Meet Cobo at Consensus Hong Kong 2026 (Feb 11–12) | Booth 1708 | Win a Drone

Book a Demo
close
Logo

Privacy Policy

Last Updated: January 2026

1. Introduction

Cobo is a digital asset custody and wallet infrastructure provider offering technology and services that enable organizations and developers to build, operate, and scale digital asset businesses. Cobo Global Limited and its affiliates (collectively, “Cobo”, “we”, “our” or “us”) provide a range of services, including custody solutions, wallet infrastructure, and related digital asset management tools (the “Services”).

This Privacy Policy (the “Policy”) describes how we collect, use, disclose, store, transfer, and protect Personal Information in connection with the Services. This Policy is for informational purposes and does not form part of any contract unless expressly incorporated by reference.

2. Scope, Roles, and Jurisdictional Notes

2.1 Services Covered

This Policy applies when you interact with Cobo in any of the following ways:

  • Visiting Cobo websites, including www.cobo.com (the “Site”);

  • Accessing or using Cobo Portal, custodial wallets, MPC wallets, Web3 wallets, and related platforms;

  • Using superloop, staking, and other digital asset management services;

  • Using mobile applications and tools such as screening, payouts, Cobo Guard, and similar tools;

  • Participating in referral programs or other platform features;

  • Communicating with us for marketing, business development, partnership, licensing, or compliance purposes;

  • Attending industry events or conferences;

  • Applying for employment;

  • Communicating with us in connection with legal, regulatory, compliance, dispute resolution, or enforcement matters.

Certain Services may be governed by separate agreements, which may include additional or different data protection terms.

2.2 Our Role: Data Controller / Data Processor 

Depending on the context, Cobo may act as:

  • a data controller (we determine the purposes and means of processing); or

  • a data processor / data intermediary (we process Personal Information on documented instructions from our clients).

Important: If we process your Personal Information on behalf of a Cobo client (for example, where a client uses our infrastructure to provide services to its users), that client is typically responsible for responding to requests about your Personal Information. If you contact us directly in such cases, we may redirect you to the relevant client or assist as permitted by contract and applicable law.

2.3 Singapore and Hong Kong

Individuals may have rights under applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (PDPA) and the Hong Kong Personal Data (Privacy) Ordinance (PDPO). Rights described in this Policy apply only to the extent required by applicable law and are subject to statutory limitations and exceptions.

3. Personal Information Collection Statement

When we collect Personal Information directly from you, we will provide (through this Policy and/or point-of-collection notices) information covering:

  1. Purposes of collection: why we need the Personal Information (see Section 5).

  2. Classes of transferees: the types of recipients to whom we may disclose the Personal Information (see Section 6).

  3. Whether provision is obligatory or voluntary:

    • Some Personal Information is mandatory for onboarding, account administration, security, compliance (including KYC/AML), and provision of the Services.

    • Some Personal Information is voluntary, such as certain business contact details, event participation information, or optional profile settings (where applicable).

  4. Consequences of not providing Personal Information:

    • If you do not provide mandatory Personal Information, we may be unable to onboard you or your organization, provide the Services, process requests, or comply with legal and regulatory obligations.

  5. Access and correction: you have rights to request access to and correction of Personal Information as described in Section 13.

4. Personal Information We Collect

In this Policy, Personal Information means information relating to an identified or identifiable individual, as defined under applicable data protection laws.

4.1 Information You Provide to Us

We may collect Personal Information you provide directly, including:

  • Account Information: name, email address, phone number, country of residence, date of birth, and similar identifiers;

  • Institutional Account Information: corporate registration documents and information about directors, authorized persons, and beneficial owners;

  • Identity Verification / Compliance Information: government-issued identification, proof of address, citizenship or residency information, and other information required for compliance (including KYC/AML). Where required or permitted by applicable law, this may include biometric verification data (e.g., video or facial verification);

  • National Identifiers (Singapore): we may sometimes collect NRIC/FIN (directly or via KYC vendors) only where required by law or where permitted and necessary for identity verification or compliance, and we apply heightened safeguards (see Section 10);

  • Communications: information submitted through forms, inquiries, contracts, support tickets, or correspondence;

  • Employment Applications: resumes, employment history, references, and related information;

  • Business Contacts: company name, job title, business contact details, and information shared at events or meetings;

  • Other information: information reasonably necessary to provide, administer, secure, or support the Services, including transaction-related or billing-related information (where applicable).

The categories above are non-exhaustive and may vary depending on the Services and applicable legal requirements.

4.2 Information Collected from Third Parties

We may receive Personal Information from third parties, including:

  • referrals from existing users or business partners;

  • service providers or integrations you authorize;

  • third-party authentication or verification providers;

  • publicly accessible professional platforms and sources.

4.3 Publicly Available and Blockchain Information

We may collect information from publicly available sources, including public websites and blockchain networks. Public blockchain data may not, on its own, identify you; however, it may be treated as Personal Information where it can reasonably be linked to an identifiable individual.

4.4 Automatically Collected Information

We may automatically collect information such as:

  • device identifiers and device characteristics;

  • IP address, browser type, and operating system information;

  • usage and access logs;

  • performance and diagnostic data;

  • security and fraud signals;

  • transaction metadata and blockchain transaction details (where relevant).

5. How We Use Personal Information

We use Personal Information for purposes permitted under applicable law, including:

  1. Provide and administer the Services (including onboarding, account administration, service delivery, customer support, and communications).

  2. Compliance, legal, and regulatory obligations (including KYC/AML checks, sanctions screening, audits, reporting, investigations, and responding to lawful requests).

  3. Security, fraud prevention, and risk management (including identity verification, authentication, access control, monitoring, detection and prevention of suspicious activity, and protection of our users, clients, and Cobo).

  4. Operations, analytics, and service improvement (including performance analysis, troubleshooting, testing, and improving usability, stability, and security).

  5. Business operations and relationship management (including managing enterprise relationships, contractual administration, invoicing, and business continuity).

  6. Protect rights and resolve disputes (including enforcing terms, protecting our rights and property, and handling disputes, claims, and litigation).

5.1 Consent and Other Legal Bases

  • Where required, we collect, use, or disclose Personal Information based on your consent (or other legally recognized forms of authorization).

  • In some circumstances, we may process Personal Information without consent where permitted by applicable law (for example, to meet legal obligations, for security, or for other permitted purposes).

  • If we rely on consent and you withdraw it (see Section 13), we will stop processing for that purpose unless we are permitted or required by law to continue.

6. Disclosure / Sharing of Personal Information

We may disclose Personal Information where necessary and permitted by law, including to:

  1. Cobo group companies and affiliates (for internal administration, security, compliance, and service delivery).

  2. Service providers / vendors (acting on our behalf and under contractual controls), such as:

    • KYC/AML and identity verification providers;

    • cloud hosting and infrastructure providers;

    • customer support, ticketing, and CRM providers;

    • analytics and performance monitoring providers;

    • blockchain analytics and screening providers;

    • security, fraud prevention, and risk management providers;

    • professional advisers and auditors (including legal, accounting, and compliance advisers).

  3. Regulators, courts, law enforcement, and competent authorities where required or permitted by law.

  4. Corporate transaction counterparties (e.g., in a merger, acquisition, restructuring, financing, or sale of assets), subject to appropriate safeguards.

  5. With your direction or authorization (for example, when you request an integration or instruct us to share information).

We do not sell Personal Information.

7. Cookies and Similar Technologies 

We use cookies and similar technologies to operate and secure the Site and Services, enable core functionality, and understand how the Site and Services are used so we can improve performance and reliability.

Where required by applicable law, we provide cookie consent or preference mechanisms (for example, through a cookie banner or settings). For more details, see the Cookie Policy appended to this Privacy Policy.

8. Cross-Border Transfers

Personal Information may be processed in jurisdictions outside the country where it was collected (for example, where we and our service providers operate internationally).

Where required by applicable law, we take reasonable steps to ensure recipients provide a comparable standard of protection, including through measures such as:

  • contractual obligations on confidentiality, security, and restricted use;

  • vendor due diligence and oversight;

  • information security and access controls;

  • organizational policies and procedures.

9. Retention and Disposal

We retain Personal Information only for as long as necessary to fulfill the purposes described in this Policy, or as required or permitted by law (including legal, regulatory, audit, dispute resolution, and risk management needs). We then delete, anonymize, or securely dispose of it, subject to legal and operational limitations.

Indicative maximum retention ranges (subject to legal/regulatory requirements and legal holds):

  1. KYC/AML and identity verification records (including ID documents and verification artifacts): typically up to 10 years after the end of the relevant relationship or completion of the transaction.

  2. Account and relationship records (including contractual and administrative records): typically up to 7 years after account closure or the end of the relationship.

  3. Security and access logs, audit logs, and related telemetry: typically up to 5 years.

  4. Support and service communications (e.g., tickets and emails): typically up to 7 years.

  5. Business contact and enterprise relationship records: typically up to 7 years from last interaction.

Where Personal Information is recorded on a public blockchain, it may not be possible to delete or modify it due to blockchain immutability. Where feasible, we focus on deleting or anonymizing off-chain Personal Information and restricting linkability to on-chain data.

10. Security Safeguards

We maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. Measures may include (as appropriate):

  • encryption in transit and at rest (where feasible);

  • access controls and least-privilege principles;

  • logging and monitoring;

  • secure development and testing practices;

  • vendor risk management and contractual security obligations;

  • staff training and confidentiality obligations;

  • incident response and business continuity procedures.

No system can guarantee absolute security. You are responsible for maintaining the confidentiality of credentials and using secure practices when accessing the Services.

11. Data Breach Management and Notification

We maintain procedures to assess, manage, and respond to suspected data incidents. Where required by applicable law, we will notify relevant regulators and/or affected individuals of a data breach that meets applicable notification thresholds, and we will do so within the timeframes prescribed by law. If you believe your interaction with Cobo may have been affected by a security issue, please contact us using the details in Section 15.

12. Children / Minors

The Services are not intended for individuals under 18 years of age, and we do not knowingly collect Personal Information from minors.

13. Your Rights and Choices

Depending on your jurisdiction and the nature of our relationship with you, you may have rights such as:

  1. Access: request access to Personal Information we hold about you;

  2. Correction: request correction of inaccurate or incomplete Personal Information;

  3. Withdrawal of consent (where we rely on consent): request that we stop processing Personal Information for a consent-based purpose (withdrawal may affect our ability to provide certain Services);

  4. Deletion/erasure (where applicable): request deletion of certain Personal Information, subject to legal and operational constraints (including blockchain immutability and legal retention obligations);

  5. Objection/restriction (where applicable): request restriction of certain processing in limited circumstances.

13.1 How to Submit a Request

To submit a request, contact our Data Protection Officer at [email protected]. Please include:

  • your name and contact details;

  • your relationship with Cobo (e.g., client contact, end user of a client, website visitor);

  • a clear description of your request and the relevant time period; and

  • any information we may need to verify your identity.

We may request additional information to verify identity and to understand and process your request. We will respond as soon as reasonably practicable and within any timeframe required by applicable law. Where permitted, we may charge a reasonable administrative fee for access requests, and we will inform you in advance if a fee applies.

If we process your Personal Information on behalf of a client (as a processor/data intermediary), you should generally submit your request to that client. We may assist the client in responding, subject to contractual and legal requirements.

14. Direct Marketing

Cobo does not conduct direct marketing to individuals in Hong Kong or Singapore (for example, by email, SMS, or phone), and we do not share Personal Information with marketing partners for marketing.

If our practices change in the future, we will update this Policy and (where required by applicable law) obtain any necessary consent or indication of no objection and provide a free-of-charge opt-out channel.

15. Contact Us (DPO and Complaints)

If you have questions about this Policy, want to submit a request, or have a complaint about how we handle Personal Information, please contact:

Data Protection Officer (DPO): [email protected]

Address: 76/F The Center, 99 Queen’s Road Central, Hong Kong

We will review and respond to complaints in accordance with applicable law. Where relevant, you may also have the right to contact your local data protection regulator.

16. Updates to This Policy

We may update this Policy from time to time. The most current version will be posted on the Site and will take effect as of the “Last Updated” date above. Where required by law, we will provide additional notice of material changes.

Cookie Policy (Appendix)

Last Updated: January 2026

1. Overview

This Cookie Policy explains how Cobo uses cookies and similar tracking technologies (“Cookies”) in connection with the Site and the Services. This Cookie Policy forms part of the Cobo Global Privacy Policy.

2. What Are Cookies

Cookies are small text files stored on your device when you visit a website. Cookies may be session-based (deleted when you close your browser) or persistent (remain on your device until deleted or expired). Cookies may be placed by Cobo (first-party cookies) or by third parties who provide services to us (third-party cookies).

3. Why We Use Cookies

Where permitted under applicable law, we use Cookies to:

  1. operate and secure the Site and Services;

  2. enable core functionality (e.g., authentication, session management);

  3. detect and prevent fraud or misuse;

  4. analyze usage trends and improve performance and reliability;

  5. troubleshoot issues and improve user experience; and

  6. comply with legal and regulatory obligations.

4. Types of Cookies We Use

4.1 Strictly Necessary / Functional Cookies

These Cookies are required for core functionality, security, authentication, and system stability.

4.2 Performance and Analytics Cookies

These Cookies help us understand how the Site and Services are used (e.g., which pages are visited, error rates, load times) so we can improve performance.

4.3 Third-Party Analytics

We may use third-party analytics tools (for example, Google Analytics) to collect and process usage information. These providers may set their own Cookies and process information in accordance with their own policies.

We do not use Cookies to conduct direct marketing to individuals in Hong Kong or Singapore, and we do not share Personal Information with marketing partners for marketing (see Section 14 of the Privacy Policy).

5. Managing Cookies

You can manage Cookies through:

  1. Browser settings: Most browsers allow you to refuse or delete Cookies.

  2. Cookie banner / preferences: Where required by law, we provide cookie consent or preference mechanisms.

If you disable certain Cookies, some features of the Site or Services may not function properly.

6. Do Not Track Signals

The Site does not currently respond to “Do Not Track” signals.

7. Third-Party Cookies

Third-party services may place their own Cookies. We do not control those Cookies and are not responsible for third-party practices. Where required by law, we seek to provide appropriate consent or preference mechanisms for non-essential Cookies.

8. Updates to This Cookie Policy

We may update this Cookie Policy from time to time. The latest version will be posted on the Site and will take effect as of the date indicated above.