This Privacy Notice explains how PriveFlow handles information when you use our Service. PriveFlow is designed with privacy as a first principle.
1. Our Privacy Philosophy
- No accounts. No registration, email verification, or user profiles
- No KYC by us. No government IDs, selfies, proof of address
- Minimal data. Only what’s needed to route your transaction
- Short retention. Auto-deleted after 72 hours
2. What We Process
Transaction parameters (required)
- Source and target currency/network
- Amount
- Destination address (encrypted at rest via AES-256-GCM, never exposed via API)
- Optional refund address (same encryption)
Technical metadata
- IP address hash (SHA-256, used only for rate limiting; raw IP never stored)
- HMAC signatures for address integrity
What we do NOT collect
- Government IDs, names, dates of birth
- Email addresses (unless you contact support)
- Cookies or tracking identifiers
- Browser fingerprints
3. Retention
| Data | Retention |
|---|---|
| Transaction records | 72 hours, then auto-deleted |
| Encrypted addresses | Deleted with transaction record |
| IP hash | Deleted with transaction record |
| Audit logs | Up to 90 days for security |
4. Blockchain Transparency
Cryptocurrency transactions are public on the blockchain by default. PriveFlow severs the direct on-chain link between sender and receiver, but the individual transactions remain visible on-chain. Privacy comes from the routing architecture.
5. Your Rights
Depending on your jurisdiction, you may have rights to access, delete, rectify, or object to processing of your data. Contact [email protected] to exercise these rights.
6. Security
We implement AES-256-GCM encryption for PII at rest, HMAC-SHA-256 integrity, TLS transport, CSP/HSTS headers, rate limiting, and access controls.
7. Contact
Privacy questions: [email protected]
General support: [email protected]