🚧 DEMO MODE — This is a test environment. Accounts, payments, and transactions are simulated and not real.

🔒 Privacy Policy

Last updated: March 2026

1. Who We Are

CryptoGap ("we", "us", "our") is a cryptocurrency payment gateway that enables merchants to accept crypto payments. We act as a data processor for merchant data and payer identity documents, while the merchant acts as the data controller.

2. What Data We Collect

Merchant (Business Account)

When you create a merchant account, we collect:

  • Email address
  • Company name
  • Password (stored hashed, never in plaintext)
  • Storage provider configuration (tokens are encrypted)
  • Exchange API configuration (encrypted)
  • Transaction volume for fee tier calculation

Payer (Customer) – KYC Documents

When a customer submits identity verification for a payment, we temporarily process:

  • Full name and email address
  • ID document image
  • Selfie (front face) image
  • Side profile photo
  • BankID verification receipt (if applicable)

Important: CryptoGap does NOT permanently store any payer identity documents on its servers. All documents are forwarded directly to the merchant's configured external storage provider (Dropbox, OneDrive, or SFTP) and are not retained by CryptoGap.

3. How We Use Your Data

  • Merchants: To provide the payment gateway service, calculate fees, process crypto payments, and communicate account-related information.
  • Payers: To verify identity (KYC) as required by the merchant before processing a payment. Documents are forwarded to the merchant's storage and not retained.

4. Legal Basis for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)): Both merchants and payers provide explicit consent before their data is processed.
  • Contract (Art. 6(1)(b)): Processing is necessary to provide the payment gateway service.
  • Legitimate Interest (Art. 6(1)(f)): Fraud prevention and platform security.

5. Data Storage and Security

  • Merchant account data is stored in our database with encrypted sensitive fields.
  • KYC documents are transmitted directly to the merchant's storage provider using encrypted connections — they pass through CryptoGap only in memory during upload and are never written to disk.
  • File names for KYC documents use only payment IDs — no personal data is included in filenames.
  • Passwords are hashed using industry-standard algorithms.

6. Data Retention

  • Merchant data: Retained as long as the account is active. Deleted upon account deletion request.
  • Payer KYC data in CryptoGap DB: Name, email, and storage references are retained for the lifetime of the associated payment record for audit purposes. No document files are stored.
  • KYC documents on merchant storage: Retention is the merchant's responsibility as the data controller.
  • Transaction records: Retained for legal and financial compliance purposes.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Portability: Receive your data in a machine-readable format.
  • Restriction: Request restricted processing of your data.
  • Objection: Object to data processing based on legitimate interest.
  • Withdraw Consent: Withdraw your consent at any time.

For Merchants

You can delete your account and all associated data from the Settings page, or by contacting us.

For Payers

To exercise your rights regarding KYC documents, contact the merchant who requested your verification. For data held by CryptoGap (name and email in our database), contact us directly.

8. Data Transfers

KYC documents are transferred to the merchant's chosen storage provider. The location of this storage depends on the merchant's configuration. Merchants are responsible for ensuring their storage provider complies with applicable data protection laws.

9. Third-Party Services

  • Storage providers: Dropbox, OneDrive, SFTP (merchant-configured)
  • Cryptocurrency exchanges: Kraken, Binance, Coinbase (merchant-configured)
  • Swedish BankID: For KYC verification (when enabled by merchant)

10. Contact

For privacy-related inquiries or to exercise your rights, contact us at: privacy@cryptogap.com