Privacy Policy
Last Updated: August 2025
1. Introduction
This Privacy Policy explains how Bit2Pal ("we," "us," or "our") collects, uses, stores, and protects your information when you use our website and cryptocurrency-to-PayPal exchange services at bit2pal.com.
By using Bit2Pal, you agree to this Privacy Policy. If you do not agree, please do not use our services.
2. Information We Collect
We collect only the data necessary to process your transactions and maintain platform security.
2.1. Information You Provide
- PayPal email address (required for payout)
- Cryptocurrency type and amount
- Refund address (if specified)
- Optional account information (if you create an account):
- Username
- Email (for account access)
- Password (encrypted)
- Communications with support (emails, chat messages)
2.2. Information Collected Automatically
- IP address and geolocation data
- Device type and operating system
- Browser type and version
- Transaction timestamps and status
- Blockchain wallet addresses (sending address)
- Transaction hashes (for verification)
- Referral codes (if used)
- Cookie data (see Section 7)
We do not collect sensitive personal data such as government IDs, selfies, or bank account numbers.
3. How We Use Your Information
We use collected information for the following purposes:
- To process cryptocurrency-to-PayPal exchanges
- To verify and confirm payments
- To detect and prevent fraud, abuse, or suspicious activity
- To comply with anti-money-laundering (AML) obligations
- To improve the functionality and security of our platform
- To communicate with you regarding transactions, updates, or support
- To calculate and track referral commissions (if applicable)
4. Data Retention
We retain your data as follows:
- Transaction data: 12 months after completion
- Support communications: 24 months
- Technical logs (IP, device): 6 months
- Blocked/flagged accounts: Up to 5 years (AML compliance)
- Anonymous analytics: Indefinitely
After retention periods expire, data is securely deleted or anonymized unless legal obligations require longer storage.
You may request early deletion by contacting support, subject to our legal and compliance requirements.
5. Limited Verification Policy
Bit2Pal operates without mandatory identity verification (KYC) for most users.
We do not require:
- Government-issued ID
- Facial recognition
- Proof of address
- Extensive personal documentation
However, we reserve the right to request limited verification in specific circumstances:
- High-value or high-risk transactions
- Suspected fraud or money laundering
- Compliance with law enforcement requests
- Unusual transaction patterns
If verification is required, we will contact you via the email associated with your transaction. Refusal to verify may result in transaction hold or refund (minus applicable fees).
6. Referral Program
If you participate in our referral program:
We collect:
- Referral code usage
- Commission calculations
- Payout addresses (PayPal or Bitcoin)
We use this to:
- Track referrals and calculate commissions
- Process commission payments
- Prevent fraud and abuse
Referral data is retained for accounting and tax purposes.
7. Cookies and Analytics
We use minimal cookies and analytics to improve our service:
Essential cookies:
- Session management
- Security and fraud prevention
- Transaction state
Analytics cookies (optional):
- Google Analytics (anonymized IP)
- Usage statistics and performance monitoring
We do NOT use:
- Advertising cookies
- Cross-site tracking
- Behavioral profiling for marketing
You can disable cookies in your browser, but some features may not work properly.
8. Data Sharing and Disclosure
We do not sell, rent, or trade your data.
We may share limited data with:
- Payment processors (PayPal for payouts)
- Cryptocurrency payment gateways (NOWPayments for receiving crypto)
- Blockchain networks (public transaction data)
- Law enforcement (when legally required)
- Security providers (for fraud detection and AML compliance)
All partners are contractually bound to handle your data securely and lawfully.
9. International Data Transfers
Bit2Pal operates internationally. Your data may be processed in:
- United States (server hosting)
- Payment processor locations (PayPal: Global)
- Service provider locations (hosting, CDN, etc.)
We implement appropriate safeguards including:
- Standard contractual clauses (SCCs)
- Encryption in transit and at rest
- Compliance with GDPR principles where applicable
If you are in the EU/EEA, your data may be transferred outside the region. We ensure adequate protection measures are in place.
10. Security Measures
We protect your data with industry-standard security measures, including:
- HTTPS encryption for all website traffic
- Secure server environments
- Regular security audits and malware scans
- Access control and data minimization
- Two-factor authentication (for optional accounts)
- Regular penetration testing
While we implement industry-standard security measures, no system is completely secure. You are responsible for:
- Keeping your account credentials secure
- Using strong passwords
- Verifying transaction details before sending crypto
- Protecting your devices from malware
11. Data Breach Response
In the event of a data breach:
- We will investigate immediately
- Affected users will be notified within 72 hours
- We will report to relevant authorities (if required by law)
- We will take steps to prevent future breaches
You will be informed of:
- What data was affected
- What we're doing about it
- Steps you should take
12. Your Rights
You have the right to:
General rights:
- Access your data (request a copy)
- Correct inaccurate data
- Delete your data (subject to legal retention)
- Object to processing
- Restrict processing
- Data portability
For EU/EEA users (GDPR):
- Right to lodge a complaint with supervisory authority
- Right to withdraw consent
For California users (CCPA):
- Right to know what data is collected
- Right to opt-out of sale (we don't sell data)
- Right to non-discrimination
To exercise these rights, email us at support@bit2pal.com. We will respond within 30 days (or as required by law).
13. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices or content. Please review their privacy policies before providing any information.
14. Children's Privacy
Our services are intended for users 18 years or older. We do not knowingly collect information from anyone under 18.
If we discover a user is under 18, we will:
- Delete their data immediately
- Refund any pending transactions (minus fees)
- Terminate access to services
Parents/guardians: If you believe a minor used our service, contact us immediately at support@bit2pal.com
15. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in our practices
- New features or services
- Legal or regulatory requirements
When updated:
- "Last Updated" date will change
- Material changes will be notified via email or website banner
- Continued use after changes = acceptance
We encourage you to review this policy periodically.
16. Jurisdiction and Governing Law
This Privacy Policy is governed by applicable international privacy laws and regulations.
Any disputes will be resolved in accordance with our Terms of Service.
- For EU users: This policy complies with GDPR requirements
- For California users: This policy complies with CCPA
17. Contact Us
For any questions about this Privacy Policy, contact:
- Email: support@bit2pal.com
- Telegram: @bit2pal_support
18. Acknowledgment
By using Bit2Pal, you confirm that you:
- Have read and understood this Privacy Policy
- Consent to data processing as described
- Are at least 18 years old
- Understand we operate as a non-custodial exchange with limited verification requirements
End of Document