Privacy Policy

Complete privacy guidance for businesses operating on BitoCircle (crypto-native).

Last updated: 17/11/2025

Table of Contents

1. Scope & audience

This Policy applies to businesses, agencies, sole traders and their authorised users using https://bitocircle.com/business/ and related APIs. It covers how BitoCircle collects, stores, processes and shares personal and business data in order to provide the Business features, payments, advertising, token promotions, and creator partnerships.

2. Data categories we collect

We collect a broad set of data grouped below. Business owners should understand what each category includes and ensure they collect only necessary customer data when using our platform.

  • Account & identity: business/legal name, trade name, registered address, representative names, contact emails & phone numbers, business registration numbers (GST/VAT/etc.).
  • Verification documents: government IDs, incorporation documents, bank proof for payouts (KYC/KYB).
  • Credentials & access metadata: username, password hash, 2FA metadata, device fingerprint, last login, IP address.
  • Financial & billing: bank account details (for payouts), transaction history, invoices, credits/refunds (we store tokens, not full card numbers).
  • Platform activity: session logs, API calls, content posted, ad campaign data, analytics.
  • Customer data provided by businesses: purchase orders, customer names/emails (if you collect them), shipping addresses — you control these and must comply with applicable law when collecting them.
  • Communications: support chats, emails, appeal/complaint records; call recordings if consented.

3. Where data comes from

We collect data directly from you (account creation, content, payments), automatically via platform logs, and from third parties such as payment processors, identity verification vendors, advertising partners, or public registries.

4. Why we use data — purposes & legal bases

Primary reasons we process data (and the practical impact for businesses):

  • Service delivery & contract performance: to create and manage your business account, provide dashboards, handle payouts and run ad campaigns.
  • Compliance & legal obligations: AML/KYC/KYB checks, tax reporting, responding to lawful requests.
  • Risk fraud & security: detect abuse, prevent scams, protect users and funds — critical on crypto-native platforms.
  • Product analytics & improvement: aggregate telemetry to improve features and ad performance.
  • Support & dispute resolution: investigate incidents, handle chargebacks, compliance disputes.
  • Marketing (optional): send business account updates and promotional emails if you opt-in.

5. Crypto-specific data & considerations

Because BitoCircle is crypto-native, additional data types and risks apply:

  • Wallet addresses & on-chain data: When you link blockchain addresses, we may log wallet addresses, transaction hashes, and on-chain interactions to provide analytics, verify token transfers for promotions, or track payouts. Wallet addresses are public on-chain data, but we treat associations between wallets and accounts as personal data.
  • Smart-contract interactions: Events you trigger (token minting, staking, airdrops) may be recorded for auditing and dispute resolution.
  • Custodial vs non-custodial: If you use our custodial services (we hold assets temporarily for platform operations), we collect additional custodial data and transaction metadata. If you operate non-custodial wallets, we cannot access private keys — we only link addresses you authorize.
  • Token promotions & airdrops: Participation records for promotions (wallet address, KYC status) are stored to ensure fair distribution and regulatory compliance.
  • AML/KYC impact: Crypto flows may trigger enhanced due diligence for large transfers or high-risk jurisdictions; businesses must supply accurate information and cooperate with compliance requests.
Example: A business running an NFT drop links wallet addresses to its account to confirm eligible participants. BitoCircle stores those addresses and the associated transaction hashes to verify claim history and resolve disputes.

6. Sharing & processors

We only share data with third parties for specific purposes and under contractual safeguards:

  • Payment processors: for billing, payouts and fraud monitoring.
  • KYC/AML vendors: to perform identity and business verification.
  • Hosting & analytics providers: to run the platform and measure performance.
  • Legal/regulatory bodies: when required by law or to protect legal rights.
  • Market partners: ad networks or partners you connect to for campaign delivery (only with your authorization).

We require processors to meet security and privacy obligations and use data only for the contracted purpose.

7. International transfers

BitoCircle and our vendors operate globally. When we transfer data outside your country, we rely on appropriate safeguards (data transfer agreements, standard contractual clauses, and where applicable, adequacy findings). Businesses operating cross-border should be aware of transfer implications for user/customer data.

8. Retention & archival

We retain data for as long as necessary to provide services and to meet legal obligations. Examples:

  • Transaction and billing records: typically retained for 7+ years for tax/compliance.
  • Account and verification documents: retained while account active + defined post-closure period.
  • Logs and telemetry: retained in aggregated/anonymized forms for analytics; detailed logs retained for incident response according to policy.

9. Security measures

We maintain technical and organisational safeguards including:

  • Encryption in transit (TLS) and encryption at rest for sensitive data.
  • Role-based access controls, audit logging, and routine security testing.
  • Vendor security assessments and incident response plans.
  • Recommendation for businesses: enable 2FA, use dedicated admin accounts, store backups securely.

10. Your rights and options

Depending on jurisdiction, you may have rights to access, correct, delete or port data. Businesses can:

  • Request account export (reports, invoices, campaign data).
  • Request deletion of personal data tied to terminated accounts (subject to retention obligations).
  • Object to certain processing (direct marketing) or request restriction.

To exercise rights contact contact@bitocircle.com. We may require verification and will inform you if legal obligations prevent action.

11. Cookies & tracking

We use cookies and similar trackers for:

  • Essential functionality (sessions, login).
  • Analytics (product usage, campaign performance).
  • Advertising (when enabled) and attribution for ad spend and conversion reporting.

Businesses must ensure customer-facing flows provide appropriate cookie/consent notices when collecting PII for marketing or analytics.

12. Data breach & incident response

We operate an incident response program. If a breach affects your account data, we will:

  1. Contain the incident and assess impact.
  2. Notify affected business accounts and regulators as required by law.
  3. Recommend mitigation steps (password resets, revoking tokens).
  4. Provide post-incident report and remediation timeline.

13. Children & minors

BitoCircle Business is for businesses and not directed to children. We do not knowingly collect data from minors. If we discover data relating to a minor, we will delete it and notify the requesting account where applicable.

14. Contact & escalation

Privacy inquiries and requests: contact@bitocircle.com. For urgent legal notices and data breach reports, contact our legal team immediately.