1. Acceptance & Eligibility

By registering you confirm: (i) you are at least 18; (ii) you have legal capacity to contract; (iii) use is not prohibited in your jurisdiction; (iv) you are not subject to applicable sanctions.

2. Platform Description

PlutEx is a crypto-native, fiat-free exchange offering:

• Spot Trading: Top 10 cryptocurrencies (BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, DOT, LINK) paired with USDT.
• Staking Programme: Fixed monthly returns on staked assets per Section 7.
• Referral Programme: Earn rewards for introducing new stakers per Section 8.
• Wallet Services: Custody for trading and staking purposes only.

PlutEx does not support fiat currency, bank transfers, or any linkage to traditional financial accounts.

3. Account Security

You must: provide accurate information; keep credentials confidential; notify security@plutex.com of any unauthorised access immediately; accept responsibility for all activity under your account. PlutEx is not liable for losses from compromised credentials.

4. Prohibited Conduct

• Money laundering, terrorist financing, or illegal activity of any kind.
• Market manipulation, wash trading, spoofing, or layering.
• Hacking, unauthorised access, or platform disruption.
• Automated bots or scripts without written permission.
• Multiple accounts to circumvent limits.
• Impersonation of PlutEx, staff, or other users.

5. Trading Terms

5.1 Supported Assets

Top 10 cryptocurrencies by market cap against USDT. Asset list may change without prior notice.

5.2 Order Execution

All orders are on a best-efforts basis. No guarantee of execution at any specific price. Orders may be partially filled, rejected, or cancelled.

5.3 Fees

Fees are displayed at order placement. PlutEx may amend fee structures with 7 days notice. No fees during the promotional launch period per specific terms.

5.4 Withdrawals

Withdrawals to on-chain addresses only. PlutEx is not responsible for funds sent to incorrect addresses. Minimum amounts and network fees apply. PlutEx may delay withdrawals due to fraud risk or regulatory hold.

5.5 No Advice

PlutEx provides no investment, financial, legal, or tax advice. All decisions are made solely by the user.

6. Wallet & Custody

Assets held by PlutEx are for trading and staking purposes only. PlutEx is not a bank and provides no deposit insurance. Users are encouraged to withdraw non-active assets to personal wallets.

7. Staking Terms

7.1 Returns

• Standard rate: 2% per month (24% APY).
• Founding Member rate: 2.5% per month (30% APY) for first 500 users, first 3 months only.
• Returns credited automatically every 30 days from staking activation.

7.2 Lock-in & Withdrawal

• Principal locked for minimum 45 days. No withdrawals, transfers, or trading during lock-in.
• After 45 days: 30-day advance notice required before principal is returned.
• Early unstaking: not permitted under any circumstances.
• Monthly credited returns are freely withdrawable or tradeable — no lock-in on rewards.

7.3 Staking Risk

PlutEx is not responsible for any loss of staked assets for any reason whatsoever. Staking returns are not guaranteed in perpetuity. PlutEx reserves the right to amend the staking programme with 30 days notice.

8. Referral Programme

• Earn 10% of referred users' monthly staking returns for 6 months (subject to tier).
• Rewards auto-credited every 30 days.
• Fraudulent referrals result in forfeiture of all rewards and account termination.
• Programme may be modified with 14 days notice.
• Bronze/Silver/Gold/Platinum tiers as published on the Referral page.

9. Intellectual Property

All PlutEx content, brand, code, and design are proprietary. See our full IP Policy. Unauthorised use is prohibited.

10. Limitation of Liability

11. Indemnification

You agree to indemnify and hold PlutEx harmless from any claims, damages, and expenses (including legal fees) arising from your use, your breach of these Terms, or your violation of any law.

12. Suspension & Termination

PlutEx may suspend or terminate accounts at any time for any reason. PlutEx is not liable for any loss arising from suspension or termination.

13. Governing Law & Disputes

These Terms are governed by the law of PlutEx's operating jurisdiction. Disputes are first subject to good-faith negotiation (60 days), then binding arbitration. Class actions are waived.

14. Amendments

Terms may be amended with 14 days notice. Continued use after the effective date constitutes acceptance.

1. Policy Statement

PlutEx adopts a risk-based approach to AML and CTF compliance. We will not knowingly facilitate money laundering, terrorist financing, sanctions evasion, or any financial crime. Users engaging in such activity will be permanently banned and reported to relevant authorities.

2. KYC — Voluntary & Tiered

2.1 Default (No KYC)

Standard users may register with email only and trade within standard limits. No government ID required for basic access.

2.2 Voluntary Enhanced Verification

Users may voluntarily verify identity to access: higher withdrawal limits; priority support; reduced holding periods; future premium features.

2.3 Mandatory Verification Triggers

• Transaction patterns consistent with money laundering typologies.
• Receipt of a valid law enforcement request or court order.
• Deposits/withdrawals from flagged blockchain addresses.
• Sanctions evasion or terrorist financing indicators.
• Regulatory freeze requests from competent authorities.

3. Law Enforcement Cooperation

PlutEx will cooperate fully and promptly with genuine, verified law enforcement requests from competent authorities.

3.1 What We Will Provide

• Account registration details (email, dates, last access IP).
• Transaction history associated with the account.
• IP addresses and device data logged at login.
• Any voluntarily submitted KYC documents.
• Wallet addresses used for deposits and withdrawals.

3.2 Request Requirements

All requests must be: in writing on official letterhead by an authorised officer; accompanied by a valid legal instrument (court order, subpoena, MLAT request, or equivalent); sent to law-enforcement@plutex.com. PlutEx will not respond to informal, unverified, or anonymous requests.

4. Transaction Monitoring

• Unusual large or rapid transactions inconsistent with account profile.
• Structuring — breaking large amounts into smaller transactions.
• Transactions involving sanctioned wallet addresses (OFAC, UN, EU lists).
• Deposits from known darknet markets or mixers/tumblers.
• Circular trading patterns indicative of wash trading.

5. Sanctions Compliance

All user accounts and wallet addresses are screened against applicable sanctions lists. Users from sanctioned jurisdictions are prohibited. PlutEx will freeze and report any account found in breach of sanctions obligations.

6. Suspicious Activity Reporting

Where PlutEx identifies suspected money laundering or terrorist financing, we will file a Suspicious Activity Report (SAR) with the relevant financial intelligence unit. We are legally prohibited from tipping off the subject of such a report.

7. Record Keeping

All transaction records and compliance documentation are retained for a minimum of 5 years from the relevant transaction or account closure date.

8. Governance

A designated Compliance Officer oversees this policy. All staff with compliance functions receive regular AML/CTF training. This policy is reviewed annually.

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your device and remember preferences. This policy covers cookies and similar technologies including web beacons and local storage objects.

2. Cookies We Use

PlutEx does not use advertising or cross-site tracking cookies.

3. Managing Preferences

• Cookie banner: Presented on first visit — accept or reject non-essential cookies.
• Account settings: Update preferences any time via Settings > Privacy.
• Browser settings: Block or delete cookies in your browser. Blocking strictly necessary cookies will prevent the platform from working.

4. Do Not Track

PlutEx respects DNT signals where technically feasible. When detected, no non-essential cookies are set.

1. Market Risk

Cryptocurrency prices are extremely volatile and can fall to zero. Prices are influenced by macroeconomic events, regulation, exchange listings, technology failures, sentiment, and manipulation. PlutEx is not liable for any financial loss from market movements.

2. Liquidity Risk

Low liquidity for certain pairs may result in wide spreads, slippage, or inability to execute. Trading may be suspended in extreme conditions. PlutEx is not responsible for losses from illiquidity or suspension.

3. Technology & Platform Risk

• System outages: Maintenance, bugs, infrastructure failure, or DDoS attacks may cause downtime.
• Software bugs: Errors may affect order execution, balances, or withdrawals.
• Network congestion: Blockchain congestion may delay deposits and withdrawals.
• Smart contract risk: Blockchain interactions carry inherent smart contract vulnerabilities.

PlutEx is not responsible for any loss from technological failure of any kind.

4. Security Risk

• Cyber attacks: Despite industry-standard security, PlutEx may be subject to hacking. Enable all available security features including 2FA.
• Account compromise: Stolen credentials may allow attackers to access and withdraw funds. PlutEx is not liable for losses from compromised user credentials.
• Phishing: Beware fake PlutEx sites and emails. PlutEx will never ask for your password or private keys.

5. Regulatory & Legal Risk

Regulatory changes may restrict or prohibit use, result in asset freezing, or require service suspension. It is your responsibility to ensure compliance with your local laws. PlutEx is not responsible for losses from regulatory action.

6. Staking-Specific Risks

• Lock-in risk: Principal is locked 45 days — inaccessible regardless of market conditions.
• Return risk: Returns are stated commitments but not guaranteed in perpetuity. Programme may be amended.
• Counterparty risk: Staking returns depend on PlutEx's continued operation. Insolvency may put staked assets at risk.
• No government insurance: Assets on PlutEx are not covered by any deposit protection scheme.

7. Tax Risk

Crypto transactions may be subject to tax in your jurisdiction. You are solely responsible for tax compliance. PlutEx provides no tax advice.

8. Force Majeure

PlutEx is not liable for failure to perform due to events beyond its reasonable control including natural disasters, pandemics, war, government action, or internet infrastructure failure.

9. General Disclaimer

1. Ownership

All intellectual property rights in and to PlutEx are owned exclusively by PlutEx, including:

• Brand & Trademarks: The PlutEx name, logo (gold/silver PX hexagonal emblem), "Exchange Platform" tagline, colour schemes, and all brand assets.
• Software & Code: All source code, algorithms, matching engine, database schemas, APIs, and infrastructure.
• Design & UI: All user interface designs, layouts, graphics, icons, and visual elements.
• Content: All text, documentation, educational materials, blog posts, and marketing content.
• Data: Aggregated, anonymised platform analytics data.
• Domain Names: plutex.com and all associated domains and subdomains.

2. Permitted Use

You receive a limited, non-exclusive, revocable licence to use the platform for its intended purpose only. This licence does not permit you to:

• Copy, reproduce, or distribute any PlutEx content.
• Create derivative works from PlutEx's software, design, or brand.
• Use PlutEx trademarks or logos without written consent.
• Reverse engineer, decompile, or disassemble any part of the platform.
• Imply endorsement or affiliation with PlutEx without consent.

3. User-Generated Content

By submitting content (feedback, bug reports, posts), you grant PlutEx a perpetual, worldwide, royalty-free licence to use and adapt it for platform improvement purposes. You warrant such content does not infringe third-party rights.

4. Copyright Complaints

To report copyright infringement on PlutEx, send a DMCA notice to legal@plutex.com including: identification of the copyrighted work; location of infringing material; your contact information; statement of good-faith belief; and statement of accuracy under penalty of perjury.

5. Enforcement

PlutEx actively monitors for IP infringement. Unauthorised use may result in civil claims for damages and/or injunctive relief, and may constitute a criminal offence under applicable law.

1. Scope

Applies to all data processed by PlutEx: personal data of users and staff, transaction data, analytics, third-party vendor data, and internal business data. Applies to all systems, staff, contractors, and service providers.

2. Data Classification

3. Data Lifecycle

3.1 Collection

Data collected only for specified, legitimate purposes. Minimised to what is necessary. Users informed at point of collection.

3.2 Storage

Stored on encrypted servers with appropriate physical and logical access controls. Backups are encrypted and stored separately from primary data.

3.3 Access

Granted on need-to-know, least-privilege basis. All access logged and auditable. Privileged access reviewed quarterly. Departed staff access revoked immediately.

3.4 Retention Schedule

• Transaction records: 5 years minimum
• Account data: Duration of account plus 2 years
• KYC documents: 5 years from submission or closure
• Support communications: 2 years
• Security logs: 12 months
• Marketing data: Until consent withdrawn

3.5 Disposal

Expired data is securely deleted using cryptographic erasure. Disposal is logged and documented.

4. Security Standards

• All data in transit encrypted via TLS 1.2+.
• Sensitive data at rest encrypted via AES-256.
• Passwords stored as salted hashes (bcrypt/Argon2).
• API access secured with rotating tokens and rate limiting.
• Database access requires MFA for all privileged users.
• Annual penetration testing by qualified third-party firms.

5. Data Breach Response

• 24 hours: Incident response activated; breach contained.
• 48 hours: Scope and affected users assessed.
• 72 hours: Regulatory notification where required.
• 7 days: Notification to affected high-risk users.
• 30 days: Full post-incident review and remediation report.

6. Third-Party Processors

All vendors with data access must sign a Data Processing Agreement requiring: equivalent security standards; purpose-limited processing; no unauthorised sub-processors; 24-hour breach notification; data deletion on contract termination.

7. Roles

1. Governance Bodies

• Executive Leadership: Strategic direction, major policy decisions, regulatory relationships.
• Compliance Committee: AML/KYC policy, regulatory compliance, law enforcement cooperation.
• Security Council: Information security, incident response, Security Bounty Program.
• Data Protection Officer: Independent oversight of data governance and privacy.
• Legal Counsel: Reviews all material policies, contracts, and regulatory matters.

2. Policy Framework

3. User Protections

• Transparency: All policies publicly accessible at plutex.com/legal.
• Notice: Material policy changes communicated at least 14 days in advance.
• Responsiveness: Complaints acknowledged within 2 business days; resolved within 30 days.
• No hidden fees: All fees disclosed at point of transaction.
• No data sale: User data never sold to third parties under any circumstance.

4. Change Management

Material platform changes follow a structured process: internal review and approval; legal and compliance sign-off; user notification per applicable notice period; post-change impact monitoring.

5. Complaints Process

1. First contact: support@plutex.com — acknowledged within 2 business days.
2. Investigation: Completed within 30 days; user notified of outcome.
3. Escalation: compliance@plutex.com
4. External: Users retain the right to seek remedies via applicable regulatory bodies or courts.

6. Audit & Reporting

Internal compliance audits conducted at least annually. External security audits by independent firms annually. Findings reviewed by the relevant governance body and remediated within agreed timelines.

1. Program Overview

PlutEx's Security Bounty Program invites security researchers and ethical hackers to identify and responsibly report vulnerabilities. Qualifying submissions are rewarded in USDT credited to a PlutEx wallet or external address.

2. In Scope

2.1 Systems

• plutex.com (main web application)
• api.plutex.com (REST and WebSocket APIs)
• demo.plutex.com
• PlutEx mobile applications (when launched)

2.2 Vulnerability Types

• Authentication bypass or account takeover
• Privilege escalation or unauthorised data access
• SQL injection, command injection, or remote code execution
• Stored or reflected XSS with user impact
• IDOR allowing access to other users' data
• Business logic vulnerabilities in trading, staking, or withdrawal flows
• Wallet or fund manipulation vulnerabilities
• Sensitive data exposure (API keys, private keys, user data)
• SSRF with material impact
• Cryptographic weaknesses in security-critical functions

3. Out of Scope

• DoS/DDoS attacks
• Social engineering or phishing of PlutEx staff
• Physical security attacks
• Vulnerabilities in third-party software not directly integrated
• Automated scanner results without proof of concept
• Rate limiting without demonstrated fund or account impact
• Missing security headers without demonstrated exploitability
• Issues already known to or previously reported to PlutEx

4. Reward Tiers

Amounts at PlutEx's sole discretion. Duplicate reports receive no reward — first reporter wins.

5. Responsible Disclosure Rules

• Do not exploit beyond what is necessary to demonstrate existence.
• Do not access user data beyond your own test accounts.
• Do not disrupt platform operations or other users.
• Report to security@plutex.com before any public disclosure.
• Allow 90 days for investigation and remediation before disclosing publicly.
• Use test accounts only — never test on real-fund production accounts.

Violating these rules — especially exploiting vulnerabilities or accessing user data — will result in disqualification, law enforcement reporting, and legal action.

6. How to Report

Email security@plutex.com with subject "Security Bounty: [Brief Description]" including:

• Clear description of the vulnerability and potential impact.
• Step-by-step reproduction instructions.
• Proof-of-concept (screenshots, video, or code — no real user data).
• Affected URL(s), endpoint(s), or system component(s).
• Your suggested severity and rationale.
• Preferred reward delivery address.

7. Timeline

8. Hall of Fame

With your consent, qualifying researchers are recognised on our Security Hall of Fame at plutex.com/security/hall-of-fame, including your handle, vulnerability category, and date.

9. Legal Safe Harbour

PlutEx will not pursue civil or criminal action against researchers who: act in good faith; follow the responsible disclosure rules; do not access third-party user data; and do not disrupt operations. We consider responsible security research a valuable contribution to platform security.