Back to home

Privacy Policy

Effective date: May 17, 2026 · Last updated: May 17, 2026

1. Introduction

This Privacy Policy ("Policy") describes how REX ("we", "us", or "our") collects, uses, stores, and shares information about you when you visit rexcardly.com (the "Site") or use any REX services accessible through the Telegram Mini App or bot @Rexchangebot (collectively, the "Services").

We are committed to protecting your privacy. By using the Services you agree to the practices described below. If you do not agree, please discontinue use of the Services.

2. Information We Collect

2.1 Information you provide

  • Telegram account data — when you launch the REX Mini App, Telegram shares your Telegram user ID, first name, last name (if set), username (if set), language code, and profile photo URL with the Services. We do not receive your phone number or email from Telegram.
  • Wallet addresses — public blockchain addresses you generate inside the app to receive crypto deposits (USDT, USDC, BTC, ETH).
  • Support communications — messages, screenshots and other content you send to support through the bot or chat.
  • Card-issuance details — non-document information required to issue a virtual card (display name, delivery preferences). Higher-tier products (e.g. Credit) may additionally require identity verification (KYC) in accordance with applicable law; in that case identity documents are processed by a regulated card-issuing partner and not stored on our infrastructure.

2.2 Information collected automatically

  • Technical data — IP address (truncated for analytics), browser / Telegram-client type and version, operating system, device class, time-zone setting, and pages or screens viewed.
  • Usage data — feature interactions, transaction timestamps, error reports and diagnostic logs.
  • On-chain data — public, anonymous information from public blockchains relating to wallet addresses associated with your account.

2.3 Information we do not collect on this Site

The marketing website rexcardly.com itself does not run third-party advertising trackers, does not set marketing cookies, and does not require account registration. It is a static information page.

3. How We Use Information

  • To provide, maintain, and improve the Services and to issue cards or process transactions you request.
  • To communicate with you about your account, transactions, and customer-support inquiries.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and illegal activity.
  • To comply with applicable legal obligations, including AML/CFT requirements where relevant.
  • To produce aggregated, anonymized statistics that do not identify individual users.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following lawful bases under the GDPR:

  • Performance of a contract — to deliver the Services you request.
  • Legal obligation — to satisfy AML, sanctions screening, and tax obligations.
  • Legitimate interests — to secure the Services, prevent fraud, and improve our product.
  • Consent — where you have opted in to optional features (e.g. marketing communications).

5. Sharing of Information

We do not sell your personal data. We may share information only:

  • With regulated service providers who help us deliver the Services (card issuers, payment processors, blockchain analytics, hosting, customer support). These providers are bound by contractual confidentiality and data-protection obligations.
  • With law-enforcement or regulators when required by a valid legal order in the relevant jurisdiction.
  • In connection with a merger, acquisition, or asset transfer, in which case we will provide notice before personal data becomes subject to a different privacy policy.
  • With your explicit consent for any other purpose.

6. International Transfers

The Services are operated from servers located in Europe. If you access the Services from outside that region, your information will be transferred to and processed in countries that may have different data-protection laws. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to satisfy legal, accounting, or reporting requirements. Transaction and AML-related records are typically retained for at least five (5) years after the closure of an account.

8. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten"), subject to legal-retention obligations.
  • Object to or restrict processing of your data.
  • Receive your data in a portable format.
  • Withdraw consent at any time for processing based on consent.
  • Lodge a complaint with your local data-protection supervisory authority.

To exercise any of these rights contact us at the address in section 13 below.

9. Security

We apply industry-standard administrative, technical, and physical safeguards to protect your information, including transport encryption (TLS 1.2 / 1.3), encrypted storage of sensitive credentials, principle-of-least-privilege access control, and continuous monitoring. No method of transmission or storage is 100% secure; you are responsible for keeping your Telegram account and any device tokens confidential.

10. Cookies and Local Storage

The marketing site rexcardly.com uses only first-party local storage for language preference (key: rex.lang). It sets no third-party advertising cookies and does not include analytics scripts that profile individual visitors. The Telegram Mini App separately uses local storage to remember in-app preferences; details are described in the in-app help.

11. Children

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated through the Services or by other reasonable means.

13. Contact Us

If you have any questions about this Policy or wish to exercise your privacy rights, please contact us:

REX Privacy Team

Email: support@rexcompanybusiness.com

Telegram: @Rexchangebot