Privacy Policy

Conceptual Healthcare Corporation ("CHC"), headquartered in Destin, Florida, is the data controller for personal information collected through HC.exchange. Questions about this Privacy Policy may be directed to privacy@conceptualhealth.com.

We collect the following categories of personal information:

• Account Registration: Full legal name, email address, date of birth, government-issued ID (for KYC), and contact information.
• KYC/AML Documents: Passport, driver's license, proof of address, and Tax ID / W-9 (required for fiat withdrawals).
• Trading Activity: Order history, trade execution records, deposit and withdrawal records, and portfolio balances.
• Device and Browser Data: IP address, browser type, operating system, device identifiers, and session timestamps.
• Communications: Support tickets, emails, and in-app messages you send to CHC.

• Account Management: Creating and maintaining your trading account, verifying identity, and providing customer support.
• Order Matching: Operating the exchange order book and executing trades on your behalf.
• Tax Reporting: Generating and filing IRS Form 1099-B for reportable dispositions of digital commodities.
• Fraud Prevention: Detecting and preventing unauthorized access, market manipulation, and financial crime.
• Regulatory Compliance: Meeting obligations under BSA/AML, OFAC, and applicable federal and Florida state law.
• Product Improvement: Aggregated, anonymized analytics to improve platform performance (analytics cookies require separate consent).

We do not sell your personal information to third parties. We share personal data only in the following circumstances:

• IRS: Form 1099-B reporting for digital commodity dispositions above applicable thresholds.
• FinCEN / Law Enforcement: As required by Bank Secrecy Act (BSA), AML obligations, or valid legal process (subpoena, court order).
• Banking Partners: Regulated custodians and payment processors enabling fiat deposits and withdrawals, under strict data processing agreements.
• Fraud Prevention Services: Identity verification and sanctions screening providers, under contractual data protection obligations.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

HC.exchange uses essential session cookies required for platform operation (authentication, CSRF protection). These cannot be disabled without impairing platform functionality. Optional analytics cookies are used only with your explicit consent. You may withdraw consent at any time via the cookie preference center in Settings.

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and personal data, subject to IRS record-keeping requirements (see Retention below).
• Data Portability: Request your trade history and account data in a machine-readable format (CSV/JSON).
• Opt-Out of Analytics: Withdraw consent for non-essential analytics cookies at any time.

To exercise any of these rights, contact privacy@conceptualhealth.com. We will respond within 30 days.

• Trade Records: Retained for 7 years per IRS record-keeping requirements (26 USC §6501).
• KYC/AML Records: Retained for 5 years following account closure per BSA requirements (31 CFR 1010.430).
• Account Data: Retained while your account is active plus 3 years following closure, unless longer retention is required by law.
• Support Communications: Retained for 3 years from the date of last contact.

We employ industry-standard security measures including AES-256 encryption at rest and in transit, multi-factor authentication, role-based access controls, and regular third-party security audits. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

Conceptual Healthcare Corporation  ·  Destin, Florida
privacy@conceptualhealth.com