BlockSettler ("we", "us", "our") respects your privacy and is committed to protecting personal data we process when you use our stablecoin payment infrastructure (the "Services"). This Privacy Policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
1.1 Account Data
When you register: business name, contact name, email address, phone number, country, business type, and login credentials. For KYC compliance: business registration documents, beneficial owner information, and verification documents.
1.2 Transaction Data
For each payment: order metadata you provide (merchant_order_no, title, amount), on-chain payment information (wallet addresses, transaction hashes, confirmation counts), and settlement records. We do not collect end-customer personal data unless you explicitly include it in order metadata.
1.3 Technical Data
IP address, browser type, device identifiers, dashboard usage analytics, API request logs, and webhook delivery logs. These are used for security, fraud prevention, and Service improvement.
1.4 Communications
Support tickets, email correspondence, and contact form submissions.
2. How We Use Data
- Service delivery: Process payments, send webhook notifications, generate reconciliation reports.
- Compliance: KYC/AML verification, sanctions screening, regulatory reporting.
- Security: Detect and prevent fraud, replay attacks, account compromise. Secure storage of API keys (AES-256-GCM encryption).
- Communication: Operational notices, security alerts, support responses, optional product updates.
- Improvement: Analyze aggregated usage to improve Services.
3. Legal Basis (GDPR)
For users in the European Economic Area, we process data on these bases:
- Contract: To provide the Services you signed up for.
- Legal obligation: KYC/AML, tax, and financial reporting.
- Legitimate interest: Security, fraud prevention, and Service improvement.
- Consent: Marketing emails (you may withdraw at any time).
4. Data Sharing
We share data only with:
- Service providers: Cloud hosting, KYC verification vendors, email delivery, fraud detection — under data processing agreements.
- Legal authorities: When required by law, court order, or to protect rights, property, or safety.
- Successors: In a merger, acquisition, or asset sale, with continuing privacy obligations.
We do not sell personal data.
5. Blockchain Transparency
On-chain transaction data (wallet addresses, transaction hashes, amounts) is inherently public on the underlying blockchain networks (Polygon, Tron, Ethereum, BSC, Solana). We cannot remove or alter on-chain data. Use caution before including any identifying information in on-chain transactions.
6. Data Security
We implement industry-standard security measures: HTTPS for all API traffic, AES-256-GCM for at-rest secret key storage, HMAC-SHA256 request signing, IP whitelisting (optional), 2FA for dashboard access, and regular security audits. However, no system is 100% secure — promptly notify us of any suspected breach.
7. Data Retention
- Account data: Retained while your account is active and for up to 7 years thereafter to meet financial recordkeeping obligations.
- Transaction records: 7 years (regulatory requirement).
- API/webhook logs: 90 days for operational use, longer if required for investigations.
- Marketing data: Until you unsubscribe.
8. International Data Transfers
Data may be processed in countries other than your own. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or other lawful mechanisms.
9. Your Rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion (subject to retention requirements)
- Restrict or object to processing
- Data portability
- Withdraw consent (where consent is the legal basis)
- Lodge a complaint with a supervisory authority
To exercise these rights, email [email protected].
10. Cookies
We use only essential cookies for authentication and session management. We do not use third-party tracking or advertising cookies. By using the Services, you consent to essential cookies; you may disable them in your browser, but the Services may not function correctly.
11. Children's Privacy
The Services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have collected such data, contact us to delete it.
12. Changes to This Policy
We may update this Policy. Material changes will be notified via email or in-product notice at least 14 days before taking effect. The "Last updated" date indicates when changes took effect.
13. Contact
All privacy / data protection / GDPR inquiries (including Data Protection Officer for EEA users): [email protected]