Privacy Policy
Last updated: December 4, 2025
1. Introduction
CryptoGate ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency payment gateway service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, business name, password (encrypted)
- Wallet Addresses: Cryptocurrency addresses for receiving payments
- API Credentials: API keys and webhook URLs
- Business Information: Company details for invoicing (optional)
- Support Communications: Messages sent to our support team
2.2 Automatically Collected Information
- Transaction Data: Payment amounts, cryptocurrencies, timestamps, transaction IDs
- Usage Data: IP addresses, browser type, pages visited, time spent
- Device Information: Device fingerprints for fraud prevention
- Log Data: API requests, error logs, system events
2.3 Information We DO NOT Collect
- Private keys or seed phrases
- Credit card or banking information
- Social security numbers or national IDs
- Unnecessary personal information
3. How We Use Your Information
We use collected information for:
- Service Provision: Process payments, manage your account
- Communication: Send transaction notifications, service updates, support responses
- Security: Detect fraud, prevent unauthorized access, ensure compliance
- Improvement: Analyze usage patterns to improve our service
- Legal Compliance: Meet regulatory requirements and respond to legal requests
4. Information Sharing and Disclosure
4.1 We DO NOT Sell Your Data
We will never sell, rent, or trade your personal information to third parties.
4.2 Limited Sharing Scenarios
We may share information only in these specific circumstances:
- Service Providers: Cloud hosting (AWS), email delivery (Mailcow), monitoring tools
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In case of merger, acquisition, or sale (with notice)
- With Your Consent: When you explicitly authorize sharing
- Aggregated Data: Anonymous statistics that don't identify you
5. Data Security
We implement industry-standard security measures:
- Encryption: TLS/SSL for data in transit, AES-256 for data at rest
- Access Controls: Role-based access, principle of least privilege
- Authentication: Bcrypt password hashing, optional 2FA
- Infrastructure: Isolated servers, regular security audits, penetration testing
- Monitoring: 24/7 intrusion detection and logging
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as necessary to:
- Provide the Service (active accounts)
- Comply with legal obligations (transaction records: 7 years)
- Resolve disputes and enforce agreements
When you delete your account, we delete personal information within 90 days, except data we're legally required to retain.
7. Your Privacy Rights
7.1 Access and Correction
You have the right to:
- Access your personal information
- Correct inaccurate information
- Update your account details
- Download your data (portability)
7.2 Deletion
You can request account deletion at any time. We'll delete your data within 90 days, except:
- Transaction records (legal requirement)
- Data in backups (deleted within 6 months)
7.3 Marketing Opt-Out
You can unsubscribe from marketing emails via the unsubscribe link or in your account settings. Transactional emails cannot be opted out.
7.4 GDPR Rights (EU Users)
If you're in the EU, you also have the right to:
- Object to processing
- Restrict processing
- Lodge a complaint with your supervisory authority
9. Third-Party Services
We use these third-party services:
- AWS: Cloud hosting
- Mailcow: Email delivery (self-hosted)
- Blockchain Networks: Public blockchains (Bitcoin, Ethereum, etc.)
Third parties have their own privacy policies. Cryptocurrency transactions are public on blockchains.
10. Children's Privacy
Our Service is not intended for individuals under 18. We do not knowingly collect information from children. If we learn we've collected a child's information, we'll delete it immediately.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure adequate safeguards through:
- Standard contractual clauses
- Encryption during transfer
- Compliance with GDPR and applicable laws
12. Changes to This Policy
We may update this Privacy Policy. We'll notify you of material changes via email and dashboard notice. Continued use after changes constitutes acceptance.
13. Contact Us
For privacy questions or to exercise your rights:
Email: [email protected]
Data Protection Officer: [email protected]