Launch App

Privacy Policy

Last Updated: June 26th, 2025

Introduction

BITS Blockchain Inc. ("BITS", "we", "us", or "our") is a Wyoming-based company that provides a non-custodial digital asset services platform. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR"), the UK Data Protection Act, and similar international laws. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our website, applications, and services (collectively, the "Services"). It also explains your rights and choices regarding your personal data. By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

Scope: This Policy applies to information we collect through our Services, whether you are accessing BITS from the United States or any other country. We may provide additional notices about data practices specific to certain jurisdictions as required by law. We do not knowingly offer our Services to or collect personal data from individuals in jurisdictions where such Services would be unlawful.

Role of BITS: For the purposes of data protection laws, BITS is the "data controller" of personal information we process, except where we act solely as a processor on behalf of a third-party (for example, for identity verification data handled by our verification provider). Our contact information is provided at the end of this Policy.

Personal Data We Collect

We collect various types of personal data from and about users of our Services. This may include

  • Blockchain and Transaction Information: When you use our platform to deposit Bitcoin (BTC) or wrapped BTC, we collect information associated with your blockchain transactions. This includes your blockchain wallet addresses and public blockchain data about deposits, withdrawals, and transaction history. Note that blockchain addresses and transactions are generally public and not issued by BITS; by themselves, wallet addresses are pseudonymous and may not directly identify an individual. However, we treat this information as personal data when it is linked to you as a user of our Services. We may aggregate users' BTC or wrapped BTC deposits for use as collateral in yield-generating strategies, but individual users' personal data is handled as described in this Policy.

  • Identity Verification Data: To comply with Know-Your-Customer ("KYC") and Anti-Money Laundering ("AML") regulations, we may collect personal identification information. This includes information such as your full name, date of birth, postal address, email address, phone number, government-issued identification numbers, photographs of your ID documents, selfies or live video for identity verification, proof of address, and any other information required by law.

    Important: BITS conducts KYC/AML verification through a trusted third-party service provider. When you undergo identity verification, you provide your personal information and documents directly to our verification provider, which processes this data solely for compliance purposes on our behalf. This process may involve biometric data (e.g. facial recognition derived from your photo or video) to confirm your identity. BITS does not store your biometric identifiers or the images of your identity documents on our systems. We receive from the provider only limited information, such as confirmation that your identity has been verified or failed verification, and basic details like your verification status or user ID. We do not retain the sensitive identity data beyond what is necessary for compliance record-keeping.

  • Account and Contact Information: If you create an account or otherwise communicate with us, you may provide personal data such as your name, username, password, email address, mailing address, telephone number, or other contact details. For example, when registering for our Services or subscribing to updates, you will provide an email address and possibly other identifiers. We use this information to administer your account and communicate with you. We keep records of correspondence and communications with you (such as support requests or feedback) and any information you choose to provide in those interactions.
  • Financial and Transaction Details: In the course of providing services, we may collect information about the transactions you perform through our platform. This includes amounts of BTC or wrapped BTC you deposit, withdraw, or allocate to third-party Strategy Providers via our Services, timestamps and references of these transactions, yield generated, and related account balances or activity. Some of this information is derived from public blockchain data associated with your wallet addresses, and some may be internal records of your use of our platform's features.
  • Technical and Usage Information: Like most online services, we gather certain information automatically about your use of our website and platform. This includes your Internet Protocol (IP) address, device identifiers, browser type, operating system, referring website, pages or features accessed, dates and times of access, and other usage logs. We collect IP addresses and device information for security, fraud prevention, and to ensure our Services are presented in the appropriate language and jurisdiction (for example, to comply with geographic restrictions or legal requirements based on your location). We may also collect information about how you interact with our Services (such as clickstream data or page response times) to help improve the user experience. Please note that an IP address by itself may not identify you by name, but it is considered personal data in many jurisdictions since it can reveal your general location and be linked to you in combination with other data.

  • Cookies and Similar Technologies: At this time, BITS does not use any third-party analytics cookies, advertising cookies, or tracking pixels on our website. We do not use cookies to track users across third-party sites, nor do we currently serve targeted advertisements. We only use basic technical cookies or local storage as needed for the functioning of the Services (for example, to maintain your login session or preferences). If in the future we decide to use additional cookies or similar tracking technologies (such as Google Analytics or marketing pixels), we will update this Privacy Policy and provide any required notices or consent options. You will have the opportunity to opt-out of or consent to such tracking in accordance with applicable laws.

    Note: Even though we don't utilize third-party cookies now, our system may still utilize essential cookies to ensure the platform operates securely and correctly. Any future use of cookies will be disclosed and will comply with privacy regulations.

  • Information from Third Parties: We may receive information about you from third-party sources. For example, as noted above, our identity verification partner will transmit to us the results of your KYC/AML screening (e.g., a pass/fail status or risk score). We might also receive sanctions or watchlist status information from compliance service providers or blockchain analytics firms (which analyze public blockchain data to flag illicit activity). Additionally, if you engage with us on social media or through community forums, we may receive your social media username or profile information from those platforms, but we will only use it to facilitate those interactions.
  • Public Blockchain Data: It is important to understand that certain data, particularly blockchain wallet addresses and transactions, are recorded on public decentralized blockchains. Such information by its nature is publicly available and immutable, and not under BITS's control or governance. Any personal data that becomes permanently recorded on a blockchain (for example, an outgoing crypto address that could indirectly link to a user) may be accessible to others and may not be erasable. BITS is not responsible for the transparency and permanence of blockchain transactions, as these are inherent features of distributed ledger technology. However, we will only link your blockchain addresses to your personal profile within our systems as needed to provide our Services and comply with legal obligations.

We will only collect personal data that is relevant and necessary for the purposes described in this Policy. If you choose not to provide certain information (such as refusing KYC verification), we may not be able to provide you with the Services or certain features.

How We Use Your Personal Data

We use the collected personal data for the following business and operational purposes, in accordance with applicable law:

  • Providing and Improving Services: We use your information to operate, maintain, and provide you with the features and functionalities of the BITS platform. This includes facilitating your deposits of BTC or wrapped BTC, aggregating assets into collateral pools, and enabling third-party Strategy Providers to generate yield on those assets as part of our service offering. We will use wallet and transaction information to ensure your deposits are correctly recorded, to track yields earned, and to process withdrawals or transfers you request. Your data also helps us personalize aspects of the service (for example, interface preferences or language settings) and improve our platform's performance. We may analyze usage patterns to improve user experience and develop new features. Information may be used in aggregated, de-identified form to understand our user base and the effectiveness of our services.
  • Compliance with Legal and Regulatory Requirements: We process personal data to fulfill our legal obligations. This includes using your identity information and blockchain transaction data to comply with KYC/AML laws, anti-fraud requirements, anti-terrorist financing regulations, and other financial industry regulations. For example, we will use the information collected during identity verification to confirm your identity, screen for sanctions or politically exposed persons (PEP) status, and ensure you are not barred from using our Services under applicable law. We also use blockchain analytics and compliance tools to monitor transactions for signs of illicit or fraudulent activity and to prevent use of our platform for money laundering or other illegal purposes. If suspicious activity is detected, we may need to further analyze your data or report it to relevant authorities as required by law. Additionally, we retain certain records (e.g., KYC records, transaction logs) for audit and regulatory reporting purposes.
  • Security and Fraud Prevention: Your information is critical for maintaining the security of our Services and our users. We monitor and use personal data (such as account information, IP addresses, and wallet addresses) to detect, investigate, and prevent fraud, abuse, security incidents, and other malicious or unauthorized activities. For instance, we may use IP and device data to verify account logins, detect multiple accounts or suspicious access patterns, and block fraudulent transactions. Public blockchain data may be used in tandem with third-party blockchain analytics to flag addresses linked to theft, hacking, or sanctioned entities. We also enforce our Terms of Use using this information, and we may take action against accounts engaging in prohibited behavior. Our safety measures protect both you and BITS from risks.
  • User Support and Communications: We use personal data to provide you with customer support and to communicate with you about your account or use of the Services. For example, if you contact us with a question or issue, we will use your email address or phone number to respond and will reference your account or transaction information to help resolve the matter. We send service-related announcements when necessary (such as transaction confirmations, security alerts, maintenance updates, or policy changes). These are not marketing communications but are essential notices. You cannot opt out of critical service communications that are necessary for us to fulfill our obligations, like notifications of changes to this Privacy Policy or alerts about suspicious activity on your account. We may also send you informational communications about new features or improvements to the Services. If you have provided your contact information, we may send you newsletters or marketing communications about BITS products or events in the future; however, we will do so only in accordance with applicable law (for example, obtaining your consent where required). You will have the opportunity to opt out of marketing emails or texts by following the unsubscribe instructions in those messages or contacting us, and we will honor your request promptly.
  • Service Enhancements and Research: We may process data about how users interact with our Services to analyze trends, administer and improve the platform, and for internal research and development. For example, we might review aggregated usage data to debug performance issues, to develop new product offerings or partnerships, or to inform our business strategy. Any analytics we perform internally are aimed at improving our technology and are not used to profile users for marketing. If we decide to use third-party analytics tools in the future, we will ensure any personal data is processed in compliance with this Policy and applicable laws, and we will provide notice or obtain consent as required.
  • Optional Features and Future Uses: If we introduce new features such as personalized investment recommendations, reward programs, or behavioral tracking for improving our Services, we will use personal data accordingly but with full transparency to you. For instance, should we implement any automated decision-making that has legal or significant effects on you, we will inform you and ensure compliance with GDPR or other regulations on profiling and automated decisions. As of the date of this Policy, we do not make any decisions about users solely by automated means without human review.
  • Legal Defense and Rights Enforcement: We may use your data as necessary to enforce our contracts (such as our Terms of Use) and to establish or defend legal claims. If there is a dispute or investigation, we will use relevant personal information to protect our rights or the rights of our users or others. This includes cooperating with law enforcement or regulatory inquiries, where we might need to use and disclose certain data as part of legal processes.

We will not use your personal data for purposes that are incompatible with the ones listed above without first obtaining your consent. If we intend to process your information for a new purpose not mentioned here, we will provide you with notice and, if required, seek your consent. We do not use personal data for automated profiling for marketing or for selling your information to data brokers.

Disclosure of Personal Data (How We Share Information)

We value your privacy and handle your personal data with care. We do not sell your personal information to third parties, and we do not share it with third parties for their own marketing purposes. However, we do share personal data with certain recipients in order to operate our business and comply with legal obligations, as detailed below. Any third parties who receive your data will only have access to the information necessary for their purposes, and they are obligated to protect your data and use it only as we direct.

Categories of third-party recipients include:

  • Service Providers (Processors): We employ trusted third-party companies and individuals to perform services on our behalf and help us deliver the Services to you. These service providers act under contractual instructions and include:
    • Identity Verification Providers: As noted, a third-party KYC/AML vendor processes your government ID, biometric data, and other identification information for verification. This provider supplies us with the verification results. They are contractually bound to protect your data and to use it only for compliance screening.
    • Cloud Hosting and IT Providers: We may host our platform and databases on third-party cloud infrastructure (for example, Amazon Web Services or similar providers). These companies store and process personal data on our behalf as needed to run the platform. Similarly, we may use email delivery services or customer support software to communicate with you. Such providers might process your contact info and correspondence.
    • Blockchain Analytics Services: We may share your blockchain wallet addresses or transaction hashes with third-party blockchain analytics and compliance services. These services help us analyze public blockchain data to detect illicit activities (like fraud, theft, or sanctions violations) and ensure the safety and integrity of our platform. They will receive only the necessary identifiers (e.g., wallet addresses or transaction IDs) needed for risk analysis.
    • Payment and Banking Partners: If in the future we facilitate fiat currency transactions (e.g., bank transfers or credit card payments) to support the digital asset services, we may share necessary personal and financial information with banking institutions, payment processors, or custody providers. For example, if you link a bank account or card, the payment processor will receive your account details to process deposits or withdrawals. (Currently, our Services deal only with BTC and wrapped BTC, but if that changes, we will update our disclosures accordingly.)

    Each of these service providers is contractually obligated to protect your data, keep it confidential, and only use it to provide their specific services to us. We require that our processors comply with GDPR and other applicable privacy laws when handling EU/UK personal data on our behalf, including (where applicable) implementing Standard Contractual Clauses or other transfer mechanisms for cross-border data protection.

  • Third-Party Strategy Providers: BITS enables your digital assets to be used by external Strategy Providers to generate yield. In general, we do not share any of your personal identity information (such as your name or contact details) with these Strategy Providers. The Strategy Providers typically interact only with aggregated asset pools or on-chain smart contracts and receive digital assets as collateral, not personal data about individual users. We may share non-personal data or aggregated metrics with Strategy Providers (for example, total collateral amounts, yield rates, or risk parameters) to facilitate the strategies. In the event that a Strategy Provider or a related financial partner requires personal information for compliance or legal reasons (for instance, to ensure customers have been KYC-verified or to meet regulatory reporting duties), we would only provide such information as necessary and in compliance with privacy laws. In such cases, we would ensure there is a proper legal basis and that the recipient is bound to protect the information. As of now, personal data of users is not disclosed to Strategy Providers in the ordinary course of business.
  • Affiliates and Corporate Group: If BITS Blockchain Inc. has affiliate companies, parent company, or subsidiaries (for example, if we establish international branches or related ventures), we may share personal data within our corporate group on a need-to-know basis. Such transfers would be for purposes consistent with this Policy, such as centralized record-keeping or security management. Any intra-group data sharing will comply with applicable laws, and if data is moved between different jurisdictions (e.g., between an EU affiliate and the U.S.), we will implement lawful cross-border transfer mechanisms as described in this Policy.
  • Legal and Regulatory Disclosures: We may disclose personal information to courts, law enforcement, governmental or regulatory authorities, or other third parties when we believe it is legally required or necessary to do so. Examples include:
    • To comply with a subpoena, summons, court order, or other legal process that we determine requires us to produce information.
    • To meet obligations under financial regulations (such as filing suspicious activity reports or responding to examinations by regulators).
    • To protect our rights, property, or safety, or that of our users, employees, or others. This can include sharing information with fraud prevention agencies or cooperating with law enforcement investigations (for instance, providing log data in case of a security incident or theft).
    • In connection with disputes or legal matters, we might share data as needed to enforce our terms or defend against legal claims.
  • Business Transfers: If BITS is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be transferred as part of that transaction. We would ensure that any new owner or successor entity is bound by terms similar to this Privacy Policy with respect to your personal information. If a change of ownership affects how your personal data is handled, we will notify you and provide choices where required by law.
  • With Your Consent or At Your Direction: We will share your personal data with other parties if you specifically request or consent to such sharing. For example, if you use a feature that integrates with a third-party service at your request, or if you instruct us to share data with a third-party (perhaps an auditor or accountant of your choosing), we will do so with your authorization. Additionally, we may disclose information to others (such as in a published testimonial or in community forums) if you have made that information public or consented to such use.

We endeavor to limit the personal data we disclose to only what is reasonably necessary for the third party to carry out its duties or the purpose we have identified. Wherever feasible, we anonymize or aggregate data before sharing, so that individuals are not identified. For instance, we might share generalized usage statistics with a business partner, but not information that personally identifies our users.

Except as described above, we will not share, sell, rent, or trade your personal information to third parties for their promotional purposes. We do not allow third-party advertisers to collect personal data from our site for targeted advertising without your consent. If in the future we decide to partner with an analytics or advertising provider, we will update our Policy and ensure you have the ability to opt in or out as required by law.

International Data Transfers

BITS is based in the United States, and our Services are operated in the U.S. (currently in Wyoming). However, we serve a global user base, including users in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), and other regions. If you are located outside of the United States, please be aware that your personal information will likely be transferred to and processed in the United States and possibly other countries. This means your data may be stored on servers located in a jurisdiction different from your home country.

Data Protection Abroad: The United States and other countries where we or our service providers operate may not have the same comprehensive data protection laws as those in your home jurisdiction. For example, the EU considers the U.S. to have inadequate data protection standards in some respects. However, we will take all necessary measures to ensure that your personal data is protected according to this Privacy Policy and in compliance with applicable law when it is transferred internationally.

If you are in the EEA, UK, or Switzerland, we will protect cross-border transfers of your personal data by implementing appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs): We may rely on the European Commission's approved standard data protection clauses (and the UK's International Data Transfer Addendum, as applicable) when transferring your data to the U.S. or other countries without an adequacy decision. These contractual clauses impose data protection obligations on the recipient and give you rights to enforce your data protections.
  • Adequacy Decisions: When applicable, we will transfer data to countries that have been officially deemed "adequate" by the European Commission or relevant authority, meaning those countries are recognized as providing an equivalent level of data protection to the EU. In such cases, transfers can occur without additional safeguards.
  • Other Lawful Grounds: In limited circumstances, we may rely on a derogation or exception for specific transfers under GDPR Article 49 (for example, when a transfer is necessary to perform a contract with you, such as if an international payment is initiated at your request, or with your explicit consent where legally permitted). We will only use these exceptions where relevant and as a last resort.

You can contact us for more information on the specific mechanism used for any particular transfer of your personal data.

Regardless of where your personal data is processed, we will ensure that appropriate technical and organizational measures are in place to protect it. Our third-party service providers are also required to maintain protections consistent with the laws in your country. We remain responsible for the handling of personal data by our service providers and will only transfer as much data as is necessary for the purposes stated in this Policy.

Data Security

We take the security of your personal information seriously. BITS implements a variety of technical, administrative, and physical security measures to protect your data from unauthorized access, theft, and loss. These measures include, but are not limited to:

  • Encryption: Sensitive data (such as passwords or API keys) is stored in encrypted form. We use industry-standard encryption protocols (e.g., TLS) to protect data in transit between your device and our servers. For stored data, we employ encryption and access controls to safeguard it at rest.
  • Access Controls: We restrict access to personal data to authorized personnel who have a legitimate need to know. Our staff and service providers are bound by confidentiality obligations. We implement role-based access controls, two-factor authentication, and regular password audits to prevent unauthorized access to systems where personal data is stored.
  • Network & Application Security: Our platform is built with security in mind. We utilize firewalls, intrusion detection systems, and anti-malware tools to guard against external threats. Regular security assessments, vulnerability scans, and penetration tests are conducted to identify and address potential weaknesses. We also maintain secure development practices to minimize code vulnerabilities.
  • Monitoring and Logging: We monitor our systems for possible vulnerabilities and attacks. Logging and audit trails are maintained to detect unusual activities. If suspicious activity is detected (such as multiple failed logins or anomalous transactions), we investigate and respond accordingly, which may include notifying you and taking steps to safeguard your account.
  • Employee Training and Policies: We enforce strict policies for data privacy and security among our workforce. Employees are trained on the importance of protecting personal data and on the proper procedures to follow. We limit the personal data that employees can download or transfer, and we have incident response plans in case of any security breaches.

Despite our efforts, please note that no security measure is perfect or impenetrable. The transmission of information via the internet is not completely secure, and we cannot guarantee absolute security of your data. However, we continuously update and refine our security practices in line with industry standards and evolving threats. In the unfortunate event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

User Responsibilities: You also play a role in safeguarding your information. We urge you to keep your account credentials (username, password, private keys for wallets, etc.) confidential and to use unique, strong passwords. Do not share one-time passcodes or private keys with anyone. If you suspect any unauthorized access to your account or personal data, please contact us immediately. We will not be responsible for breaches or losses due to stolen credentials or unauthorized access caused by your own negligence.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and to comply with our legal and regulatory obligations. The specific retention periods can vary depending on the type of data and the applicable laws or regulations.

Generally, the criteria we use to determine retention periods include:

  • Operational Needs: We keep your personal data for as long as your account is active or as long as needed to provide you with the Services. For example, as long as you maintain an account with BITS, we will retain information about you, including your login credentials, profile information, and transaction history. If you decide to close your account or cease using the Services, we will initiate the process to delete or anonymize your personal data, unless we need to keep it for other valid reasons (described below).
  • Legal and Regulatory Requirements: We are subject to certain record-keeping obligations by law. For example, financial regulations and anti-money laundering laws may require us to retain identity verification data and transaction records for a minimum period (often five years from the end of the customer relationship or from the date of a transaction). Even if you request erasure, we may need to retain certain data to fulfill these legal obligations. We securely store such data and restrict its use strictly to compliance purposes.
  • Dispute Resolution and Enforcement: If you are involved in any dispute, claim, or investigation, or if we reasonably believe there is a prospect of litigation relating to your use of our Services, we may retain the relevant personal data until the issue is resolved and the time limit for any legal claims has expired. We may also retain data as necessary to enforce our agreements or for audit purposes.
  • Backup and Integrity: Some data may persist in our backup systems or caches for a short period, even after active data is deleted. We maintain backups to ensure resilience of the Service and to recover from potential disasters. We implement measures to isolate or securely store personal data that remains in backups until the backups are rotated or deleted.

When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely dispose of it. This may involve deleting it from our systems, and in some cases, anonymizing the data. Once anonymized, the information will no longer be associated with you and may be retained for analytical or archival purposes without further notice (since it ceases to be personal data).

Example: Basic account information and transaction records may be retained for a certain number of years after account closure to satisfy anti-fraud and AML obligations (e.g., 5 years as per regulatory guidelines). After that period, it will be deleted or anonymized. On the other hand, any email inquiries you sent to customer support might be deleted sooner if they are no longer needed, unless they must be kept for compliance reasons.

If you have any specific questions about our retention policies for different types of data, you can contact us for more detailed information.

Your Rights and Choices

You have certain rights regarding your personal data that we collect and process. We are committed to respecting your rights and facilitating your exercise of them, as required under GDPR and other applicable data protection laws. These rights include:

  • Right to Be Informed: You have the right to be informed about how your personal data is collected and used. This Privacy Policy is intended to provide you with that information in a clear and transparent manner.
  • Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it. This is commonly known as a "data subject access request." Upon verification of your identity, we will provide you with a copy of your personal data in a commonly used format, along with details on the purposes of processing, the categories of data, the categories of recipients, and other relevant information. Please note, repeated or excessive requests may be subject to a reasonable fee as permitted by law.
  • Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your account information up-to-date. If you need assistance updating your information, you can contact us and we will make the corrections where possible.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data in certain circumstances. For example, if you no longer want to use our Services, you can request that we delete the personal information we hold about you. We will honor this right to the extent required by law; however, please note that we may need to retain certain information for the reasons mentioned in the Data Retention section (such as compliance with legal obligations). If those reasons apply, we will inform you of the specific grounds preventing complete erasure. When we no longer have any justification to retain your data, we will carry out your deletion request.
  • Right to Restriction of Processing: You have the right to ask us to limit the processing of your personal data in certain cases. This can apply, for instance, if you contest the accuracy of the data (we may restrict processing while verifying it), or if you object to our processing based on legitimate interests (we may restrict processing while considering your objection). Restriction means we will store your data but not actively process it until the issue is resolved.
  • Right to Data Portability: For data you provided to us, in scenarios where processing is based on your consent or the performance of a contract and is carried out by automated means, you have the right to request that we provide that personal data to you in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit that data directly to another data controller where technically feasible. This right enables you to reuse your data across different services. Note that it applies only to information you have provided directly, not data we have created through our analysis or generated from your usage.
  • Right to Object: You have the right to object to our processing of your personal data when such processing is based on our legitimate interests (or those of a third party). If you object, we will consider whether our reasons for continuing the processing outweigh your privacy rights. We will cease processing unless we have compelling legitimate grounds that override your objection or if the processing is needed for legal claims. Where your personal data is processed for direct marketing purposes (including any profiling related to direct marketing), you have an absolute right to object at any time and we will stop the processing immediately upon your objection.
  • Right to Withdraw Consent: In cases where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing that occurred before your withdrawal. If you withdraw consent for a service or feature that requires it, we may not be able to provide that service or feature to you. For example, if we ever request your consent for sending promotional emails and you later withdraw it, we will stop sending you those emails.
  • Right to Complain: If you believe that we have infringed your privacy rights or violated applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. If you are in the EU/EEA, this would be the data protection authority in your country of residence or where an alleged infringement occurred (for example, the CNIL in France, ICO in the UK, etc.). We would appreciate the chance to address your concerns directly before you do this, so we encourage you to contact us first, and we will do our best to resolve any issue.
  • Additional Rights for Specific Jurisdictions: You may have additional rights under local laws depending on where you reside. For example, residents of certain U.S. states (such as California or Virginia) have rights to know specific details about personal information collected, to request deletion or correction of their data, and to opt-out of certain data sharing or selling. BITS extends applicable privacy rights to users as required by law. California residents, for instance, have the right to request a notice describing what categories of personal information we share with third parties for their direct marketing purposes (we do not share data in that manner as noted above), and rights under the California Consumer Privacy Act (CCPA) to access, delete, and opt-out of the "sale" of personal information. Because we do not sell or rent user data, there is no need to opt-out of sale in our case, and we treat all user data with care. If you are a California or other state resident seeking to exercise any privacy rights granted by applicable state law, please contact us as described below. We will verify your identity and respond as required by law.

These rights are not absolute and may be subject to certain conditions or limitations under law. For instance, if fulfilling your request would adversely affect the rights and freedoms of others, we might not be able to comply fully (such as revealing another person's data or trade secrets). We will inform you of the reason if we cannot fulfill any part of your request due to such limitations.

Exercising Your Rights: You (or an authorized agent acting on your behalf) can exercise the applicable rights by contacting us using the information in the Contact Us section below. Please specify which right you intend to exercise and provide us with enough information to verify your identity (we may ask for additional information or documentation to ensure the request is genuine). We will respond to your request within the timeframe required by law (typically within 30 days for GDPR requests, which can be extended if necessary). There is no fee for exercising your rights, except in cases of unfounded or excessive/repetitive requests, in which we may charge a reasonable fee or refuse the request as permitted by law. We will notify you if we need more information to fulfill your request or if your request has been granted or denied.

Cookies and Tracking Technologies

As mentioned, BITS does not currently use third-party tracking cookies, advertising identifiers, or analytics services that collect personal data on our site. We are committed to respecting user privacy and giving you control over your data. Here is our approach to cookies and similar technologies:

  • Strictly Necessary Technologies: Our website and application may use a minimal number of cookies or local storage items that are strictly necessary for the operation of the Services. For example, when you log in to your account, we use an authentication token (session cookie) so you can remain logged in as you navigate. These essential cookies are not used for analytics or advertising and are generally exempt from consent requirements. They expire or are cleared when you log out or after a short period of inactivity for security.
  • No Current Third-Party Cookies: We do not, at present, embed any third-party cookies (such as Google Analytics, Facebook Pixel, etc.) or other trackers on our user-facing website. We do not use cookies to collect personally identifiable information or to track your activities across different websites. There are also no banner ads or marketing pixels served through our site at this time.
  • Future Use of Cookies/Tracking: We may in the future decide to utilize certain analytics tools to better understand how users use our Services, or to employ advertising or marketing cookies to reach new customers. If we introduce new categories of cookies or tracking technologies, we will update this Privacy Policy and our cookie notices accordingly. We will comply with all legal requirements regarding such technologies. For users in jurisdictions that require it, we will implement a cookie consent banner or preference center, allowing you to choose which cookies to accept (other than strictly necessary ones). You will also always have the ability to opt out of targeted advertising and to disable non-essential cookies.
  • Do Not Track: Our Services currently do not respond to "Do Not Track" (DNT) signals from web browsers because no tracking is in place. If in the future tracking is implemented, we will update our practices regarding DNT signals in our documentation.
  • Third-Party Links: Sometimes our website or app may contain links to third-party websites, services, or plug-ins (for example, a link to our blog, or to a KYC provider's onboarding page). Clicking on those links or enabling those connections may allow third parties to collect or share data about you via cookies or other tracking tech. We do not control third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of every site you visit. This Privacy Policy applies only to BITS's Services.

In summary, your use of our Services as of now will not result in your personal data being tracked by cookies for analytics or advertising purposes. If this changes, we will ensure you are informed and given control, as transparency and user choice are key principles we uphold.

Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly solicit or collect personal information from children or minors. If you are under 18, you should not use our Services or provide any personal information to us. BITS's platform is designed for adult use only, given the financial and compliance nature of our offerings (which generally require that users are of legal age to enter binding agreements and undergo KYC verification).

We do not market to or knowingly interact with children. In the event we discover that we have inadvertently collected personal data from anyone under the age of 18 (for example, if a minor misrepresents their age to use our Service), we will take immediate steps to delete such information from our records. If you are a parent or guardian and you believe your child under 18 has provided personal information to us, please contact us promptly so that we can investigate and take appropriate action to remove the data and terminate the child's account.

Note: Because our Services are not directed to children, we do not specifically comply with the U.S. Children's Online Privacy Protection Act (COPPA) beyond our general policy of not accepting users under 13. If an individual under 13 years of age is identified, we will also delete their data in accordance with COPPA requirements.

Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our business, legal or regulatory obligations, or privacy practices. If we make material changes to how we handle your personal data, we will give you notice as required by law. For example, we may send registered users an email notification or display a prominent notice on our website prior to the change becoming effective. The "Last Updated" date at the top or bottom of this Policy will indicate when the latest changes were made and their effective date.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. If you continue to use the Services after a revised Privacy Policy has been posted, it means you accept and consent to the updated practices, except where additional consent is required (in which case we will seek that separately). Any prior versions of the Privacy Policy will be made available upon request for your reference.

In the event we plan to use your personal data for a new purpose not originally outlined in this Policy, we will notify you and, if required, obtain your consent before doing so.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and committed to addressing any issues you may have.

You can reach our privacy team at privacy@bits.financial. You may also write to us at BITS Blockchain Inc. - Privacy Officer 30 N Gould St Ste R Sheridan, Wyoming, United States 82801.

(Please provide your name and the email associated with your BITS account, if you have one, when contacting us so we can locate your records. For security and to prevent fraud, we may need to verify your identity before fulfilling certain requests, such as access or deletion requests.)

We will respond to your inquiries as soon as reasonably possible, generally within 30 days. For requests to exercise your rights, please see the Your Rights and Choices section above for more details on the process.

Thank you for trusting BITS with your digital asset service needs. We value your privacy and are dedicated to protecting it.