Privacy Policy

BISA provides crypto payment infrastructure to businesses. This Privacy Policy explains how we handle personal information in connection with our services, and applies to the business clients who use BISA (“you”).

For information about your business and the people who manage your BISA account — such as account, KYB/KYC, and usage data — BISA acts as the data controller. Where we process information about your own customers that passes through our services — for example, deposit addresses and on-chain transactions associated with your end-users — we act as a processor on your behalf, and you remain responsible for providing any notices to, and obtaining any consents from, those customers.

We collect information you provide directly to us when using BISA. As a business-facing platform, this includes the identity and verification information required to onboard your business — such as company registration details, beneficial ownership information, and government-issued identification for your authorized representatives — collected to meet our Know Your Business (KYB) and Know Your Customer (KYC) compliance obligations. It also includes your wallet addresses, transaction history, and any information you provide when contacting our support team. For API authentication, the signing key pairs used to secure your requests are generated and held solely by you — we never store these authentication private keys. (These are distinct from the private keys controlling on-chain assets.)

Additionally, we automatically collect certain information about your device and how you interact with our platform, including your IP address, device type, operating system, browser type, and usage patterns. This information helps us improve our services and ensure the security of your account.

We use the information we collect to provide, maintain, and improve BISA services. This includes processing transactions, providing customer support, verifying your identity, complying with our KYC/KYB and anti-money-laundering (AML) obligations, detecting and preventing fraud, and ensuring the security of our platform. We may also use your information to send you important updates about our services, security alerts, and changes to our terms or policies.

Your privacy is our priority, and we will never sell your personal information. We share information only as described here: with service providers and sub-processors who perform services on our behalf — such as cloud hosting, identity verification, and customer support — under contractual confidentiality and data-protection obligations; with authorities or regulators where necessary to comply with legal obligations or to protect our rights; and with parties involved in a corporate transaction such as a merger or acquisition, subject to this Policy.

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, regular security audits, and strict access controls for our team members.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your API authentication keys and account credentials. In the event of a data breach affecting your personal information, we will notify affected clients and the relevant authorities as required by applicable law.

We retain personal information for as long as necessary to provide our services and to satisfy our legal and regulatory obligations. In particular, KYC/KYB and transaction records are kept for the record-keeping periods required by anti-money-laundering and financial regulations. When information is no longer required, we securely delete or anonymize it.

We operate across multiple regions, and your information may be processed in countries other than the one in which you are located. Where we transfer personal data across borders, we apply appropriate safeguards — such as standard contractual clauses — to protect it in line with applicable law.

Our website uses only the essential cookies required for it to function. We do not currently use analytics or advertising cookies. If this changes, we will update this Policy and, where required, request your consent.

BISA is a business-facing service and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

You have the right to access and update your personal information through the Web Console or by contacting our support team. Because BISA is a regulated financial-infrastructure provider, certain information — including KYC/KYB and transaction records — must be retained for the periods required by applicable anti-money-laundering and other laws, and cannot be deleted on request during that time. In addition, data already written to public blockchains is immutable and outside our control. We will honor deletion requests for any information that is not subject to these obligations.

Depending on where you are located, you may have additional rights under laws such as the EU/UK GDPR or the CCPA — including the rights to access, correct, port, or restrict the processing of your personal information, and to object to certain processing. To exercise any of these rights, contact us using the details below. You also have the right to lodge a complaint with your local data-protection authority.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last Updated” date below.

Your continued use of BISA after any changes to this Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at privacy@bisacrypto.com. We are committed to addressing your concerns and ensuring your privacy rights are respected.

Last Updated: June 4, 2026