Back

Privacy Policy

Last updated: March 8, 2026

Payrix ("we", "our", "us") operates a cryptocurrency payment gateway platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

1. Information We Collect

  • Account Information. When you create an account, we collect your name, email address, and optionally your company name. We use this to provide and manage your merchant account.
  • Payment Data. We process blockchain transaction data including wallet addresses, transaction hashes, amounts, and network confirmations. We do not collect or store your private keys or seed phrases.
  • API Usage. We log API requests (endpoint, timestamp, IP address, response status) for rate limiting, security monitoring, and debugging purposes.
  • Device & Browser Data. We automatically collect IP address, browser type, operating system, and device identifiers when you access our dashboard. This is used for security and fraud prevention.

2. How We Use Your Information

  • Process cryptocurrency payments and withdrawals on your behalf.
  • Generate HD wallet deposit addresses for your payment invoices.
  • Send webhook notifications about payment status changes.
  • Provide customer support and respond to your inquiries.
  • Monitor platform security, detect fraud, and prevent abuse.
  • Send transactional emails (payment confirmations, security alerts, account notifications).
  • Improve our services through aggregated, anonymized analytics.

3. Data Security

  • All sensitive data (mnemonic phrases, API secret keys) is encrypted at rest using Fernet symmetric encryption (AES-128-CBC + HMAC-SHA256).
  • API communication is secured via HTTPS/TLS. Webhook payloads are signed with HMAC-SHA256 so you can verify their authenticity.
  • We enforce password complexity requirements (min 8 characters, mixed case, digits) and support two-factor authentication (TOTP).
  • Access to production systems is restricted by role-based permissions. All administrative actions are logged in an audit trail.

4. Data Sharing

  • We do not sell, rent, or trade your personal information to third parties.
  • We may share data with blockchain networks as required to process your transactions (e.g., broadcasting signed transactions to RPC nodes).
  • We may disclose information if required by law, regulation, or valid legal process.
  • If we engage third-party service providers (e.g., email delivery), they are bound by data processing agreements and may only use your data to perform services on our behalf.

5. Data Retention

  • Account data is retained for the duration of your account plus 12 months after deletion to comply with financial record-keeping obligations.
  • Transaction records are retained for 5 years as required for audit and compliance purposes.
  • API logs are retained for 90 days, then automatically purged.
  • You may request deletion of your account and associated data by contacting support. Note that blockchain transactions are immutable and cannot be deleted from public ledgers.

6. Your Rights

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Update or correct inaccurate account information at any time via your dashboard settings.
  • Deletion. Request deletion of your account and personal data, subject to legal retention requirements.
  • Export. Download your transaction history and account data in standard formats.
  • To exercise these rights, contact us at [email protected].

7. Cookies

  • We use essential cookies and local storage to maintain your authentication session and user preferences (e.g., theme selection).
  • We do not use third-party advertising or tracking cookies.

8. Changes to This Policy

  • We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect.
  • Continued use of the platform after changes become effective constitutes acceptance of the updated policy.