Privacy Policy

Last updated: April 2026

1. Introduction

CryptoTopCard ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our virtual card service. Our service is designed with privacy at its core — we operate without KYC (Know Your Customer) verification and collect minimal data.

By using CryptoTopCard, you consent to the practices described in this policy.

2. Information We Collect

CryptoTopCard does not collect personal identity information. We do not require your name, address, phone number, government ID, or selfie. Account access is managed entirely through a cryptographic seed phrase.

The limited information we do collect includes:

• Account data: A hashed version of your seed phrase for authentication purposes. The raw seed phrase is never stored on our servers.
• Transaction data: Card transaction amounts, merchant categories, timestamps, and approval/decline status for your dashboard and account management.
• Deposit data: Cryptocurrency wallet addresses used for deposits, transaction hashes, and deposit amounts.
• Technical data: IP address, browser type, device type, and operating system collected automatically through server logs.
• API usage data: API key identifiers, request timestamps, endpoints called, and rate limit counters for API users.

3. How We Use Your Information

We use the collected information solely for the following purposes:

• Authenticating your account access
• Processing card transactions and cryptocurrency deposits
• Displaying transaction history and balance information in your dashboard
• Detecting and preventing fraud, abuse, and prohibited activities
• Maintaining service stability, performance monitoring, and debugging
• Enforcing our Terms of Service
• Complying with applicable legal obligations

We do not use your data for marketing, advertising profiling, or sale to third parties.

4. Cookies & Local Storage

CryptoTopCard uses a minimal set of cookies and browser storage mechanisms:

• Session cookie: A secure, HTTP-only cookie that maintains your authenticated session. This cookie is essential for the Service to function and expires when you log out or after a period of inactivity.
• CSRF token: A security token stored in a cookie to prevent cross-site request forgery attacks.
• Preferences: Optional local storage entries for dashboard display preferences (e.g., card view mode).

We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. There are no cookie banners because we do not perform non-essential tracking.

5. Third-Party Services

To operate the Service, we interact with the following categories of third-party providers:

• Card network processors: Visa and Mastercard networks process card transactions. Transaction data (amount, merchant, currency) is shared with these networks as required for payment processing.
• Blockchain networks: Cryptocurrency deposits are processed on public blockchains (Bitcoin, Ethereum, Solana). Blockchain transactions are inherently public.
• Infrastructure providers: We use cloud hosting and CDN services to deliver the platform. These providers may process technical data (IP addresses, request logs) under strict data processing agreements.

We do not integrate any third-party analytics, social media trackers, or advertising platforms into our Service.

6. Data Security

We implement robust security measures to protect the data we handle:

• Encryption in transit: All connections to CryptoTopCard are secured with 256-bit TLS encryption. HSTS is enforced.
• Encryption at rest: Sensitive data stored on our servers is encrypted using AES-256.
• Seed phrase security: Your seed phrase is hashed using a strong one-way algorithm. We cannot view or recover your original seed phrase.
• 3D Secure: All cards are enrolled in 3D Secure 2.0, adding an additional layer of transaction authentication.
• Access controls: Internal access to systems and data is restricted on a need-to-know basis with multi-factor authentication required for all staff.
• PCI DSS compliance: Our card infrastructure is PCI DSS compliant, meeting the payment industry's security standards for handling card data.

7. Data Retention

We retain data only as long as necessary for the purposes described in this policy:

• Account data: Retained for the lifetime of your account. Deleted within 30 days of account closure.
• Transaction history: Retained for 12 months from the transaction date for your reference and dispute resolution, then permanently deleted.
• Server logs: Technical logs containing IP addresses and request data are retained for a maximum of 90 days, then automatically purged.
• Deposit records: Cryptocurrency deposit records are retained for 12 months after the deposit date.

When data is deleted, it is permanently removed from our active systems and backups within a reasonable timeframe.

8. Your Rights

Because CryptoTopCard collects minimal data and does not tie accounts to personal identities, traditional data subject rights (such as those under GDPR) apply in a limited scope. However, you have the right to:

• Access your data: View all transaction history and account information through your dashboard.
• Delete your account: Request account deletion through our support channels. All associated data will be purged in accordance with our retention schedule.
• Export your data: Download your transaction history from the dashboard in standard formats.

9. Children's Privacy

CryptoTopCard is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors. If we become aware that a minor is using the Service, we will take steps to terminate the associated account.

10. International Data Transfers

CryptoTopCard operates globally and may process data in multiple jurisdictions. By using the Service, you acknowledge that your technical data may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place for any cross-border data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes are posted constitutes acceptance of the revised policy. For significant changes, we may display a notice on the dashboard.

12. Contact

If you have questions or concerns about this Privacy Policy or how your data is handled, please reach out through our support channels available on the website or via Telegram.