Privacy policy

Last updated: 2026-05-21

What we collect

• Shipping address: name, street address, postal code, country, phone (for FedEx).
• Email for sending quotes and tracking.
• Optional PGP public key.
• If your order exceeds $5,000: identity documents (passport scan, selfie) processed by a third-party verifier and held only as required by AML law.
• Server logs (IP, user agent, timestamps) retained 30 days for fraud and abuse protection only.

What we do not collect

• No advertising trackers. No third-party JavaScript trackers.
• No persistent account or login required.
• No card data — we never accept cards.
• No social-media pixels.

How long we keep it

• Order records: kept for the minimum legally-required retention period (typically 5 years for accounting).
• KYC documents (when applicable): kept for the AML-required retention period and then deleted.
• Server logs: 30 days.
• Email correspondence: 18 months, then deleted unless escalated to a dispute.

Third parties we share with

• FedEx — for shipping label and delivery.
• Identity verifier (Veriff or Onfido) — only when KYC is triggered.
• Resend — for transactional email delivery.
• Payment processor (only if BTCPay self-hosted is later introduced).
• Regulators — only under valid legal process.

Your rights

Where applicable (GDPR, CCPA, etc.) you have rights to access, correct, delete, and port your personal data. Contact [email protected] with the order reference. Identity documents subject to AML retention cannot be deleted before the retention period ends.