Privacy Policy
1. Summary at a Glance
Cryptoix ("we", "us", "our") operates the cryptocurrency payment-gateway platform available at cryptoix.io. We collect only the data we need to run the service, keep it safe, and never sell it. This Policy explains what we collect, why we collect it, how long we keep it, and the choices you have. Questions? Email [email protected].
2. Who We Are & Legal Basis
Cryptoix is the data controller for personal data processed through this service. Where you are located in the European Economic Area or the United Kingdom, our processing is based on Article 6 of the GDPR:
- Art. 6(1)(b) — performance of the contract you accept when you sign up or send/receive a payment;
- Art. 6(1)(c) — compliance with our legal obligations (anti-fraud, AML, tax, accounting);
- Art. 6(1)(f) — our legitimate interests in securing the platform and preventing abuse;
- Art. 6(1)(a) — your consent, where required (e.g. optional analytics or marketing emails).
3. Information We Collect
3.1 Account data
Email address, password hash, full name, optional company name, time zone, language preference.
3.2 Transaction data
Wallet addresses you create or supply, on-chain transaction hashes, blockchain network, asset symbol, amount, fiat conversion rate at the time of payment, payment status, merchant reference IDs, invoice metadata you submit through our API or dashboard.
3.3 Technical data
IP address, user-agent string, device class, approximate geolocation derived from IP, timestamps of API calls, request paths, HTTP status codes, error traces. We use this to debug, rate-limit, and detect abuse.
3.4 Authentication & security data
Login history, two-factor-authentication state, password-reset events, API key fingerprints, webhook secrets (stored hashed), session identifiers.
3.5 Communications
Support tickets, contact-form submissions, replies you send to our system emails. We do not read or scan personal correspondence beyond what is needed to answer the request.
3.6 Cookies & similar technologies
A single first-party session cookie required to keep you signed in, plus a CSRF token. We do not run third-party advertising or behavioural-tracking cookies.
4. How We Use Your Information
- Provide the gateway: create wallets, route payments, generate invoices, deliver webhooks.
- Authenticate you and protect your account from unauthorised access.
- Detect fraud, money-laundering signals, prohibited activity, and rule-breaking.
- Meet our regulatory, tax, and accounting obligations.
- Respond to support requests and send transactional emails (receipts, security alerts, password resets).
- Improve reliability and performance through aggregated, non-identifying telemetry.
5. How We Share Your Information
We share personal data only with:
- Infrastructure providers — our hosting, CDN, and database providers, bound by data-processing agreements.
- Blockchain networks — on-chain transaction data is, by design, public.
- Compliance partners — KYC/AML screening services where the law or our acceptable-use policy requires it.
- Authorities — when compelled by a valid legal process or to prevent imminent harm.
- Successors — in the event of a merger, acquisition, or asset sale, in which case we will notify you in advance.
We do not sell, rent, or trade your personal data.
6. International Data Transfers
Our infrastructure may process data outside your country of residence. When we transfer personal data out of the EEA or UK, we rely on the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum) and apply additional safeguards as required.
7. Data Retention
| Category | Retention |
|---|---|
| Account record (active) | For the life of the account |
| Account record (closed) | 30 days, then deletion or anonymisation |
| Transaction & invoice records | Up to 7 years (financial-record obligations) |
| Login & security audit logs | 12 months |
| Support tickets | 24 months |
| Aggregated analytics | Indefinite (no personal identifiers) |
8. Security
We protect your data with TLS in transit, encryption at rest for sensitive fields, hashed and salted credentials, scoped API keys, two-factor authentication, rate-limiting, audit logging, isolated production environments, and regular dependency review. No system is perfectly secure; if we discover a breach affecting your data we will notify you and the relevant authorities as required.
9. Your Rights
Depending on where you live you may have the right to:
- Access the personal data we hold about you;
- Have inaccurate data corrected;
- Request deletion (subject to retention obligations above);
- Restrict or object to certain processing;
- Receive your data in a portable format;
- Withdraw consent at any time, where consent is the legal basis;
- Lodge a complaint with your local data-protection authority.
To exercise any right, email [email protected] from the address on your account. We respond within 30 days.
10. Children
The service is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.
11. Third-Party Links
Our site may link to merchant pages, blockchain explorers, or other third-party resources. Their privacy practices are governed by their own policies; we are not responsible for them.
12. Automated Decision-Making
We use automated rules to flag suspicious transactions, throttle abusive traffic, and block known fraud signatures. These decisions can affect whether a payment is processed or an account is suspended. You can request a human review of any automated outcome by emailing [email protected].
13. Changes to This Policy
We may update this Policy to reflect changes to our service, the law, or industry practice. Material changes will be announced via email or an in-product notice at least 30 days before they take effect. The "Last Updated" date at the top of this page always reflects the current version.
14. Contact
Privacy enquiries: [email protected]
General support: [email protected]