RUEN
Order exchange
RUEN
Order exchange in Telegram

Privacy Policy

Last updated: 19 June 2026 · Version 1.0

VND Exchange ("the Operator", "we", "us") is a private currency-exchange service with no separate legal entity. We run as a principal counterparty: we buy and sell digital assets and currency on our own account for one-off exchange operations. We are not an agent, broker, fiduciary, adviser, or custodian for anyone.

The only channel through which we operate and through which you can reach us is the Telegram bot and mini-app @VNDExchangeRobot. We do not publish a support handle, an email address, a registration number, or a license, because we hold none and because the bot is our single stable point of contact. Any message that claims to come from us through some other channel is not us.

We are not a bank, credit institution, payment or e-money institution, broker, licensed FX agent, or licensed crypto exchange. We are not supervised by the State Bank of Vietnam or by any other authority. Digital assets, including USDT, are treated by us as property — a digital asset — and never as money, legal tender, or a means of payment. Nothing in this policy or anywhere in the Service is investment, legal, or tax advice.

This Privacy Policy governs personal data handled across the whole Service: the website, the Telegram bot, and the mini-app. It sits alongside our other documents — the Public Offer, the Consent to Processing of Personal Data, the AML / KYC Policy, the Risk Disclosure, the Refund & Cancellation Policy, and the Cookie Policy. Where this policy and one of those conflict on a data point, this policy controls for that point.

1. Who controls your data

The Operator of VND Exchange decides how and why your personal data is processed, and is the controller of that data. Contact us about anything in this policy through the Telegram bot and mini-app @VNDExchangeRobot. There is no other channel.

2. What this policy covers

It covers personal data we collect through the public website, through the Telegram bot, and through the mini-app, whether you are browsing rates, placing an order, completing identity checks, or settling a deal. The website is mostly a marketing surface and a live-rate calculator; the parts of the Service that handle orders, identity documents, payment details, and settlement run inside Telegram.

3. Data we collect

Depending on how far you go with us, we may hold:

3.1. Telegram account data — your Telegram numeric ID, username, phone number where Telegram shares it, and the profile fields (name, photo, language) that Telegram passes to the bot or mini-app.

3.2. Identity documents — images of a government-issued passport or ID and a selfie, where verification is required under our AML / KYC Policy.

3.3. Wallet and payment details — the crypto wallet addresses you send from or receive to, and the bank or card requisites used to pay or to be paid.

3.4. Transaction history — the orders you create, the amounts and currencies (for example USDT and VND), the rate fixed at confirmation, settlement method (bank or card transfer, or cash brought by courier), timestamps, and the chat and order messages exchanged with us in the bot.

3.5. Technical data from the website — your IP address and device and browser characteristics (type, operating system, screen, referrer).

3.6. A hashed analytics identifier — for website analytics we do not store your raw IP. We store a one-way hash of the form sha256(IP + SALT), which lets us count and de-duplicate visits without keeping the address itself.

3.7. Cookies and similar storage — see the Cookie Policy. The mini-app does not use browser cookies; it uses Telegram's own WebApp storage.

We do not ask for more than the operation in front of us needs. If you only browse the site, most of section 3 never applies to you.

4. Where the data comes from

Most data comes from you directly — what you type or upload in the bot or mini-app, and what your browser sends to the website. Two sources are worth naming plainly:

  • Telegram. When you open the bot or mini-app, Telegram passes us your account data (section 3.1) so the Service can function at all.
  • A third-party blockchain-analytics provider. When you send incoming crypto, we submit the originating address and transaction to an external blockchain-analytics provider that returns a risk assessment of that address and the funds. We receive and keep that assessment as part of the order record. This screening is described in the AML / KYC Policy.

5. Why we process it, and on what basis

PurposeBasis
Quoting, confirming, and settling your exchange order; communicating with you about it; handling returnsPerformance of the exchange agreement with you (the Public Offer)
Verifying identity, screening incoming crypto, checking that payment came from the requisite stated in the order, and deciding whether to proceed, hold, or refuseOur own legitimate interest in preventing fraud and abuse and in running the Service safely — a risk-based judgment we make on our own account, not a regulated obligation
Keeping order and verification records for the retention period in section 8Our legitimate interest in being able to evidence and reconcile past operations
Website analytics (the hashed identifier in section 3.6) and any marketing messagesYour consent, which you can withdraw at any time

We do not sell your personal data, and we do not use it to build profiles for advertising networks.

6. Who processes data for us

We use a small set of service providers. We name them honestly rather than hiding behind "trusted partners":

6.1. Telegram hosts the bot and mini-app and the messages exchanged there, and supplies the account data in section 3.1. Your use of Telegram is also governed by Telegram's own terms and privacy policy, which we do not control.

6.2. A third-party blockchain-analytics provider screens incoming crypto addresses and transactions and returns the risk assessment described in sections 4 and 5.

6.3. Our hosting / VPS provider runs the website and the back-end servers on which order and account records are stored.

6.4. Our own first-party website analytics. The analytics that record site visits are operated by us, on our own infrastructure, using the hashed identifier in section 3.6. We do not embed a third-party analytics network such as Google Analytics on the website.

These providers act on our instructions for the purposes above. They are not given your data to use for their own marketing.

7. Cross-border processing

We operate from Vietnam, and order and account records are processed in Vietnam. Because the Service runs through Telegram and through hosting and analytics infrastructure that the Operator maintains outside Vietnam, your data is also processed in, and moves across, other countries. By using the Service you understand that your personal data will be processed in Vietnam and abroad in this way. Section 5 of the Consent document records your agreement to this cross-border processing for the data given during KYC and ordering.

8. How long we keep it

Identity-verification records and transaction records are kept for up to three years after your last operation with us. Other personal data is kept only for as long as it is needed for the purpose it was collected for, after which it is deleted or anonymized. If you withdraw a marketing consent, we stop the marketing use straight away, though records we are still entitled to keep under the three-year rule remain.

9. Your rights and how to use them

You can ask us to:

  • give you a copy of the personal data we hold about you;
  • correct data that is wrong or out of date;
  • delete data, where we are not still keeping it under section 8 or where it is not tied to a deal we are still settling;
  • withdraw a consent you gave (for marketing or for cookies/analytics), without affecting anything we did before you withdrew it.

Make any of these requests through the Telegram bot and mini-app @VNDExchangeRobot. We will ask you to confirm your identity first, so that we do not hand someone's data to the wrong person, and we aim to respond within 30 days. Some requests we may decline or limit — for example, deleting records we are mid-deal on, or that fall inside the three-year retention window — and we will tell you why.

10. How we look after it

We take steps to align with applicable data-protection law and apply reasonable technical and organizational measures to protect the data we hold: access is limited to what an operation needs, identity images are kept apart from routine order data, and the hashed analytics identifier means we do not retain raw IP addresses. We do not claim to be fully compliant with, or certified under, any particular data-protection regime, and we make no "bank-grade" or absolute-security promises. No system is perfectly secure, and you send us data at your own risk.

11. Age

The Service is for adults. You must be at least 18 to use it, and we do not knowingly collect data from anyone under 18. If you believe a minor has given us data, tell us through @VNDExchangeRobot and we will remove it.

12. Changes to this policy

We may update this policy. The current version, with its date and version number at the top, is the one that applies. Continued use of the Service after an update means you accept the updated policy.

13. Contact

Everything to do with your personal data — questions, requests, withdrawals of consent — goes through the Telegram bot and mini-app @VNDExchangeRobot. We do not maintain any other contact channel.

Order exchange in Telegram