BF Global privacy policy

Privacy is of utmost importance at the BF Global group of companies (BF Global). We recognise the significance of protecting information which is stored on our computers or is intended to be stored on our computers and which relates to an individual. The data we protect are the Personal Data comprising any information relating to an identified or identifiable natural person, sometimes called a data subject, and have made protecting privacy and the confidentiality of Personal Data a fundamental component of the way we do business. This Privacy Policy informs you of the ways we work to ensure privacy and the confidentiality of Personal Data. This policy describes the information we gather, how we use those Personal Data and the circumstances under which we disclose such information to third parties.

In this Policy, Services means the BF Wallet application, any feature provided by us via a website or any local wallet application (mobile desktop or otherwise), including without limitation wallet services or BF Global information services, but excluding API services, which are governed by a separate agreement.

If you do not agree with this Privacy Policy in general or any part of it, you should not use the Services.


  1. Collecting of Personal Information
  2. Use of Personal Data
  3. Disclosure of Personal Data
  4. Security of Your Personal Data
  5. Retention of Your Personal Data
  6. Storage of Personal Data
  7. Your Rights
  8. Acceptance
  9. Questions and Complaints
  1. Collecting of Personal Information

    When you access or use the Services, we collect the following information:

    Information you provide to us:

    You may give us information about you by filling in forms on our Wallet Application or through our app or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Services and when you report a problem with the Wallet Application or with our app. The information you give us may include your name, email address, virtual currency addresses, business card or other identifying document, mobile phone number, alias, password, mobile PIN code, and any other information you choose to provide. When you use the app to scan other user’s address in a form of a QR code, the data is processed in real time and no actual photographs are being taken nor stored.

    Information we collect about you:

    With regard to each of your visits to our Wallet Application or our app we automatically collect the following information:

    • Log Information: We log technical information about your use of the Services, including the type of browser and version you use, last access time of your wallet, the Internet Protocol (IP) address used to create the wallet and the most recent IP address used to access the wallet.
    • Device Information: We collect information about the mobile device you use to access our mobile wallet application, including the hardware model, operating system and version, unique device identifiers and mobile network information, but this information is anonymised and not tied to any particular person.
    • Address Information: When you create a wallet through our Services, you may choose to generate a public and private key pair. When you log out of the wallet, we collect an encrypted file that, if unencrypted, would contain these wallet addresses. When you enable notifications through your account settings, we will collect the unencrypted wallet address in order to provide such notifications. Under no circumstances do we ever collect an unencrypted private key from you, nor can we decrypt any wallet file data.

    Information we collect from other sources:

    We also receive information from other sources and combine that with information we collect through our Services. For instance:

    • When you log in to our support desk center via a third-party social media service, we collect information about your social media account in accordance with the authorisation procedures determined by such social media service, including your public profile, friend list and email address.
    • We use third-party services (e.g. Freshdesk) co-branded as BF Global but will do so with clear notices. Any third-party services may collect information as determined by their own privacy policies.
    • If you connect your wallet to you will be subject to the website terms and conditions and privacy policy which differ from the BF Wallet terms of service and use and privacy policy.

    We also use "cookies" from time to time to help personalise your online experience with us. A cookie is a small text file that is stored on your computer to help us make your visit to our site more user-friendly. Please see our Cookies Policy for more details about the cookies we use. Cookies provide us with information about your use of the site that can help us improve the site and your experience with it. We will process Personal Data collected through cookies in accordance with this Privacy Policy. If you have set your browser to warn you before accepting cookies, you should receive a warning message with each cookie. You may refuse cookies by turning them off in your browser, however, you should be aware that our site, like most other popular sites, may not work well with cookies disabled.

  2. Use of Personal Data

    As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organisation, we will use your information to:

    • Understand and meet your needs and preferences in using our Services.
    • Develop new and enhance existing service and product offerings.
    • Manage and develop our business and operations.
    • Carry out any purposes for which we have received your consent.
    • Meet legal and regulatory requirements.

    We also reserve the right to use aggregated Personal Data to understand how our users use our Services, provided that those data cannot identify any individual.

    We use Google Analytics which is a web analytics tool that helps us understand how users engage with the Wallet Application. Like many services, Google Analytics uses first-party cookies to track user interactions as in our case, where they are used to collect information about how users use our Wallet Application. This information is used to compile reports and to help us improve our Wallet Application. The reports disclose Wallet Application trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all website you use, visit this Google page:

    We will process your Personal Data legally and fairly and not use it outside the purposes of which we have informed you. So far as we are able we shall ensure that all of your Personal Data is accurate and up to date.

    We use Firebase and Crashlytics which is a tool that helps us collect anonymous data for these third party services.

  3. Disclosure of Personal Data

    We share your information with selected recipients to perform functions on our behalf. All such third parties will be contractually bound to protect data in compliance with our Privacy Policy. The categories of recipients include:

    • Companies within the BF Global corporate family located in the Cayman Islands, Hong Kong, United Kingdom and United States, in order to provide the Services to you.
    • Email providers, like MailChimp, located in the United States, to provide email services.
    • Exchangers like ShapeShift, located in Switzerland, Changelley, located in Hong Kong BitFinex located in the British Virgin Islands to provide digital asset exchange services to you in connection with the Services.
    • Cloud services providers, like Google, located in Ireland, and Amazon, located in Ireland, to store certain personal data and for disaster recovery services, as well as for the performance of any contract we enter into with you.

    We also may share personal information with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of BF Global’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by BF Global is among the assets transferred.

    Except where we are required by law to disclose Personal Data or are exempted from, released from or not subject to any legal requirement concerning the disclosure of Personal Data, we will require any person to whom we provide your Personal Data to agree to comply with our Privacy Policy in force at that time or requirements substantially similar to such policy. We will make reasonable commercial efforts to ensure that they comply with such policy or requirements, however, where not expressly prohibited by law, we will have no liability to you if any person fails to do so.

    We shall require any third party, including without limitation any government or enforcement entity, seeking access to data we hold to have obtained a Court Order, or proof they are statutorily empowered to access your data and that their request is valid and within their power.

  4. Security of Your Personal Data

    We protect Personal Data with appropriate physical, technological and organisational safeguards and security measures. Your Personal Data comes to us via the internet which chooses its own routes and means whereby information is conveyed from location to location. As such we cannot give any warranty or assurance that the means where information is conveyed to us are safe, reliable or have integrity. We audit our procedures and security measures regularly to ensure they are being properly administered and remain effective and appropriate. Every person of BF Global is committed to our privacy policies and procedures to safeguard Personal Data. Our site has security measures in place to protect against the loss, misuse and unauthorised alteration of the information under our control. More specifically, our server uses SSL (Secure Sockets Layer) security protection by encrypting your Personal Data to prevent individuals from reading these Data as they travel over the Internet.

  5. Retention of Your Personal Data

    The length of time we retain Personal Data outside our back up system varies depending on the purpose for which it was collected and used, as follows:

    • Data you provide to us when subscribing for our services: while user remains active, stored in the United States of America.
    • Country Location data: while user remains active, stored in the United States of America.
    • Data on your preferences: while user remains active, stored in the United States of America.
    • IP address login: until subsequent login from a new IP, stored in the United States of America.
    • Push notification tokens: 12 months or until deactivation or expiry, stored in the United States of America.

    Except where prohibited by law, this period may extend beyond the end of the particular relationship with us but only for so long as we are contractually bound to do so, or so far as is necessary for audit or other accounting purposes. When Personal Data are no longer needed we have procedures either to destroy, delete, erase or convert it to an anonymous form.

    If at any time we become subject to anti-money laundering or other regulatory requirements in respect of the Services, we will retain your Personal Data for such period as required by such regulations.

  6. Storage of Personal Data

    If you reside in the EU, BF Global stores your Personal Data at secure locations in the United States of America. BF Global has ensured that appropriate security standards are in place regarding the safeguarding, confidentiality and security of Data.

    The information that we collect from you will be transferred to, and stored in, destinations outside of your country and the European Economic Area (EEA) as described below.

    Adequacy Decision: The personal data that we collect from you will be transferred to, and stored at/processed in, the United States of America via encrypted communications channels and stored on hardware owned by BF Global for the purposes of providing the Services and disaster recovery, which were found to have an adequate level of protection for personal data under Commission Decision 2000/518/EC of 26 July 2000.

    Model Clauses: The Personal Data that we collect from you will be transferred to, and stored at/processed in the United States of America via encrypted communications channels and stored on hardware owned by BF Global for the purpose of operation of Services and disaster recovery, under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU.

    Privacy Shield: The Personal Data that we collect from you will be transferred to, and stored at/processed by, BF Global which complies with the US Department of Commerce's EU-US Privacy Shield and Swiss–US Privacy Shield and has certified that we adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield wallet application.

  7. Your rights

    If you are a user of the Services located in the EU, in certain circumstances, you have the right to access and receive a copy of information we hold about you, to rectify any Personal Data held about you that is inaccurate and to request the deletion of Personal Data held about you. Any access request after the first such request by you may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you. You also have the right to data portability for information you provide to us – this means that you can obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. You may have the right to restrict or object to the processing of your Personal Data by us. You can exercise your rights by contacting us at [email protected].

  8. Acceptance

    By using the Services, you signify your agreement to this Privacy Policy. BF Global reserves the right to change this Privacy Policy at any time. If we make any material changes to this Privacy Policy the revised Privacy Policy will be posted here and notified to our users at least 30 days prior to the changes taking effect, so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. Please check this page frequently to see any updates or changes to this Privacy Policy.

  9. Questions and complaints

    Any questions about this Privacy Policy, the collection, use and disclosure of Personal Data by BF Global or access to your Personal Data which is required by law (or would be so subject had the storage in question taken place in a relevant EU member state if the case may be but not otherwise) to be disclosed should be directed to [email protected].

    In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at [email protected] and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have infringed data protection laws.