Privacy Policy

We collect information in the following categories:

• Account information — name, email address, phone number, date of birth, profile photo, and password (stored hashed).
• Identity verification (KYC) — government-issued ID, selfie, and address documents required by financial regulations.
• Financial information — wallet balances, transaction history, payment methods, bank account details, and cryptocurrency addresses.
• Device and usage data — IP address, device model, operating system, app version, language, time zone, crash logs, and usage analytics.
• Location data — approximate location derived from IP address; precise location only with your explicit permission.
• Communications — messages you send to support, P2P chat counterparties, or in-app notifications you receive.

• To create and operate your account and provide the Service.
• To process transactions, payments, deposits, withdrawals, and P2P trades.
• To comply with Know-Your-Customer (KYC), Anti-Money-Laundering (AML), and other legal obligations.
• To detect, prevent, and investigate fraud, abuse, and security incidents.
• To send transactional notifications (e.g., payment received, security alerts).
• To provide customer support and respond to your requests.
• To improve, personalize, and develop new features of the Service.
• To send marketing communications, where permitted by law and subject to your preferences.

If you are in the EEA or UK, we process your data under one or more of the following legal bases:

• Contract — to perform the services you request.
• Legal obligation — to meet financial-services and tax regulations.
• Legitimate interest — to secure the Service and prevent fraud.
• Consent — for optional features such as marketing and precise location.

We do not sell your personal information. We share data only with:

• Service providers — hosting, analytics, KYC verification, customer support, and email/SMS delivery, under written data-processing agreements.
• Financial partners — banks, payment processors, card issuers, and blockchain networks needed to execute your transactions.
• P2P counterparties — limited profile information (display name, rating, payment method labels) needed to complete a trade you initiate.
• Legal and regulatory authorities — when required by law, court order, or to protect rights, safety, or property.
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users.

We retain your information for as long as your account is active and for additional periods required by law (typically 5–7 years for financial records under AML regulations). When data is no longer required, it is deleted or irreversibly anonymized.

We use industry-standard safeguards including TLS encryption in transit, AES encryption at rest, hashed passwords, hardware security modules for key material, role-based access control, monitoring, and regular security audits. No method of transmission or storage is 100% secure, and you use the Service at your own risk. Report security concerns to privacy@blackpheya.com.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated data (subject to legal retention requirements).
• Object to or restrict certain processing.
• Request a portable copy of your data.
• Withdraw consent at any time for processing based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@blackpheya.com. We respond within 30 days.

The Service is not directed to anyone under 18. We do not knowingly collect personal information from children. If we learn we have collected data from a minor, we will delete it promptly.

Your information may be processed in countries other than your own. Where we transfer data out of the EEA, UK, or other regulated jurisdictions, we rely on appropriate safeguards such as Standard Contractual Clauses.

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure performance, and detect fraud. You can control cookies through your browser settings, but disabling them may break parts of the Service.

The Service may contain links to third-party sites or integrations (e.g., bank portals, blockchain explorers). We are not responsible for their privacy practices. Review their policies before sharing data.

Transactional and security notifications are required to use the Service. Marketing emails are optional — unsubscribe via the link in any marketing message or in your account settings.

We may update this Policy from time to time. Material changes will be announced via in-app notice or email at least 14 days before they take effect. The "Last updated" date at the top reflects the latest revision.

Questions, requests, or complaints? Email privacy@blackpheya.com. We aim to respond within 5 business days.