Privacy Policy

1. Introduction

Welcome to Cryptrac, a cryptocurrency payment processing platform operated by Cryptrac Solutions ("Company," "we," "us," or "our"). We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and related services (collectively, the "Service"). Please read this policy carefully to understand our practices regarding your information and how we will treat it.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Service.

2. Information We Collect

Personal Information You Provide:

• Account Information: Name, email address, phone number, business information, and password
• Payment Information: Cryptocurrency wallet addresses, billing information, and payment preferences
• Transaction Data: Details of transactions processed through our Service, including amounts, timestamps, and cryptocurrency types
• Communications: Messages, feedback, and support requests you send to us
• Verification Documents: Business registration documents, tax identification numbers, and compliance documentation as required

Information Automatically Collected:

• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
• Usage Data: Pages visited, features used, time spent on our Service, and interaction patterns
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to track activity and improve user experience
• Location Data: General location information derived from your IP address

Information from Third Parties:

• Payment Processors: Transaction confirmations and processing details from NOWPayments and other integrated payment processors
• Blockchain Data: Publicly available transaction data from blockchain networks
• Verification Services: Information from identity verification and compliance screening services
• Analytics Providers: Aggregated usage statistics and performance metrics

3. How We Use Your Information

Service Delivery and Operations:

• Process and facilitate cryptocurrency payment transactions
• Manage your account, including authentication and access control
• Generate payment links, invoices, and transaction confirmations
• Provide customer support and respond to your inquiries and requests
• Monitor and analyze Service performance and user experience

Security and Fraud Prevention:

• Detect, prevent, and investigate fraudulent or illegal activities
• Verify user identity and maintain account security
• Protect against security threats and unauthorized access
• Comply with anti-money laundering (AML) and know your customer (KYC) requirements

Legal Compliance and Protection:

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety, and that of our users and the public
• Respond to lawful requests from government authorities

Communications and Marketing:

• Send you service-related notifications and updates
• Provide important security alerts and account changes
• Send marketing communications about our services (with your consent where required)
• Conduct surveys and gather feedback to improve our Service

Service Improvement and Development:

• Analyze usage patterns to improve Service functionality
• Develop new features and enhancements
• Conduct research and analytics to optimize performance
• Personalize your experience and provide relevant content

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

Service Providers and Business Partners:

• Payment Processors: NOWPayments and other integrated payment service providers who process transactions on our behalf
• Cloud Infrastructure: Hosting and storage providers (e.g., AWS, Google Cloud)
• Analytics Services: Tools that help us understand Service usage and performance
• Customer Support: Third-party support platforms to manage customer inquiries
• Security Services: Fraud detection, identity verification, and cybersecurity providers

Legal and Regulatory Requirements:

• When required to comply with applicable laws, regulations, legal processes, or government requests
• To enforce our Terms of Service, Privacy Policy, or other agreements
• To detect, prevent, or address fraud, security issues, or technical problems
• To protect the rights, property, or safety of Cryptrac, our users, or the public

Business Transfers:

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Service of any such change in ownership or control of your personal information.

With Your Consent:

We may share your information for other purposes with your explicit consent or at your direction.

Public Blockchain Information:

Please note that cryptocurrency transactions are recorded on public blockchains. While we do not publish your personal information, wallet addresses and transaction details may be publicly visible on blockchain explorers. This information is not controlled by Cryptrac and cannot be modified or deleted.

5. Data Security and Protection

We implement comprehensive security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

Technical Security Measures:

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols
• Data Encryption at Rest: Sensitive information stored in our databases is encrypted using advanced encryption algorithms
• Secure Infrastructure: Our systems are hosted on secure, enterprise-grade cloud infrastructure with regular security audits
• Access Controls: Strict authentication and authorization mechanisms limit access to personal information
• Monitoring and Detection: Continuous monitoring for security threats and suspicious activities

Organizational Security Measures:

• Employee Training: Regular security awareness training for all employees
• Data Minimization: We collect and retain only the information necessary for our legitimate business purposes
• Vendor Management: Careful vetting and monitoring of third-party service providers
• Incident Response: Established procedures for responding to and reporting security incidents

Non-Custodial Architecture:

As a non-custodial platform, Cryptrac does not hold, store, or have access to customer funds. Cryptocurrency payments are processed directly to merchant-specified wallet addresses, significantly reducing security risks associated with custodial services.

Your Responsibilities:

• Maintain the confidentiality of your account credentials and never share your password
• Use strong, unique passwords and enable two-factor authentication when available
• Notify us immediately if you suspect any unauthorized access to your account
• Keep your wallet addresses and private keys secure - we cannot recover lost or stolen cryptocurrency

6. Your Privacy Rights and Choices

You have certain rights regarding your personal information, subject to applicable laws and regulations. These rights may vary depending on your jurisdiction.

Access and Portability:

• Request access to the personal information we hold about you
• Receive a copy of your personal information in a structured, commonly used, and machine-readable format
• Request transmission of your information to another service provider where technically feasible

Correction and Updates:

• Update or correct inaccurate or incomplete personal information
• Modify your account settings and preferences at any time
• Request that we correct errors in the information we maintain about you

Deletion and Erasure:

• Request deletion of your personal information
• Close your account and request removal of your data from our systems
• Note: We may retain certain information as required by law or for legitimate business purposes

Objection and Restriction:

• Object to processing of your personal information for specific purposes
• Request restriction of processing your information in certain circumstances
• Withdraw consent where processing is based on your consent

Marketing Communications:

• Opt out of marketing emails by clicking the "unsubscribe" link in any marketing message
• Adjust your communication preferences in your account settings
• Note: You cannot opt out of service-related communications (e.g., account verification, transaction confirmations, security alerts)

Cookie Management:

• Manage cookie preferences through your browser settings
• Opt out of third-party analytics cookies through provided opt-out mechanisms
• Note: Disabling certain cookies may limit functionality of our Service

Exercising Your Rights:

To exercise any of these rights, please contact us at privacy@cryptrac.com or through your account settings. We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.

7. International Data Transfers and Processing

Cryptrac operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

Legal Basis for Transfers:

• Adequacy Decisions: We transfer data to countries recognized as providing adequate data protection
• Standard Contractual Clauses: We use European Commission-approved standard contractual clauses when transferring data from the EU/EEA
• Appropriate Safeguards: We implement technical and organizational measures to protect data transferred internationally
• Your Consent: Where required, we obtain your explicit consent for international data transfers

Data Processing Locations:

Your information may be processed in the United States and other countries where we or our service providers operate. We ensure that all data transfers comply with applicable data protection laws and that appropriate safeguards are in place.

European Economic Area (EEA) Users:

If you are located in the EEA, we process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Service and fulfill our contract with you
• Legal Obligations: Processing required to comply with applicable laws and regulations
• Legitimate Interests: Processing necessary for our legitimate business interests, balanced against your rights
• Consent: Processing based on your explicit consent, which you may withdraw at any time

8. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

Retention Periods:

• Active Accounts: Information is retained while your account is active and you continue to use our Service
• Transaction Records: Financial transaction data is retained for at least 7 years to comply with tax and financial reporting requirements
• Closed Accounts: After account closure, we retain certain information for up to 7 years for legal and regulatory compliance
• Marketing Data: Marketing contact information is retained until you opt out or request deletion
• Support Communications: Customer service interactions are retained for up to 3 years for quality assurance and training purposes

Legal and Regulatory Requirements:

We may retain certain information as required by applicable laws, including but not limited to:

• Anti-money laundering (AML) and know your customer (KYC) regulations
• Tax reporting and recordkeeping requirements
• Financial services regulations and compliance obligations
• Legal proceedings and dispute resolution

Deletion Process:

When we no longer need your information or when you request deletion, we will:

• Permanently delete or anonymize your personal information from our active systems
• Remove your information from backup systems within a reasonable timeframe
• Retain only information necessary for legal compliance, in a secure and restricted manner
• Note: Blockchain transactions cannot be deleted as they are permanently recorded on public ledgers

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18 years of age.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@cryptrac.com. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers promptly.

By using our Service, you represent and warrant that you are at least 18 years of age and have the legal capacity to enter into binding agreements.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this policy.

Notification of Changes:

• Material Changes: For significant changes that materially affect your rights, we will provide prominent notice on our Service and/or send you an email notification at least 30 days before the changes take effect
• Minor Changes: For minor or non-material changes, we will update the policy and post a notice on our website
• Continued Use: Your continued use of our Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes

Review and Acceptance:

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. If you do not agree with any changes to this Privacy Policy, you must discontinue use of our Service.

Previous Versions:

We maintain an archive of previous versions of our Privacy Policy. If you would like to review a previous version, please contact us at privacy@cryptrac.com.

11. Contact Information and Privacy Support

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We are committed to addressing your privacy concerns and responding to your inquiries promptly.

Response Time:

• General privacy inquiries: We typically respond within 48-72 hours
• Privacy rights requests: We will acknowledge your request within 5 business days and respond within 30 days
• Security or data breach concerns: Contact us immediately for urgent attention

Regulatory Authorities:

If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns.

By using our Service, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. Thank you for trusting Cryptrac with your information.