Privacy FAQ

What info does Peach collect of me?

We strive to store the absolute minimum amount of data on our users as we can. As a quick overview, this is what we have on our servers:

  • A hash* of your phone's ID
  • A hash of your payment data
  • Your encrypted chats
  • The data of your trades (which type of payment method you're using, how much you're buying, etc.)
  • Usage data, if you agreed to this

For a full breakdown, please see our privacy policy.

* A hash is some data that was made unrecognizable, similar to encrypting it. The same data will always lead to the same hash. This means we don't know what the data is, but we will be able to spot if the same data is used twice.

Who can see my payment details?

Only your counterparty can see your payment details; they are sent via the Peach servers, but are fully end to end encrypted (like with most chat apps) so that we cannot see what they are.

When you start a dispute, you and your counterparty's payment details and your chat history will be visible to the assigned Peach mediator.

How to verify the APK?

Follow this steps to verify that the APK you downloaded is the real Peach APK:

  • Download the APK you want to install from the website, as well as the signature and manifest (everything can be found in https://peachbitcoin.com/apk)

  • Download Peach PGP key https://keys.openpgp.org/vks/v1/by-fingerprint/48339A19645E2E53488E0E5479E1B270FACD1BD2 (can be found in our website also)

  • Generate the checksum of the APK file you’ve downloaded and compare them with the checksum on the manifest.

sha256sum app-prod-arm64-v8a-release.apk

(substitute app-prod-arm64-v8a-release.apk for the name of your file). It should be the same one than on the manifest. Otherwise contact us and make sure you don’t install that application in your device. In this example, you should see the following output:

$ sha256sum app-prod-arm64-v8a-release.apk

802450713cb2183e7904ad58813effabf007d518d4467461c3928625e453942c  app-prod-arm64-v8a-release.apk

If we compare it to the one found in the manifest-peach.txt we can see it is the same one.

  • Add the Peach key to your keyring
gpg --import PGP-peach.asc

(make sure to substitute PGP-peach.asc for the correct file name, usually it will be 48339A19645E2E53488E0E5479E1B270FACD1BD2.asc)

  • Verify the signatures that you previously downloaded with the following command:
gpg --verify manifest-peach.sig manifest-peach.txt

In the output you should see the following line:

gpg: Good signature from "hello@peachbitcoin.com <hello@peachbitcoin.com>" [unknown]
How to sign an external address?

Follow this steps to sign the receiving address when buying Bitcoin to an external wallet:

Note: The first 2 steps are useful if you always want to receive your funds in external addresses. If you just want to do it once, or you want to sometimes use peach wallet, start from step 3.

  1. Go to settings
  • disable peach wallet
  • go to payout address

  1. Paste the new receiving address

  2. Go through the process to publish your buy offer, and before publishing it, make sure you choose to receive to your external wallet address (click on the upper right little wallet icon on the offer summary screen).

  3. Once you confirm your buy offer, the message to sign your address will appear. Copy it and go back to your wallet.

  4. Search for the "sign/verify" option* and paste:

  • your receiving address
  • the peach message

  1. Click on sign & the signature will appear. Copy it.

  2. Paste the signature on the peach wallet and click on confirm.

  3. Your offer is published.

*Disclaimer: not all wallets support the option to sign/verify your address. Peach recommends using Blue Wallet, Sparrow or Samourai as they all offer the sign/verify option.

Is Taproot supported?
  • It is possible to fund escrows from a taproot address, and withdraw funds from the peach wallet to a taproot address.
  • It is NOT possible set a taproot address as a direct payout address (it’s not possible to sign a message with a taproot address).