BloxTap Privacy Policy

1. INTRODUCTION

BloxTap ("BloxTap," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bloxtap.com (the "Site") or subscribe to our early access newsletter.

Important: BloxTap is currently in development and no payment card services are available. We currently only collect email addresses for our early access newsletter.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Email Newsletter Subscription:

• Email address (required for newsletter signup)
• Subscription preferences and interests
• Date and time of subscription
• Communication preferences

Contact Communications:

• Email address and message content when you contact us
• Any additional information you choose to provide
• Support inquiries and feedback

2.2 Information Collected Automatically

Technical Information:

• IP address and general location
• Browser type and version
• Device information (type, operating system)
• Referring website
• Pages visited and time spent on Site
• Date and time of visits
• Screen resolution and device capabilities

Cookies and Similar Technologies:

• Essential cookies for website functionality
• Session identifiers
• We do not currently use analytics or advertising cookies

2.3 Information We Do NOT Collect

We do not currently collect:

• Names or personal identifiers (beyond email)
• Financial information or payment data
• Cryptocurrency addresses or wallet information
• Precise location data
• Social media information
• Biometric data

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

Newsletter Communications:

• Send early access updates and development news
• Notify subscribers about service launches and availability
• Provide information about BloxTap features and card technology
• Share merchant acceptance updates and compatibility news

Website Operations:

• Ensure proper website functionality
• Improve user experience and interface design
• Maintain website security and prevent fraud
• Analyze website performance and usage patterns

Legal and Compliance:

• Comply with applicable laws and regulations
• Respond to legal requests and enforcement actions
• Protect our rights and interests
• Investigate potential violations of our terms

3.2 Future Service Preparation

We may use collected information to:

• Gauge interest in planned payment card features
• Plan service capacity and geographic availability
• Improve our development roadmap and priorities
• Prepare for regulatory compliance requirements

3.3 Marketing and Communications

• Send promotional content about BloxTap services
• Conduct surveys or gather feedback about payment preferences
• Provide customer support and technical assistance
• Send security alerts and important service notifications

You can opt out of marketing communications at any time using the unsubscribe link in our emails.

4. HOW WE SHARE YOUR INFORMATION

4.1 Third-Party Service Providers

Email Service Provider (Brevo):

• We use Brevo (formerly Sendinblue) to manage our email newsletter
• Brevo processes your email address and subscription preferences
• Brevo is located in Europe and complies with GDPR
• View Brevo's privacy policy at: https://www.brevo.com/privacy-policy/

Website Hosting and Security:

• Our website hosting provider processes technical information
• This includes IP addresses, browser information, and usage data
• Security services may process data to prevent fraud and attacks

4.2 Legal Disclosures

We may disclose your information when required by law or to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, or safety
• Protect the rights, property, or safety of others
• Investigate fraud, security issues, or violations of our terms
• Respond to claims that content violates third-party rights

4.3 Business Transfers

If BloxTap is involved in a merger, acquisition, or asset sale, your information may be transferred to the new entity, subject to the same privacy protections.

4.4 What We DON'T Do

We do not:

• Sell your personal information to third parties
• Share your information for third-party marketing purposes
• Use your information for advertising tracking
• Share your information with data brokers
• Provide information to payment networks without your consent

5. INTERNATIONAL DATA TRANSFERS

5.1 Cross-Border Processing

Your information may be transferred to and processed in:

• United States (our planned headquarters)
• European Union (Brevo servers)
• Other countries where our service providers operate

5.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

• Adequacy decisions by relevant data protection authorities
• Standard contractual clauses approved by regulators
• Service provider privacy certifications and commitments
• Other legally recognized transfer mechanisms

6. DATA SECURITY

6.1 Security Measures

We implement appropriate technical and organizational security measures:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and audits
• Incident response and breach notification procedures
• Employee training on data protection practices

6.2 Payment Data Security

When we launch our payment card services, we will implement additional security measures:

• PCI DSS compliance for payment data handling
• Tokenization of sensitive payment information
• Secure communication with payment networks
• Fraud detection and prevention systems

6.3 Data Breach Notification

In case of a data breach that poses risks to your rights:

• We will notify relevant authorities within 72 hours (where required)
• We will notify affected users without undue delay
• We will provide information about the breach and steps taken
• We will offer assistance and remediation where appropriate

6.4 Limitation of Security

While we strive to protect your information, no method of transmission or storage is 100% secure. You provide information at your own risk.

7. YOUR PRIVACY RIGHTS

7.1 General Rights

All Users:

• Unsubscribe from emails at any time
• Contact us with privacy questions
• Request information about our data practices
• Update your communication preferences

Email Management:

• Update your email preferences and interests
• Unsubscribe using the link in any email
• Contact us to remove your email: [email protected]

7.2 Rights for EU/UK Residents (GDPR)

If you are in the European Union or United Kingdom, you have additional rights:

Access: Request a copy of your personal data we hold Rectification: Correct inaccurate or incomplete data Erasure: Request deletion of your personal data Restriction: Limit how we process your data Portability: Receive your data in a portable format Objection: Object to processing based on legitimate interests Complaint: Lodge a complaint with your data protection authority

Legal Basis for Processing:

• Consent (newsletter subscription)
• Legitimate interests (website functionality, security, service development)

7.3 Rights for California Residents (CCPA)

If you are a California resident, you have these rights:

Know: What personal information we collect and how we use it Delete: Request deletion of your personal information Opt-Out: Opt out of sale (we don't sell personal information) Non-Discrimination: We won't discriminate for exercising your rights

Categories of Information Collected:

• Identifiers (email address, IP address)
• Internet or electronic network activity (website usage data)

7.4 Rights for Canadian Residents (PIPEDA)

If you are a Canadian resident:

• Access your personal information we hold
• Request correction of inaccurate information
• Withdraw consent for marketing communications
• File complaints with the Privacy Commissioner of Canada

7.5 Exercising Your Rights

To exercise any privacy rights:

• Email: [email protected]
• Subject line: "Privacy Rights Request"
• Include: Your email address and specific request

We will respond to valid requests within:

• 30 days (GDPR/UK GDPR)
• 45 days (CCPA)
• 30 days (PIPEDA)

8. DATA RETENTION

8.1 Retention Periods

Newsletter Subscriptions:

• Retained until you unsubscribe
• Retained for up to 30 days after unsubscribe for processing
• May be retained longer if required by law

Website Data:

• Technical logs retained for up to 12 months
• Contact communications retained for up to 3 years
• Security incident data retained as required by law

Future Payment Data:

• Transaction data retained per payment network requirements
• Customer support data retained for up to 7 years
• Compliance data retained per regulatory requirements

8.2 Deletion Process

When data is deleted:

• Removed from active systems within 30 days
• Removed from backup systems within 90 days
• Some data may remain in encrypted backups for technical reasons
• Payment data follows industry-standard deletion procedures

9. COOKIES AND TRACKING

9.1 Current Cookie Use

Essential Cookies Only:

• Session management and security
• Basic website functionality
• Load balancing and performance

We Do NOT Currently Use:

• Analytics cookies (Google Analytics, etc.)
• Advertising or marketing cookies
• Social media tracking cookies
• Cross-site tracking technologies

9.2 Future Cookie Use

As we develop our services, we may implement:

• Analytics cookies to understand user preferences (with consent)
• Performance monitoring cookies for service optimization
• Marketing cookies for targeted communications (with consent)
• Payment-related cookies for transaction processing

Any additional cookies will require your consent and will be disclosed in an updated Cookie Policy.

9.3 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may affect website functionality)
• Delete existing cookies
• Receive notifications before cookies are set
• Set preferences for different types of cookies

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

Our Site is not intended for children under 18. We do not knowingly collect personal information from children under 18.

10.2 Discovery of Children's Data

If we discover we have collected information from a child under 18:

• We will delete the information immediately
• We will not use the information for any purpose
• We will notify parents if contact information is available
• We will implement additional safeguards to prevent recurrence

11. FUTURE PAYMENT SERVICES PRIVACY

11.1 Additional Data Collection

When we launch our payment card services, we may collect:

• Limited payment transaction data
• Device information for NFC functionality
• Location data for fraud prevention
• Customer verification information
• Payment preferences and settings

11.2 Payment Data Protection

Strong Privacy Protections:

• We will NOT store full payment card numbers
• We will NOT have access to your private keys
• We will NOT store your cryptocurrency balances
• We will use tokenization for sensitive data
• We will comply with PCI DSS standards

11.3 Payment Network Requirements

We may be required to share limited information with:

• Payment networks (Visa, Mastercard, etc.)
• Payment processors and acquirers
• Fraud prevention services
• Regulatory authorities
• Law enforcement (when legally required)

11.4 Transaction Privacy

• Transaction amounts and merchant information may be processed
• Personal identifiers will be minimized in transaction data
• Full transaction histories will not be stored indefinitely
• Users will have control over transaction data sharing

11.5 Updated Privacy Notice

We will update this Privacy Policy before launching new services that collect additional information types.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Modification Rights

We may update this Privacy Policy to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Industry best practices and standards

12.2 Notification of Changes

Material Changes:

• Email notification to newsletter subscribers
• Prominent notice on our website
• Updated "Effective Date" at the top of this policy
• Clear explanation of significant changes

Minor Changes:

• Updated "Effective Date"
• Notice on website footer
• Summary of changes in newsletter

12.3 Continued Use

Your continued use of our Site after changes constitutes acceptance of the updated Privacy Policy.

13. CONTACT INFORMATION

13.1 Privacy Questions

For privacy-related questions or concerns:

• Data Protection Officer: [email protected]
• General Legal: [email protected]

13.2 Privacy Rights Requests

To exercise your privacy rights:

• Email: [email protected]
• Subject: "Privacy Rights Request"
• Include: Your email address and specific request type

13.3 Supervisory Authorities

EU/UK Residents: You have the right to lodge a complaint with your local data protection authority

California Residents: You may file a complaint with the California Attorney General

Canadian Residents: You may file a complaint with the Privacy Commissioner of Canada

14. EFFECTIVE DATE AND VERSION

This Privacy Policy is effective as of August 5, 2025 and supersedes all previous versions.

Version History:

• Version 1.0: August 5, 2025 - Initial policy