Coinbase Global Privacy Policy

Last Updated: November 20, 2025. Previous Privacy Policy can be found here.

We at Coinbase (the Coinbase entities listed in Section 12 below, referred to here as “we”, “us” or “our”) respect and protect the privacy of those who explore our Services (“Users”) and Users who sign up for and access our Services (“Customers”) (together referred throughout this policy as “you” and “your”).

This Privacy Policy describes how we collect, use, and share personal information when you explore, sign up for or access our “Services”, which include the services offered on our websites, including coinbase.com, coinbase.com/exchange, coinbase.com/prime, coinbase.com/futures, coinbase.com/developer-platform, (each a “Site” and collectively the "Sites") or when you use the Coinbase mobile app, the Coinbase Card App, Coinbase Exchange, Coinbase Prime, or Coinbase Custody application programming interface (“API”) or third party applications relying on such APIs (together, our “Apps”) and related services.

If you reside outside of the UK and the European Economic Area (the “EEA”), accessing and using our Services means that you accept this Privacy Policy and its terms.

It is important that you understand how we use your information. You should read this page in full, but below are the key highlights and some helpful links:

Our goal is to simplify your crypto experience. If you do not wish for your personal information to be collected, used, or disclosed as described in this Privacy Policy, or you are under 18 years of age, you should stop accessing our Services.
We collect and use your information in order to provide and improve our Services and your experience, protect the security and integrity of our platform, and meet our legal obligations.
- To learn more, explore Section 1. What Information We Collect and Section 2. How We Use Your Information.
We share your information with other Coinbase companies, as well as trusted third parties and service providers, in order to offer our Services and fulfill legal requirements.
- To learn more, explore Section 3. How And Why We Share Your Information.
We offer privacy tools for you to request access to or deletion of information we hold about you. You can use these tools by visiting your Privacy Rights Dashboard. Depending on where you live, you may also have other privacy rights under law.
If you have any questions, please contact us on our Support Portal or at dpo@coinbase.com. See Section 10. How to Contact Us With Questions for more information.
This translation is provided for informational purposes only. In the event of any discrepancy between the English text and this translation, the English version shall prevail.

1. WHAT INFORMATION WE COLLECT

We collect the following personal information and documentation:

Information You Provide to Us

Information Category	Description
Basic Customer Information	Name Address Date of birth Nationality Country of residence Gender Phone number Email Address
Supplemental Identification Information	Utility bills (for your billing address) Photographs and/or videos Government-issued identity document, e.g. passport, driver’s license, or state identification card Social security or social insurance number Employment information (e.g. company name, job title, salary info) Proof of residency, including visa information Spouse name Spouse Tax Identification Number
Electronic Identification (“EIDV”) Information	Biometric information generated based on photos or videos you provide in order for us to verify your identity
Institutional Information (if you are an institutional Customer)	Employer identification number (or comparable number issued by a government) Personal identification information for all material beneficial owners of your business
Financial Information	Bank account number Payment card primary account number ("PAN") Trading and investment experience Tax identification number of every tax residency All Jurisdiction(s) (countries) of tax residence Income/net assets/wealth verification statements Country residency Information necessary for tax purposes
Wallet Information	When you sign up to the Base App (formerly known as Coinbase Wallet), and connect it to your Coinbase account, we collect your Wallet address and information related to integrations that you select
Preferences	Settings and preferences you select in the Coinbase app
Transaction Information	Information about the transactions made on our Services, such as the name of the sender, the name of the recipient, the amount, currency preferences, payment method, date, and/or timestamp
Additional information submitted to us	Communications: Survey responses, information (including call recordings) provided to our Customer Support team or User Research team, including communications with interfaces such as our chatbots. Referral Information: Your contacts’ phone or email addresses if you choose to invite friends to Coinbase. Third Party Information: Information provided when a user requires support or assistance in using our services.

Information Collected Automatically

Information Category	Description
App, browser, and device information	Information about the device, operating system, and browser you’re using Other device characteristics or identifiers (e.g. plugins, the network you connect to) IP address We may also temporarily collect information about limited applications that you are connected to establish that connection
Product Usage Information	Activity information: Information about what you view or click on while visiting our Sites and Apps and how you use our Services Diagnostic and Troubleshooting Information: Information about how our Services are performing when you use them, i.e. service-related diagnostic and performance information, including timestamps, crash data, website performance logs, and error messages or reports
Information from cookies and similar technologies	See our Cookies Policy for more information

Information we obtain from Affiliates and third parties

Information Category	Description
Coinbase Group of Companies (“Affiliates”)	We may obtain information about you, such as Basic Customer Information, Transaction Information and Product Usage Information, from our Affiliates as a normal part of conducting business. For instance, if you link your various Coinbase accounts e.g. your Base account or your Coinbase Commerce account, we may utilize your Wallet Information and Financial Information in order to convert cryptocurrency into fiat and allow you to make withdrawals into your bank account. For more information, please see Section 3. How and Why We Share Your Information
Public Database Information	We obtain information about you from public databases, such as the United Nations Sanctions List, US ITA Consolidated Screening List, and the SEC EDGAR, including your name, address, email address, phone number, gender, national ID number and nationality/country of residence, date of birth, job role, public employment profile, listing on any sanctions lists maintained by public authorities, and other data as necessary
Blockchain Data	We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses
Information from our Marketing and Advertising Partners	We receive information such as your name and contact information from our marketing partners, including in some instances what marketing content you viewed or the actions you take on and off our Sites and Apps, to better understand your preferences and customize the ads that you see.
Information from Analytics Providers	We receive information about your usage of our Sites and Apps, interactions, age group, and survey responses (including prior to account creation, in some cases)
Retail Merchant Information	If you use your Coinbase account to conduct a transaction with a third party merchant, the merchant may provide us with data about you, such as your name and contact details, and your transaction with that merchant
Research and In-App Survey Information	We use third party service providers to conduct in-app surveys to better understand our Customers’ experience and improve our Services. The information we receive from our research partners is pseudonymous

2. HOW WE USE YOUR INFORMATION

We use your personal information to deliver, personalize, operate, improve, create, and develop our Services, to provide you with a secure, smooth, efficient and customized experience as you use them, and for legal compliance, loss prevention, and anti-fraud purposes. Learn more about how we use your personal information and our legal basis for each such data use:

Data use necessary to perform our contract with you

We use certain information that is necessary to conclude and perform our Customer Agreement or other relevant contract(s) with you. We will need to terminate your account if we cannot process your personal information for such purposes.

Why and How We Use Your Information	Information Categories Used
To create and maintain your Coinbase account. In order to provide you with our Services, and to allow you to set up a customer account and profile.	Basic Customer Information Supplemental Identification Information, Financial Information, Preferences
To provide you with Consumer Services	Basic Customer Information
In order to provide you with personalized Services to invest (such as buy or sell), save, earn, spend, stake, and borrow within your account, including hosting and maintaining your digital wallets, including your E-Money Wallet, Digital Currency Wallet, and Web3 Wallet (when you connect them to your Coinbase account) and to provide you with Verified by Coinbase.	Supplemental Identification Information, Financial Information, Institutional Information, Transaction Information, Wallet Information , Preferences, Blockchain Data, Product Usage Information, Additional information submitted to us (not including Referral Information, which we do not retain)
To provide you with Institutional Services In order to provide Services to you, investors and institutions to allow investing, payment, asset listings, and account management.	Basic Customer Information Supplemental Identification Information, Financial Information, Institutional Information, Additional information submitted to us, Wallet Information, Transaction Information
To provide you with Coinbase Pay In order to provide you with Coinbase Pay, a payment feature that allows you to buy or transfer supported crypto on Coinbase to your wallet, and Direct Deposit, which allows you to get your salary paid in the cryptocurrency of your choice, asset controls, and connects merchants to Users or Customers to allow acceptance and provision of crypto payments.	Basic Customer Information Supplemental Identification, Information, Financial Information, Preferences
To provide you with Developer Platform Services In order to provide you with our Coinbase Developer Platform services, which offers tools, APIs and infrastructure for Web3 development and staking services. We may also process your information for the purposes of providing a functional preview of a Coinbase Developer mobile application or API capability and decide.	Basic Customer Information Supplemental Identification Information, Transaction Information, Wallet Information, Financial Information, Preferences, Blockchain Data
To provide you with Coinbase Verifications To generate, process, and store attestation data based on your status as a trade eligible Coinbase user (assuming you meet the eligibility criteria).	Basic Customer Information Supplemental Identification Information Wallet Information Transaction information
To provide you with access to Verified Pools To provide access to Verified Pools, a blockchain protocol that enables Users that have been attested to by Coinbase. Verifications to provide liquidity and swap crypto-assets via third party liquidity pools.	Wallet Information Transaction information App, browser, and device information
To provide customer support To address your request for support in the Apps, via the Sites or by email and to respond to customer care and other inquiries, including providing telephone based premium customer support to Customers (who provide their telephone numbers), chat message support (including chatbots), and social media support.	Basic Customer Information Supplemental Identification Information, Transaction Information Product Usage Information including Location Information Preferences Additional information submitted to us
To send Service communications To send you administrative or account related communications about our Services, which can include security updates or transaction-related information, through email, telephone, or in-product/push notifications. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes.	Basic Customer Information Product Usage Information Additional information submitted to us Preferences Transaction Information
To promote the safety, security and integrity of our Services To verify accounts and related activity, find and address violations of our Customer Agreement or policies (including our Prohibited & Conditional Use Policy), investigate suspicious activity, detect, prevent and combat harmful or unlawful behaviour, detect fraudulent behaviour and to maintain the integrity of our Services, including account takeover (“ATO”) prevention and support. We may utilize automated decision-making for fulfilling our regulatory and contractual obligations in relation to the safety, security and integrity of our Services. This includes to: verify accounts and their activities; detect and prevent suspicious behaviors such as unlawful or fraudulent actions; and maintain the integrity of our Services, particularly in preventing account takeovers.	Basic Customer Information Transaction Information Product Usage Information Supplemental Identification Information, Institutional Information Financial Information Additional information submitted to us

Data use to comply with our legal obligations

Our Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. If you do not provide the personal information required by law, we will have to close your account.

Why and How We Use Your Information	Information Categories Used
To verify your identity We are generally required to collect various pieces of personal information to properly identify or verify your identity and comply with other specific anti-money laundering (“AML”) or sanctions laws/regulations (e.g. funds transfer rules). Our verification processes also involve electronic identification through the comparison of your ‘selfie’ against your provided verification information. Coinbase implements and requires its service providers to implement reasonable security measures to protect this information, which is only disclosed where permitted by law. If you nominate a guardian or trusted contact, we will collect their email address in order to send an email invitation for them to accept.	Basic Customer Information, Supplemental Identification Information, EIDV Information
To determine your legal eligibility for certain regulated products When you use certain locally regulated products or engage in certain advanced trading activities, we may be required to carry out additional checks to ensure your suitability (e.g. under the European Market Infrastructure Regulation).	Basic Customer Information Financial Information Supplemental Identification Information
To comply with other legal and regulatory obligations We may access, read, preserve, and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities. Examples of laws that may require us to collect, use or disclose your information: Civil, commercial, criminal, or consumer protection matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings or regulatory inquiries (e.g. orders or mandatory requests under the Irish Competition and Consumer Protection Act 2014, U.S. federal and state consumer protection and privacy laws, Canadian consumer protection and privacy laws, subpoenas from any court with jurisdiction, and/or Singapore Criminal Procedure Code 2010). Corporate and taxation matters: obligations such as the Irish Companies Act 2014 and the Taxes Consolidation Act 1997, the Internal Revenue Service Code, and the Common Reporting Standard Regulatory matters: to comply with our regulatory obligations, including engaging with our regulators, such as (but not limited to) the U.S. Commodity Futures Trading Commission, the National Futures Association, the U.S. Securities and Exchange Commission, the Financial Transactions Reports and Analysis Centre of Canada, any Canadian securities regulatory authority or regulator, the Canadian Investment Regulatory Organization, the Central Bank of Ireland, the UK Financial Conduct Authority, the German federal financial supervisory authority (“BaFin”), the Monetary Authority of Singapore, the Cyprus Securities and Exchange Commission (“CySEC”), and the Australian Securities and Investments Commission.	Basic Customer Information Supplemental Identification Information Institutional Information Wallet Information Financial Information Transaction Information Product Usage Information Additional information submitted to us (not including Referral Information, which we do not retain) Blockchain Data

Data use for our Legitimate Interests

Where permitted by applicable laws, we rely on our legitimate interests or those of third parties (like our other Customers and in some cases, the general public), provided that those legitimate interests are not outweighed by your rights and freedoms. In the EEA and UK, you have the right to object to, and seek the restriction of, this processing. See Section 8. Your Privacy Rights and Choices for more information. For certain jurisdictions where legitimate interests may not be available or appropriate, we rely on other legal bases such as consent.

Why and How We Use Your Information	Legitimate Interests Relied On	Information Categories Used
To customize your experience with our Services and otherwise improve our Services In order to perform core metrics, customize your experience with our Services and to generally improve our Services, we collect information about your online activity while you are using the Services (for example, when and how often pages on our Sites and Apps are visited, and our Services are used).	It is in our interest to understand how you interact with the Services in order to customize and/or improve our products and Services and enable accurate and reliable reporting.	Basic Customer Information Product Usage Information Preferences Transaction Information
To provide marketing communications to you In a manner consistent with our regulatory obligations, we use your information to send you targeted marketing communications through email, mobile, in app and push notifications or by SMS. You may also see ads for our Services when you visit other apps and websites.	It is in our interest to promote Coinbase products and Services that you may be interested in.	Basic Customer Information Institutional Information Product Usage Information Transaction Information Preferences Information from our Marketing Partners Additional information submitted to us
To provide you with promotions and issue grants We use your information to provide promotions, including sweepstakes offers or other incentives and rewards for using our Services, and to issue grants as part of Coinbase Developer Services.	It is in our interest and your interest to reward customer loyalty.	Basic Customer Information Wallet Information Supplemental Identification Information (if you are in Brazil, Australia, or Singapore, your consent will be required in case we process supplemental identification information for this specific processing activity. Otherwise, we rely on our legitimate interest.) Transaction Information Preferences
We preserve and share information with others, including law enforcement, civil litigants, and others who may issue legal requests (If you are in Brazil, Australia, or Singapore, we rely on legal bases of compliance with a legal obligation or to guarantee fraud prevention and security of the data subject in process of identification and authentication in electronic systems.) Where not otherwise required by law, and depending on the circumstances, we may preserve and share your information: In response to requests from third parties, such as civil litigants, law enforcement, and other government authorities, for example to assist authorities in the investigation of fraud; Promote the safety, security, and integrity of the Coinbase Service, network, our Customers, Users, employees, property and the public; When we seek to protect ourselves in the context of litigation or other disputes, such as violations of our Customer Agreement and policies; and/or Respond to Customer/claimant requests or communications, reviewing Customer accounts and transactions for litigation disputes, and recording account details for litigation and settlement purposes.	It is in our interest and the interest of the general public to prevent and address fraud, unauthorized use of the Services, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, Coinbase personnel and property or the Service), our Customers or others, including as part of investigations or regulatory inquiries; to defend our legal rights and resolve disputes; to secure our platform and network, to verify accounts and activity, to combat harmful conduct, to detect, prevent and address fraud, abuse, spam and other bad experiences or to prevent death or imminent bodily harm.	Basic Customer Information, Wallet Information Supplemental Identification Information Institutional Information Transaction Information Product Usage Information Additional information submitted to us (not including Referral Information, which we do not retain) Blockchain Data
To promote safety, security and integrity (If you are in Brazil, we rely on legal bases of compliance with a legal obligation or to guarantee fraud prevention and security of the data subject in process of identification and authentication in electronic systems ) Outside of performing our contract with you, we may use and analyze your information to protect the integrity of our Services. For example, we may use it to: Log customer reports and patterns of suspicious behaviour to understand techniques being used by bad actors who may wish to interfere with the Services; To identify and investigate patterns of suspicious behaviour or violations of our policies and Terms; and To link and combine datasets for security and vulnerability identification purposes.	It is in our interest and the interests of our Users and Customers to secure our platform and network, to verify accounts and activity, to combat harmful conduct, to detect, prevent and address fraud, abuse, spam and other bad experiences.	Any of the categories of information listed in Section 1. What Information We Collect.
To research and innovate We carry out surveys of your experience using the Services and the trading that you engage in to conduct and support research and innovation on topics related to our Services. We may also contact non-Coinbase customers via our third party service providers for the purposes of participating in Coinbase’s research studies.	It is in our interest and our Customers’ interest to improve and iterate our Services through information obtained from these research surveys and interviews.	Basic Customer Information Transaction Information Product Usage Information Communications Research and In-App Survey Information
To comply with our contractual obligations with third parties We keep contracts with third party vendors and service providers that are necessary to improve or make available certain services, options or solutions to you. In those circumstances, we may process and share your personal information with these third party vendors or service providers to comply with our contractual obligations and maintain the services, options or solutions available	It is in our interest to perform any contractual obligation assumed with third parties. It is also our Customers’ interest to access improvements in our Services resulting from our contracts with third party vendors and service providers.	Basic Customer Information, Transaction Information Additional information submitted to us Information from our Marketing Partners Preferences

Data use based on your consent

When we use your information based on your consent, you have the right to withdraw your consent at any time on a go-forward basis (which will not affect our prior use of your data, based on your previously given consent). You may change your device-based or in-app settings anytime as described in Section 7. Your Privacy Rights and Choices.

Why and How We Use Your Information	Information Categories Used
Where you ask us to share your data Where you direct us to share your personal data with a third party, we may do so. For example, you may authorize third parties to act on your behalf (such as a financial advisor, lawyer, accountant or family member or guardian under a power of attorney). We may need to ask for proof that a third party has been validly authorised to act on your behalf.	Basic Customer Information Supplemental Information Financial Information Transaction Information Additional information submitted to us
To enable device-based settings Collecting information that you allow us to receive through the device-based settings you enable (such as access to your GPS location, camera or photos) which we use to provide the features or services described when you enable the setting.	App, browser, and device information
To provide marketing communications to you To send you targeted marketing communications through email, mobile, in app, and push notifications or by SMS. You may also see ads for our Services when you visit other apps and websites.	Basic Customer Information Institutional Information Product Usage Information Transaction Information Information from our Marketing Partners Preferences Additional information submitted to us

Data use to protect your or others’ vital interests

Why and How We Use Your Information	Information Categories Used
Preserving, reviewing, and sharing information with law enforcement and others We may preserve, review, and share information with law enforcement and others in circumstances where someone’s vital interests require protection, such as in the case of emergencies. For example, where there is a risk to the well-being or life of a Coinbase Customer.	Basic Customer Information Supplemental Identification Information Institutional Information Wallet Information Transaction Information Product Usage Information Additional information submitted to us (not including Referral Information, which we do not retain) Blockchain Data
To protect vulnerable customers In certain jurisdictions, under financial and consumer protection regulations, Coinbase has additional obligations to vulnerable customers. It is in the substantial public interest for Coinbase to provide additional support if you are or become a vulnerable customer.	Basic Customer Information Supplemental Identification Information Institutional Information Wallet Information Transaction Information Product Usage Information Additional information submitted to us Blockchain Data

If you reside outside the United Kingdom or EEA, the purposes for which we may use your information are as described above, however, the legal bases on which we rely in your jurisdiction may differ from those listed above (e.g., your consent may be considered as the principal basis on which we may use your personal information for all purposes).

If you provide Coinbase or our service providers and agents with personal information of another individual, you represent that you have all necessary authority and/or have obtained all necessary consents from such person to enable us to collect, use and disclose such personal information for the purposes set forth in this Privacy Policy.

Affiliates

Personal information that we process and collect may be transferred between companies, Services, and employees affiliated with us as a normal part of conducting business and offering our Services to you. See Section 11. Our Relationship With You for a list of our affiliated companies and Services.

Linked Third Party Websites

When you use third-party services (like when you connect your Coinbase account with your bank account) or websites that are linked through our Services, the providers of those services or products may receive information about you that Coinbase, you, or others share with them. Please note that when you use third-party services or Coinbase Affiliate Services which are not governed by this Privacy Policy, their own terms and privacy policies will govern your use of those services and products.

Travel Rule

In accordance with regulations commonly known as the “TraveI Rule” in multiple jurisdictions, Coinbase may collect, retain, and/or share with other service providers information about the counterparties in certain cryptocurrency transfers. For example, Coinbase may collect counterparty information when you receive a deposit of cryptocurrency from outside of the Coinbase platform or when you send cryptocurrency to a non-Coinbase wallet address. In some instances, Coinbase may further be obligated under the Travel Rule to provide information about you and/or the counterparty to the virtual asset service provider (or applicable regional equivalent) (“VASP”) that is transferring cryptocurrency to, or receiving it from, Coinbase. To do this, Coinbase employs tools such as TRUST (the Travel Rule Universal Solution Technology) – a global, secure, and industry-driven solution designed to comply with the Travel Rule while helping to protect your security and privacy.

Professional advisors, industry partners, authorities and regulators

Professional advisors, industry partners (and their service providers), authorities and regulators. We share your information described in Section 1. What Information We Collect with our advisors, regulators, tax authorities, law enforcement, government agencies, and industry partners (and their service providers) to:
a) respond pursuant to applicable law or regulations, court orders, legal process or government requests;
b) comply with our reporting and information sharing obligations with industry partners, including other and regulatory authorities;
c) detect, investigate, prevent, or address fraud and other illegal activity or security and technical issues;
d) protect the rights, property, and safety of our Customers, Coinbase and its Affiliates, or others, including to prevent death or imminent bodily harm; and
e) to facilitate subscription, transfer or redemption requests.

Asset Transfer or Company Acquisition

We may choose to buy or sell assets, and may share and/or transfer information about our Customers in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, merged, reorganized, or if we go out of business, enter bankruptcy, or go through some other change of control or similar event, your personal information could be one of the assets transferred to the acquiring party.

Third-Party Service Providers

We work with third-party service providers to help us provide or promote our Services. This involves disclosing to our third-party service providers conversion data, including IP address, with advertisers such as Meta to create custom audience lists and AppLovin. (See here for more information about AppLovin’s collection and use of your information). These third party service providers will match this information with their user data (gathered in accordance with their own privacy policies and terms of service) to allow us to target ads to groups of individuals who have interacted with us.

When we share information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms and only process as necessary for the purpose of the contract.

We work with different types of third-party service providers, including:

Types of Third-Party Service Providers We Use	What Information We Share
Third-Party Electronic ID Verification Service Vendors, including those that process biometric information Vendors for tax reporting Derivatives service providers Retail merchants (to provide rewards/incentives) Marketing and promotions providers (to promote our Services) Telecommunications technology providers (to send you messages, including SMS messages) CTF/AML service providers (for the purposes of transaction monitoring) Data hosting service providers and payment vendors (for off-site data hosting) Security service providers (for investigating fraud and security incidents) Analytics providers (to understand how you use our Services) Payment processing companies (to process transactions on our behalf) Document repository services providers Customer support vendors Digital asset advocacy groups like Stand With Crypto	Basic Customer Information Supplemental Identification Information EIDV Information Financial Information Institutional Information Usage Information Transaction Information Blockchain Data Wallet Information App, browser, and devise information Additional information submitted to us

Types of Third-Party Service Providers We Use

What Information We Share

Third-Party Electronic ID Verification Service Vendors, including those that process biometric information

Vendors for tax reporting

Derivatives service providers

Retail merchants (to provide rewards/incentives)

Marketing and promotions providers (to promote our Services)

Telecommunications technology providers (to send you messages, including SMS messages)

CTF/AML service providers (for the purposes of transaction monitoring)

Data hosting service providers and payment vendors (for off-site data hosting)

Security service providers (for investigating fraud and security incidents)

Analytics providers (to understand how you use our Services)

Payment processing companies (to process transactions on our behalf)

Document repository services providers

Customer support vendors

Digital asset advocacy groups like Stand With Crypto

Basic Customer Information

Supplemental Identification Information

EIDV Information

Financial Information

Institutional Information

Usage Information

Transaction Information

Blockchain Data

Wallet Information

App, browser, and devise information

Additional information submitted to us

4. HOW WE HOLD YOUR PERSONAL INFORMATION

We generally hold your information electronically in our servers or those of our trusted service providers. On occasion, we hold your information in hard copy. We implement reasonable technical and organizational safeguards to protect the information we hold, and we require our service providers to do the same.

5. HOW LONG WE RETAIN YOUR PERSONAL INFORMATION

We retain your information as needed to provide our Services, comply with legal obligations, or protect our or others’ interests. While retention requirements vary by country, we maintain internal retention policies on the basis of how information needs to be used. This includes considerations such as when the information was collected or created, whether it is necessary in order to continue offering you our Services, whether we are required to hold the information to comply with our legal obligations, including AML/KYC compliance, or other financial regulatory obligations, or information preservation requirements. We also keep certain information where necessary to protect the safety, security and integrity of our Services, Customers, and Users.

We may keep pseudonymised personal information (information with identifying details removed or replaced) and your user ID to help us understand usage patterns and improve our services.

We retain biometric information (as part of our retention of Supplemental Identification Information) for the period required for financial regulatory compliance or otherwise as required by applicable law. Our third-party electronic identity verification service providers retain this information for as long as set out in their applicable notices/policies.

In line with these considerations, we delete information that is no longer needed for the above purposes when you close your account, or when you request deletion of your information, or if required under applicable law, when you withdraw consent to us using your information (which you can initiate through your Privacy Rights Dashboard).

6. CHILDREN'S PERSONAL INFORMATION

The Sites and Services are not directed to persons under the age of 18, and we do not knowingly request or collect any information about persons under the age of 18. If you are under the age of 18, please do not provide any personal information through the Sites or Services. If a User or Customer submitting personal information is suspected of being younger than 18 years of age, Coinbase will require the relevant Customer or User to close his or her account, and will take steps to delete the individual’s information as soon as possible.

7. INTERNATIONAL TRANSFERS

To facilitate our global operations, Coinbase, its Affiliates, third-party partners, and service providers may transfer, store, and process your personal information throughout the world, including Ireland, Germany, Singapore, the UK, the US, and the Philippines. See here for more information.

If you reside in the EEA, Switzerland, or the United Kingdom, we rely upon a variety of legal mechanisms to facilitate these transfers of your personal information (collectively, “European Personal Data”).

We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of European Personal Data to third countries, including from our EU operating entities to Coinbase, Inc. in the United States. For a copy of the Standard Contractual Clauses, please contact dpo@coinbase.com.
In addition, we may rely on certain exemptions provided for under data protection law for our international transfers. We also rely on adequacy decisions from the European Commission where available and exemptions provided for under data protection law. For example, because Coinbase operates and provides its Services globally, we need to share information with our Affiliates and to data centers outside the EEA in order to develop, offer, and improve our Services (Article 49(1)(b) GDPR). In addition, we may rely on certain exemptions for sharing personal information with law enforcement outside of the EEA in emergency situations (Article 49(1)(f) GDPR).

EU-US, UK-US, and Swiss-US Data Privacy Framework

Coinbase complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (together referred to as the “Data Privacy Frameworks”) and the DPF Principles as set forth by the U.S. Department of Commerce. Coinbase has certified to the U.S. Department of Commerce that it adheres to:

the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF;
the UK-U.S. Data Privacy Framework Principles (EU-UK DPF Principles) with regard to the processing of personal data received from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF; and
the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

In the context of an onward transfer, Coinbase has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as a service provider, partner and/or other third party to help us provide our Services on our behalf (as described in Section 4 of this policy). Coinbase remains liable under the DPF if any such third party processes personal data in a manner inconsistent with the DPF, unless Coinbase can prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (together, the “Principles”), the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, visit https://www.dataprivacyframework.gov

In compliance with the Data Privacy Frameworks, Coinbase commits to resolve all DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the relevant Data Privacy Frameworks should first contact Coinbase at: dpo@coinbase.com

For unresolved complaints concerning our handling of personal information in reliance on the Data Privacy Frameworks, Coinbase is a member of and relies upon the ICDR-AAA services for the Data Privacy Framework Program, see here https://go.adr.org/dpf_irm.html, which may involve, under certain conditions, binding arbitration.

The U.S. Federal Trade Commission has jurisdiction over Coinbase’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

If you reside in Brazil, we may rely upon a variety of legal mechanisms to facilitate international data transfers of your personal information.

a) We rely primarily on the Standard Contractual Clauses approved by the National Data Protection Authority to facilitate the international and onward transfer of personal data to third countries, including from our Brazilian subsidiary to Coinbase, Inc. in the United States. The approved SCCs can also include equivalent SCCs, as provided by Article 20 of Regulation no. 19/2024 by ANPD. For a copy of the Standard Contractual Clauses, please contact dpo@coinbase.com

b) In addition, we may rely on certain exemptions provided for under Brazilian data protection laws for our international transfers. We also rely on adequacy decisions from the National Data Protection Authority where available.

The mechanisms abovementioned will not apply when you have a direct relationship with any company located outside Brazil, because this situation is not considered an international data transfer (Article 7, III, of Regulation no. 19/2024, from ANPD).

If you reside in Argentina, we may rely upon a variety of legal mechanisms to facilitate international data transfers of your personal information.

c) We rely primarily on the European Standard Contractual Clauses as set forth above.

d) In addition, we may rely on certain exemptions provided for under Argentine data protection laws for our international transfers. We also rely on the adequacy decision issued through Disposition E60/2016 of the Argentine Data Protection Authority where available.

8. YOUR PRIVACY RIGHTS AND CHOICES

Depending on where you live, you may be able to exercise certain privacy rights related to your personal information. For any of your privacy rights and choices referenced below, requests relating to your personal information can be made by logging into your account and going to your Privacy Rights Dashboard or by submitting a request via our Support Portal or by contacting our Data Protection Officer at dpo@coinbase.com. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, Coinbase has absolute discretion in providing you with these rights.

Right to access and portability:
- You may request that we provide you a copy of your personal information held by us through your Privacy Rights Dashboard, or by submitting a request via our Support Portal.
Right to rectification:
- You may request us to rectify or update any of your personal information held by Coinbase that is incomplete or inaccurate by logging in to your account and going to the Profile or My Account page. If you cannot access or update particular information through those pages, then you can submit a request via our Support Portal or by emailing dpo@coinbase.com.
Right to deletion/erasure:
- You may request to erase your personal information, subject to applicable law. If you close your Coinbase Account, we will retain or delete information associated with your account as described in Section 4. How Long We Keep Your Personal Information.
Right to withdraw your consent:
- To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. The lawfulness of Coinbase’s processing before you withdraw your consent will not be affected by such withdrawal.
Right to object to or restrict processing:
- You may have the right to restrict or object to us using or transferring your personal information based on our legitimate interests, in the public interest, or for direct marketing. To do so, please submit a request to dpo@coinbase.com. We may continue to process your personal information where permitted or required by applicable law. You can opt-out of receiving marketing communications from Coinbase through your account settings or by submitting a request via our Support Portal or at dpo@coinbase.com. If you reside in India, we will endeavour to resolve any complaint or grievance that you may have regarding our use of your personal information within 30 days or such other time-period as may be permitted under applicable law.
Right to non-discrimination: We will not discriminate against you for exercising any of your rights provided to you under law.
Right to lodge a complaint:
- If you have a complaint about our practices with respect to your personal information, you can submit it via our Support Portal or by emailing us at dpo@coinbase.com. We take all complaints seriously and will respond within a reasonable time.
- If you reside in the EEA, Switzerland, or the UK, you have the right to lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country or state. In the UK, the relevant data protection authority is the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, +44 (0303) 123 1113, email: casework@ico.org.uk. In Ireland, the relevant data protection authority is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, +353 017650100 / + 353 1800437737, email: info@dataprotection.ie or by using the following online form: Forms for Data Protection. In Luxemburg, the relevant data protection authority is the National Commission for Data Protection (CNPD) at Commission Nationale pour la Protection des Donnees, Service des plaints, 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg, Tél. : (+352) 26 10 60 -1.
- If you reside in Australia, the Philippines, or India, you may lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country. In Australia, the relevant data protection authority is the Office of the Australian Information Commissioner, and complaints may be made through their website at www.oaic.gov.au. In the Philippines, the relevant data protection authority is the National Privacy Commission, email: complaints@privacy.gov.ph.
- If you reside in Canada, you may contact the Office of the Privacy Commissioner of Canada using the appropriate contact mechanism based on the nature of your inquiry (see https://www.priv.gc.ca/en/report-a-concern/ for more details). However, we would appreciate hearing from you directly before you contact the Office in order to attempt to assist you as quickly as possible. Please see section “9. How to Contact Us With Questions” for our contact details.
- If you reside in Brazil, you may lodge a complaint about our practices with respect to your personal information with the Data Protection National Authority (“ANPD”), and complaints may be made through their website: https://www.gov.br/pt br/servicos/abrir-requerimento-relacionado-a-lgpd.
- If your reside in Argentina, the Agency for Public Information Access, in its capacity as Control Agency of Law 25,326, is responsible for dealing with complaints and claims filed by those whose rights are affected by non-compliance with the regulations in force regarding the protection of personal data. The data owner shall have the right to access his personal data for free, once every six (6) months or on a shorter basis if a legitimate interest is demonstrated, as established by Section 14, Sub Section 3 of Law 25,326.
Right to obtain identities of third-party recipients: If you reside in India, you may request for details of all third-parties with whom your personal information has been shared along with a description of personal information shared.
Right to nominate: If you reside in India, you may appoint any other individual to exercise your rights with respect to your personal information in the event of your death or incapacity.

To protect your privacy and security, we may take steps to verify your identity before complying with your request and we may decline your request if we are unable to verify your identity.

Under certain US data privacy laws, you may also designate an authorized agent to make these requests on your behalf.

These rights are not absolute, and may be denied: (a) when granting access or assisting portability would adversely affect the rights and freedoms of others; (b) to protect our rights and properties; (c) where the request is frivolous or vexatious; or (d) as otherwise permitted by law.

9. PRIVACY NOTICE FOR UNITED STATES RESIDENTS

If you are a United States resident, you can learn more about how we use your information and your privacy rights by reviewing our United States Privacy Notice. Any terms defined in the California Consumer Privacy Act (as amended) (“CCPA”) have the same meaning when used in the US Privacy Notice.

10. HOW TO CONTACT US WITH QUESTIONS

If you have questions or concerns regarding this Privacy Policy, or if you have a complaint, please contact us on our Support Portal, at dpo@coinbase.com or by writing to us at the address of your Coinbase service provider (provided in Section 12. Our Relationship With You below).

11. CHANGES TO THIS PRIVACY POLICY

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. We post any changes we make to our Privacy Policy on this page and, where appropriate, we will provide you with reasonable notice of any material changes before they take effect or as otherwise required by law. The date the Privacy Policy was last updated is identified at the top of this page.

We may provide additional "just-in-time" disclosures or information about how we collect or use your information in the context of specific Services; these in-product notices may supplement or clarify our privacy practices or may provide you with additional choices about how we use your information.

12. OUR RELATIONSHIP WITH YOU

If you reside in the EEA, Coinbase Ireland Limited, Coinbase Europe Limited and Coinbase Germany GmbH currently act as joint controllers in respect of your personal information. Coinbase Ireland Limited is the joint controller with primary responsibility for your personal information, including with respect to providing you with information and responding to any requests you may make under the GDPR.

With its new Markets in Crypto Assets (MiCA) authorisation, Coinbase Luxembourg S.A. will soon provide Crypto Asset Services to our EEA customers. Once this change comes into effect, you will receive a notification from us with more details. At that point Coinbase Ireland Limited and Coinbase Luxembourg S.A. will act as joint controllers in respect of your personal data and will be jointly responsible for your personal information, including with respect to providing you with information and responding to any requests you may make under the GDPR.

You can contact either entity via our Data Protection Officer at dpo@coinbase.com or by writing to us at the address of your Coinbase service provider. Please see more about how you can exercise your rights under the GDPR through our Privacy Rights Dashboard.

CONSUMER/INSTITUTIONAL SERVICES

NORTH AMERICA (UNITED STATES & CANADA)

Where You Reside	Services Provided	Your Coinbase Service Provider	Contact Address
United States	Digital Asset Services, Fiat Wallet services	Coinbase, Inc. CA Entity No.: C3548456	Coinbase, Inc. c/o C T Corporation System 818 West Seventh St., Ste. 930 Los Angeles, California 90017
United States	Custodial Services	Coinbase Custody Trust Company, LLC (unless otherwise indicated in your service contract) NYS License # 122506	Coinbase Custody Trust Company, LLC c/o C T Corporation System 28 Liberty Street New York, New York 10005
United States	Credit and Lending Services	Coinbase Credit, Inc. CA Entity No.: C4315976	Coinbase Credit, Inc. c/o C T Corporation System 818 West Seventh St., Ste. 930 Los Angeles, California 90017
United States	Futures Trading	Coinbase Financial Markets, Inc.	1 Madison Ave, 24th floor, New York, NY 10010, United States
United States	Broker Dealer Services	Coinbase Capital Markets Corporation	1 Madison Ave., 24th Floor, New York, NY 10010, USA
Canada	Digital Asset Services, Fiat services	Coinbase Canada, Inc.	1 University Avenue, #14- 111, Toronto ON M5J 2P1 CAN

APAC

Where You Reside	Services Provided	Your Coinbase Service Provider	Contact Address
Singapore, New Zealand, Taiwan, Philippines, Hong Kong, South Korea, Taiwan, UAE.	Digital Asset Services, Fiat Wallet Services	Coinbase Singapore Pte. Ltd. Unique Entity No.: 201935002N	One Marina Boulevard, #28-00, Singapore 018989
Australia	Digital Asset Services, Fiat Wallet Services	Coinbase Australia Pty Ltd; ACN 654 922 442	Coinbase Australia c/o TMF Corporate Services (Aust) Pty Limited, Suite 1 Level 11, 66 Goulburn Street, Sydney NSW 2000 Australia
India	Digital Asset, Services, Digita l Asset Derivative, Services and Additional Coinbase Services	Coinbase India Private Limited through Coinbase Group.	Regus Elegance, 2F, Elegance Jasola District Centre, Old Mathura Road, New Delhi, 110025

EEA (European Economic Area)

Where You Reside	Services Provided	Your Coinbase Service Provider	Contact Address
EEA	Digital Asset Services	Coinbase Europe Limited. Company No: 675475	70 Sir John Rogerson's Quay Dublin 2, Ireland
Germany	Digital Asset Services	Coinbase Germany GmbH. Company No: HRB 213709 B. BaFin-ID 10158674	Kurfürstendamm 22, 10719 Berlin, Germany
EEA	Fiat Wallet Services	Coinbase Ireland Limited. Company No: 630350 CBI Register No: C188493	70 Sir John Rogerson's Quay Dublin 2, Ireland
United Kingdom (and select non-EEA countries in Europe)	E-Money Services, Digital Asset Services and Additional Services	CB Payments, Ltd Company No: 09708629 FCA Register No: 900635	The Scalpel, 18th Floor, 52 Lime Street, London, United Kingdom, EC3M 7AF
EEA	Digital Asset Services	Coinbase Luxembourg S.A. Company No: B292147 CSSF Register No: N00000004	5, Place de la Gare, L-1616, Luxembourg
EEA	Markets in Financial Instruments (“MifiD”) Services	Coinbase Financial Services Europe Limited (Registration number: HE350475)	1 Lampousas Street, 1095, Nicosia, Cyprus

OUTSIDE EU, US, UK, APAC

Where You Reside	Services Provided	Your Coinbase Service Provider	Contact Address
Eligible jurisdictions outside the United States	Digital Asset Services	Coinbase Bermuda Limited	Park Place, 55 Par La Ville Road, Hamilton, HM11 Bermuda
Anywhere but the USA, UK, certain APAC regions, EEA	Digital Asset Services	Coinbase Bermuda Services Limited	Park Place, 55 Par La Ville Road, Hamilton, HM11 Bermuda
Brazil	Digital Asset Services	Coinbase Brasil Ltda	City of Sao Paulo, State of Sao Paulo, at Alameda Santos, 2300, Suite 11 part, Cerqueira Cesar, ZIP Code 01418-200

DEVELOPER SERVICES

Where You Reside	Services Provided	Your Coinbase Service Provider	Contact Address
Anywhere	Coinbase Pay SDK Exchange API Rosetta Prime API Sign In with Coinbase	Coinbase, Inc. CA Entity No.: C4315976	Coinbase, Inc. c/o C T Corporation System 818 West Seventh St., Ste. 930 Los Angeles, California 90017
Anywhere	Wallet SDK and Commerce API	Coinbase Bermuda Technologies. Ltd.	46 Reid Street, Hamilton HM12 Bermuda
Anywhere but the United States	Public and Private Node Staking	Coinbase Developer Platform Pte. Ltd.	One Marina Boulevard, #28-00018989, Singapore
United States	Public and Private Node Staking	Coinbase Crypto Services, LLC	1209 Orange Street, Corporation Trust Center City of Wilmington, DE 19801

INSTITUTIONAL SERVICES

For institutional entities or private clients receiving institutional services (such as Prime Trading & Custody and Prime DMA), the data controller is the entity with which you have contracted for the products offered. Please refer to the terms of service or reach out to our Data Protection Officer at dpo@coinbase.com.