BlindPay - Privacy Policy
Last Updated: 03/19/2025
Blind Pay, Inc.
At Blind Pay, we are committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our services, in compliance with the provisions of the General Data Protection Regulation (GDPR).
- Personal Data: Any information related to an identified or identifiable natural person, such as names, addresses, email addresses, identification numbers, and IP addresses.
- Data Subject: The person to whom the personal data refers.
- Data Controller: The entity that determines the purposes and means of processing personal data. In this case, it is us.
- Data Processor: The entity that processes personal data on behalf of the data controller. These are our vendors and partners who process your data as determined by us.
When you create an account, we may request your contact information, including your full name, home address, email, and phone number. To verify your identity as required by law, we may collect the following personal information:
- Identity Data: Full name, date of birth, gender, nationality, passport number, social security number, driver's license number, national ID card details.
- Contact Data: Email address, phone number, physical address, mailing address, emergency contact information.
- Financial Data: Bank account numbers, credit card information, income details, tax identification number, financial transaction history.
- Location Data: GPS coordinates, location history, Wi-Fi access point data, IP addresses.
- Employment Data: Employment details, job titles and descriptions, workplace location.
- Transaction Data: Purchase and sale history, transaction amounts, payment methods used, billing addresses, order amounts.
- Usage Data: Website or app usage patterns, session durations, pages visited, clickstream data, error logs, and crash reports.
- Marketing Data: Marketing preferences, subscriptions and newsletter preferences, responses to marketing campaigns, engagement with promotional materials, referral sources.
- User Account Data: Usernames and account identifiers, profile pictures and avatars, user-generated content (profile descriptions, bios), user preferences and settings, social connections and followers.
- Social Media Data: Social media profiles, user-generated content (posts, comments), friends and connections, social network activity.
If you contact us directly, we may request additional information such as your name, email address, home address, phone number, and other relevant personal details.
Our services allow users to select their preferred stablecoin and network for executing payouts. On the other hand, we use third-party financial institutions to send fiat payments.
We may obtain personal data from third-party partners and vendors to provide seamless and comprehensive services. These third parties may include:
- Payment Service Providers: Financial institutions that process your transactions.
- Identity Verification Partners: Vendors who verify your identity as required by law.
- Advertisers and Marketing Partners: To better understand your interaction with our services and provide personalized recommendations.
Our data collection, use, and sharing are based on various lawful bases, depending on the context. These include:
- Consent: When you provide your explicit consent for us to process your data.
- Performance of a Contract: When processing is necessary for the performance of a contract with you.
- Legal Obligation: When we need to use your data to comply with legal obligations.
- Legitimate Interests: When we have a legitimate interest that does not override your fundamental rights.
We use your data for various purposes, including:
- Providing and Maintaining Services and Apps: To ensure the functionality and availability of our services.
- Payment Processing and Order Execution: To process payments and complete orders in compliance with rules of transparency and competitiveness.
- Fraud Prevention: To detect and prevent fund losses, including those resulting from fraud and misuse of our services and apps.
- Compliance with Laws and Regulations: To ensure compliance with relevant laws and regulations, such as anti-money laundering and terrorism financing.
- User Communication and Support: To communicate directly with you or through our partners for customer support, notifications regarding changes and updates to services, important service-related information, marketing, and promotions.
- Service Improvement: To continuously improve the quality, performance, and features of our services.
- Research and Development: To conduct research and development activities related to our services, including the development of new features and functionalities of the app.
- Measurement and Analytics: To understand how users interact with our services, analyze user behavior, and identify preferences.
- Safety and Security: To promote the safety and integrity of your funds, our services, and data through protective measures and ongoing monitoring.
- User Account Management: To manage user accounts, including account setup, recovery, and termination.
- Personalization: To tailor user experiences based on preferences and behaviors, providing personalized content and recommendations.
We may share your information with various third parties to support and enhance our business operations, including:
- Vendors and Service Providers: Who assist us in maintaining and optimizing our business.
- Credit and Financial Institutions: To process your transactions and complete your orders.
- Identity Verification Services: To ensure compliance with legal requirements.
- Partners: Authorized third parties with access to the BlindPay API who may process, view, and manage your data to provide integrated services or enhanced functionality.
- Advertisers and Marketing Partners: To better understand your interaction with our services and provide personalized recommendations.
- Law Enforcement: To support investigations, maintain legal compliance, and ensure the safety and security of our app and users.
- Transfers, Mergers, and Acquisitions: In the event of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets, or succession, your personal information may be disclosed to the new owner, acquirer, or successor of the company or other relevant third parties.
We implement security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:
- Access Controls: Restricting access to your personal information to authorized personnel for legitimate business purposes.
- Employee Training: Training our team in data security best practices.
- Data Backups: Performing regular data backups to prevent data loss.
- Incident Response: Establishing incident response procedures to promptly address and mitigate any security incidents.
- Security Roadmap: We are developing a comprehensive data encryption implementation plan to enhance protection of data during transmission and storage using industry-standard encryption protocols.
Note: While we strive to protect your information, no security system is impenetrable. We continuously evaluate and improve our security practices to better safeguard your data.
We retain your personal information only for the period necessary to fulfill the specific purposes for which it was collected. These retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered.
As a user of our services and app, you have certain rights regarding the personal data we collect and use. These rights include:
- Right to Access: Request access to the personal data we hold about you.
- Right to Rectification: Request the correction of inaccurate or incomplete personal data.
- Right to Erasure (Right to Be Forgotten): Request the deletion of your personal data under certain circumstances.
- Right to Restriction of Processing: Request the limitation of the processing of your personal data under certain situations.
- Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
- Right to Object: Object to the processing of your data, including for direct marketing purposes or when we rely on legitimate interests as our legal basis for processing.
- Rights Related to Automated Decision-Making and Profiling: Request human intervention and review of decisions made solely by automated means that affect you significantly.
As a financial services provider, we are subject to certain regulatory obligations that may limit our ability to delete some of your data:
- Anti-Money Laundering (AML) Compliance: We are legally required to retain certain transaction data and identification information to comply with financial regulations and to file Suspicious Activity Reports (SARs) when necessary.
- Financial Record-Keeping: Applicable laws require us to maintain certain financial records for specified periods, typically between 5-7 years depending on the jurisdiction.
- Fraud Prevention: Some data may be retained for the legitimate purpose of detecting and preventing fraudulent activities.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- Right to Know: You can request information about the personal information we've collected about you in the past 12 months, including categories of information collected, sources, business purposes, and third parties with whom we've shared it.
- Right to Delete: You can request deletion of personal information we have collected from you, subject to certain exceptions including regulatory compliance requirements for financial institutions.
- Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
- Right to Correct: You can request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use of certain sensitive personal information.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
To exercise your California privacy rights, please contact us using the methods provided in the "Contact Details" section. We may need to verify your identity before responding to your request.
As a Delaware-registered Money Service Business with global operations including a branch in Brazil, we process and transfer data across multiple jurisdictions. This section outlines how we handle international data transfers while respecting various regulatory frameworks.
- US-Based Operations: As our main entity is registered in Delaware and we operate as a regulated Money Service Business (MSB) in the United States, we comply with applicable US federal and state financial and data protection regulations.
- Brazilian Operations: For data processed through our Brazilian branch, we adhere to the Lei Geral de Proteção de Dados (LGPD) requirements.
When transferring personal data from the European Union or European Economic Area to our US or Brazilian entities:
- We implement appropriate safeguards through Standard Contractual Clauses (SCCs) as approved by the European Commission.
- We conduct data transfer impact assessments to evaluate and mitigate potential risks associated with such transfers.
- We ensure that all recipients of EU/EEA data provide adequate technical and organizational measures to protect personal information according to GDPR standards.
To ensure consistent data protection across all jurisdictions where we operate:
- We apply a baseline of data protection measures that meet the highest standards required in any jurisdiction where we operate.
- We implement additional safeguards where necessary to address specific regional requirements.
- We regularly review and update our practices to reflect evolving international data protection laws and standards.
Where applicable local laws require data to be stored within specific territories, we maintain the necessary infrastructure to ensure compliance with such data localization requirements while still providing seamless global service.
We are committed to maintaining the highest standards of data protection regardless of where your data is processed or stored. If you have questions about how your data is handled in a specific country or region, please contact our Data Protection team.
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal data from a person under 18 years of age, we will take reasonable steps to delete such information from our records. If you believe we might have information from or about a child under 18, please contact us immediately at [email protected].
We may periodically update this Privacy Policy to reflect changes in our data processing practices and legal requirements or to improve transparency and clarity. When we make significant changes to this policy, we will notify you through the following channels:
- Direct Updates to the Policy: Any substantial changes to this Privacy Policy will be incorporated directly into the Policy and available for viewing through the website. We encourage you to review this Policy periodically to stay informed about how we handle your data.
For any inquiries, requests, or concerns related to this Privacy Policy or our data processing practices, please contact us using the following information:
Blind Pay, Inc.
8 The Green, #19364, Dover, DE 19901 US
[email protected]