BTC$000,000+0.00%

Bitcoin Ore – Privacy Policy

Last Updated: July, 2025

Bitcoin Ore (“we,” “us,” or “our”) is committed to respecting your privacy and protecting your personal information. This Privacy Policy explains what information we collect, how we use and share it, and your rights regarding that information when you use the Bitcoin Ore website and services (collectively, the “Service”). This Policy applies to all users globally, including those in the United States, European Union (EU)/European Economic Area (EEA), Canada, and elsewhere. We aim to comply with applicable privacy laws such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant laws.

By accessing or using Bitcoin Ore, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with this Policy, please do not use the Service. We may update this Privacy Policy from time to time (see Section 9 on Changes to this Policy). We encourage you to review this Policy periodically.

1. Introduction and Data Controller

Bitcoin Ore is a platform that enables users to purchase cryptocurrency via third-party services (e.g., Transak). Importantly, Bitcoin Ore itself does not directly collect or process sensitive personal data related to those transactions – such as your name, address, identification documents, or payment information. Those data are collected by Transak and its partners when you conduct a purchase, and handled under Transak’s own terms and privacy policy. In that context, Transak (and/or its financial partners) acts as the “data controller” for the personal information you provide during a transaction. Bitcoin Ore does not determine the purposes or means of processing that transaction-related personal data.

For any personal data that Bitcoin Ore does collect and control (as outlined below in Section 2), the data controller (the entity responsible for determining how and why your data is processed) is our operating company: the New Mexico, USA limited liability company that owns and operates the Bitcoin Ore website. If you have questions specifically about data that Bitcoin Ore controls, or wish to exercise rights regarding such data, you can contact us (see Section 10).

Summary: In simple terms, Bitcoin Ore itself intentionally collects and retains very limited personal information. We have designed our Service with data minimization in mind – collecting only what we need to operate the site, ensure security, earn affiliate commissions, and improve user experience. The heavy lifting of personal data (like verification documents and payment details) is done by third-party providers like Transak, not by us. Below we detail exactly what information Bitcoin Ore may collect and how we use it.

2. Information We Collect

When you use Bitcoin Ore, we may collect three main categories of information: (A) information you provide to us directly, (B) information we collect automatically through your use of the Service, and (C) information related to your transactions that we may receive from third parties or log for operational purposes. We describe each category in detail:

A. Information You Provide Directly Most users will not provide Bitcoin Ore with personal information directly, because our Service does not require account registration or direct input of personal data to us. However, you might choose to communicate with us or otherwise provide data in certain situations, such as:

Contacting Customer Support: If you reach out to us via email or a contact form (for example, to report a problem, ask a question, or exercise your legal rights), we will collect whatever information you choose to provide in that communication. This typically includes your name, email address, and the contents of your message (which could include additional personal data you volunteer, such as an order reference number or details of an issue). We will use this information solely to assist you and respond to your inquiry or request.
Newsletter or Updates (if applicable): If our website offers a newsletter or sign-up for updates and you opt-in by providing your email address, we will collect your email for the purpose of sending you the requested communications. You can unsubscribe at any time, and we will not use your email for other purposes without your consent.
Feedback or Surveys: We may occasionally post surveys or request feedback to improve our Service. Participation is voluntary. If you choose to provide feedback, any information you give (which could include your opinions, experiences, or contact info) will be collected and used for the stated purpose (e.g., product improvement).
Other Voluntary Submissions: If you participate in any interactive areas of our site (such as comments, forums, etc., if provided) or otherwise voluntarily provide data (like participating in promotions), we will collect the information you share. We will inform you at the point of collection what information is required and what is optional.

B. Information Collected Automatically When you visit or use Bitcoin Ore, our system and third-party service providers may automatically collect certain technical and usage information about your device and browsing activity. This information typically does not identify you directly by name, but it may be considered personal data under some privacy laws (e.g., IP addresses can be personal data under GDPR). The automatically collected data may include:

Device and Browser Information: We collect data about the device you use to access our site, such as your device type (e.g., desktop, smartphone), operating system name and version, browser type and version, language preferences, and device identifiers. This helps us ensure compatibility and optimize our Service for common devices and browsers.
IP Address: We log your device’s IP address when you visit Bitcoin Ore. The IP address is a numerical label assigned to your device by your internet service provider and can indicate your general geographic region (city/country). We use IP addresses for purposes such as: managing website security (e.g., detecting potential malicious activity or blocking abuse), tailoring content by region (e.g., displaying appropriate currency or language, if applicable), and aggregate analytics (e.g., to understand where our users are generally located). Important: We do not use IP addresses to pinpoint your exact location, and we do not link IP information to your identity. However, IP addresses are considered personal data in places like the EU, so we treat them with care and only use them as necessary.
Usage Data: We collect information about your activity on our site, such as the pages or screens you view, the features you interact with, the date and time of your visits, the referrer URL (the page you came from), and the page you exit to. We also track general interaction patterns (e.g., clicking the “Buy Bitcoin” button). This data helps us understand how users navigate our site, which content is popular, and where improvements might be needed.
Cookies and Similar Technologies: Bitcoin Ore uses cookies and similar tracking technologies (such as web beacons or pixels) to collect some of the information mentioned above. Cookies are small text files stored on your browser by websites you visit. They serve various functions:
- Essential Cookies: These are necessary for our site to function properly. For example, if our site has a multi-step process or if we need to remember preferences (like language or region selection), essential cookies enable that functionality.
- Analytics Cookies: We use these to gather statistical information about user interactions. For instance, we use third-party analytics services like Google Analytics (and possibly others, such as Bing Analytics or similar) to collect aggregated data on usage patterns. These services set their own cookies to recognize your browser and track user trends (e.g., number of visitors, pages viewed, time spent, conversion metrics). The information collected through analytics cookies is typically aggregated and does not directly identify individual users. It helps us improve site content and usability.
- Affiliate Tracking Cookies: Since Bitcoin Ore earns revenue through affiliate commissions and referrals, we may use cookies or similar means to track when a user has been referred by our site to the third-party service (Transak). For example, when you click our “Buy” link or button, a cookie might be placed to note that you came from Bitcoin Ore, so that if you complete a purchase, we get credited. These cookies might be set by the third-party partner (like Transak or an affiliate network) and will contain an anonymous identifier (like a referral ID or campaign ID) but no personal information about you. They exist solely to attribute a transaction to our referral.
- Your Choices: You can control or delete cookies via your browser settings. Most browsers allow you to block or delete cookies. However, be aware that if you disable cookies entirely, some features of our Service (especially essential functions or remembering your preferences) may not work properly. For more details on cookies, see Section 5 below.
Wallet Address (Potential Logging): During the use of our Service, you will be asked by Transak to input a cryptocurrency wallet address to receive your Bitcoin. Bitcoin Ore does not directly collect or receive the wallet address you enter within the Transak widget or form, as that input is handled by Transak’s systems. However, in some cases, for purposes of facilitating the transaction or for troubleshooting, our systems might temporarily log the wallet address or transaction details that you are attempting. For instance: if we need to detect whether a provided wallet address is in the correct format for the cryptocurrency or to help debug an error, we might capture that address in our server logs. If this occurs, we will treat the wallet address as confidential and use it only for the necessary technical purpose. We do not combine logged wallet addresses with any other personal information. We also note that a wallet address by itself typically does not identify an individual (it’s a string of characters), but it could potentially be linked to an identity if combined with other data, so we still handle it carefully.
Transaction Metadata: Bitcoin Ore may receive or record certain non-personal details about transactions initiated through our site, such as a transaction identification code, timestamps, amounts, and status (success/failure). This information is generally provided to us by Transak or affiliate tracking systems for reconciliation and commission purposes. For example, we might know that “an anonymous user on date X attempted to buy $Y worth of Bitcoin via Transak, transaction succeeded/failed, reference ID Z.” This data typically does not include any personal data about the user (since we don’t get your name or financial info), but the reference ID might indirectly link to Transak’s records on their side. We use this transaction metadata for purposes like tracking our affiliate revenue, analytics (e.g., conversion rates), and debugging issues (e.g., investigating if many transactions fail at a certain step).

C. Personal Data Collected by Third Parties (Transak): We want to reiterate that Transak will collect a significant amount of personal and financial data directly from you when you proceed with a crypto purchase, including but not limited to: your full name, email, physical address, date of birth, phone number, government ID or passport details and copies, selfie or biometric verification, payment card numbers or bank account info, billing information, etc., as required for compliance and processing. Bitcoin Ore does not receive or store this information (except possibly your email or transaction ID if included in some communications, but generally no). All such data is provided by you directly to Transak (or their integrated verification and payment processors) within their widget or site. It is governed by Transak’s Privacy Policy and Terms of Service, not this Bitcoin Ore Privacy Policy. We do not control how Transak uses your personal data – but typically, they use it to verify your identity, process the payment, send you the cryptocurrency, comply with legal obligations (like KYC/AML recordkeeping), and possibly for their own business analytics or fraud prevention. If you have questions or requests regarding personal information you provided to Transak (such as accessing or deleting your data), you should contact Transak directly. Bitcoin Ore cannot fulfill such requests because we simply don’t have that data.

To summarize Section 2: Bitcoin Ore’s own collection is limited to technical/usage data and any info you directly give us in communications, plus some transaction metadata. Sensitive personal details and payment info are collected exclusively by Transak, not by us.

3. How We Use the Information

We use the information we collect for the following purposes, striving always to apply the principle of data minimization (only using what we need for each purpose):

To Provide and Operate the Service: We use technical and usage data to ensure our website functions correctly, to display the right content for your region (e.g., showing the appropriate currency or language if applicable), and to enable you to smoothly initiate transactions. For example, remembering your preference or what page you came from can help us streamline your experience.
To Ensure Security and Prevent Fraud: IP addresses, device information, and usage patterns are used to protect the security of the Service, our systems, and our users. This includes detecting and mitigating malicious activity (such as DDoS attacks, hacking attempts, or unauthorized scraping), debugging technical issues, and preventing abuse of our affiliate program. If we notice unusual activity (e.g., a single IP making hundreds of requests, or known fraudulent patterns), we may use that data to block or mitigate the threat. Security logs are maintained for this purpose.
Affiliate Commission Tracking: We use transaction metadata and cookies to track referrals so that Bitcoin Ore can earn revenue from successful transactions. For instance, when you click through to Transak, a unique ID is used to later inform us that a purchase was completed originating from our site. We use this information internally for accounting and to calculate any markup or commission owed to us. This is a core part of our business model, but it does not involve using your personal identity—only anonymized transaction info.
Analytics and Performance Improvement: We analyze usage data (using tools like Google Analytics) to understand how users interact with our site. This helps us identify what parts of our website are most or least used, how users progress through our funnel (e.g., from landing page to clicking “buy”), and where users might be encountering errors or drop-offs. For example, analytics may tell us that a large percentage of users from a certain country fail to complete a transaction; this could signal an issue we need to investigate (perhaps a payment method issue or a bug). Analytics also inform us of site performance (load times, error rates) so we can improve the speed and reliability of the Service. All analytical processing is done on aggregate or pseudonymous data. We do not create personal user profiles for advertising or share identifiable analytics data with third parties for their own use.
Communications and Support: If you contact us for support or with questions, we will use the information you provided (e.g., your email and issue description) to communicate with you and resolve your issue. We may also use your contact information to send important administrative messages, such as updates to our Terms or this Privacy Policy, or information about security issues. These types of communications are considered transactional or relationship messages and are not promotional in nature. If you subscribed to a newsletter or marketing updates, we will use your email to send those, but you can opt out at any time and we will honor such opt-outs.
Legal Compliance and Enforcement: We may use and retain any of the information we collect to the extent necessary to comply with applicable laws, regulations, legal processes, or governmental requests. For example, we might retain logs to comply with financial regulations or tax laws (if any apply to our commission earnings). If law enforcement or a court order requires us to provide information, we will comply if legally obligated (see Section 4 on Sharing). Additionally, we may use information to enforce our Terms and to investigate or help prevent security issues, fraud, or other violations. This could include cooperating with Transak or authorities if, for instance, there is suspicion that our Service was used for an unlawful transaction.
Business Transfers (contingent use): Although not a current use, if we ever consider a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, the information we have (which is minimal personal data) might be used or transferred as part of that process to continue operating the Service. In such an event, we would ensure any successor entity honors the commitments we make in this Privacy Policy (see also Section 8).
Other Purposes with Consent: If we ever need to use your information for a purpose materially different from the ones listed above, we will do so only with your consent. For example, if we wanted to use a quote from your feedback as a testimonial on our site, we would ask for your permission. Or if in the future we consider using cookies for targeted advertising (currently we do not engage in targeted advertising), we would implement a consent mechanism as required by law.

Our use of data is guided by the principle of lawfulness under GDPR and similar laws. That means we always have a legal basis for processing personal data. The typical legal bases we rely on are: (i) Contractual necessity (e.g., providing the Service you request, per our Terms), (ii) Legitimate interests (e.g., improving our Service, ensuring security – we have assessed that our legitimate interests in these cases do not override your privacy rights), (iii) Compliance with legal obligations, and (iv) Consent (where we explicitly ask for it, such as for non-essential cookies or optional communications). For users in the EU, we ensure that we meet one of these lawful bases for each processing activity described.

4. Disclosure of Information – Who We Share Data With

Bitcoin Ore is not in the business of selling or renting your personal information to third parties. We consider the information we collect to be confidential, and we share it only in the following circumstances:

Third-Party Service Providers: We use reputable third-party companies to help us operate and improve our Service. These include:
- Hosting and Infrastructure: We host our website and backend on external servers or cloud platforms. These providers process technical data (like your IP, requests to the site) in the course of providing us with hosting. They are typically contractually bound to handle data securely and only according to our instructions.
- Analytics Providers: As mentioned, we use tools like Google Analytics. These providers receive certain usage and device data via their tracking scripts on our site. They compile analytics reports for us to view. We have configured these tools, where possible, to limit data collection (for example, IP anonymization in Google Analytics). Google Analytics may set and access its own cookies on your device. Note that these providers (like Google) might consider themselves independent data controllers for the data they collect via their services; however, they cannot identify you personally from the data collected through our site (we do not provide them names or contact info). They use the data pursuant to their own privacy policies to provide services to us. We do not allow Google Analytics to use or share our analytics data for advertising purposes.
- Affiliate/Referral Partners: In order to track commissions, we may share certain tokens or identifiers with affiliate networks or directly with Transak’s systems. For example, when you click the buy link, we might include our affiliate ID in the URL or embed it in the widget. When a transaction completes, Transak knows it came from us and will report that back to us for payout. In doing so, Transak or the affiliate network might drop a cookie or URL parameter on your browser. However, the information shared in this process does not include your personal identity – it’s usually a code that represents Bitcoin Ore. In some cases, to reconcile transactions, we might receive a report from the affiliate partner containing transaction details (date, amount, crypto type, maybe the first few and last few characters of the wallet address for reference, etc.). This information might be shared with us via a secure dashboard or file. We handle such information confidentially.
- Email/Communication Tools: If we send emails (for support or newsletters), we may use an email service provider (like SendGrid, Mailchimp, etc.) to dispatch those communications. These providers would handle your email address and the content of the message under our instructions. They are not allowed to use your email for their own marketing.
- All these service providers are bound by contracts that restrict their use of personal data and require appropriate data protection measures. We only share with them the minimum information necessary to perform their functions.
Transak and Transaction Partners: When you engage in a transaction, you are directly sharing your personal information with Transak. Bitcoin Ore itself does not send your personal data to Transak (you provide it directly in their interface). However, we may share certain contextual or technical information with Transak to facilitate the process. For example, when loading the Transak widget or redirecting you, we may include our site’s identifier or certain settings (like default fiat currency or crypto amount if you selected one). We might also share your country or state (derived from IP or your selection) so that Transak can pre-check availability. These are not personal identifiers but rather configuration data. In any case, once you are using Transak’s service, any data you provide is governed by Transak’s privacy practices. We may also communicate with Transak about specific transactions for support or fraud prevention. For instance, if a user contacts us claiming an issue with a transaction, we might reach out to Transak (providing the transaction ID and details the user gave) to investigate or escalate the matter. In doing so, we could indirectly share that a particular person (name/email) had an issue, but we try to keep it to transaction identifiers. Both we and Transak have an interest in resolving such issues to maintain service quality.
Legal Requirements and Protection of Rights: We may disclose information (including personal data, to the extent we have any) if required to do so by law or in the good-faith belief that such action is necessary to: (i) comply with a legal obligation (e.g., a subpoena, court order, or a legally binding request by government authorities, including to meet national security or law enforcement requirements); (ii) protect and defend the rights, property, or safety of Bitcoin Ore, our customers, or others; (iii) investigate and assist in preventing security threats, fraud, or other malicious activity (for example, if someone is attempting to misuse our Service for fraud, we might share relevant logs with law enforcement or investigators); or (iv) enforce our Terms and other agreements, including investigation of potential violations thereof. We will strive to limit the information disclosed to what is directly relevant and necessary to fulfill the legal or protective purpose. If we receive an information request about a user, our policy is to review it carefully and push back if it’s overly broad or not legally valid, and only comply when we are legally compelled to do so. Where allowed, we may attempt to notify affected users of such requests (e.g., if a government demands information) so they can seek legal protection, unless we are legally prohibited from doing so.
Business Transfers: If Bitcoin Ore (or the company that operates it) is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction as permitted by law and/or contract. In such an event, we will endeavor to ensure the successor entity honors the commitments we’ve made in this Privacy Policy regarding your personal data (we may require by contract that the new entity will only use your data as we have described here). If the prospective change is material (e.g., another company acquiring us that has different data practices), we will provide notice (e.g., on our website or via email) and if applicable, any choices you may have as a result.
With Your Consent: In situations other than those described above, if we ever need to share your personal data with third parties, we will do so only with your explicit consent. For example, if we wanted to feature your testimonial with your name on our site, we would ask your permission first, or if we join a referral program that requires sharing your email for reward purposes, we’d only do it if you opt in.

Important: We do not sell personal information to third parties for monetary or other valuable consideration. “Selling” in the context of privacy laws like CCPA could also include some sharing of data for advertising purposes. As of the last updated date of this Policy, Bitcoin Ore does not share personal data for cross-context behavioral advertising. We do not show you targeted third-party ads on our site, and we don’t provide your personal data to ad networks or social media companies. The only “advertising” related sharing is our own affiliate tracking, which is more akin to a referral system rather than advertising.

5. Cookies and Tracking Technologies

As mentioned in Section 2B, we use cookies and similar tracking technologies on our site. Here we provide more detail and your options regarding them:

Types of Cookies on Bitcoin Ore:
- Strictly Necessary Cookies: These are essential for the website to function. They might include, for example, session cookies that keep you logged in (if our site had login features), or preferences cookies to remember settings you apply. Without these cookies, certain services or functionalities you request may not be provided. Because they are necessary, they are typically exempt from consent requirements (except perhaps in certain jurisdictions where any data storage might require notice).
- Analytics and Performance Cookies: These cookies collect information about how visitors use our site, which pages are visited most often, or if users get error messages on certain pages. They don’t collect information that directly identifies a visitor; rather, they gather aggregated, anonymized or pseudonymized data. For example, Google Analytics cookies will assign a random ID to your browser to know that the same browser returning is the same user (for counting repeat visits vs new ones), but it does not tell Google who you are by name. The data from these cookies is used strictly for improving our website’s performance and user experience.
- Affiliate Tracking Cookies: When you click a link to Transak or another partner from our site, a cookie may be placed to track that referral (as explained earlier). This cookie simply contains a code that identifies Bitcoin Ore as the referrer, and possibly an order or session ID. It ensures that if you complete a purchase, we get credited. This type of cookie might be considered a functional or performance cookie since it is directly related to providing you the service (i.e., it helps load the correct partner page and tracks completion). It does not profile you or advertise to you beyond attributing a sale.
- No Targeted Ad Cookies: We do not use advertising networks that place cookies for targeting ads to you on other sites. So you shouldn’t see cookies from, say, Google Ads, Facebook Pixel, or similar advertising trackers on Bitcoin Ore (unless we implement such features in the future and then we’d update this Policy and obtain necessary consents).
Cookie Consent (if applicable): Depending on your jurisdiction, we may present a cookie banner or notice when you first visit our site. For example, users in the EU/EEA will see a notice that we use cookies and may be given the option to accept or manage non-essential cookies. If you opt out of analytics cookies via our banner, we will honor that choice and not load those scripts (or instruct those providers not to drop cookies). Essential cookies might not be disable-able via the banner because the site won’t function without them (but you can always block them manually in your browser, though it might break functionality).
How to Control Cookies: Aside from any on-site preferences we provide, you can control cookies through your browser settings. Most web browsers allow you to: see what cookies are stored, delete cookies, block all cookies, or block cookies from specific sites. You can also usually use “private” or “incognito” mode to automatically delete cookies when you close the browser. Be aware that blocking or deleting cookies might affect your experience. For instance, if an essential cookie that remembers your transaction in progress is blocked, the process might not complete correctly.
Do Not Track Signals: “Do Not Track” (DNT) is a preference you can set in some browsers to signal that you do not want to be tracked across websites. The web industry has not yet adopted a uniform standard for responding to DNT signals, and as such, our site does not currently respond differently to a browser with a DNT signal. However, remember we do not engage in cross-site tracking beyond our own analytics and affiliate needs. We will treat all users’ data as per this Privacy Policy, whether or not DNT is enabled. If a standard for DNT is established in the future, we will update our practices accordingly.

For more information about cookies and how to manage them, you can visit sites like allaboutcookies.org. We strive to be transparent about our use of cookies and ensure any non-essential ones are used in a privacy-respecting manner (with anonymity, aggregation, etc., where possible).

6. Data Retention

We retain the personal and non-personal information we collect only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Here’s how we approach retention for different categories of data:

Technical and Usage Logs: Our server logs (which include IP addresses and usage details) are generally retained for a limited period for security, analysis, and troubleshooting – typically around 90 days for raw logs, unless we need to keep them longer to investigate specific incidents. We may store aggregated statistics (which are not identifiable to a user) indefinitely for historical analysis.
Analytics Data: Data collected via Google Analytics and similar tools is stored by those providers according to their retention settings. We have configured Google Analytics to retain user-level and event data for [e.g., 14 months] (or the shortest option provided) before it’s automatically deleted from Analytics’ servers. We do not store the raw analytics data ourselves, we only access reports. In any case, this data is not readily tied to a named individual.
Affiliate/Transaction Data: Records of transactions referred (commission statements, transaction IDs, amounts) may be kept for as long as necessary to reconcile with Transak and for our financial records. This might mean we retain such records for several years (for example, to comply with accounting and tax obligations we might keep commission invoices and related data for 7 years as required by law). However, again this data generally doesn’t include personal user information, just business records of transactions.
Communications: If you contact us via email or support, we may retain that correspondence and your contact details for as long as needed to address your request, and for a short period after to ensure follow-up. We may retain certain communications for longer if necessary to defend our legal rights (e.g., if a dispute arises) or if required by law. Routine support emails that have been resolved might be deleted after a set period (e.g., 1-2 years). If you subscribed to a newsletter, we keep your email on our mailing list until you unsubscribe; once you unsubscribe, we may keep your email on a suppression list (to ensure we don’t accidentally email you again) or as part of archived logs for some time.
Cookies: Cookies have varying lifespans. Some cookies (session cookies) are erased when you close your browser. Others, like certain analytics cookies or affiliate cookies, may persist for a set duration (e.g., Google Analytics cookies often last 6 months to 2 years unless deleted, affiliate cookies might last from a few hours up to 30 days depending on program settings). You can manually delete them at any time (as described in Section 5). We will refresh consent for long-lived cookies as required by law (for example, in some jurisdictions, we might ask for consent again after 12 months).
Legal Retention: We might need to retain certain data for longer if required by law. For example, if we are subject to any regulatory retention requirements (like financial regulations) or if we receive a legal hold or preservation order in connection with litigation, we will retain the data as necessary to comply with those obligations. We also reserve the right to retain information for a longer period if we believe it’s necessary to establish, exercise, or defend legal claims. In all such cases, we will limit access to the data to only those purposes.

When we no longer have a legitimate need or legal obligation to retain your information, we will securely delete, destroy, or anonymize the data. Anonymization means we remove personally identifying elements so that the information can no longer be associated with an individual. For example, we might aggregate usage data and remove IP addresses, keeping only summary statistics.

If complete deletion is not immediately feasible (for instance, because the data is stored in backups), we will ensure the data is put beyond practical use – meaning, we will not use it for any purpose and will delete it as soon as possible when the backup is restored or rotated.

7. Your Rights and Choices

Depending on your jurisdiction and applicable law, you have certain rights regarding your personal data. Bitcoin Ore is committed to honoring valid rights requests and providing users with appropriate control over their information. Below, we outline various rights that may apply and how you can exercise them:

For Users in the EU/EEA, UK, Switzerland (GDPR and similar laws): If you are located in the European Union, European Economic Area, United Kingdom, Switzerland, or other jurisdictions with similar privacy laws, you have the following rights (subject to the conditions and exceptions set out in applicable law):

Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the personal data we hold about you, along with information on what data we have, how we use it, and who we share it with.
Right to Rectification: If any of your personal data that we hold is inaccurate or incomplete, you have the right to request correction or completion of that data. For example, if you believe we have an incorrect email or IP address logged for you, you can ask us to correct it (though typically we don’t maintain profiles on users, but we will do our best to rectify any inaccurate data we know about).
Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data, provided certain conditions are met. This applies, for instance, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (in cases where consent was the basis for processing), or if you object to processing and we have no overriding legitimate grounds to continue, or if we processed data unlawfully. Note that this right is not absolute – sometimes we may have legal grounds to retain data (e.g., a legal obligation or for legal claims). But if no such grounds apply, we will comply with your deletion request.
Right to Restrict Processing: In certain circumstances, you can request that we limit the processing of your personal data (essentially marking it so that we don’t use it while a particular dispute is resolved). For example, if you contest the accuracy of data, you can request restriction while we verify; or if you object to our processing based on legitimate interests and we are evaluating your objection; or if processing is unlawful but you prefer restriction over deletion; or if we no longer need the data but you need it for a legal claim. When processing is restricted, we will store your data securely and not use it (except for some special cases like consent or legal claims) until the restriction is lifted.
Right to Data Portability: To the extent we process your personal data based on your consent or a contract with you, and the processing is carried out by automated means, you have the right to request a copy of your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV) and to have it transferred to another controller, where technically feasible. In reality, because we hold very limited data about users (and mostly technical logs), data portability might not be very applicable – but if you request it, we will provide whatever personal data we can that you provided to us or that we observed about you, in a suitable format.
Right to Object: You have the right to object to our processing of your personal data in certain situations. Specifically, you can object any time to processing of your data for direct marketing purposes (though we currently do not do such processing – if we ever sent marketing emails or used data for ads, you can opt-out or object, and we will honor that). You can also object to processing based on our legitimate interests if you believe it impacts your rights. We will then re-evaluate our reasons for processing and, unless we have compelling legitimate grounds that override your rights and interests or the processing is needed for legal claims, we will stop or restrict processing of the data per your objection. For example, you might object to our use of your usage data for analytics – we would then consider if our interest in analytics is overridden by your privacy rights; since we do analytics in a privacy-friendly way, we might argue we have an interest, but if you personally don’t want analytics to track you, you can also opt-out via cookies.
Right to Withdraw Consent: In cases where we rely on consent to process your personal data (like for optional cookies or a newsletter signup), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. For example, if you gave consent for analytics cookies and then withdraw it (via our cookie settings or by contacting us), we will stop the analytics processing for your visits going forward.
Right to Lodge a Complaint: If you believe we have infringed your data protection rights or processed your personal data unlawfully, you have the right to file a complaint with your local data protection supervisory authority. For EU users, this is typically the authority in the country where you live or work, or where the alleged infringement took place. For UK users, it’s the Information Commissioner’s Office (ICO). For Canadian users, it might be the Privacy Commissioner, etc. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us first if possible.

For California (and similarly CCPA/CPRA) Users: If you are a resident of California, you have specific rights under the CCPA/CPRA (California Consumer Privacy Act, as amended by the California Privacy Rights Act). These include:

Right to Know: You can request that we disclose the following, for the 12-month period prior to your request: (i) the categories of personal information we have collected about you; (ii) the specific pieces of personal information we have collected about you; (iii) the categories of sources from which the personal information was collected; (iv) the business or commercial purpose for collecting (or, if applicable, selling or sharing) your personal information; (v) the categories of third parties to whom we disclosed your personal information; and (vi) if we sold or shared personal information or disclosed it for a business purpose, two separate lists detailing the categories of personal information sold/shared and the categories of personal information disclosed. (Note: Bitcoin Ore does not sell personal information as defined by CCPA, nor do we “share” it for cross-context behavioral advertising. So points (vi) would largely be “we did not sell or share,” and for point (v) we’d list service providers and such as per Section 4 of this Policy.)
Right to Delete: You can request that we delete any personal information about you that we have collected from you and retained, subject to certain exceptions (for example, if the information is needed to complete a transaction you requested, detect security incidents, comply with legal obligations, etc.). If no exception applies, and we can verify your identity, we will delete (and direct our service providers to delete) your personal information from our records.
Right to Correct: You can request that we correct inaccurate personal information that we maintain about you. Given the minimal data we hold, this might rarely be needed, but if you believe we have something like a wrong email or IP associated with a complaint, you can let us know. We will take into account the nature of the personal information and the purposes of processing when considering correction and may require documentation to support the accuracy.
Right to Opt-Out of Sale/Sharing: As mentioned, we do not sell personal information or share it for behavioral advertising. Therefore, we do not have a “Do Not Sell or Share My Personal Information” link, because it’s not applicable. If our practices change, we will update this policy and provide appropriate opt-outs.
Right to Limit Use of Sensitive Personal Information: The CPRA gives California consumers the right to limit the use/disclosure of sensitive personal information (SPI) if a business uses SPI beyond what is “necessary to perform the services or provide the goods reasonably expected.” SPI includes things like social security numbers, financial account info, precise geolocation, etc. Bitcoin Ore does not collect or process sensitive personal information of consumers for any purpose that would trigger this right. The only potential sensitive info could be if we inadvertently had something like a government ID in a support email, but we do not use that for any purpose. So this right is not specifically applicable to our Service as currently designed.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you service, charge you a different price, or provide a different level or quality of service just because you exercised your privacy rights. (However, note that if you request deletion of necessary data, certain features might no longer function – for example, if you asked us to delete all your data including an email needed to log in, you might not be able to continue a related service; but that’s a consequence of the deletion, not discrimination). We do not offer financial incentives in exchange for your data, so this is not applicable either.

For Users in Canada: Canadian individuals have rights under PIPEDA and related provincial laws. These include the right to access personal information we hold about you and the right to request correction of any inaccuracies. Our processes for access and correction would be similar to those described for GDPR above (with proof of identity and some exceptions). Also under Canada’s Anti-Spam Law (CASL), if we were to send commercial electronic messages (like marketing emails), we would do so only with consent, and you have the right to unsubscribe at any time.

Exercising Your Rights: To exercise any applicable privacy rights, you (or your authorized agent, where applicable) should contact us using the information in Section 10 (Contact Information). Please clearly describe your request – for example, “I am requesting access to my personal data” or “Please delete the data you have about me.” For certain requests (like access, deletion, or CCPA requests), we will need to verify your identity to a reasonable degree of certainty. This is to protect your data from unauthorized access or deletion at someone else’s request. Verification might involve confirming control of your email address (e.g., responding to an email), or if we don’t have an email on file, providing some identifier we can match in our system (though realistically, since we keep minimal personal data, verification can be tricky – we may need to, for instance, have you send an email from the address you used to contact support, etc.). If you have some unique interaction with us (like a transaction ID or a particular log excerpt we can search for), providing that can help verify identity too.

For deletion requests: note that if you have used Transak, you will need to contact Transak separately to delete the data they hold, as we cannot delete data we do not have. We will delete whatever we can from our systems (which, again, is usually just technical logs, contact history, etc., none of which directly identifies you unless you gave us identifying info during support).

We will respond to your privacy rights requests within the timeframe required by law. Under GDPR, that’s typically one month (extendable by two more months if necessary, with explanation). Under CCPA, we aim to respond within 45 days (extendable by another 45 days if needed). We will inform you if we need an extension. If we decline a request (which might happen if an exception applies, or if we cannot adequately verify you), we will explain the reason, unless prohibited by law.

Your choices also include the ability to opt-out of certain processing as explained throughout this Policy: you can opt out of cookies (via banner or browser settings), opt out of any email communications (via unsubscribe), and you have the ultimate choice not to use the Service if you do not agree with our practices (though we hope this comprehensive Policy provides assurance that we handle your data responsibly).

8. International Data Transfers

Bitcoin Ore is a global website accessible to users around the world. Our servers, team, and service providers may be located in various countries. If you are accessing the Service from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States or other jurisdictions that may not have equivalent privacy or data protection laws as those in your home country.

Our Location: The Bitcoin Ore website is operated by a company based in the United States (New Mexico). By using the Service, you acknowledge that any information we collect (particularly the limited personal data we handle, like IP address or contact info) will be processed in the U.S. and possibly other countries. The data protection laws in these countries might be different from those in your country of residence. For example, personal data transferred to the U.S. may be subject to lawful requests by courts or authorities in the U.S. (as mentioned in Section 4).
Transfers under GDPR (EU/EEA Users): If you are in the EU/EEA or UK, whenever we transfer your personal data out of that region, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards as required by law. This may include:
- Relying on a transfer mechanism such as the European Commission’s Standard Contractual Clauses (SCCs) with the recipient, which contractually oblige the recipient to protect the personal data according to EU standards. For instance, our agreements with service providers (like cloud hosts or analytics providers) will typically incorporate SCCs if the provider is outside the EEA.
- Ensuring, where applicable, that the recipient is certified under frameworks like the EU-U.S. Data Privacy Framework (if it becomes fully operational/recognized) or other binding corporate rules or codes of conduct that are approved mechanisms. (At the time of this writing, new arrangements are in motion between EU and U.S. – we will adhere to the current legal requirements).
- Evaluating on a case-by-case basis any supplementary measures needed for transfers, in line with the Schrems II decision and related guidance. For example, we may employ encryption for data in transit and at rest such that even if accessed, the data remains protected. We will provide further information on the safeguards we use for international transfers upon request.
Transfers under other frameworks (Canada, etc.): For Canadian users, your data may be transferred to the U.S. or elsewhere for processing (for example, if our servers are in the U.S.). Canadian privacy commissioners have generally held that storing data in another country is permissible so long as individuals are made aware and the data is protected. This Policy serves as your notice of cross-border transfer. We assure that any service providers we use will be contractually bound to protect your data, as required under PIPEDA, and we will take steps to ensure it’s not misused.
Your Consent to Transfer: By providing your information to us or using our Service, you explicitly consent to the transfer and processing of your information in the United States and other countries as described. We understand that in some jurisdictions consent may not be the sole basis for transfer (especially under GDPR which requires specific measures), but we include this statement to make sure you are aware of and agree to these international aspects. If you do not wish for your data to leave your home country, you should not use our Service.
Service Providers and Global Operations: Many of our service providers (like cloud hosts, analytics) themselves have global infrastructures. For example, if we use a cloud provider that has data centers in multiple countries, your data might be processed in whichever country the provider operates that is closest to you or best for the service reliability. We strive to choose providers that are reputable and have strong security and privacy commitments (like major cloud providers who comply with international standards).
Government Access: As part of our commitment to transparency, note that when data is stored in the U.S., it may be subject to lawful requests by U.S. authorities. We will handle any such requests with care and only disclose data if legally compelled (as described earlier). For EU personal data transferred to the U.S., we also assess the potential access by U.S. authorities and, as noted, use encryption and other techniques to mitigate risks (for instance, much of the data we handle like IP logs are not highly sensitive, but we still protect them).

In summary, we take the necessary steps to ensure that your privacy rights continue to be protected when we transfer your information internationally. If you have questions about international data handling, please contact us (Section 10).

9. Security Measures

We understand the importance of protecting your information and take reasonable and appropriate security measures to guard against unauthorized access, alteration, disclosure, or destruction of your personal data. Some of the security practices we employ include:

Encryption: We use encryption protocols (such as HTTPS/TLS) for data transmission on the Bitcoin Ore website. This means that the data sent between your browser and our servers is encrypted in transit, which helps prevent eavesdropping. For any sensitive data (though we collect very little, mainly if you email us credentials or such), we also aim to encrypt it at rest or use secure cloud storage with encryption.
Access Controls: We limit access to personal data to authorized personnel who have a business need to know such information. For example, only our administrators or support staff who need to view logs or assist users will have access to those logs or contact details. Our team is small, and those who handle data are aware of confidentiality obligations. We employ password protection, two-factor authentication (2FA) where possible, and principle of least privilege for any accounts or systems that store personal data.
Firewalls and Network Security: Our servers are protected by firewalls and monitoring systems to detect and block unauthorized access attempts. We regularly update our systems with security patches to address vulnerabilities. We may use intrusion detection or prevention systems as well.
Data Minimization: A key part of security is that we minimize the data we collect and retain. By having less personal data on our servers, we reduce the risk exposure. As described, we avoid storing highly sensitive info, and we purge data when no longer needed.
Monitoring and Testing: We monitor our systems for potential breaches or attacks. We also periodically review our security procedures and may conduct security audits or penetration testing (internally or via third parties) to find and fix vulnerabilities. If we use third-party services, we review their security practices as well – for instance, we choose established cloud providers with robust security certifications (like ISO 27001, SOC 2, etc.).
Incident Response: In the unfortunate event of a data breach or security incident, we have a response plan that includes identifying and fixing the vulnerability, mitigating the impact, and notifying affected users and authorities as required by law. We will take steps to contain and investigate the incident, and to prevent future occurrences. If your data is involved in a breach that poses a high risk to your rights, we will notify you promptly as required by GDPR or other laws.
Employee and Contractor Training: Any individuals who work on Bitcoin Ore and handle personal data are made aware of privacy and security best practices. We emphasize the importance of protecting user data and maintaining confidentiality.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You should also take precautions on your end. For example, ensure that you use a secure connection when interacting with our site (look for the padlock in your browser), and be cautious about phishing attempts (Bitcoin Ore will never ask you for sensitive personal info via email out of the blue). If you have a username or login for any reason (though typically you wouldn’t on our site), keep your credentials confidential and use a strong password.

If you believe that your interaction with us or your data might no longer be secure (for instance, if you suspect a vulnerability or you receive suspicious communication claiming to be from us), please notify us immediately via the contact information in Section 10 so we can take appropriate action.

10. Children’s Privacy

Bitcoin Ore is not intended for or directed to individuals under the age of 18 (or under the age of majority in their jurisdiction, if higher). We do not knowingly collect personal information from children or minors. Our Terms of Service explicitly prohibit use of the Service by anyone under the required age (18+ typically).

If you are under 18 (or the applicable age of majority where you live), do not use Bitcoin Ore or provide any information about yourself to us, including your name, address, telephone number, or email address. The nature of our Service (cryptocurrency purchasing) is such that it is meant for adults or those legally allowed to enter into such financial transactions.

In the event we inadvertently receive personal data from a minor (for example, if a teenager attempted to contact support or bypassed our restrictions), we will:

Delete the personal data as soon as we discover it (unless we are required by law to retain it, in which case we will secure and isolate it and ensure it’s not used for any other purpose).
Not use the data for any purpose.
If appropriate, inform the minor (or their parent/guardian if known) that we have deleted the data and that they are not allowed to use the Service.

If a parent or guardian becomes aware that their child under 18 (or relevant age) has provided us with personal information or used our site, please contact us immediately (see contact info below). We will work with you to remove and cease any processing of that information.

We also note that Transak and similar services have their own age restrictions (typically 18+ as well, sometimes 21 in some jurisdictions) and KYC processes to verify age. This provides an additional layer of prevention against minors completing transactions. If Transak discovers a user is underage, they will reject the transaction and not provide the service.

11. Links to Other Websites

Our Service may contain links to external websites, third-party services, or integrations (for example, Transak’s hosted pages, educational resources, or partner offers). This Privacy Policy applies only to Bitcoin Ore and our own Service. If you click on a link to a third-party website or service (including Transak or others), or engage with a third-party widget on our site, you will be directed to that third party’s site or service, which is governed by their own privacy policy and terms.

We have no control over and assume no responsibility for the content, privacy practices, or policies of any third-party sites or services. We encourage you to review the privacy policy of every site you visit or service you use, especially before providing any personal information to them. For example, any information you provide directly to Transak during a transaction (like your ID documents, etc.) is subject to Transak’s privacy commitments to you.

That said, we do strive to work with reputable third parties. If you encounter any issues or have concerns about a site we linked to (for instance, if a link on our site unexpectedly leads to a suspicious page, or if you think a partner’s integration is mishandling data), please let us know so we can investigate or reconsider the association.

12. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make changes, we will:

Change the “Last Updated” date at the top of this Policy.
Provide notice of the update. If the changes are significant, we will provide a more prominent notice (such as a banner on our site or a notification via email if appropriate). For instance, if we were to start collecting additional personal data or using data in a new way not originally disclosed, we would highlight those changes. Minor updates (like clarifications or typographical corrections) may be posted with less prominent notice.
If required by law (for example, if a new law requires fresh consent for certain changes), we will obtain your consent where applicable.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of Bitcoin Ore after any changes to this Policy constitutes your acceptance of the updated terms (to the extent permitted by law). If you do not agree with the changes, you should discontinue use of the Service.

If we update the Privacy Policy, for a time we may keep prior versions accessible (e.g., via a changelog or an archive link) so you can see what has changed. If you have questions about a change, feel free to contact us.

13. Governing Law (Privacy Policy)

While our Terms of Service include a governing law clause for contractual purposes, the handling of personal data may also be subject to specific laws depending on your location. Bitcoin Ore is operated from the United States, and U.S. law provides the baseline for our operations. However, we strive to comply with applicable data protection laws worldwide as mentioned (GDPR, CCPA, etc.).

For the purposes of any privacy-related disputes or interpretation of this Privacy Policy, we will follow the conflict resolution mechanisms described in our Terms (which may involve arbitration and New Mexico law for non-privacy issues). But note that certain privacy rights and obligations are governed by the laws of your country (e.g., GDPR for EU users or CCPA for Californians). This Privacy Policy is intended to comply with those laws where applicable, and nothing in this Policy is meant to limit your rights under those laws.

In the event of a conflict between a privacy law that applies to you and this Policy or our Terms, we will adhere to the law’s requirements. For instance, if New Mexico law would allow something but GDPR prohibits it for EU individuals, we will act in accordance with GDPR for EU users.

Any disputes arising from this Privacy Policy or our handling of personal data that are not resolved informally or via regulatory action can be addressed per the dispute resolution terms in our Terms of Service (which include arbitration and jurisdiction provisions). However, you always have the right to lodge complaints with supervisory authorities as noted.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the data we may hold about you, please do not hesitate to contact us. We are here to help and take privacy inquiries seriously.

You can reach us by:

Email: privacy@bitcoinore.com

(If you prefer to contact us via mail or another method, please email us to request a mailing address. Since our company is an anonymous LLC using a registered agent in New Mexico, we will provide a suitable contact address for correspondence as needed.)

When contacting us about a privacy issue, please provide sufficient detail for us to understand and respond to your request. If you are making a rights request (like access or deletion), please clearly state that and include any information that will help us verify your identity and locate your data (for example, the email address you used to contact us previously, date of transaction, etc., as applicable).

We will respond to legitimate inquiries as promptly as possible, generally within 30 days or sooner for simpler requests. If you do not receive a response within a reasonable timeframe, please send a follow-up, as it’s possible we did not receive your message.

Thank you for reading our Privacy Policy. We value your trust and are committed to protecting your privacy while providing a useful service. Use of Bitcoin Ore signifies your understanding of and agreement with this Policy.

Your trusted platform for buying Bitcoin with confidence. We provide real-time market pricing, secure transactions, and instant delivery to your wallet. Join thousands of satisfied customers who choose our platform for their cryptocurrency purchases.

About Us How it Works Compare Blog Terms of Use Privacy Policy F.A.Q.