Privacy Policy

Last updated: December 4, 2025

Summary: We collect minimal data necessary to operate our service. We never sell your data. You control your cryptocurrency and wallets.

1. Introduction

CryptoGate ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency payment gateway service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, business name, password (encrypted)
  • Wallet Addresses: Cryptocurrency addresses for receiving payments
  • API Credentials: API keys and webhook URLs
  • Business Information: Company details for invoicing (optional)
  • Support Communications: Messages sent to our support team

2.2 Automatically Collected Information

  • Transaction Data: Payment amounts, cryptocurrencies, timestamps, transaction IDs
  • Usage Data: IP addresses, browser type, pages visited, time spent
  • Device Information: Device fingerprints for fraud prevention
  • Log Data: API requests, error logs, system events

2.3 Information We DO NOT Collect

  • Private keys or seed phrases
  • Credit card or banking information
  • Social security numbers or national IDs
  • Unnecessary personal information

3. How We Use Your Information

We use collected information for:

  • Service Provision: Process payments, manage your account
  • Communication: Send transaction notifications, service updates, support responses
  • Security: Detect fraud, prevent unauthorized access, ensure compliance
  • Improvement: Analyze usage patterns to improve our service
  • Legal Compliance: Meet regulatory requirements and respond to legal requests

4. Information Sharing and Disclosure

4.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal information to third parties.

4.2 Limited Sharing Scenarios

We may share information only in these specific circumstances:

  • Service Providers: Cloud hosting (AWS), email delivery (Mailcow), monitoring tools
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale (with notice)
  • With Your Consent: When you explicitly authorize sharing
  • Aggregated Data: Anonymous statistics that don't identify you

5. Data Security

We implement industry-standard security measures:

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, principle of least privilege
  • Authentication: Bcrypt password hashing, optional 2FA
  • Infrastructure: Isolated servers, regular security audits, penetration testing
  • Monitoring: 24/7 intrusion detection and logging

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service (active accounts)
  • Comply with legal obligations (transaction records: 7 years)
  • Resolve disputes and enforce agreements

When you delete your account, we delete personal information within 90 days, except data we're legally required to retain.

7. Your Privacy Rights

7.1 Access and Correction

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Update your account details
  • Download your data (portability)

7.2 Deletion

You can request account deletion at any time. We'll delete your data within 90 days, except:

  • Transaction records (legal requirement)
  • Data in backups (deleted within 6 months)

7.3 Marketing Opt-Out

You can unsubscribe from marketing emails via the unsubscribe link or in your account settings. Transactional emails cannot be opted out.

7.4 GDPR Rights (EU Users)

If you're in the EU, you also have the right to:

  • Object to processing
  • Restrict processing
  • Lodge a complaint with your supervisory authority

8. Cookies and Tracking

We use cookies for:

  • Essential: Session management, authentication
  • Analytics: Usage statistics (anonymized)
  • Security: Fraud detection, bot prevention

See our Cookie Policy for detailed information.

9. Third-Party Services

We use these third-party services:

  • AWS: Cloud hosting
  • Mailcow: Email delivery (self-hosted)
  • Blockchain Networks: Public blockchains (Bitcoin, Ethereum, etc.)

Third parties have their own privacy policies. Cryptocurrency transactions are public on blockchains.

10. Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect information from children. If we learn we've collected a child's information, we'll delete it immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate safeguards through:

  • Standard contractual clauses
  • Encryption during transfer
  • Compliance with GDPR and applicable laws

12. Changes to This Policy

We may update this Privacy Policy. We'll notify you of material changes via email and dashboard notice. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy questions or to exercise your rights:

Email: [email protected]
Data Protection Officer: [email protected]

Related Documents