Privacy Policy

Last updated: April 27, 2026 Effective: April 27, 2026

1. Who we are

Blex is a service operated by AMG CAPITAL GROUP S.A., a company incorporated in the Republic of Argentina. This Privacy Policy describes how we collect, use, store, and share personal information when you use the Blex mobile application, the website app.blexgroup.com, and related services (collectively, "the Services").

Data controller: AMG CAPITAL GROUP S.A.
Privacy contact: to be completed — e.g., privacy@blexgroup.com
Address: to be completed with legal address

2. Information we collect

2.1 Information you provide to us

Account data: first name, last name, email address, phone number, password.
Identification data (KYC): national ID number (DNI) or equivalent, tax ID (CUIT/CUIL), date of birth, place of birth, nationality, gender, address (street, city, province, postal code, country).
Identity documents: images of the front and back of the document, NFC data from the DNI chip (when available).
Biometric data: live selfie, liveness check, facial data for identity validation.
Proof of address: utility bill, bank statement, or other equivalent document.
Financial information: linked bank accounts, CBU, alias, card data (processed by PCI-certified third parties), transaction history, balances in pesos and cryptocurrencies.
Support data: inquiries, complaints, and any documentation you submit.

2.2 Information we collect automatically

Device identifiers: unique device ID, model, operating system and version, language, time zone.
Connection data: IP address, internet provider, approximate location derived from the IP.
Usage data: screens visited, actions performed, session duration, errors and crash logs.
Advertising identifiers: IDFA on iOS and AAID on Android (only if you explicitly authorize tracking).
Cookies and similar technologies on the web version (see section 9).

2.3 Information we receive from third parties

Identity verification through the processor Didit (KYC verification result, confidence score).
Sanctions and PEP lists through AML Screening (screening results against OFAC, UN, EU, and local lists).
Validation against government registries (RENAPER, AFIP/ARCA) when applicable.
Public blockchain data associated with the crypto wallet addresses we generate for you.

3. Purposes of processing

We use your information to:

Create and manage your Blex account.
Comply with regulatory obligations on anti-money laundering (UIF — Argentina's Financial Information Unit, Resolutions 49/2024 and 56/2024), CNV (Securities Commission, Resolution 1058/2025), ARCA (Resolution 5804/2025), and applicable BCRA (Central Bank of Argentina) regulations.
Verify your identity through KYC and biometric processes before enabling operations.
Process transactions in Argentine pesos, US dollars (USD), cryptocurrencies, and stablecoins (USDC, USDT, ETH, SOL).
Custody your crypto assets through an MPC (Multi-Party Computation) scheme in collaboration with Web3Auth.
Detect and prevent fraud and suspicious operations.
Provide customer support and handle complaints.
Improve our Services through aggregated analytics.
Send transactional communications (operation notifications) and, optionally, commercial communications (with your explicit consent).
Comply with judicial requirements or requests from competent authorities.

4. Legal basis for processing

We process your data on the following bases:

Performance of a contract: to provide you with the Services you request.
Legal obligation: to comply with UIF, ARCA, CNV, BCRA regulations and applicable Argentine laws.
Legitimate interest: to prevent fraud, ensure operations, and improve the service.
Consent: for commercial communications and the use of advertising identifiers. You may withdraw your consent at any time.

5. Processors and third parties we share data with

To operate the Services we work with the following processors. Each one processes data only to the extent strictly necessary:

Provider	Purpose	Data involved
Didit (didit.me)	KYC verification, biometrics, AML	Documents, biometrics, personal data
Bridge.xyz	Fiat-crypto on/off-ramp and international operations	Account data, transactions, KYC
Web3Auth	MPC custody of crypto wallets	User identifier, MPC keys
QuickNode	Blockchain indexing	Public addresses
Firebase (Google LLC)	Push notifications, analytics, crash reporting	Device ID, events, logs
Mixpanel	Product analytics	Usage events, user ID
Sentry	Error monitoring	Error logs, device ID
Meta (Facebook)	Campaign attribution	Install events (only if you consent)
Supabase	Data infrastructure	Encrypted account data
AWS / Vercel / Amplify	Infrastructure hosting	All data in transit and at rest

These providers operate under confidentiality and data processing agreements. Some are located outside Argentina (United States, European Union). International transfers are carried out with appropriate legal safeguards.

Other disclosures

To competent authorities (UIF, ARCA, CNV, BCRA, courts) when legally required.
To business partners that perform specific parts of the service (e.g., banks, payment processors) under confidentiality agreements.

We do not sell your personal information to third parties and we do not share data for third-party advertising.

6. Data retention

Account and KYC data: while your account is active and, after closure, for 10 (ten) years, as required by UIF anti-money-laundering regulations.
Transaction records: 10 (ten) years from the operation date.
Support data: up to 5 years from the last interaction.
Aggregated analytics data: indefinitely, in non-identifiable form.

7. Your rights

As the data subject, you have the right to:

Access your personal data (Argentine Personal Data Protection Act 25.326, art. 14).
Rectify inaccurate or outdated data.
Request the deletion of data when it is no longer necessary or when you so require, except where the law requires us to retain it (e.g., AML records).
Object to processing based on legitimate interest.
Portability: receive your data in a structured format.
Withdraw consent for processing based on consent.

To exercise these rights, write to to be completed email. We will respond within 10 business days.

You may also file complaints with the Agency for Access to Public Information (AAIP), the data protection authority in Argentina (argentina.gob.ar/aaip).

8. Security

We implement technical and organizational measures to protect your information:

Encryption in transit (TLS 1.2+) and at rest (AES-256).
Password hashing with bcrypt.
Two-factor authentication (where available).
MPC custody for crypto assets (no single party has full access to the keys).
Periodic security audits.
Restricted access to authorized personnel under the principle of least privilege.

No measure is 100% foolproof. If we detect a security incident affecting your data, we will notify you and the supervisory authority as required.

9. Cookies and similar technologies (web)

On app.blexgroup.com and related sites we use cookies to:

Keep you signed in (strictly necessary cookies).
Remember your preferences.
Usage analytics (with your consent).

You can manage cookies from your browser settings.

10. Minors

The Services are intended exclusively for people 18 years of age or older. We do not knowingly collect data from minors. If we discover that we have collected data from a minor without parental consent, we will delete it.

11. International transfers

Some providers process data outside Argentina (mainly in the United States and the European Union). These transfers are made under:

Approved standard contractual clauses.
Adequacy decisions where applicable.
Other safeguards provided for under Act 25.326 and its implementing regulations.

12. Changes to this policy

We may update this Policy. When changes are material, we will notify you by email or within the application at least 15 days in advance. The "Last updated" date shown above reflects the current version.

13. Contact

For privacy inquiries or to exercise your rights:

Email: to be completed — e.g., privacy@blexgroup.com
Postal address: to be completed with the legal address of AMG CAPITAL GROUP S.A.

For formal complaints you may also contact the AAIP at argentina.gob.ar/aaip.