pay
  • How it works
  • Roadmap
  • News
  • FAQ
  • Developers
Sign in

GoBTC PAY — PRIVACY POLICY

Effective Date: June 19, 2026

1. Who We Are

This Privacy Policy explains how GoBTC Pay America LLC (“GoBTC Pay,” “we,” “us”), a Delaware limited liability company and a member of the GoBTC group of companies (the operator of the Bitcoin mining ecosystem under the “GoMining” brand and owner of www.gomining.com), collects, uses and shares personal data when you use the GoBTC Pay applications, protocol and services (the “Services”). It forms part of, and uses terms defined in, the User Terms of Use and the Merchant Terms of Use. Questions: [email protected].

GoBTC Pay is the controller of the personal data described here. Where a Licensed Custodian provides custodial services (Section 7 of the Terms), that custodian is a separate controller for the data it processes for custody/transmission, under its own privacy notice.

2. What We Collect

  • Identity & verification data (for screening): name, date of birth, address, nationality, government-ID images, and biometric data (e.g., a facial scan) processed by our verification vendor with your consent; for merchants: business registration, beneficial-owner and authorized-signatory details.
  • Account & authentication data: email, credentials, device and authentication factors, and your wallet's public key / wallet address.
  • Transaction data: payment amounts, timestamps, status, merchant and counterparty identifiers, on-chain transaction identifiers and wallet addresses (which are public on the Bitcoin network).
  • Screening & risk data: results of sanctions, PEP, adverse-media and blockchain-analytics checks.
  • Technical & usage data: IP address, device identifiers, app/version, log and diagnostic data, and cookies or similar technologies on our websites (see Section 9).
  • Support data: messages and information you provide to support.

We do not hold your Bitcoin or your private keys, and we do not collect your private keys.

3. Why We Use It (Purposes and Legal Bases)

We process personal data to: provide and operate the Services and the Co-Signing Service (performance of contract); verify identity and screen users, merchants and wallet addresses, and prevent fraud, money laundering and sanctions breaches (legal obligation and legitimate interests / compliance); secure our systems and investigate incidents (legitimate interests); communicate with you, including required disclosures (contract / legitimate interests); comply with law and respond to legal process (legal obligation); and, only with your consent where required, process biometric data and send marketing. Where we rely on consent (e.g., biometrics, certain cookies), you may withdraw it as described below.

4. When We Share It

  • Service providers / processors: identity-verification (KYC/KYB) and biometric vendors, blockchain-analytics providers, cloud hosting, communications and support tools — under contracts limiting their use of the data.
  • Recovery Custodian and Licensed Custodian: in the non-custodial model the Recovery Key is held by a trusted third-party Recovery Custodian, and we share with the Recovery Custodian only the limited data needed to operate the recovery flow (for example, proof of settlement). If a custodial state is introduced, we also share with the Licensed Custodian the data necessary for custody/settlement, including originator and beneficiary information it is legally required to exchange under travel-rule and similar laws.
  • Counterparties to a payment: limited data needed to complete a transaction (e.g., a merchant receives the originating wallet address for refunds).
  • Authorities: regulators, law enforcement and courts where required by law or legal process.
  • Corporate transactions: an acquirer or successor in a merger, financing or sale of assets, subject to this Policy.

We do not sell your personal data, and we do not “share” it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

5. The Bitcoin Network Is Public

Bitcoin transactions, amounts and addresses are recorded on a public, permanent ledger that no one controls and that cannot be edited or erased. Information placed on-chain is outside our control and cannot be deleted by us or by you. Consider this before transacting.

6. Retention

We keep personal data for as long as needed to provide the Services and, where applicable, for the periods required by anti-money-laundering, tax and other laws (for example, identity and transaction records are typically retained for at least five (5) years after the end of our relationship), and as needed to establish, exercise or defend legal claims. Acceptance records for the Terms are retained for the limitations period plus the life of the relationship.

7. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of your personal data, to opt out of sale/share or targeted advertising (we do not do these), and to not be discriminated against for exercising rights. Some data we must keep to meet legal obligations (e.g., AML records) and cannot delete on request. To exercise rights, contact [email protected]; we will verify your request. You may appeal a denial at [email protected]. You may withdraw biometric and marketing consents at any time. Where GLBA applies to certain financial data, that data is handled under our financial-privacy practices and may be exempt from some state-law rights.

8. Security

We maintain administrative, technical and physical safeguards designed to protect personal data, including encryption in transit and at rest for sensitive data, access controls, and hardware-security-module controls for the GoBTC Pay co-signing key. No system is perfectly secure; protect your own credentials, key and device, and notify us immediately of any suspected compromise at [email protected].

9. Cookies

Our websites use strictly necessary cookies and, with your consent where required, analytics cookies. You can manage non-essential cookies through our cookie banner or your browser settings.

10. Children

The Services are not directed to anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact [email protected].

11. International Transfers

We and our providers may process personal data in the United States and other countries whose laws may differ from yours. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers, including to GoMining group entities.

12. Changes; Contact

We may update this Policy; we will post the new version with its effective date and, for material changes, provide additional notice. Contact us at [email protected].

pay
How it worksDevelopersRoadmapNewsFAQDownload

© 2026 GoMining All rights reserved

White PaperTerms of usePrivacy policyCookie policy

GoMining (BVI) Limited, Trinity Chambers, PO Box 4301, Road Town, Tortola, British Virgin Islands, BVI company number: 2110978

BMINE BVI LIMITED, Trinity Chambers, Road Town, Tortola, British Virgin Islands VG 1110

GoMining (British Virgin Islands) Limited and BMINE BVI LIMITED operate in full compliance with all applicable laws and regulations and are firmly committed to combating money laundering, terrorist financing and proliferation financing. We adhere to the highest standards, ensuring strict compliance with all relevant anti-money laundering and terrorist financing obligations, as well as anti-proliferation financing measures, to maintain the integrity and security of our operations and services.

The content presented on this website is not an offer or recommendation for investment. The data presented here may contain approximate figures and should not be used as a basis for making investment decisions. By accessing and using this website and our services, you agree to comply with our Terms of Use and Privacy Policy.