Last Updated: March 28, 2026 — This Privacy Policy describes how Kraken Login (krakenlogin.co.com) collects, uses, shares and protects personal information when you use our platform and services.
1.1 Information You Provide. When you create a Kraken account, complete identity verification or use our services, we collect information you voluntarily submit. This includes your full legal name, date of birth, residential address, email address, phone number, government-issued identification documents (passport, driver's license, national ID), proof of address documents, source of funds documentation and any other information required for regulatory compliance at your verification tier.
1.2 Transaction Data. We record all trading activity, deposit and withdrawal transactions, order history, account balance snapshots and settlement records associated with your account. Transaction data is necessary for providing our services, fulfilling regulatory reporting obligations and resolving disputes.
1.3 Device and Usage Data. When you access the platform, we automatically collect technical information including your IP address, browser type and version, operating system, device identifiers, screen resolution, referring URLs, pages visited, time spent on pages, click patterns and session duration. This data helps us maintain platform security, detect unauthorized access attempts and improve user experience.
1.4 Cookies and Tracking Technologies. We use essential cookies required for platform functionality (session management, authentication state, security tokens), analytical cookies to understand usage patterns and optimize performance, and preference cookies to remember your settings. We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings, though disabling essential cookies may impair platform functionality.
1.5 Biometric Data. During identity verification, we may process facial recognition data to match your selfie against your government-issued ID. Biometric data is processed in real-time on our infrastructure, is not stored permanently after verification is complete, and is never shared with third parties.
2.1 Service Delivery. We use your information to create and maintain your account, process transactions, execute trades, facilitate deposits and withdrawals, provide customer support and deliver the platform features described across our services including Kraken Pro, Futures, Margin, Staking, NFT Marketplace, OTC Desk and Institutional Services.
2.2 Regulatory Compliance. We use personal information to comply with Know Your Customer (KYC), Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations. This includes identity verification, sanctions screening, transaction monitoring and reporting to regulatory authorities as required by law. Our compliance obligations are mandated by authorities including FinCEN (United States), FCA (United Kingdom), AUSTRAC (Australia) and applicable European regulators.
2.3 Security and Fraud Prevention. We analyze account activity, login patterns, device fingerprints and transaction behavior to detect and prevent unauthorized access, fraud, market manipulation and other prohibited activities. Security monitoring operates continuously and may result in automated restrictions on suspicious accounts pending human review.
2.4 Platform Improvement. Aggregated, anonymized usage data helps us improve platform performance, develop new features, optimize user interfaces and prioritize engineering resources. Individual users are never identifiable from aggregated analytics data.
2.5 Communication. We use your email address and, where you have opted in, your phone number to send essential service notifications (security alerts, transaction confirmations, verification status updates) and, with your explicit consent, optional communications (product updates, educational content, market insights). You can unsubscribe from optional communications at any time without affecting your account status.
3.1 We Do Not Sell Your Data. Under no circumstances do we sell, rent or trade personal information to third parties for their marketing, advertising or commercial purposes. This commitment applies globally, regardless of jurisdiction.
3.2 Service Providers. We share limited personal information with trusted service providers who assist in platform operations. These include identity verification providers (document scanning and validation), cloud infrastructure providers (data hosting and storage), payment processors (fiat deposit and withdrawal facilitation) and customer support tools. All service providers are contractually bound to use personal data only for the specific services they provide to us, subject to confidentiality obligations and data protection standards equivalent to our own.
3.3 Legal and Regulatory Disclosure. We may disclose personal information when required by law, regulation, legal process or enforceable governmental request. This includes responding to valid subpoenas, court orders, regulatory examinations and law enforcement requests. We evaluate every request for legal validity and scope before disclosing data, and we notify affected users when legally permitted to do so.
3.4 Blockchain Analytics. We work with blockchain analytics providers to monitor on-chain transaction patterns for compliance purposes. These providers receive transaction hashes and wallet addresses (public blockchain data) but do not receive personal identity information unless required by a specific legal process.
3.5 Corporate Transactions. In the event of a merger, acquisition, reorganization or sale of assets, personal information may be transferred to the acquiring entity. Users will be notified in advance of any such transfer and provided the opportunity to delete their account before the transition.
We retain personal information for as long as necessary to provide our services, comply with legal obligations and resolve disputes. Specific retention periods are determined by the type of data and applicable regulatory requirements.
Account Data: Retained for the duration of the account relationship plus 5 years after account closure, as required by AML record-keeping regulations in most jurisdictions.
Transaction Records: Retained for a minimum of 7 years from the date of the transaction, consistent with financial record-keeping obligations under FinCEN, FCA and equivalent regulatory frameworks.
Identity Verification Documents: Retained for 5 years after account closure or last transaction, whichever is later. Biometric data processed during verification is deleted immediately after the verification decision is rendered.
Device and Usage Data: Retained for 24 months from the date of collection. Aggregated, anonymized analytics data derived from usage data may be retained indefinitely.
Communication Records: Customer support interactions and correspondence are retained for 3 years after the most recent interaction.
If you are located in the European Economic Area (EEA), United Kingdom or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR) and equivalent local legislation. These rights include:
Right of Access: You may request a copy of all personal data we hold about you. We will respond within 30 days of a verified request.
Right to Rectification: You may request correction of inaccurate or incomplete personal data. Account profile information can be updated directly through the platform settings.
Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes it was collected, subject to overriding legal retention obligations. Given our regulatory requirements, complete erasure may not be possible for all data categories until mandatory retention periods expire.
Right to Restriction of Processing: You may request that we restrict processing of your data in certain circumstances, such as while a rectification request is pending or if you contest the accuracy of your data.
Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format (JSON or CSV) for transfer to another service provider.
Right to Object: You may object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
To exercise any of these rights, contact our Data Protection Officer at privacy@krakenlogin.co.com. We will verify your identity before processing any request.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:
Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection and the categories of third parties with whom we have shared your data.
Right to Delete: You may request deletion of personal information we have collected, subject to statutory exceptions including legal retention obligations, ongoing transactions and security incident investigation.
Right to Opt-Out of Sale: We do not sell personal information. If this practice were to change, we would provide a clear "Do Not Sell My Personal Information" mechanism as required by CCPA.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing, service quality or access levels as a result of submitting a privacy request.
Right to Correct: You may request correction of inaccurate personal information maintained by us.
California residents may submit requests by emailing privacy@krakenlogin.co.com or through the account settings privacy dashboard. We will respond within 45 days of a verified request.
We implement industry-leading technical and organizational measures to protect personal information. These measures include AES-256 encryption for data at rest, TLS 1.3 encryption for data in transit, multi-factor authentication for all internal systems, role-based access controls with principle of least privilege, comprehensive audit logging of all data access events, regular penetration testing and vulnerability assessments, SOC 2 Type II certified infrastructure, geographic redundancy for data storage and disaster recovery, and continuous security monitoring with automated threat detection. For full details on our security architecture, visit the Security Guide.
Kraken operates globally and may transfer personal data across international borders. When transferring data from the EEA, UK or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational safeguards where necessary. We do not transfer personal data to jurisdictions that lack adequate data protection frameworks without implementing appropriate transfer mechanisms.
Our services are not directed to individuals under the age of 18 (or the age of majority in the relevant jurisdiction). We do not knowingly collect personal information from minors. If we become aware that a user is under the applicable age threshold, we will promptly close the account and delete all associated personal data. If you believe a minor has provided us with personal information, please contact privacy@krakenlogin.co.com immediately.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or business operations. We will notify registered users of material changes via email at least 30 days before the changes take effect. Non-material changes (formatting, clarifications) may be made without advance notice. The "Last Updated" date at the top of this policy reflects the most recent revision. Continued use of the platform after the effective date of a revised policy constitutes acceptance of the updated terms.
If you have questions, concerns or requests regarding this Privacy Policy or our data handling practices, contact our Data Protection Officer:
Email: privacy@krakenlogin.co.com
Mailing Address: Kraken Login, Data Protection Office, 548 Market Street, Suite 39531, San Francisco, CA 94104, United States
For general platform support, visit the Support page. For security-related concerns, contact the security team through the Security Guide reporting channels.
Understand the KYC data requirements at each verification tier and how your information is used during onboarding.
Learn about the technical and organizational security measures that protect your personal data and digital assets.
Review the regulatory frameworks and licensing that govern Kraken's operations across global jurisdictions.
Contact our support team for account-related inquiries, privacy requests or data protection questions.