Paxful, Inc. Privacy Notice

Paxful, Inc. (also referred to as “Paxful,” “we,” “us,” or “our”) takes steps to protect your privacy. In this Privacy Notice (“Notice”), we describe the types of personal information we may collect from you in connection with your use of our websites including, but not limited to, https://paxful.com/, the Paxful Wallet, our online bitcoin trading platform, mobile application, social media pages, or other online properties (collectively, the “Website”), or when you use any of the products, services, content, features, technologies, or functions we offer (collectively, the “Services”).

This Notice is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Website and Services. Please note that our Service offerings may vary by region.

Personal Information We Collect

We collect information that relates to you (“Personal Data”) in connection with your use of the Website, our Services. or otherwise in the context of our relationship with you. The types of Personal Data that we may obtain from you may include:

Biographical Data, including:

  • Name
  • Email Address
  • Phone Number
  • Country
  • Full Address
  • Date of Birth

Paxful Account Details, including:

  • Username
  • User Profile Information in the “Bio” section
  • Profile Picture
  • Joined Date
  • Default Currency
  • Time Zone
  • Default Language

Paxful Account Activity, including:

  • Trade Chat Messages (which may contain financial information if you provide it to sellers)
  • Trade Chat Attachments
  • Trade Activity
  • Transaction History
  • Affiliate Name
  • Affiliate ID
  • Affiliate Link
  • Affiliate Transactions
  • Offers Created
  • Offer Terms
  • Trade Instructions
  • Account Notifications
  • Account Status

Data relating to your Bitcoin wallet, including:

  • Bitcoin Private Keys
  • Bitcoin Public Keys
  • Wallet Balance
  • Bitcoin transactions received
  • Bitcoin transactions sent

Data Collected in connection with “Know Your Customer” (KYC) Compliance, including:

  • Government-issued ID
  • Proof of Address
  • Photographs, if you elect to provide them to us
  • Video, if you elect to provide them to us

Device and Website Usage Data, including:

  • IP Addresses
  • Cookie ID and/or other device identifiers
  • Information relating to your access to the Website, such as device characteristics, date & time
  • Language preferences
  • Information on actions taken while using the Website

How We Use Your Data

The business purposes for which we collect, use, retain, and share your Personal Data may include:

  • To provide Services through operating the Website, including to:
    • Register, create, and maintain your account;
    • Authenticate your identity and/or your access to an account, or help sellers verify your identity;
    • Initiate, facilitate, process, and/or execute transactions;
    • Communicate with you regarding your account or any Services you use;
    • Perform creditworthiness, KYC, or other similar reviews;
    • Evaluate applications; or
    • Compare information for accuracy and verification purposes.
  • To manage risk and protect you, other persons, and the Website and Services.
  • To provide a personalized experience and implement your preferences.
  • To better understand customers and how they use and interact with the Website and Services.
  • To market to you.
  • To provide personalized Services, offers, and promotions on our Website and third-party websites.
  • To provide you with location-specific options, functionalities, and offers.
  • To comply with our policies and obligations, including, but not limited to, disclosures and responses in response to any requests from law enforcement authorities and/or regulators in accordance with any applicable law, rule, regulation, judicial or governmental order, regulatory authority of competent jurisdiction, discovery request or similar legal process.
  • To resolve disputes, collect fees, or troubleshoot problems.
  • To provide customer service to you or otherwise communicate with you.
  • To manage our business.

We may also process Personal Data for other purposes based upon your consent when required by applicable law.


Sources From Which We Collect Personal Data

We collect Personal Data from a number of sources, including

  • Directly from you: We collect Personal Data directly from you when you use our Website or Services, communicate with us, or interact directly with us.
  • From service providers and/or data processors who assist us in providing the Website or the Services: We may engage service providers to assist us in facilitating the Website or the Services to you, at our direction and on our behalf. These service providers may collect information about you and provide it to us.
  • From other users on the Paxful Website or from affiliates integrated with the Paxful Website or Services: Other users may provide us with information about you in connection with transactions or chats. Affiliates may also provide information to us about you related to your interactions or transactions with such affiliates.
  • From third-parties who may help us verify identity, prevent fraud, and protect the security of transactions.
  • From third-parties who may help us evaluate your creditworthiness or financial standing.
  • From third-parties who may help us analyze Personal Data, improve the Website or the Services or your experience on it, market products or services, or provide promotions and offers to you.
  • From social media platforms, if you interact with us through social media.

How We Share Data

Under certain circumstances, we may disclose certain Personal Data with other persons. The categories of persons with whom we may share Personal Data include:

  • Service providers and/or data processors: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity, assist in processing transactions, send you advertisements for our products and Services, or provide customer support.
  • Other parties to transactions, such as sellers: We may share information with the other participants to your transactions, including other users from whom you are purchasing bitcoin.
  • Financial institutions and other companies involved in helping you make payments in connection with transactions
  • Affiliates that receive referrals from our Website
  • Other third-parties for our business purposes or as permitted or required by law, including:
    • To comply with any legal, regulatory or contractual obligation, or with any legal or regulatory process (such as a valid court order or subpoena);
    • To establish, exercise, or defend legal claims;
    • In response to a request by a government agency, such as law enforcement authorities or a judicial order;
    • To enforce our Website Terms of Service or our internal policies;
    • To prevent physical harm or financial loss, in connection with an investigation of suspected or actual illegal activity, or to otherwise protect our or others’ rights, property, or safety;
    • To facilitate a purchase or sale of all or part of Paxful’s business. For example, by sharing data with a company we plan to merge with or be acquired by; or
    • To support our audit, compliance, and corporate governance functions.

International Transfers of Data

Please note that we may transfer Personal Data we collect about you to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Data to other countries, we take steps designed to ensure that the transfer is in accordance with applicable law.


Cookies and Online Advertising

A cookie is a small text file that a website saves on your computer or mobile device when you visit the website.

Our Website uses cookies and tracking technologies to operate, and to target advertising that may be of interest to you. For further information, please refer to our Cookie Policy.

Paxful may partner with third-party ad networks to either display advertising on the Paxful Website or on third-party websites. These websites and third-party ad networks are not controlled by Paxful. Ad network partners use data technologies to collect information about your online activities to provide you targeted advertising based upon your interests. If you wish not to have this information used for the purpose of serving you targeted ads, you may be able to opt-out by visiting:

http://optout.aboutads.info/
http://optout.networkadvertising.org/

Please note this does not opt you out from being served advertising; you will continue to receive generic ads that are not based on your specific interests. You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Website, but your ability to use some features or areas of our Website may be limited.


Data Retention

We retain Personal Data for the period necessary for the purposes for which it was collected, or for such periods as required by applicable law. This may involve retaining Personal Data for periods following a transaction. We make efforts to delete your Personal Data once it is no longer required for any of the business purposes described above.


Data Security

Paxful has implemented safeguards designed to protect your Personal Data, including measures designed to prevent Personal Data against loss, misuse, and unauthorized access and disclosure. Still, Paxful cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection. Transferring data through the Internet always carries some risk, even if Paxful makes efforts to protect data once it has received it.


Children Under 18 Years of Age

Paxful’s Website is not intended for children under the age of 18. We do not knowingly collect data from children under the age of 18 without verified parental consent. If we learn that we have collected information, including Personal Data, from an individual under 18 years of age without parental consent, we will delete that information immediately.


Modifications to the Privacy Notice

Paxful reserves the right to change this Notice from time to time. We will notify you of modifications to this Notice by posting a revised version of this Notice here, by email, or by means of a prominent notice on the Paxful Website home page. We recommend that you periodically check the Website for any changes.


Contact Us

If you have any questions about this Notice, or wish to make an inquiry with us regarding Personal Data or privacy, please contact us at: [email protected]


EEA Addendum

The following disclosures apply to, and are intended exclusively for, individuals who reside within the European Economic Area (EEA).

(a) Data Controller

The controller for your Personal Data is Paxful, Inc.

(b) Legal Bases for Processing Personal Data

  • To the extent we use Personal Data to perform contractual obligations or requests made by you in connection with a contract, Article 6(1)(b) of the General Data Protection Regulation (“GDPR”) is the legal basis for our data processing.
  • To the extent we use Personal Data to comply with a legal obligation under EU or Member State law, Article 6(1)(c) of the GDPR is the legal basis for our data processing.
  • To the extent we use Personal Data to protect the vital interests of individuals, Article 6(1)(d) of the GDPR is the legal basis for our data processing.
  • To the extent we use Personal Data in pursuit of our legitimate business interests, Article 6(1)(f) of the GDPR is the legal basis for our data processing. A list of our legitimate business interests is in the above section titled “How We Use Your Data”.

(c) European Data Protection Rights

European law provides you with certain rights with respect to your Personal Data, including:

  • The right to request access to and rectification of your Personal Data.
  • The right to request that Paxful delete certain Personal Data relating to you.
  • The right to data portability, which includes the right to request that certain Personal Data you have provided to us be transferred from us to another data controller.
  • The right to withdraw any consent you have provided to Paxful to collect, use, or share your data at any time. Please note that withdrawing consent does not affect the lawfulness of Paxful processing your Personal Data before your withdrawal.
  • The right to object to Paxful’s processing of your Personal Data, based on grounds specific to your particular situation.
  • The right to request that Paxful restrict the processing of your Personal Data, if certain statutory conditions for restriction are met.
  • The right to lodge a complaint with a European supervisory authority.

Please note that applicable law may provide exceptions to any of these rights, permit Paxful to decline your request, or permit Paxful to extend the period in which it can act on your request. Paxful may also contact you to verify your identity, as permitted by law, prior to acting on your request. To exercise any of these rights, please contact us as set forth in the above section titled “Contact Us”.

(d) International Transfers

We may transfer Personal Data relating to EEA residents to countries that have not been found by the European Commission to provide adequate protection, including the United States. For any such transfers, Paxful implements safeguards designed to ensure that your Personal Data receives an adequate level of protection. If you are located in the EEA, Paxful will only transfer your Personal Data if: the country to which the Personal Data will be transferred has been granted a European Commission adequacy decision; the recipient of the Personal Data is located in the United States and has certified to the US-EU Privacy Shield Framework; Paxful has put in place appropriate safeguards in respect of the transfer, for example by entering into EU Standard Contractual Clauses with the recipient, or; an applicable statutory exception to the GDPR general transfer prohibition applies. To obtain a copy of the mechanisms that Paxful has executed to support its transfers of personal data outside the EEA, contact us as set forth in the above “Contact Us” section.


California Addendum

The following disclosures apply to, and are intended exclusively for, residents of the State of California.

(a) Your California Privacy Rights

To the extent that we disclose certain personally identifiable information about you to third parties who use it for their direct marketing purposes, you have a right to request further information about the recipients of your information. To exercise this right, please contact us as described in the above section titled “Contact Us.”

(b) Do Not Track Disclosure

Our Website is not designed to respond to “Do Not Track” signals or requests.