Privacy Policy

1. Introduction

BinaryPay ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our P2P cryptocurrency marketplace platform.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• Full name
• Email address
• Password (encrypted)
• Phone number (optional)
• User role (Buyer, Seller, or Admin)

2.2 Financial Information

For sellers, we collect:

• Bank name
• Bank account number
• Account name

Payment card details are collected and processed by Paystack and are never stored on our servers.

2.3 Transaction Information

We collect information about your transactions, including:

• Cryptocurrency type and amount
• Transaction value in NGN (Nigerian Naira) or other supported fiat currencies
• Cryptocurrency wallet addresses (for completing transfers)
• Proof of transfer documents (uploaded by sellers)
• Transaction status and timestamps
• Dispute records and resolution details

2.4 Usage Data

We automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referral source

3. How We Use Your Information

We use your information to:

• Create and manage your account
• Process transactions between buyers and sellers
• Facilitate payments via Paystack
• Process seller payouts
• Send transaction notifications and updates
• Resolve disputes
• Prevent fraud and abuse
• Comply with legal obligations
• Improve our services

4. How We Share Your Information

4.1 With Third Parties

We share information with:

• Paystack: For payment processing and payout transfers
• Resend: For sending transactional emails
• Uploadthing: For document storage (KYC verification)

4.2 With Other Users

During transactions, we share limited information between buyers and sellers:

• Username/display name
• Transaction amount and cryptocurrency details
• Buyer's wallet address (visible to seller)
• Proof of transfer (visible to buyer and admin)

4.3 Legal Compliance

We may disclose your information to comply with legal obligations, court orders, or government requests.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Transaction records are retained for:

• 7 years for accounting and tax purposes
• As required by applicable financial regulations

You may request account deletion at any time, subject to legal retention requirements.

6. Data Security

6.1 Technical Measures

We implement industry-standard security measures:

• Password Security: All passwords are hashed using bcrypt with salt
• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Database Security: Database access is restricted to authorized personnel only with role-based access controls
• Payment Security: Payment card data is handled exclusively by PCI-DSS compliant Paystack; we never store card details
• Session Management: Secure session cookies with HttpOnly and SameSite flags
• Rate Limiting: API rate limiting to prevent abuse and DDoS attacks

6.2 Organizational Measures

• Regular security audits and penetration testing
• Employee training on data protection and security
• Incident response and data breach notification procedures
• Regular backups with encrypted storage
• Multi-factor authentication for admin access

6.3 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery
• Report to relevant data protection authorities as required by law
• Provide details about the breach and steps taken to mitigate harm
• Offer guidance on protective measures you can take

Important: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

7. Your Privacy Rights

7.1 General Rights

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Update or correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your account and associated data (subject to legal retention requirements)
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for marketing purposes
• Right to Restrict Processing: Request limitation of data processing in certain circumstances

7.2 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to be informed about automated decision-making
• Right to be forgotten in certain circumstances

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@binarypay.co. We will respond to your request within 30 days.

For security purposes, we may request additional information to verify your identity before processing your request.

8. Cookies & Tracking

8.1 Essential Cookies

We use essential cookies that are strictly necessary for the platform to function:

• Authentication Cookies: To keep you logged in and maintain your session
• Security Cookies: To protect against CSRF attacks and maintain secure connections
• Preference Cookies: To remember your settings and preferences

8.2 What We Don't Use

We do NOT use:

• Third-party advertising cookies
• Cross-site tracking cookies
• Social media tracking pixels
• Analytics cookies (optional, with consent)

8.3 Cookie Management

You can control and delete cookies through your browser settings. However, disabling essential cookies may affect platform functionality.

9. Children's Privacy

BinaryPay is not intended for users under 18 years of age. We do not knowingly collect information from children.

10. International Data Transfers

As an international cryptocurrency marketplace, your data may be transferred to and processed in countries outside your country of residence, including locations where our service providers operate.

10.1 Safeguards

When transferring data internationally, we ensure:

• Appropriate legal mechanisms are in place (Standard Contractual Clauses, adequacy decisions)
• Service providers comply with data protection standards equivalent to GDPR
• Data is encrypted during transfer and at rest
• Regular audits of third-party data processors

10.2 Third-Party Locations

Our service providers are located in:

• Paystack: Nigeria (for payment processing)
• Resend: United States (for email delivery)
• Database Hosting: Cloud providers with global infrastructure

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. The "Last updated" date at the top indicates when changes were last made.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:
privacy@binarypay.co