Privacy Policy
This privacy policy was last updated on Dec 19th, 2023
0. Summary
This summary is not intended to replace the privacy policy, but merely to summarize its contents.
We think privacy is very important, and should be the default state for any app. We also want to make privacy accessible for everyone through an easy-to-use app. In some cases though, collecting data about the use of our app is highly valuable, or hard to avoid. Where we collect your data, we strive to clearly inform you and make it opt-in where possible.
All your sensitive personal data is stored on your phone, and when making a match only the relevant data for the trade is sent to your counterparty via an end-to-end encrypted channel. As such, we cannot see your payment information. We do check the hash (the encrypted version) of this data, so that we can enforce the 1000CHF trading limit set by Swiss regulation and effectively ban scammers from our platform. But, again, without actually knowing the information itself.
Having data about how our app is used is very valuable for improving it. Sharing this data is always opt-in. The analytics data does not contain personally identifiable information (see section 3.4 for specifics) and is collected via Firebase and Google Analytics (yes, we know…)
1. Introduction
This page explains which types of information Peach collects of its users during the use of its products and services, and how this information is used.
When we speak of "Peach", "we", "us" or "our", we mean Peach S.A.R.L and its representatives. Peach Sàrl is a company registered, organized and existing under the laws of Switzerland, under company registration number CHE-158.025.408 whose registered office is at:
Rue des Beaux-Arts 8
c/o LEAX Avocats Sàrl
2000 Neuchâtel
SWITZERLAND
By "Buyer", we mean the party creating an offer on the platform to receive bitcoin from another user in exchange for a transfer of their currency of choice.
By "Seller", we mean the party creating an offer on the platform to send bitcoin to another user in exchange for a transfer of their currency of choice.
By "you", we mean any Peach accountholder and/or user of our services and products.
Peach is the controller of your personal data collected through the Service. One of our main priorities is the privacy of our users.
Please contact us if you have questions about our privacy practices that are not addressed in this Privacy Statement.
You must read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data.
2. General
If you choose to use our products and services, then you agree to the collection and use of information as described this policy. As we think privacy is very important, we strive to collect as little data about you as we can, though we need to collect some data to make our services work. We will not use or share your information with anyone except as described in this Privacy Policy.
Some parts of our code are Open Source under the MIT licenses. They include the Peach App frontend (MIT-CC) and GroupHug.
If you do not agree with the Privacy Policy, you should refrain from using our services.
While we will strive to notify our users of any changes, the Privacy Policy may be updated by Peach at any time without any prior notice requirement. The current version is published on https://peachbitcoin.com/privacy-policy/.
Our Service is not intended for use by nor directed at anyone under the age of 18 and we do not knowingly collect any Personal Identifiable Information from children under the age of 18. If you think that your child provided this kind of information, we strongly recommend you to contact us immediately and we will promptly remove such information.
3. What information we collect
3.1 On our website
We use Google Analytics on our website for collecting basic usage data. The following information is collected (please note that this data is not used to be linked to your person or peach ID in any way):
- The country you're visiting from (derived from your IP address)
- Which pages you visit, and how long you are on these pages
- Browser and browser version
- Operating system and operating system version
- Screen resolution
- Browser language
Your email address is collected if you decide to sign up for our newsletter.
3.2 When you contact us
If you contact us directly, we may receive additional information about you such as your name, email , the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
3.3 When you create an offer
To be able to make use of Peach you will enter information relating to the trades you would like to do in the form of an offer. The information you will provide is divided in three groups (see also 4.2):
-
Publically available information
- the amount of sats you want to buy or sell
- the payment method(s) you want to use
- the currencies you want to use
- the premium at which you want to sell
-
Information available only to the counterparty (except in case of a dispute, see 4.3)
- the details of your payment methods (e.g. IBAN, email address)
- chat messages
-
Information available to Peach
- the bitcoin address you want to receive the bitcoin on
3.4 Optionally shared data
Usage data
Having data about how our app is used is very useful in improving the user experience; but this is always an opt-in feature. The data is collected in Google Firebase & Google Analytics. You can toggle sharing usage data on/off in Settings > About Peach > Diagnostics. The following data is shared when you opt-in:
- Technical device stats, like your OS and screen size
- Demographics information, like your country
- The version of the app you're using
- Which screens have been viewed
- Conversion information like the amounts that are being sold and which currencies and payment methods are being used
Crash reports
When the Peach app detects that the app has run into an unexpected issue, a crash report is generated. You will be prompted to decide whether or not you would like to share this crash report to the Peach team. The Peach team can use this crash report to find the root cause and improve the software to avoid this problem occurring in the future. The following information is included in a crash report:
- App logs (these do not contain personal information, but can contain trade IDs)
- The version of the app you're using
- The version of your operating system
The crash reports are collected in Google Firebase. You can find what information is collected here; we use Firebase Cloud Messaging and Firebase Crashlytics.
How and why we use and/or share your information
4.1 Lawful basis for processing your information
We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
- when you asked us to do so, or provided consent for us to do so
- when we need to do so in order to resolve a dispute
- when we need to do so to comply with a legal or regulatory obligation
You will receive marketing messages from us if you have given us your consent to do so by signing up on the website.
To unsubscribe from marketing emails, you can click the unsubscribe link that can be found at the bottom of any marketing email at any time.
4.2 Sharing your information
We share your information with the following parties:
-
The public
Some of your information is publically available to anyone with a Peach account while making use of our matchmaking service. See section 3.3 for more information.
-
Your counterparty
People you trade with will need extra information to be able to conclude the trade you want to perform between the 2 of you. Only the information relevant to the trade you double match with will be provided to the counterparty.
Peach User data passes through the Peach server encrypted. This includes your payment details and the chat between you and your trading partner.
-
Service providers
We do not sell your information, and never will. We only share your data with third parties to help use, provide and improve our Services. We strictly limit how our partners can use and disclose the data we provide. We share your data with the following parties:
- ProtonMail: For our email communications we use "ProtonMail". We may share your email and nickname with this service.
- Zammad: For customer support we use "Zammad". We may share your email address with this service.
- Sendinblue: For marketing emails and registering early access users, we use "Sendinblue". We may share your email address with this service.
- Firebase (opt-in): To monitor for and fix crashes, we give you the option to send a crash report after a crash. In case you choose to send this report, we use the "Firebase" service to collect and analyze the crash logs. You can find what information is collected here; we use Firebase Cloud Messaging and Firebase Crashlytics.
- Firebase & Google Analytics (opt-in): When you allow Peach to send usage data, we use "Firebase" & "Google Analytics" service to collect the data we use in behavioral statistics. Your IP address may be included in the data provided to Firebase.
- Cloudflare: Our servers connect to cloudflare for DDoS protection and security.
- Blockstream: By default the Peach wallet connects to Blockstream’s public electrum server. The wallet won’t request addresses from their server until the wallet tab is being accessed. This setting can also be changed under settings > use your own node.
4.3 Disputes
When a dispute is opened, the party that opened the dispute will share their digital signature with Peach, allowing the mediator to decrypt the communication between the Buyer and the Seller. Peach gains access to your conversation and all other information required, including the payment details for the disputed contract by Peach to resolve the dispute for as long as the Dispute takes.
You will also be obliged to provide us with any proof to support your dispute claim such as account statements, payment details, ID etc. relative to the disputed trade. Any information which may be required for dispute resolution will be documented in the dispute.
Once a dispute is logged, a hash of the IP and other data will temporarily be stored for as long as the dispute is open. When an arbitrator regards the behavior of one of both parties as an attempt to defraud the counterparty, or as showing unwanted behavior, the dispute might result in a ban for the offending user. To this end a hash of the device ID and payment method data will be stored, in order to avoid the possibility of the banned user to create another account. This hash is a reference to the data, but not the data itself. It allows the system to flag users using the same data, without knowing the actual data itself.
5. Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed or disclosed.
Communication between the Peach App and the Peach server uses SSL encryption.
6. Important information regarding data retention
Your privacy is important to us, and we want to inform you about our data retention practices on the Peach Bitcoin platform.
Why do we retain information?
- Legal: We are obligated to retain certain data to comply with legal requirements.
- Dispute resolution: Retaining information helps us address and resolve disputes effectively and preventing fraud.
What data we retain
- the order book
- encrypted data (which we cannot encrypt unless a dispute is opened: payment data, chat data)
- dispute information of suspected accounts and behaviors
Your data privacy
We want to be transparent about the fact that, due to legal obligations, we are unable to facilitate the deletion of the majority of your account information.
For deletion requests please contact our support team at [email protected] or use the delete account button in our app.
Your right to information:
You have the right to know what information we hold about you.
If you have any questions or concerns about your data, please contact our support team at [email protected]
7. Contact
If you have any questions, comments, concerns or other correspondence, or if you think that we haven't followed this privacy policy, we can be contacted via email on [email protected]