Privacy Policy

Last updated: March 7, 2025

Effective date: March 7, 2025

1. Who We Are

BitCollect is a financial technology platform operated by Hijaz Bros Inc, a Florida company. We provide an automated Bitcoin round-up and savings service that helps users invest spare change into Bitcoin.

• Company: Hijaz Bros Inc (operating as BitCollect)
• Website: bitcollect.app
• Email: team@bitcollect.app
• Address: 608 Sportsman Park Dr, Seffner, Florida 33584, United States

2. Information We Collect

We collect only the information necessary to provide our service. This includes:

Information you provide directly:

• Account Information: Your full name and email address when you register
• Communications: Any messages, support requests, or feedback you send us
• Wallet Address: Your Bitcoin wallet address if you set up auto-withdrawal

Information collected automatically through our service:

• Bank Transaction Data: Purchase amounts and merchant names used to calculate round-ups, collected through Plaid. We do not store your bank login credentials, account numbers, or routing numbers
• Round-Up Records: The calculated round-up amounts from your transactions
• Bitcoin Purchase History: Records of Bitcoin purchases made on your behalf
• Subscription & Billing Data: Payment status and billing history. We do not store your full credit or debit card number — all payment processing is handled by Stripe

Technical information collected automatically:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on our platform
• Referring website or link

3. How We Use Your Information

We use your information solely for the following purposes:

• To create and manage your BitCollect account
• To calculate round-up amounts from your linked bank transactions
• To purchase Bitcoin on your behalf through Strike (Zap Solutions, Inc.)
• To process your monthly subscription payments through Stripe
• To send you account notifications, transaction confirmations, and service updates
• To respond to your support requests and questions
• To detect, investigate, and prevent fraud, unauthorized access, and illegal activity
• To comply with applicable laws, regulations, and legal obligations
• To improve and maintain the reliability of our platform

We will never use your financial data for advertising purposes or sell it to data brokers or marketing companies.

4. How We Share Your Information

We do not sell your personal information. We share your data only as strictly necessary to operate our service, with the following trusted third-party providers:

• Plaid Technologies, Inc.: Connects your bank account securely for transaction monitoring. Your bank credentials never pass through our servers. Subject to Plaid's Privacy Policy.
• Strike (Zap Solutions, Inc.): Executes Bitcoin purchases and processes withdrawals on your behalf. Subject to Strike's Privacy Policy.
• Stripe, Inc.: Processes subscription payments securely. Subject to Stripe's Privacy Policy.
• Supabase, Inc.: Provides secure cloud database storage for your account information.
• Resend, Inc.: Delivers transactional emails such as verification and password reset emails.

We may also disclose your information in the following limited circumstances:

• When required by law, subpoena, court order, or government authority
• To protect the rights, property, or safety of BitCollect, our users, or the public
• In connection with a merger, acquisition, or sale of all or substantially all of our assets — in which case we will notify you before your information is transferred and becomes subject to a different privacy policy
• With your explicit written consent

5. Data Security

We implement industry-standard security measures to protect your personal information:

• All data transmitted between your device and our servers is encrypted using SSL/TLS (HTTPS)
• Passwords are hashed and never stored in plain text
• Bank login credentials are never stored on our servers — Plaid handles all bank authentication
• Full payment card details are never stored on our servers — Stripe handles all payment processing
• API keys and credentials are stored in secure environment variables, not in our codebase
• Access to user data is restricted to authorized personnel only, on a need-to-know basis
• We use HTTP security headers to protect against common web attacks
• Our systems are regularly reviewed for potential security vulnerabilities

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained for the duration of your account and deleted or anonymized within 90 days of account closure
• Transaction records: Retained for 7 years as required by U.S. financial recordkeeping regulations
• Bitcoin purchase history: Retained for 7 years for tax reporting purposes
• Support communications: Retained for 3 years after the last communication
• Technical logs: Retained for up to 90 days for security monitoring

When data is no longer needed, we securely delete or anonymize it. Certain information may be retained longer if required by law or for the resolution of disputes.

7. Your Rights and Choices

You have the following rights regarding your personal information. To exercise any of these rights, contact us at team@bitcollect.app. We will respond within 30 days.

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request a copy of your data in a machine-readable format
• Restriction: Request that we limit processing of your data in certain circumstances
• Objection: Object to processing of your personal data for certain purposes
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the link in any email we send. Note: we may still send you essential service and account emails
• Account Deletion: Close your account at any time by contacting us at team@bitcollect.app

8. Cookies and Tracking

BitCollect uses minimal cookies and tracking technologies. Specifically:

• Essential cookies: Used to keep you logged in and maintain your session. These are required for the service to function and cannot be disabled
• Local storage: Used to store your dashboard preferences such as privacy mode settings

We do not use advertising cookies, cross-site tracking, or third-party analytics services that profile you for marketing. You can control cookie settings through your browser preferences, but disabling essential cookies may prevent you from using our service.

9. Children's Privacy

BitCollect is a financial service intended solely for users who are 18 years of age or older. We do not knowingly collect, solicit, or use personal information from anyone under the age of 18. If you are under 18, do not use our service or provide any information to us.

If we discover that we have inadvertently collected personal information from a minor, we will delete that information promptly. If you believe we have collected information from a child under 18, please contact us immediately at team@bitcollect.app.

10. Data Breach Notification

In the event of a data breach that is reasonably likely to result in a risk to your rights and freedoms, BitCollect will:

• Notify affected users by email within 72 hours of becoming aware of the breach, where feasible
• Describe the nature of the breach, the data affected, and the likely consequences
• Describe the measures we have taken or propose to take to address the breach
• Notify applicable regulatory authorities as required by law
• Provide guidance on steps you can take to protect yourself

We maintain an incident response plan and conduct regular security reviews to minimize the risk of data breaches.

11. Third-Party Links

Our website may contain links to third-party websites, including our service partners. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit before providing personal information. The inclusion of a link does not imply endorsement by BitCollect.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request the categories and specific pieces of personal data we have collected about you in the past 12 months, the sources of that data, the business purpose for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You may request deletion of your personal data, subject to certain exceptions required by law
• Right to Correct: You may request correction of inaccurate personal information we hold about you
• Right to Opt-Out of Sale: We do not sell your personal information. You may still submit an opt-out request at any time
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to what is necessary to provide our services
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To exercise your California privacy rights, email us at team@bitcollect.app with the subject line "California Privacy Request." We will respond within 45 days. We may need to verify your identity before processing your request.

13. Financial Privacy Notice (GLBA)

As a financial technology company, BitCollect is subject to the Gramm-Leach-Bliley Act (GLBA) and is committed to protecting the privacy of your nonpublic personal financial information. This notice describes how we collect, use, and protect that information.

What we collect:

• Information you provide when creating your account (name, email)
• Transaction and round-up data from your linked bank account via Plaid
• Bitcoin purchase records made on your behalf
• Payment history for your subscription

What we disclose: We do not disclose your nonpublic personal financial information to nonaffiliated third parties except as permitted by law — specifically, to Plaid, Strike, and Stripe as necessary to provide our services, and as required by applicable law or regulation.

How we protect it: We maintain physical, electronic, and procedural safeguards that comply with applicable regulations to protect your nonpublic personal financial information.

To limit certain sharing or to ask questions about this notice, contact us at team@bitcollect.app.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a new "Last updated" date
• Send a notification email to your registered address at least 30 days before changes take effect
• Display a prominent notice on our website or within the app

Your continued use of BitCollect after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using our service and close your account before the effective date.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: team@bitcollect.app
• Website: bitcollect.app
• Mail: Hijaz Bros Inc, 608 Sportsman Park Dr, Seffner, Florida 33584, United States

We take all privacy inquiries seriously and will respond within 30 days of receiving your request.