XPAID Spółka z ograniczoną odpowiedzialnością
ul. Kolejowa 45/119, 01-210 Warsaw, Poland
KRS: 0001143376 | NIP: 7252350588
Last updated: 30 June 2026

1. Introduction and Data Controller

1.1 XPAID Spółka z ograniczoną odpowiedzialnością (“XPAID”, “we”, “us”) is the sole data controller responsible for the personal data collected through the website https://xpaid.org (“Website”) and in connection with our consulting services.

1.2 This Privacy Policy explains what personal data we collect, how we use it, on what legal basis, and what your rights are under Regulation (EU) 2016/679 (GDPR) and applicable Polish data protection law.

1.3 XPAID provides consulting and informational services only. We do not provide crypto-asset exchange, custody, payment, or any other regulated financial services. We do not process payment, transaction, or crypto-asset data on behalf of our clients.

2. Personal Data We Collect

2.1 Data you provide directly to XPAID

Category Examples Purpose
Contact data Name, e-mail address, phone number Responding to enquiries; providing consulting services
Consulting service data Documents, income or business details voluntarily submitted for consulting purposes Delivering the consulting service you requested
Communications Content of messages sent via contact forms or e-mail Correspondence; service improvement

2.2 Data collected automatically when you visit the Website

Category Examples Purpose
Technical data IP address, browser type, device type, operating system Website security, fraud prevention, technical administration
Usage data Pages visited, time spent, click paths Analytics; improving Website performance
Cookie data Session cookies, analytics cookies, preference cookies See Section 7 (Cookies)

2.3 Data we do NOT collect

XPAID does not collect:

3. Legal Bases for Processing

Purpose Legal Basis (GDPR Art.)
Providing consulting services you have requested Art. 6(1)(b) – Performance of a contract
Responding to your enquiries Art. 6(1)(b) – Pre-contractual steps
Compliance with legal obligations (e.g., accounting, tax, AML wind-down refunds) Art. 6(1)(c) – Legal obligation
Website analytics and performance improvement Art. 6(1)(f) – Legitimate interests
Marketing communications (if you have opted in) Art. 6(1)(a) – Consent

4. Wind-Down Refund Process – Special Notice

4.1 XPAID Sp. z o.o. ceased regulated crypto-asset services on 30 June 2026 in compliance with Regulation (EU) 2023/1114 (MiCA). Individual refunds for remaining funds are available until 30 September 2026.

4.2 If you submit a refund request, we will collect and process the following data solely for the purpose of conducting a mandatory KYC/AML re-verification and executing the refund:

4.3 The legal basis for this processing is Art. 6(1)(c) GDPR (compliance with legal obligations under the Polish AML Act of 1 March 2018). Data collected in this context will be retained for 5 years from the date of the refund transaction, as required by applicable AML law.

4.4 To submit a refund request, contact: [email protected] with subject line «Refund Request – [Full Name / Company Name]».

5. Sharing of Personal Data

5.1 XPAID does not sell your personal data to third parties.

5.2 We may share your personal data with:

6. International Transfers

6.1 We aim to keep your data within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., by a service provider), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Cookies

7.1 This Website uses the following categories of cookies:

Category Purpose Consent required?
Strictly necessary Session management, security, language preferences No
Analytics Website usage statistics (e.g., Google Analytics) Yes
Preference Saving display and language preferences Yes
Marketing Targeted advertising (if applicable) Yes

7.2 You can manage your cookie preferences at any time via the cookie settings panel accessible from the footer of this Website.

7.3 This Website does not currently embed any third-party financial service widgets that would set independent cookies outside of XPAID’s control.

8. Data Retention

Data Type Retention Period
Consulting correspondence and service data 5 years from end of service relationship
Accounting and invoicing records 5 years (required by Polish tax law)
Wind-down refund KYC/AML data 5 years from date of refund transaction (Polish AML Act)
Website analytics data 26 months (rolling)
Marketing consent records Until consent is withdrawn + 1 year
Contact enquiries (no service contract) 12 months from last contact

9. Your Rights Under GDPR

You have the following rights regarding your personal data processed by XPAID:

Right Description
Access (Art. 15) Obtain a copy of the personal data we hold about you
Rectification (Art. 16) Request correction of inaccurate or incomplete data
Erasure (Art. 17) Request deletion of your data (“right to be forgotten”), subject to legal retention obligations
Restriction (Art. 18) Request that we limit processing of your data in certain circumstances
Portability (Art. 20) Receive your data in a structured, machine-readable format
Objection (Art. 21) Object to processing based on legitimate interests or for direct marketing purposes
Withdrawal of consent (Art. 7(3)) Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at: [email protected]. We will respond within 30 days of receiving your request.

10. Right to Lodge a Complaint

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with the Polish supervisory authority:

Prezes Urzędu Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Website: https://uodo.gov.pl
E-mail: [email protected]

11. Social Media and Meta Pixel

11.1 XPAID maintains official social media pages on Facebook and Instagram:

11.2 This Website uses Meta Pixel (Facebook Pixel), a tracking tool provided by Meta Platforms Ireland Limited (“Meta”). Meta Pixel may collect data about your behaviour on our Website (pages visited, actions taken) and link it to your Facebook/Instagram profile if you are logged in.

11.3 XPAID and Meta act as joint controllers in respect of data collected via Meta Pixel, pursuant to Art. 26 GDPR. Meta’s data policy is available at: https://www.facebook.com/privacy/policy/

11.4 Meta Pixel is a marketing cookie and is activated only upon your explicit consent via our cookie consent banner. You may withdraw your consent at any time through the Cookie Settings link in the footer of this Website.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The revised version will be published on this Website with an updated “Last updated” date. Where changes are material, we will notify you via a banner or other prominent notice on the Website.

13. Contact

XPAID Spółka z ograniczoną odpowiedzialnością
ul. Kolejowa 45/119, 01-210 Warsaw, Poland
KRS: 0001143376 | NIP: 7252350588
Website: https://xpaid.org

E-mails: