Data Protection & Privacy
AetherNode's institutional-grade data handling protocols. Last updated: February 1, 2026.
Trading Infrastructure Commitment
AetherNode processes over $2.4B in daily trading volume. Our data protection framework is designed for institutional acquirers and enterprise deployments, meeting SOC 2 Type II, ISO 27001, and GDPR compliance requirements.
1. Data Collection Architecture
Identity & Compliance Layer
- Full legal name, date of birth, nationality, and residential address
- Government-issued identification (passport, national ID, driver's license)
- Proof of address documentation (utility bills, bank statements)
- Source of funds declarations for institutional accounts (>$100K)
- Beneficial ownership information for corporate entities
Trading & Transaction Layer
- Complete order history: timestamps, pairs, quantities, prices, order types
- Position data: entry/exit points, leverage ratios, liquidation events
- Wallet addresses (deposit/withdrawal), transaction hashes, network fees
- API key usage patterns, rate limit consumption, error logs
- Trading algorithm identifiers and execution metadata
Infrastructure Telemetry
- IP addresses, geolocation data, ISP information
- Device fingerprints, browser signatures, session tokens
- WebSocket connection metrics, latency measurements
- UI interaction patterns for fraud detection models
2. Processing & Storage Infrastructure
Singapore (SG1), Tokyo (JP1), Frankfurt (EU1), Virginia (US1)
AES-256-GCM at rest, TLS 1.3 in transit, HSM key management
Hot wallet data encrypted with threshold signatures (3-of-5 MPC). Cold storage air-gapped with geographic distribution. Database replication across 3 availability zones with 15-minute RPO. All PII tokenized and stored separately from trading data with role-based access controls.
3. Data Sharing & Third-Party Integrations
Mandatory Disclosures
- Monetary Authority of Singapore (MAS) - Regulatory reporting
- Financial Crimes Enforcement Network (FinCEN) - SAR filings
- Tax authorities under FATCA/CRS frameworks
- Court orders and valid legal process from competent jurisdictions
Service Providers (Under NDA)
- Chainalysis, Elliptic - Blockchain analytics and AML screening
- Jumio, Onfido - Identity verification and document authentication
- AWS, Google Cloud - Infrastructure (data processed in-region)
- Cloudflare - DDoS protection, WAF, edge caching
We do not sell personal data. Ever.
No data broker relationships. No advertising partnerships. No monetization of user data.
4. Retention & Deletion Schedules
5. Your Rights & Controls
Access the Data Control Center in Dashboard > Settings > Privacy to:
- Export complete data archive (JSON/CSV) - processed within 72 hours
- Request correction of inaccurate personal information
- Restrict processing (freezes account during review)
- Request deletion (subject to regulatory retention requirements)
- Object to profiling for marketing purposes
- Withdraw consent for non-essential processing
Data Protection Officer: dpo@aethernode.io
6. Acquisition & Transfer Provisions
In the event of acquisition, merger, or asset sale, user data may be transferred to the acquiring entity. Users will receive 30 days advance notice and the option to export data or close accounts before transfer. The acquiring entity will be bound by equivalent or stronger privacy protections. Institutional acquirers receive detailed data architecture documentation under NDA during due diligence.
Questions about data handling for acquisition due diligence? Contact legal@aethernode.io