CryptoAPI AutoCPay
Privacy

Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect the following types of information:

  • Account Information: Email address, company name, phone number (optional) provided during registration.
  • Authentication Data: Hashed passwords (bcrypt), 2FA secrets (encrypted), login timestamps, and IP addresses.
  • Transaction Data: Payment amounts, wallet addresses, blockchain transaction hashes, and webhook delivery logs.
  • API Usage Data: API call timestamps, endpoints accessed, request/response metadata (excluding sensitive payloads).
  • Technical Data: IP addresses, browser user-agent strings, and request fingerprints for security purposes.

2. How We Use Your Information

  • Processing and monitoring cryptocurrency payment transactions
  • Authenticating and securing your merchant account
  • Providing dashboard analytics and transaction history
  • Detecting and preventing fraud, abuse, and security threats
  • Enforcing rate limits and brute-force protection
  • Sending critical service notifications and webhook callbacks
  • Maintaining audit logs for security and compliance
  • Improving service reliability and performance

3. Data Security

We implement comprehensive security measures to protect your data:

  • Password Hashing: bcrypt with cost factor 12. Passwords are never stored in plaintext.
  • Wallet Encryption: AES-256 encryption for all private keys and sensitive wallet data.
  • API Security: HMAC-SHA256 request signatures, rate limiting, and IP-based brute-force protection.
  • Transport Security: All communications encrypted via TLS/HTTPS.
  • Access Control: Role-based access control for administrative functions.
  • Audit Logging: Comprehensive logging of security-sensitive operations.

4. Data Retention

We retain your data for the duration of your account's existence plus any period required by applicable laws. Transaction records are maintained for audit and compliance purposes. Audit logs are periodically cleaned based on administrator-configured retention policies. You may request deletion of your account and associated data by contacting support.

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only in the following cases: with blockchain networks as required for transaction processing; with law enforcement when legally required; with service providers who assist in operating our platform (under strict confidentiality agreements). Note that blockchain transactions are inherently public and wallet addresses may be visible on public explorers.

6. Cookies and Tracking

We use essential cookies and local storage for authentication (JWT tokens), session management, and user preferences. We do not use third-party tracking cookies or advertising pixels. Authentication tokens are stored in localStorage with configurable expiration (24 hours standard, 30 days with "remember me").

7. Your Rights

  • Access your personal data through your merchant dashboard
  • Update or correct your account information at any time
  • Request export of your transaction data
  • Request deletion of your account and associated data
  • Disable 2FA and revoke API keys through your security settings

8. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email notification to your registered email address. Continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related inquiries, data requests, or concerns, contact us at [email protected].