Depending on the scenario, Cryptoway may process account and contact data, company and representative details, business verification documents, invoice and transaction data, public blockchain addresses, transaction hashes, payment statuses, API and webhook logs, IP address, device, browser, cookies, support communications and affiliate data.
We do not ask for seed phrases, private keys or access to user wallets. Never share such data with anyone, including anyone claiming to represent Cryptoway.
Data is used to create and maintain accounts, onboard merchants, process invoices, transmit payment statuses through the interface, API or webhooks, support users, secure accounts, prevent fraud, run AML/KYT, KYC/KYB, sanctions and risk checks, perform contracts, maintain tax and legal records, improve the product and respond to lawful requests.
Depending on jurisdiction and data type, processing may be based on performance of a contract, steps before entering into a contract, legitimate interests, legal obligations, user consent, or protection of rights, safety and lawful interests of Cryptoway, users, merchants and third parties.
We may share data only to the extent necessary for the purposes described in this Policy. Recipients may include hosting, infrastructure, security, analytics, communications and support providers; compliance, AML/KYT, sanctions and risk-check providers; legal, accounting and audit advisers; contractual partners; and competent authorities where a lawful and applicable request exists.
We require contractors and providers to use data only for agreed purposes and to apply reasonable safeguards.
Cryptoway may work with users, merchants, partners, infrastructure and contractors in different countries. Data may therefore be processed outside your country of residence or business registration.
We retain data as long as needed for account and contract operations, support, accounting, tax and legal records, AML/KYT, sanctions and compliance controls, dispute handling, fraud prevention and applicable requirements.
We apply organisational and technical measures intended to protect data from unauthorised access, loss, alteration, disclosure or destruction. No method of transmission or storage is absolutely secure.
Users must protect devices, email, passwords, API keys, webhook secrets and account access. If you suspect compromise of an account or key, contact us immediately.
Depending on applicable law, you may have the right to request access, correction, deletion, restriction of processing, objection, data portability, withdrawal of consent and complaint to a competent authority.
These rights may be limited where data is needed for a contract, legal compliance, AML/KYT, tax records, protection of Cryptoway rights, investigation of violations or response to a lawful request.
The merchant determines what customer data it collects and transfers to Cryptoway. The merchant must have a lawful basis for processing, provide required privacy notices, avoid transferring excessive or sensitive data without necessity, and comply with applicable privacy, payment, consumer protection and e-commerce law.