2024 Decrypted, Crypto's Biggest Year.

View the Stats

2024 Decrypted, Crypto's Biggest Year.

View the Stats

BitPay

Developers

Help

Log In

Get Started

BitPay
BitPay
BitPay

Privacy Notice

Privacy Notice

EU Privacy Notice

Risk Summary

Asset Risk Summary

Cookie Policy

Exercise Your Rights

Manage Cookies

Scope

What Kind of Personal Information Do We Collect

How We Use Cookies

Why We Collect Personal Information

How We Protect and Store Personal Information

How We Share Personal Information

Your Choices

Notice to California Residents

Other Important Information

Third Party Links

Children's Privacy

Accessibility

Changes to This Notice

Contact Information

Scope

This Privacy Notice (“Notice”) describes the ways BitPay Inc. (“BitPay”, “we”, “us”, “our”) collects, stores, uses and protects information. BitPay’s services include merchant processing services, websites, mobile applications, products, and any other features, technologies or functionalities, including customer support (“Services”) offered by us. This Notice applies to www.bitpay.com and all other BitPay sites on which it appears (the “Sites”).

Depending on the jurisdiction in which you reside, you may be entitled to additional disclosures. For California residents, please review our California Consumer Privacy Act Addendum. For EU residents, please review our EU Privacy Notice.

We process personal information from the following types of users:

  1. Visitors of our Sites;

  2. Merchants who sign up for our Services (“Merchants” means any business that uses our Services to process payments, including non-profits that use our Services to accept donations and “Aggregators” that use our Services as a payment services platform for their own Merchants);

  3. Merchants who sign up for our Services (“Merchants” means any business that uses our Services to process payments, including non-profits that use our Services to accept donations and “Aggregators” that use our Services as a payment services platform for their own Merchants);

  4. Shoppers of Merchants (“Shoppers” means individuals who indirectly interface with BitPay when paying a Merchant’s invoice that is forwarded by BitPay to a Merchant during checkout, when requesting a refund from a Merchant, when creating a BitPay account, or when making a donation to a non-profit);

  5. BitPay card holders who have signed up for a BitPay debit card;

  6. BitPay wallet holders who have downloaded and installed the BitPay app on their mobile device; and

  7. Payees (e.g., employees, contractors, vendors or exchange customers) who request a payment (“Payout”) via cryptocurrency from a Merchant and create a BitPay account.

What Kind of Personal Information Do We Collect?

We collect personal information from you through your use of the Sites and Services. Personal information is information that is linked or reasonably linkable to an identified or identifiable individual. We collect different kinds of personal information depending on how you interact with our Sites and Services. The personal information we collect also depends on what type of user you are. In addition to personal information you choose to provide to us when interacting with our Services, we may also collect personal information automatically from your devices.

The following sections describe the personal information we collect from the possible user types and our purposes for collecting such information. Please see the user type applicable to you.

1. Visitors of Our Sites

We may collect the following information relating to visitors of our Sites:

  • If you create an account, you provide us with:

    • Full Name

    • Email Address

    • Password

  • When you sign into your account, you will provide us with:

    • Login Credentials (password and email address)

  • If you sign up to receive our blogs or other marketing materials, you will provide us with:

    • Full Name

    • Email Address

  • If you contact our customer support, sales team, media team, or opt-in to our media list, you will provide us with:

    • Full Name

    • Email Address

    • Phone Number

    • Country of Residence

We also collect information about a visitor’s computer or other access devices, including for purposes of fraud prevention. The information we collect may be collected automatically using cookies or other similar technologies. This information includes technical information such as your IP address, the type of browser, devices and operating systems you use, identifiers associated with the device(s) you use to access our Sites, the pages you visit and the features you use, access dates and times, if you navigated from or navigate to another website, the address of that website, and information regarding your internet service provider.

For more information about our use of cookies, please see our Cookie Policy.

2. Merchants (including businesses such as nonprofits and Aggregators)

In order to complete the onboarding process, we collect the personal information described below of the beneficial owner or any user that is added to an account of a Merchant (including nonprofits and Aggregators that use our Services as a payment services platform for their own Merchants). In the case of Aggregators, we collect the information of that Aggregator’s Merchants. The elements we collect depend on our compliance analysis and your risk profile, but generally include:

  • Full name of beneficial owner

  • Full names of authorized users

  • Merchant email address

  • Physical Address of Merchant or Aggregator primary place of business

  • Business phone number

  • Personal identification number of beneficial owner and authorized user(s) (e.g., driver’s license, government ID)

  • Tax identification number (if applicable in specific country)

  • Proof of business

  • Proof of address

  • Recent bank statements or bank letter of good standing

  • Bank account details

In addition to completing the onboarding process, we may use this information for risk management purposes (i.e. to verify Merchant’s identity or address) or to comply with laws and regulations, including those applicable to financial services institutions. We may also obtain information about our Merchants from third parties that provide identity verification and fraud prevention services, such as Bureau Van Dijk, and from relevant Aggregators.

3. Shoppers of Merchants

We collect personal information when a Shopper indirectly interfaces with BitPay to pay a Merchant’s invoice, request a refund and/or make donations. We collect personal information from Shoppers for the following purposes:

  • When you pay a BitPay invoice, we collect the following types of personal information:

    • Technical information including IP addresses used to view the BitPay invoice; the type of browser, devices and operating systems you use; identifiers associated with the device(s) you use to access our sites; the pages you visit and the features you use; access dates and times; and if you navigated from or navigate to another website, the address of that website; and information regarding your internet service provider

    • Products purchased

    • Price at the relevant Merchant

    • Email address

    • Crypto wallet address

  • When you request a refund, we collect the following types of personal information:

    • Amount to be refunded

    • Currency in your location

    • Email address

    • Crypto wallet address

    • Invoice number

  • When you make a donation, we may collect, depending on the circumstances, the following types of personal information:

    • Amount of donation

    • Currency in your location

    • Email address

    • Full name

    • Postal Address

    • Phone number

    • Employer

    • Job title

    • City of employment

  • When you make an account, we will collect the following types of personal information:

    • Full Name

    • Email Address

    • Password

We collect this information either from the Merchant or directly from the Shopper. Collecting this information supports our ability to provide our Services. This enables our system to send an email to Shoppers directly to obtain a cryptocurrency refund address in case of a payment exception (e.g. overpayments, underpayments, etc.). This also creates a more seamless payment experience for both the Merchant and the Shopper.

Additionally, upon the Merchant’s explicit request, we collect and store information for the Merchant’s benefit only and as a service through our invoicing service. Information that Merchants may request about Shoppers may include:

  • Name

  • Postal Address

4. Cardholders

When you sign-up for and process payments through BitPay payment cards, we collect personal data in connection with such activities to complete your payment card registration, process your payments, refund a payment, or contact you regarding your payment card. The following personal information may be collected:

  • Full Name

  • Postal Address

  • Date of birth

  • Phone number

  • Email address

  • Social Security Number

Technical information, including IP address; the type of browser, devices and operating systems you use; identifiers associated with the device(s) you use to access our sites; the pages you visit and the features you use; access dates and times; and if you navigated from or navigate to another website, the address of that website; and information regarding your internet service provider.

5. BitPay Wallet Holders

BitPay offers a non-custodial wallet that permits individuals to manage payments in different currencies. To register and manage this portion of the Services, we collect the following information:

  • Email address

  • Wallet name

  • Copayer name

  • Co-payer name

  • Wallet public key

  • Wallet extended public key

  • Wallet coin

  • Wallet multi-sig setup

  • Transaction details

  • Type of mobile phone, OS and version, App version

  • IP address

  • Wallet ID (Client ID)

  • App Token

  • API Authentication Token

6. Payees of Merchant

BitPay offers a service for Merchants to pay individuals (employees, contractors, vendors, and exchange customers) via cryptocurrency (“Payees”). In order to provide this portion of the Services, the following information may be collected from Payees in certain instances:

  • Full name

  • Email address

  • Wallet address/provider

  • Personal identification documents (such as a passport or a driver’s license)

  • Proof of address document (such as a bank statement or a utility bill)

7. Additional Collection

Through your use of the Sites and Services, we collect information regarding the effectiveness of our email and other communications. For example, we may know if you follow a link in an email we send to you. We may also obtain information about you from other third parties, such as information about your use of this Site or our Services. We may also collect information about former, existing, and prospective vendors and customers (“Partners”). This includes limited personal information about employees and agents of such Partners (“Partner Employees”) at the beginning and throughout the course of the Partner relationships, such as professional contact information.

How We Use Cookies

We may collect information about your activities on our Sites via first and third-party cookies, clear GIFs or web beacons, or through other identifiers or technologies, including similar technologies as they may evolve over time. We refer to these technologies collectively as cookies.

We may allow third parties to use cookies on our sites. The information collected by cookies may be shared with and used by us, by others acting on our behalf, or by third parties subject to their own privacy policies. Information collected by cookies may be used on this website or on other websites or services, including those that may not be operated by us. Other parties may collect personal information about an individual consumer’s online activities over time and across different websites when a consumer uses our Sites or Services.

For more information about our use of cookies, please see our Cookie Policy.

Why We Collect Personal Information

In addition to the specific purposes provided in the preceding sections, we use the personalinformation we collect to operate our business, provide our Services, for other purposes aspermitted or required by law, and to provide you with a smooth, efficient, and customized experience.Specifically, we may use your information to:

  • Provide our Services (including customer support);

  • Process transactions and send notices about your transactions;

  • Resolve disputes, collect fees, and troubleshoot problems;

  • Communicate with you about our Services and business and to inform you of matters that are important for your account and/or use of the Sites. We also use your personal data to respond to any questions, comments or requests you filed with us and the handling of any complaints;

  • Comply with applicable laws and regulations;

  • Establish, exercise and defend legal claims

  • Monitor and report compliance issues;

  • Customize, measure, and improve our business, the Services, and the content and layout of our website and applications (including developing new products and services; managing our communications; determining the effectiveness of our sales, marketing and advertising; analyzing and enhancing our products, services, Sites and apps; ensuring the security of our networks and information systems; performing accounting, auditing, invoicing, reconciliation and collection activities; and improving and maintaining the quality of our customer services);

  • Preform data analysis;

  • Deliver targeted marketing, service update notices, and promotional offers based on your communication preferences, and measure the effectiveness of it. To approach you via email for marketing purposes, we request your consent, unless it is not required by law. You always have the option to unsubscribe from our mailings, e.g., via the unsubscribe link in our newsletter;

  • Perform risk management, including comparing information for accuracy and verify it with third parties and protect against, identify and prevent fraud and other prohibited or illegal activity, claims and other liabilities; and

  • Enforce our contractual terms.

How We Protect and Store Personal Information

We take the security of our information seriously. We use administrative, technical, and physical security designed to safeguard personal information in our possession, and we maintain internal policies and procedures to address our data security. However, no security measure or modality of data transmission over the internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee the security of the information that we collect and store.

We retain data as required or permitted by law. For example, as a regulated financial institution, we may retain identification for 5 years or more after an account has been closed or become dormant.

How We Share Personal Information

We may disclose the information we gather with our affiliates and third parties. For example, we may share information in the following ways:

  • Other BitPay entities, including to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services and communications;

  • Service providers who help with our business operations and to deliver our Services, such as cloud service providers providing cloud infrastructure; providers of ID verification solutions and other due diligence solutions; providers of customer service solutions; providers of website analytics; and providers of marketing automation platforms;

  • Law enforcement, government officials, regulatory agencies, our banks, and other third parties pursuant to a subpoena, court order or other legal process or requirement if applicable to BitPay; to establish, exercise, or defend our or a third party’s legal rights; or when we believe, in our sole discretion, that the disclosure of information is necessary to report suspected illegal or fraudulent activity or to investigate violations of our Terms of Use;

  • With another person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;

  • We may share certain Shopper information with our Merchants, for example, in cases of suspected fraud or in connection with an ongoing investigation.

  • With another person or entity where you consent to the disclosure; and

  • For any other purpose disclosed by us when you provide the personal data or for any other purpose that we deem necessary.

Please note that these third parties may be in other countries where the laws on processing information may be less stringent than in your country. Transfer of EU data may be subject to additional legal protections we have put in place. For more information, please see the "How we share personal data with third parties and transfers outside the EEA" section of our EU Privacy Notice.

Your Choices

The Site recognizes the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs . If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

As of the last updated date of this Notice, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to such signals or to other mechanisms that provide the ability to exercise choice regarding the collection of personally identifiable information regarding your online activities over time and across third-party web sites or online services.

If you do not wish to receive marketing communications from us, you can click the “unsubscribe” link usually found at the bottom of the e-mail, or you can send an email to marketing@bitpay.com. However, you may still receive other communications from us as permitted or required by law.

Notice to California Residence

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents.

If you are a California resident, the following provisions apply to our processing of personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the CCPA. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this Notice to California Residents section, we will refer to this information as “Personal Information.”

The CCPA’s privacy rights described below do not apply to Personal Information that we collect, process, sell, or disclose subject to the federal Gramm-Leach-Bliley Act and its implementing regulations. Because we are subject to those laws and regulations, much of the Personal Information that we collect is exempt from the CCPA.

For California residents, the provisions of this prevail over any conflicting provisions in our BitPay Privacy Notice.

Notice at Collection Personal Information

We currently collect and, in the 12 months prior to the Last Updated Data of this Privacy Policy, have collected the following categories of California Personal Information:

  • Identifiers (real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)

  • Information under the California Customer Records Statute (Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, social security number, address, telephone number, passport number, driver’s license or state identification card number, bank account number, credit card number, debit card number, or any other financial information)

  • Commercial Information (Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies on our site)

  • Internet or other similar network activity (Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement)

  • Geolocation data

  • Professional or employment-related information (Current or past job history or performance evaluations)

  • Inferences drawn from other personal information (Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)

For each of these categories, we obtain California Personal Information from a variety of sources. These sources include: yourself, with respect to both online and offline interactions you may have with us or our service providers; other entities with whom you transact; others with whom you maintain relationships who may deal with us on your behalf; the devices you use to access our Sites, mobile applications, and online services; identity verification and fraud prevention services; marketing and analytics providers; public databases; social media platforms; and others consistent with this section. For more information, please see the “Why We Collect Personal Information” section of our Privacy Notice.

Use of California Personal Information

In addition to other purposes described in this Privacy Policy, we use the Personal Information we collect from California residents for the business purposes disclosed within this Notice to California Residents section, including the following:

  • Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;

  • Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;

  • Debugging to identify and repair errors in our systems;

  • Short-term, transient use including contextual customization of ads or website;

  • Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;

  • Conducting internal research to develop and demonstrate technology; and

  • Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.

We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the California Personal Information was collected.

Sale, Sharing, and Disclosure of California Personal Information

The CCPA defines “sale” as the transfer of Personal Information for monetary or other valuable consideration. Although we do not “Sell” Personal Information as that term may be commonly interpreted, we engage in online activities that may constitute a sale or a share of Personal Information under California law.

The following table identifies the categories of Personal Information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of third parties to whom we sold or shared Personal Information:

Category of Personal Information

Categories of Third Parties

Unique personal identifiers (device identifier, cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)

Advertising networks; data analytics providers

We sold or shared Personal Information to third parties for the following business or commercial purposes:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards

  • Advancing our commercial or economic interests

We also may disclose Personal Information with recipients such as other BitPay entities; service providers; marketing and advertising providers; law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other applicable legal process or requirement; and merchants in cases of suspected fraud or in connection with an ongoing investigation. We disclose this information for the business purposes noted above.

We do not knowingly collect or sell or share the Personal Information of consumers under 16 years of age. We do not use sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations.

Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

Your California Rights

If you are a California resident, you have certain rights related to your California Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law.

How to Submit a Request to Know, Delete, and/or Correct

If you are a California resident, you have certain rights related to your California Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. If you wish to submit a request under the CCPA, please do so by visiting our Data Subject Request Portal or call us toll-free at +1 (888) 914-9661 (PIN: 910 593). As mentioned above, much of the Personal Information that we collect is exempt from the CCPA and, therefore, is not subject to the rights discussed in this Notice to California Residents section.

Our Process for Verifying a Request to Know, Delete, and/or Correct

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Right to Access/Know. You have the right to request that we disclose to you:

  • the categories of California Personal Information we have collected about you

  • the categories of sources from which the California Personal Information is collected;

  • our business or commercial purpose for collecting or selling California Personal Information;

  • the categories of third parties with whom we share California Personal Information; and

  • the specific pieces of information we have collected about you.

To the extent that we sell your California Personal Information within the meaning of the California Consumer Privacy Act or disclose such information for a business purpose, you may request that we disclose to you:

  • the categories of California Personal Information that we have collected about you;

  • the categories of California Personal Information about you that we have sold within the meaning of the California Consumer Privacy Act and the categories of third parties to whom the California Personal Information was sold, by category or categories of personal information for each third party to whom the California personal information was sold; and

  • the categories of California Personal Information about you that we disclosed for a business purpose.

Right to Delete. You have the right to request that we delete California Personal Information about you which we have collected from you.

Right to Opt-Out and Right to Opt-In. You have the right to direct us to not sell or share your personal information at any time (the “right to opt-out”) by managing your cookie preferences in our Cookie Preference Center. If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt out. Please see the Opt-Out Preference Signals section above for more information.

Nondiscrimination. Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by:

  • Denying you goods or services;

  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

  • Providing you a different level or quality of goods or services; or

  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Other Important Information

Vermont: Vermont is an “opt in” state, not an “opt out” state. Non-public personal financial information may not be shared with others except as permitted by law unless the Vermont consumer specifically consents to the disclosure. In addition, Vermont law prohibits the sharing of credit reports and/or creditworthiness information with affiliates unless the consumer has consented to (“opted-in”) to such sharing.

Shine the Light Law: We do not disclose personal information obtained through our Sites or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

Children’s Privacy

The Site and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal data from children under 13.

Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

Changes to this Notice

We may amend this Notice at any time by posting a revised version on our website. The revised version will be effective at the time we post it. You are responsible for periodically reviewing this Notice.

Contact Information

You may contact us with questions or concerns about our privacy policies or practices at dpo@bitpay.com. If you wish to submit a data privacy rights request, you may do so by visiting our Data Subject Request Portal. If you are submitting a CCPA rights request, you may also call us toll-free at +1 (888) 914-9661 (PIN: 910 593) if you are a resident of California.