Contact Us

Kraken Privacy Policy & Data Protection Notice

At Kraken, we recognize that privacy is a fundamental human right. This comprehensive Privacy Policy outlines our unwavering commitment to safeguarding your personal information and maintaining the highest standards of data protection across all our global operations.

We have designed our systems, architectural infrastructure, and operational procedures from the ground up to ensure that your sensitive financial and personal data remains secure, confidential, and fully compliant with international regulatory frameworks.

Effective Date and Scope of Policy

The effective date indicates when the current version of this privacy document became legally binding for all platform users. This policy was last updated on January 1, 2026, and supersedes all previous versions regarding how we handle your information.

This Privacy Policy applies to all services, applications, websites, and digital properties operated by Kraken, including our mobile applications, API interfaces, and institutional trading platforms. By accessing or using our services, you acknowledge that you have read, understood, and agreed to the data protection practices described in this comprehensive document.

If you do not agree with any provision of this Privacy Policy, you must immediately cease using our services and contact our support team to initiate the closure of your account. We periodically review and update this policy to reflect changes in our technological infrastructure, legal obligations, and industry best practices. Significant modifications will be communicated to all active users via email and prominent platform notifications at least 30 days prior to their implementation.

Our commitment to privacy extends beyond mere compliance; we actively participate in industry working groups to develop forward-thinking privacy standards for the broader cryptocurrency ecosystem. Your trust is our most valuable asset, and we are dedicated to protecting it.

Table of Contents

The table of contents serves as a navigational guide to help you quickly locate specific clauses within this extensive legal document. By structuring our policy transparently, we empower users to easily understand their data rights and our obligations.

  1. Information Collection and Acquisition Methods
  2. Purposes and Utilization of Your Information
  3. Information Sharing, Disclosure, and Third Parties
  4. Your Legal Data Protection Rights
  5. International Cross-Border Data Transfers
  6. Data Retention Periods and Deletion Protocols
  7. Data Deletion and Access Requests
  8. Contacting the Data Protection Officer

Information Collection, Use, Sharing, and Rights

Information collection encompasses the various methods by which we gather necessary user data to provide secure financial services and comply with regulatory mandates. We only collect the minimum amount of personal information required to verify your identity and facilitate your transactions.

What Information We Collect

Personal information collection involves acquiring data such as your name, contact details, government-issued identification, and transaction history. This data is strictly utilized for identity verification and anti-money laundering compliance required by global financial authorities.

When you register for a Kraken account, we collect direct identifiers including your full legal name, date of birth, residential address, email address, and phone number. To satisfy rigorous Know Your Customer (KYC) regulations, we also mandate the submission of high-resolution images of government-issued identity documents, such as passports or driver's licenses, alongside biometric facial recognition data for liveness verification.

Furthermore, we automatically collect technical data regarding your interaction with our platform. This includes your IP address, browser type, operating system, device identifiers, and granular logs of your trading activities. We also monitor blockchain transaction data associated with the wallet addresses you utilize to deposit or withdraw digital assets, utilizing advanced chain-analysis tools to ensure platform integrity and prevent illicit activities.

How We Use Your Information

Data utilization refers to the specific operational, security, and legal purposes for which your personal information is processed. We use your data to authenticate your account, process complex trades, and proactively detect fraudulent activities before they impact your portfolio.

The primary purpose of processing your data is the execution of our core financial services. When you place a trade, we utilize your account information to match orders, calculate fees, and settle balances across our internal ledgers. Without this essential data processing, the operation of a high-frequency cryptocurrency exchange would be technically impossible and highly insecure.

Additionally, we leverage sophisticated machine learning algorithms to analyze user behavior patterns and transaction histories. This processing is dedicated entirely to risk management and security enforcement. By establishing a baseline of your typical platform activity, our systems can automatically flag anomalous login attempts or suspicious withdrawal requests, triggering secondary authentication protocols to protect your assets from unauthorized access.

Information Sharing and Disclosure

Information sharing describes the limited circumstances under which we may transmit your data to trusted third-party service providers or legal authorities. We never sell your personal information to marketing agencies, data brokers, or unauthorized external entities under any circumstances.

We share your data strictly with vetted enterprise partners who provide essential infrastructure for our platform. This includes cloud hosting providers, identity verification services, banking partners facilitating fiat currency transfers, and cybersecurity firms conducting continuous threat monitoring. All third-party vendors are bound by stringent data processing agreements that prohibit them from using your information for any purpose other than fulfilling their contractual obligations to Kraken.

In certain situations, we are legally compelled to disclose personal information to law enforcement agencies, regulatory bodies, or tax authorities. We only comply with such requests when presented with a valid subpoena, court order, or formal regulatory directive. Our legal team meticulously reviews every external data request to ensure it is legally sound and appropriately narrow in scope before any information is released, actively challenging overly broad demands.

Your Data Protection Rights

Data protection rights are the legal entitlements granted to users, allowing them to control, access, or delete their personal information held by our organization. You have the right to request a comprehensive copy of your data or demand its erasure under applicable privacy laws such as the GDPR and CCPA.

Depending on your jurisdiction, you possess the right to access the personal information we hold about you, the right to rectify any inaccuracies in that data, and the right to object to specific types of automated processing. You may also request the restriction of processing while a dispute regarding data accuracy is being resolved. We are committed to honoring these rights globally, regardless of your specific country of residence, applying the highest standards of data protection universally across all our markets.

To exercise any of these rights, users must submit a formal request through our secure privacy portal. Our dedicated compliance team will verify your identity to ensure that sensitive data is not inadvertently disclosed to malicious actors, and will process your request within 30 calendar days, entirely free of charge.

International Data Transfers

International data transfers occur when your personal information is routed through or stored on servers located outside of your primary country of residence. We employ standard contractual clauses, binding corporate rules, and end-to-end encryption to protect your data during cross-border transit.

As a global cryptocurrency exchange, Kraken operates data centers and support facilities across multiple continents. Consequently, your personal information may be transferred to, and processed in, the United States, the European Union, and other jurisdictions where our enterprise infrastructure is located. These regions may have data protection laws that differ from those in your home country.

To ensure continuous protection during these transfers, we implement robust legal and technical safeguards. For users residing in the European Economic Area (EEA) or the United Kingdom, we rely on the European Commission's approved Standard Contractual Clauses to legitimize the transfer of personal data to our global affiliates and service providers, guaranteeing that your data receives an equivalent level of protection regardless of its physical location.

Data Retention Periods

Data retention periods define the specific duration for which we are legally required to store your personal information after your account is closed. Financial regulations mandate that we retain certain transaction records and identity verification documents for a minimum of five years to prevent financial crimes.

We do not retain your personal data indefinitely. Our retention schedules are strictly aligned with our statutory obligations under global anti-money laundering (AML) and counter-terrorism financing (CTF) laws. Once an account is formally closed and all pending transactions are settled, your data enters a highly restricted archive state, rendering it inaccessible to general customer support staff.

During this archiving period, your information is isolated from our active production databases and is accessible only to a select group of compliance officers for the sole purpose of responding to lawful regulatory inquiries. Upon the expiration of the legally mandated five-year retention period, your personal data is permanently and cryptographically destroyed, ensuring it can never be recovered or reconstructed by any party.

Data Deletion and Access Requests

A data deletion request is a formal submission by a user exercising their right to be forgotten under privacy frameworks like GDPR or CCPA. Upon receiving a verified request, we will permanently erase your non-essential personal data from our active systems within 30 days, subject to our legal retention requirements.

Submit a Privacy Request

Kraken provides a streamlined, secure portal for users to exercise their privacy rights. Whether you wish to download a comprehensive archive of your account data, update your privacy preferences, or initiate a formal account deletion, our automated system ensures your request is handled promptly, securely, and in full compliance with international law.

Access Privacy Request Portal

Contact Our Data Protection Officer

The Data Protection Officer (DPO) is the designated executive responsible for overseeing our privacy compliance strategy and addressing user concerns regarding personal data. You can contact our DPO directly for any inquiries related to how your information is processed, secured, or shared across our platform.

Direct Electronic Communication

If you have specific questions about this Privacy Policy, concerns about our data protection practices, or if you believe your privacy rights have been violated, we encourage you to contact our Data Protection Officer immediately. We take all privacy-related inquiries with the utmost seriousness and aim to resolve issues transparently and efficiently.

Email: dpo@kraken.com
PGP Key Fingerprint: 8A9B 2C3D 4E5F 6G7H 8I9J 0K1L 2M3N 4O5P

Official Mailing Address

For formal legal correspondence or regulatory inquiries requiring physical documentation, please direct your communications to our global privacy office. Ensure all mail is explicitly marked to the attention of the Data Protection Officer to guarantee expedited processing and routing to the appropriate legal team.

Kraken Privacy Office
Attn: Data Protection Officer
100 Crypto Boulevard, Suite 500
San Francisco, CA 94107
United States of America

Frequently Asked Questions About Privacy

The privacy FAQ addresses common user concerns regarding data security, cookie tracking, and consent management. Reviewing these answers provides immediate clarity on how we protect your digital footprint while you use our services.

Does Kraken sell my personal data to advertisers?

Absolutely not. Kraken has never sold, and will never sell, your personal data to third-party advertisers, data brokers, or marketing agencies. Our revenue is generated entirely through trading fees and financial services, not through the monetization of our users' privacy. Your data is used exclusively to provide and secure the services you have requested from us.

How is my identity document stored after verification?

Once your identity documents (such as a passport or driver's license) have been processed by our verification system, the high-resolution images are encrypted using AES-256 standard encryption and transferred to highly secure, offline cold storage servers. They are completely isolated from our public-facing web infrastructure, ensuring they cannot be accessed in the event of an online security breach.

Can I use Kraken completely anonymously?

No. As a fully regulated financial institution operating globally, we are legally required to comply with strict Anti-Money Laundering (AML) and Know Your Customer (KYC) laws. This means we must verify the identity of every individual who opens an account with us. While we champion the privacy rights of our users, anonymous trading is incompatible with our regulatory obligations.

What happens to my data if I delete my account?

When you request account deletion, we immediately disable your login credentials and remove your profile from our active trading systems. However, due to international financial regulations, we are legally mandated to retain your core identity and transaction history for a minimum period of five years. During this time, your data is securely archived. Once the legal retention period expires, your data is permanently destroyed.

Are my cryptocurrency wallet addresses considered personal data?

Yes. In the context of our platform, any cryptocurrency wallet address you use to deposit funds into or withdraw funds from your Kraken account is linked to your verified identity. Therefore, we treat these wallet addresses as sensitive personal data and protect them with the same rigorous security protocols applied to your name and physical address.

How do you protect my data from internal threats?

We employ a strict principle of least privilege across our entire organization. This means that Kraken employees are only granted access to the specific data necessary to perform their exact job functions. Furthermore, all internal access to user data requires multi-factor authentication, is routed through secure VPNs, and is comprehensively logged and audited by our internal security team to detect any unauthorized access attempts.