← Back to Bridge

Privacy Policy

Last Updated: January 2025

1. Information We Collect

1.1 Transaction Data

We collect only the data necessary to process your cryptocurrency transactions:

Data Type	Purpose	Retention
Order ID (UUID)	Order tracking and support	2 years
User FB Address	Forward bridge payouts	2 years
Target Address	Selling FB - payout address for receiving other cryptocurrencies	2 years
Transaction amounts (USD/FB)	Order processing and compliance	2 years
Payment addresses	Payment processing	2 years
NOWPayments references	Payment tracking	2 years
Temporary deposit addresses	Selling FB - addresses for receiving FB deposits	7 days after completion
Transaction timestamps	Order tracking and analytics	2 years
Order status	Service operation	2 years
Client IP address	Security and rate limiting	1 year

1.2 Technical Data

• IP Addresses: Collected for security and fraud prevention
• User Agent: Browser information for compatibility
• Request Headers: Basic technical information for service operation

1.3 What We DON'T Collect

2. How We Use Your Information

2.1 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal bases:

• Contract Performance: To fulfill our contractual obligations to process your transactions
• Legitimate Interest: To ensure service security, prevent fraud, and maintain system integrity
• Legal Obligation: To comply with applicable laws, regulations, and legal requests

2.2 Service Operation

• Process cryptocurrency transactions
• Track order status and completion
• Provide customer support
• Ensure service security and prevent fraud

2.3 Legal Compliance

• Comply with applicable laws and regulations, including anti-money laundering (AML) requirements
• Respond to legal requests when required
• Maintain transaction records for audit purposes

3. Data Security

3.1 Technical Safeguards

• Encryption at Rest: All sensitive data encrypted using industry-standard encryption methods
• Encryption in Transit: All API communications use HTTPS/TLS
• Advanced Wallet Security: Enterprise-grade security measures for wallet operations
• Secure Key Management: Secure storage and management of cryptographic keys
• Database Security: Secure database systems with proper access controls
• Network Security: Trusted host middleware and CORS protection
• Security Headers: Comprehensive security headers (HSTS, CSP, X-Frame-Options, etc.)

3.2 Operational Safeguards

• Minimal Access: Only authorized personnel access data
• Sanitized Logging: Sensitive data automatically sanitized from logs
• Real-time Monitoring: Automated security alert system
• Automated Cleanup: Expired data automatically purged
• Rate Limiting: IP-based rate limiting and anti-bot protection
• Webhook Verification: NOWPayments webhook signature verification
• Audit Trails: Comprehensive logging of all system activities

4. Data Sharing and Disclosure

4.1 Third-Party Services

We share minimal data with trusted third-party services:

• NOWPayments: Payment processing (transaction amounts, addresses, and order references)
• Fractal Bitcoin Mempool: Transaction monitoring (public blockchain data only)
• CoinEx API: Price feeds (no personal data shared)

4.2 Legal Requirements

We may disclose data when required by law, including:

• Court orders or legal subpoenas
• Regulatory investigations
• Fraud prevention and security

4.3 No Sale of Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

5. Your Rights and Choices

5.1 Data Access (Right of Access)

You have the right to request information about what personal data we have collected about you, including the purposes of processing, categories of data, and recipients of your data.

5.2 Data Correction (Right to Rectification)

You have the right to request correction of any inaccurate or incomplete data we hold about you.

5.3 Data Deletion (Right to Erasure)

You have the right to request deletion of your data, subject to legal and operational requirements (such as legal obligations to retain transaction records).

5.4 Data Portability (Right to Data Portability)

You have the right to receive a copy of your data in a structured, commonly used, and machine-readable format.

5.5 Right to Object

You have the right to object to processing of your personal data based on legitimate interests. However, we may continue processing if we have compelling legitimate grounds or for legal compliance.

5.6 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

5.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

5.8 Right to Lodge a Complaint

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

5.9 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and disclose
• The right to delete your personal information (subject to exceptions)
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us using the information provided in Section 11.

6. Data Retention

6.1 Retention Periods

• Transaction Data: 2 years from transaction completion
• Temporary Deposit Addresses (Selling FB): 7 days after completion
• Security Logs: 1 year from creation
• Support Records: 1 year from resolution
• Reservations: Deleted immediately upon expiration
• Quotes: Deleted after 90 seconds if not used

6.2 Automatic Deletion

Data is automatically deleted through scheduled cleanup jobs that run at regular intervals to ensure expired data is promptly removed. This includes:

• Expired quotes and reservations
• Expired payment reservations
• Temporary address cleanup
• Comprehensive system cleanup on a regular schedule

Data is automatically deleted after the retention period expires, unless required for legal compliance.

7. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Appropriate technical and organizational measures

8. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Providing notice through our service interface when possible

10. Cookies and Tracking

We use minimal, essential cookies only for:

• Session management
• Security purposes
• Basic functionality

We do not use tracking cookies, analytics cookies, or advertising cookies.

11. Contact Information

12. Effective Date

This Privacy Policy is effective as of January 2025 and applies to all information collected by the ZeroBit Gate service.

By using the ZeroBit Gate service, you acknowledge that you have read and understood this Privacy Policy.