Bitflow, Inc. Privacy Policy
We are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data.
1. Accountability
Bitflow, Inc. is responsible for personal data under its control. We have a Privacy Officer who ensures compliance with this policy and data protection laws.
2. Purpose of Collecting, Using, or Disclosing Information
We collect and use personal data for:
- Service delivery (account creation, transactions).
- Legal & regulatory compliance (identity verification, fraud prevention).
- Business improvement (analyzing trends and enhancing services).
We will notify you of any new purposes before using your data.
3. Consent & Legal Basis for Processing (GDPR Compliance)
Under the General Data Protection Regulation (GDPR), we process personal data based on:
- Contractual necessity (to provide services).
- Legal obligations (compliance with financial regulations).
- Legitimate interests (business analytics, fraud prevention).
- User consent (for marketing communications).
You may withdraw consent at any time. However, certain legal requirements may override withdrawal requests.
4. Revoking Consent
To withdraw consent, submit a request to our Privacy Officer with your full name, address, and contact details. Withdrawal may limit the services we can provide.
5. Information We Collect
We collect personal data, including:
For Individual Users
- Identification: Name, email, phone, date of birth, address.
- Verification: Government-issued ID, proof of address.
- Financial: Bank details, tax residency.
- Security: Passwords, two-factor authentication.
For Merchants
- Business details: Company name, registration, address.
- Financial data: Depository bank information.
- Ownership verification: Business registration, shareholder agreements.
By providing data, you confirm your right to do so and consent to its collection and use per this policy.
6. Data Storage & International Transfers
Your data is stored and processed in Dubai and other jurisdictions where we operate. By using our services, you agree to international data transfers, including to countries with different privacy laws.
We do not sell or disclose personal data except:
- With your consent.
- To third-party service providers (see Section 12).
- To comply with legal obligations.
- To prevent fraud or security threats.
7. Data Retention Policy
We retain personal data as follows:
- Account Information: While the account remains active + 5 years after closure (for legal compliance).
- Transaction Records: Minimum of 5 years (per financial regulations).
- Marketing Preferences: Until user opts out.
- Cookies & Tracking Data: 1 year, unless deleted by the user.
After these periods, data is deleted or anonymized.
8. Data Breach Notification Policy
If a data breach occurs:
- We will assess the risk level and notify affected users within 72 hours if required by law.
- If the breach poses a high risk, we will provide guidance on protection steps.
- Regulatory authorities will be informed as legally required.
We have security measures in place to minimize breach risks, including:
- Two-factor authentication (2FA)
- Access controls & network segmentation
- Encryption & firewalls
9. Log Information & Cookies
We collect log data (IP address, browser type, timestamps) and use cookies for analytics.
You can disable cookies in your browser, but this may affect service functionality.
10. Communications & Marketing
We may send:
- Service-related emails (account updates, security alerts).
- Promotional emails (if you opt-in).
You can unsubscribe at any time.
11. User Rights Under GDPR & Privacy Laws
Depending on your location, you may have the right to:
- Access your personal data.
- Correct inaccurate data.
- Request deletion ("Right to be Forgotten").
- Restrict processing under certain conditions.
- Data portability (request a copy of your data in a structured format).
- Object to processing (for direct marketing or legitimate interests).
To exercise these rights, email [email protected] with proof of identity.
12. Third-Party Service Providers
We work with trusted third parties to process payments, verify identity, and provide other services. These may include:
- Payment processors (e.g., bank partners).
- Identity verification providers.
- Cloud storage & cybersecurity firms.
We only share data necessary for their function. They must comply with our privacy standards.
13. Children’s Privacy
We do not knowingly collect data from individuals under 13 years old. If we discover such data, we will delete it immediately.
14. Third-Party Links & Services
This policy does not apply to external websites linked from our services. We recommend reviewing their privacy policies separately.
15. Policy Updates
We may revise this policy periodically. Any changes will be posted with a new effective date. Continued use of our services constitutes acceptance of the updates.
16. Contact Information
For privacy inquiries, complaints, or data access requests, contact us: