Privacy Policy
Last update:
Feb 6, 2026
Privacy Policy
This Privacy Policy explains how Bit1 Ventures Inc. ("Bit1," "we," "us," or "our") collects, uses, discloses, and protects personal data when you use BIX, our crypto-to-fiat platform and related services, including BIX-branded Visa debit card services (the "Services").
If you do not agree with this Privacy Policy, do not use the Services.
Who we are
Controller / Responsible entity: Canada
Contact: legal@bixpay.io
Scope
This Privacy Policy applies to:
The BIX website, mobile applications, and dashboards.
Account creation, identity verification, and customer support.
Fiat on/off-ramps, crypto conversion features, and transfers.
Card-related features, including provisioning and transaction processing.
Third parties (for example, app stores, social networks, and some banking/card partners) may collect data separately. Their policies govern their processing.
Personal data we collect
We collect personal data from you, from your devices, and from third parties where permitted.
1) Data you provide
Identity and profile data: name, date of birth, nationality, gender (where required), and government identifiers.
Contact data: email address, phone number, mailing address.
Account credentials: usernames, password hashes, authentication factors.
Verification (KYC) data: government-issued ID images, selfies/liveness checks, proof of address, and related metadata.
Financial and payment data: funding source details, bank account details (where applicable), and card-related details required to provide card services.
Support and communications: messages, emails, chat transcripts, call recordings (where legally permitted), and complaint information.
Declarations: information you provide about your occupation, source of funds, and expected activity.
2) Data collected automatically
Device and technical data: device identifiers, IP address, OS and app version, browser type, language, time zone.
Usage data: pages/screens viewed, features used, clicks, referral URLs, crash logs, and performance metrics.
Log and security data: sign-in timestamps, authentication events, risk signals, and audit logs.
Approximate location: inferred from IP address or device settings (if enabled).
3) Transaction and card usage data
Crypto and fiat transaction data: deposits, withdrawals, conversions, transfer counterparties (where available), timestamps, amounts, and blockchain transaction hashes/addresses.
Card transaction data: merchant name and location, transaction amount, authorization results, and dispute status.
4) Data from third parties
Identity and compliance providers: KYC results, sanctions/PEP screening results, fraud and risk indicators.
Financial partners: payment processors, banking partners, card program partners, and network participants.
Analytics and security providers: signals used to detect fraud, bots, abuse, and account takeover.
How we use personal data
We use personal data to:
Provide and operate the Services. Create accounts, process transactions, and enable card functionality.
Verify identity and meet compliance obligations. Perform KYC, AML, CTF, sanctions screening, and ongoing monitoring.
Prevent fraud and secure the Services. Detect suspicious activity, enforce security controls, and protect users.
Provide customer support. Respond to requests and manage disputes, errors, and chargebacks.
Improve and develop the Services. Debug, analyze product usage, and enhance features.
Communicate with you. Send service notices, security alerts, and administrative messages.
Marketing (where permitted). Provide updates and offers; you can opt out.
Meet legal requirements. Maintain records, respond to lawful requests, and enforce agreements.
Legal grounds for processing
Depending on the context, we process personal data based on one or more of the following grounds:
Contractual necessity: to provide the Services you request.
Legal obligations: including compliance, recordkeeping, and lawful requests.
Legitimate interests: to secure and improve the Services, prevent fraud, and manage risk.
Consent: where required (for example, certain marketing or device permissions).
How we share personal data
We may share personal data with:
Service providers that support hosting, analytics, security, communications, customer support, and operations.
Identity, fraud, and compliance providers to verify identity, screen users, and monitor transactions.
Banking, payment, and card ecosystem participants to process loads, conversions, settlements, card transactions, disputes, and chargebacks. This can include card issuers, processors, Visa network participants, and merchant acquirers.
Professional advisers such as lawyers, auditors, and consultants.
Government authorities and regulators where required or permitted by law, including for AML/CTF reporting.
Corporate transactions such as mergers, acquisitions, financing, or asset sales.
We do not sell personal data for money. We may share limited data with partners for marketing only where permitted and with appropriate controls.
International transfers
Your personal data may be processed in countries other than your country of residence, including where our service providers or financial partners operate. We take reasonable steps to ensure appropriate protections for cross-border transfers, consistent with applicable law and the sensitivity of the data.
Data retention
We retain personal data for as long as necessary to:
Provide the Services.
Comply with legal and regulatory obligations (including AML/CTF and financial recordkeeping).
Resolve disputes and enforce our agreements.
Maintain security, fraud prevention, and audit trails.
Retention periods vary by data type and legal requirements. When retention is no longer required, we delete, anonymize, or securely archive the data.
Security
We use administrative, technical, and physical safeguards designed to protect personal data. Measures may include encryption in transit, access controls, monitoring, and security testing.
No system is perfectly secure. You are responsible for keeping your login credentials and devices secure, enabling strong authentication, and notifying us promptly of unauthorized access.
Your choices and rights
Subject to applicable law, you may have the right to:
Access your personal data.
Correct inaccurate or incomplete data.
Delete data, where legally permitted.
Object to certain processing.
Restrict processing in certain cases.
Withdraw consent where processing is based on consent.
Receive a copy of certain data in a portable format, where available.
To exercise rights, contact legal@bixpay.io We may request information to verify your identity and protect against unauthorized requests. Certain data may be retained or processing may continue where required by law (for example, AML/CTF obligations).
Marketing preferences
You can opt out of marketing communications by using the unsubscribe link (if provided) or contacting legal@bixpay.io Service and security messages are not marketing and may continue.
Cookies and similar technologies
We may use cookies, SDKs, pixels, local storage, and similar technologies to:
Keep you signed in.
Remember preferences.
Measure performance and usage.
Detect fraud and improve security.
You can control cookies through browser settings and, where available, in-app settings. Blocking some technologies may impact functionality.
Children
The Services are not directed to children. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact legal@bixpay.io
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version and change the "Last Updated" date. If changes are material, we may provide additional notice.
Contact
For privacy questions, requests, or complaints, contact:
Email: legal@bixpay.io
