Legal
Privacy Policy
Last updated: 1 January 2026
Ikrik Exchange ("we", "us", "our") is committed to protecting the personal information of individuals who interact with our business. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have in relation to it.
This policy applies to all personal data processed in connection with our escrow, settlement, and client account services, as well as information collected through our website at ikrik-exchange.com.
1. Who we are
Ikrik Exchange is a financial services company incorporated in the United Arab Emirates and operating from Office Number 15, Mezzanine Floor, FTC Building, Mina Bazar, Dubai, UAE. We are the data controller for the personal information described in this policy.
For questions about this policy or our data practices, contact our compliance team at compliance@ikrik-exchange.com.
2. Data we collect
We collect personal data in the following categories:
Identity and KYB/KYC data
Full legal name, date of birth, nationality, government-issued identification documents (passport, Emirates ID), company registration documents, beneficial ownership information, and director details. Collected to comply with our anti-money laundering obligations under UAE law.
Contact and communication data
Email address, telephone number, postal address, and any information you provide when you contact us through our website, by email, or by telephone.
Financial and transaction data
Bank account details, IBAN numbers, transaction amounts, dates, counterparty information, and instructions submitted in connection with our escrow and settlement services.
Website and technical data
IP address, browser type and version, pages visited, time and date of visit, and other standard web server logs. Collected automatically when you access our website.
3. How we use your data
We use personal data for the following purposes:
- To perform KYC / KYB verification and onboard you as a client
- To provide escrow, settlement, and client account services
- To comply with our AML/CFT obligations, including transaction monitoring and suspicious activity reporting
- To generate account statements and reconciliation reports
- To respond to your enquiries and communications
- To administer and improve our website and services
- To comply with legal obligations under UAE law and any applicable international regulations
4. Legal bases for processing
We process personal data on one or more of the following bases:
- Performance of a contract: processing necessary to provide the services you have requested from us
- Legal obligation: processing required by UAE AML/CFT law, CBUAE regulations, and other applicable legislation
- Legitimate interests: processing for our legitimate business interests where those interests are not overridden by your rights — such as website analytics and fraud prevention
- Consent: where we have obtained your explicit consent, such as for marketing communications (you may withdraw consent at any time)
6. Retention
We retain personal data for as long as is necessary to fulfil the purposes set out in this policy and to comply with our legal obligations. In particular:
- KYC/KYB records and transaction data are retained for a minimum of five years following the end of the business relationship, in accordance with UAE AML regulations
- Account statements and reconciliation records are retained for a minimum of seven years
- Website enquiry data is retained for up to two years from the date of the enquiry, unless it progresses to a client relationship
After the applicable retention period, personal data is securely deleted or anonymised.
7. Your rights
Depending on applicable law, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete personal data
- Request deletion of your personal data, subject to our legal retention obligations
- Restrict or object to certain processing activities
- Withdraw consent at any time where processing is based on consent
- Receive a copy of your personal data in a structured, machine-readable format (data portability)
To exercise any of these rights, contact compliance@ikrik-exchange.com. We will respond within 30 days. Note that some rights are subject to exceptions — for example, we cannot delete data we are legally required to retain.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include access controls, encrypted communications, and regular security assessments.
No method of transmission over the internet is completely secure. If you believe your personal data has been compromised, please notify us immediately at compliance@ikrik-exchange.com.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will publish the updated policy on this page with a revised "Last updated" date. For material changes, we will notify existing clients by email at least 14 days before the change takes effect.
11. Contact us
For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our compliance team:
Ikrik Exchange — Compliance
Office Number 15, Mezzanine Floor, FTC Building, Mina Bazar, Dubai, UAE
compliance@ikrik-exchange.com