaite over an exchange?

Elbaite, founded in 2017 as one of the first self-custody crypto marketplace, lets you trade directly into your own wallet with secure USD escrow, giving you full control of your assets and the trust of a platform with years of proven experience.

Where is Elbaite available in the US?

Currently Elbaite is available to residents of California. If you want us to come to your home state, please let us know via our support channels.

Which wallets can I use with Elbaite?

You can use any cryptocurrency wallet of your choice.

You can use your hardware wallet, your mobile BASE wallet, or your metamask wallet. We’re a bring-your-own-wallet platform, giving you the freedom to trade directly into the wallet you trust most.

What are the fees?

Simple fee of 1% on Buy orders.

No other fees. 

Do I need to verify my ID?

Elbaite is a registered with FinCEN and we require KYC for customers.

Who invented Bitcoin?

Bitcoin was created by an anonymous figure called Satoshi. We are all Satoshi.

Create account

Your keys, your crypto.

Get started

Elbaite Pty Ltd (“Elbaite”) is incorporated in Australia and registered with the U.S. Financial Crimes Enforcement Network (FinCEN) as a Money Services Business.  We will never ask for the private keys to your personal digital currency wallet. Elbaite is not liable for any losses you may incur, and you are solely responsible for your investment decisions. Before deciding if our services are right for you, take into consideration your own financial situation & needs and/or obtain professional financial or taxation advice from a licensed provider. Elbaite does not provide financial advice and Elbaite does not have any affiliation with external traders, advisors or trading platforms. Please note: Be cautious of phishing sites and always verify that you're on the official Elbaite.com website before entering any sensitive information.