Privacy Policy

1. Who We Are

CryptoLink is an open-source, self-hosted cryptocurrency payment gateway. This privacy policy applies to the hosted instance at cryptolink.cc.

Because CryptoLink is self-hostable, any operator running their own instance controls their own data independently of this policy.

2. Non-Custodial Architecture & Your Financial Privacy

CryptoLink is built on a fundamental privacy principle: we never hold, see, or process your funds.

• Private keys: Never transmitted to or stored on CryptoLink servers. Your private keys remain exclusively on your device or hardware wallet.
• xpub keys: You provide an extended public key (xpub) to derive receiving addresses. We store this to generate addresses. It cannot be used to spend funds — only to receive them.
• Transactions: All on-chain transactions happen directly between your customers and your wallet addresses on the public blockchain. CryptoLink does not intermediate or hold funds at any point.
• Blockchain data: Transaction data is publicly visible on the blockchain (as with all crypto transactions) and is not controlled by CryptoLink.

3. Information We Collect

3.1 Account Data

• Email address — used for account authentication and system notifications (subscription alerts, payment events)
• Password — stored as a bcrypt hash. We cannot recover or read your password.

3.2 Merchant Configuration Data

• Merchant name and webhook/redirect URLs you configure
• API tokens (hashed)
• Extended public keys (xpub) for address derivation
• Supported currencies configuration

3.3 Payment Records

• Payment metadata you create: order ID, description, amount, currency, status
• Customer email address (only if you pass it in the payment creation request — optional)
• Blockchain transaction hashes (public data)

3.4 Technical Logs MINIMAL

• Server access logs (IP address, request path, timestamp) — retained for 30 days for security purposes
• Application error logs — anonymized, no payment content

3.5 What We Do NOT Collect

• No browser fingerprinting or tracking pixels
• No third-party analytics (no Google Analytics, no Meta Pixel)
• No advertising cookies
• No behavioral profiling
• No customer identity beyond what you explicitly pass to our API

4. How We Use Your Data

• Service operation: Providing payment gateway functionality, generating addresses, tracking payment status
• Notifications: Sending webhook events to your configured endpoint; email alerts for subscription and volume limits
• Security: Detecting and preventing fraud, brute-force attacks, and abuse
• Support: Responding to your technical support requests

We do not use your data for advertising, profiling, or sale to third parties. Ever.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• Blockchain APIs (Blockstream, TronGrid): Public blockchain monitoring APIs used to detect incoming payments. Only blockchain addresses (public data) are queried. No personal account data is shared.
• Email provider (Brevo/Sendinblue): Used to deliver transactional emails. Only your email address is transmitted, solely for delivery purposes.
• Legal requirements: If required by a court order or law enforcement (we will notify you if legally permitted).

6. Data Security

We implement security measures including:

• TLS/HTTPS encryption for all connections (HSTS enforced)
• bcrypt password hashing
• HMAC-signed webhook events (constant-time comparison)
• Rate limiting on all authentication endpoints
• CSRF protection on session-based endpoints
• Regular security audits (see Security Audit 2025)
• PostgreSQL with parameterized queries (no SQL injection risk)

7. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Payment records: Retained for the life of your account (needed for reconciliation). Deleted with account.
• Server logs: 30 days rolling retention.

8. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Correct inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Export your payment data in JSON format from your dashboard
• Objection: Object to any processing you did not authorize

To exercise these rights, contact us at [email protected].

9. Cookies

We use only strictly necessary cookies:

• Session cookie: Maintains your authenticated dashboard session. HTTPOnly, Secure, SameSite. Expires in 24 hours.
• CSRF token cookie: Protects against cross-site request forgery. Expires in 2 hours.

No advertising or tracking cookies. No third-party cookies.

10. Self-Hosted Instances

If you self-host CryptoLink, this privacy policy does not apply to your installation. You control all data on your own server. Your privacy policy obligations are governed by the laws of your jurisdiction. The software is MIT licensed — you are free to audit and modify it.

11. Children's Privacy

CryptoLink is not directed to individuals under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify registered merchants by email of material changes. The current version is always at cryptolink.cc/privacy.

13. Contact

Questions, concerns, or data requests:

• Email: [email protected]