Last updated: May 31, 2026
This Privacy Policy explains how CryptumPay collects, uses, stores, shares and protects personal data when you visit our website, use the CryptumPay console, create an account, request a demo, use our payment pages, make or receive crypto payments, contact support, use our APIs or otherwise interact with CryptumPay.
This Privacy Policy applies to:
By using CryptumPay, you acknowledge that your personal data may be processed as described in this Privacy Policy.
If you do not agree with this Privacy Policy, you must not use CryptumPay.
“CryptumPay”, “we”, “us” or “our” means the CryptumPay service, website, console, payment pages, APIs, widgets, mobile application where available, and related services operated by the Administration of CryptumPay.
“Administration” means the administration and operating team of the CryptumPay service.
For the purposes of this Privacy Policy, CryptumPay generally acts as an independent data controller for the personal data processed in connection with accounts, merchant onboarding, KYC, KYB, AML, payments, withdrawals, refunds, security, support, analytics and compliance.
For privacy-related questions, requests or complaints, contact us at:
You may also contact us through the official CryptumPay support channels listed on our website or in the CryptumPay console. However, legal and privacy-related requests should be sent to the email address above.
This Privacy Policy forms part of the legal framework for using CryptumPay and should be read together with the CryptumPay Terms of Use.
If there is any inconsistency between this Privacy Policy and the Terms of Use regarding personal data processing, this Privacy Policy governs the relevant personal data processing matter.
The English version of this Privacy Policy is the controlling version. Any translation is provided for convenience only.
We may collect different categories of personal data depending on how you interact with CryptumPay.
When you visit our website, we may collect:
When you request a demo or contact CryptumPay through the website, we may collect:
When a Merchant or merchant representative creates an account or logs in to the console, we may collect:
If you use Google or Telegram login, the relevant provider may share account information with us, such as account identifier, email address, username or other information made available through that login method.
For merchant onboarding, verification, compliance, AML, sanctions and risk-management purposes, we may collect information and documents including:
Where individual identity verification is required, we may collect or receive data including:
KYC verification may be performed through third-party identity verification providers.
When a Merchant uses CryptumPay, we may collect and store:
Merchants must not submit unnecessary personal data through API fields, metadata, order descriptions, webhook URLs, support requests or other technical fields.
When a Payer uses a CryptumPay payment page, widget, API-based checkout or other payment interface, we may collect and store:
We do not intentionally store the Payer’s source wallet address as a separate profile field. However, blockchain transactions are public, and transaction hashes may be linked to wallet addresses and other on-chain information available on public blockchains.
Where the CryptumPay mobile application is available, we may collect and process:
CryptumPay does not store Face ID, Touch ID or similar biometric data. Biometric confirmation is handled by the user’s device or operating system, where available.
When you contact us, we may collect:
We may receive personal data or related information from third parties, including:
The data received depends on the service used and the purpose of processing.
Crypto transactions are recorded on public blockchains.
Public blockchain data may include:
CryptumPay does not control public blockchains and cannot delete, modify or hide data recorded on public blockchains.
Even if CryptumPay does not store a Payer’s source wallet address as a separate profile field, a transaction hash may allow on-chain data to be viewed through public blockchain explorers or other blockchain analytics tools.
We may use personal data for the following purposes:
Where applicable data protection law requires a legal basis for processing, we rely on one or more of the following legal bases.
We process personal data where necessary to provide the Service, manage accounts, process payments, process withdrawals, provide support and perform our obligations under the Terms of Use.
We process personal data where necessary to comply with legal, regulatory, AML, sanctions, accounting, audit, reporting, recordkeeping or other compliance obligations.
We process personal data where necessary for our legitimate interests, including:
We may rely on consent where required, including for certain cookies, analytics, marketing communications or optional features.
Where processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect processing that occurred before withdrawal.
CryptumPay may process personal data for KYC, KYB, AML, sanctions, fraud-prevention, compliance and risk-management purposes.
This may include:
KYC, KYB and AML processing may involve third-party verification and compliance providers.
We may refuse to provide or continue providing the Service if required verification or compliance information is not provided or cannot be verified.
CryptumPay uses cookies and similar technologies.
We may use:
We use analytics tools, including Google Analytics and Yandex Metrica, to understand how visitors use our website and improve the Service.
Google Analytics and Yandex Metrica may set or access cookies, device identifiers or similar technologies. These tools may collect information such as pages visited, session duration, approximate location, device type, browser type, referrer and interaction data.
We do not use advertising pixels or advertising cookies unless this Privacy Policy is updated or additional notice is provided.
You can control cookies through your browser settings. If you disable certain cookies, some parts of the website, console or payment pages may not work properly.
Where required by applicable law, non-essential analytics cookies and similar technologies will be used only with consent or another valid legal basis.
Where consent is required by applicable law for certain cookies or similar technologies, we will seek consent or provide relevant choices as required by law.
We may use analytics tools to:
Analytics data is generally used in aggregated or statistical form, but it may include online identifiers or technical data that can be considered personal data under applicable law.
We may share personal data with the following categories of recipients:
We do not sell personal data.
For routine conversion, we do not intentionally share personal identity data with exchanges or liquidity providers. Conversion-related information is generally limited to technical transaction information such as amount, asset and network.
In exceptional cases, additional information may be processed or disclosed where required by law, compliance obligations, sanctions checks, investigations, risk controls or protection of CryptumPay, Users, Merchants, Payers or third parties.
We use third-party providers to operate CryptumPay.
These providers may process personal data on our behalf or independently, depending on the service and context.
We may change providers from time to time. For that reason, this Privacy Policy generally describes providers by category rather than by name.
Third-party providers may have their own privacy policies and processing practices.
CryptumPay is operated by a distributed team and may use service providers located in different countries.
Your personal data may be processed, stored or accessed in countries other than your country of residence.
Where required by applicable law, we will use appropriate safeguards for international transfers, which may include contractual safeguards, technical measures, organisational measures or other lawful transfer mechanisms.
We retain personal data for as long as necessary for the purposes described in this Privacy Policy, including legal, compliance, AML, sanctions, security, accounting, audit, dispute-resolution, fraud-prevention and operational purposes.
We do not keep all categories of data for the same period. Retention periods may vary depending on the type of data, the reason for processing, legal requirements, risk level and operational needs.
In particular:
We may be unable to delete certain data if retention is necessary for legal, compliance, AML, sanctions, accounting, audit, security, fraud-prevention or dispute-resolution purposes.
You may request account deletion by contacting CryptumPay support.
Before deleting or closing an account, we may need to verify your identity, authority or account ownership.
Account deletion may be refused, delayed or limited if:
Even after account deletion, certain records may be retained where required or necessary.
We use technical and organisational measures designed to protect personal data.
These measures may include:
No method of transmission or storage is completely secure. We cannot guarantee absolute security of personal data.
Users are responsible for maintaining the security of their accounts, devices, email, passwords, two-factor authentication methods, API keys and connected systems.
We maintain procedures intended to help identify, assess and respond to personal data breaches.
If a personal data breach occurs, we may investigate the incident, take steps to mitigate potential harm and notify affected users, authorities or other parties where required by applicable law.
We may also document personal data breaches where required or appropriate.
Depending on applicable law and your location, you may have rights regarding your personal data, including the right to:
To exercise your rights, contact us at:
We may need to verify your identity, authority or account ownership before responding to your request.
We may refuse to act on a request if we cannot verify the identity, authority or account ownership of the requester.
We will respond within a reasonable period. Where GDPR or another applicable law applies, we will respond within the period required by applicable law.
Some requests may be refused, delayed or limited where necessary for legal, compliance, AML, sanctions, accounting, audit, security, fraud-prevention or dispute-resolution purposes.
CryptumPay is not intended for persons under 18 years old.
Persons under 18 must not use CryptumPay.
If we learn that a person under 18 has provided personal data or created an account, we may restrict, suspend or delete the account and related data, subject to legal, compliance, AML, security and dispute-resolution requirements.
CryptumPay is not intended to be used as a general customer data storage tool.
Merchants must not submit unnecessary personal data about their customers through API fields, metadata, order descriptions, support requests, webhook URLs or other technical fields.
If a Merchant provides a payer email or other customer-related data for payment notifications, support, fraud prevention, payment processing or other Service-related purposes, the Merchant is responsible for ensuring that it has a lawful basis and has provided all required notices to the relevant customer.
Where a Merchant provides customer-related data to CryptumPay, the Merchant is responsible for ensuring that it has all required rights, permissions and legal grounds to provide that data.
CryptumPay may process such data where necessary to provide the Service, process payments, provide support, maintain security, perform compliance checks, prevent fraud, resolve disputes and enforce the Terms of Use.
We may send emails and notifications related to:
We may also send product or informational communications where permitted by law.
You may opt out of non-essential marketing communications where applicable. You cannot opt out of essential service, security, compliance or transactional communications.
If you contact CryptumPay through Telegram or another external communication channel, that platform may process your data according to its own privacy policy.
CryptumPay does not control the privacy practices of Telegram, Google or other third-party platforms.
You should not send sensitive information through external communication channels unless necessary.
If you choose to log in using Google or Telegram, we may receive information from the relevant provider, such as your account identifier, email address, username or other information made available through that login method.
Your use of Google or Telegram login is also subject to the privacy practices of the relevant provider.
You may be able to manage connected applications and permissions through your Google or Telegram account settings.
We may update this Privacy Policy from time to time.
Changes may be posted on the website, in the console or otherwise communicated by reasonable means.
The updated Privacy Policy becomes effective when posted or on the date stated in the updated Privacy Policy.
Continued use of CryptumPay after the updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy.
For questions, requests or complaints regarding this Privacy Policy or personal data processing, contact:
