Voi Logo

iBuyVoi.com

Privacy Policy

Last Updated: 7/9/2025

1. Introduction

iBuyVoi.com ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency exchange service. We believe in transparency and want you to understand exactly what data we collect and how we use it.

2. Information We Collect

2.1 Information You Provide Directly

  • Wallet Addresses: Cryptocurrency wallet addresses for transaction processing and delivery
  • Transaction Parameters: Amount, token type, and destination information for swap requests
  • Token Listing Requests: When submitting token requests, we collect:
    • Token name, symbol, and asset ID
    • Your name and email address
    • Optional: Website URL, logo URL
    • Token description and additional information

2.2 Information Collected Automatically

  • IP Address: Used for rate limiting, abuse prevention, and geographic restrictions
  • User Agent: Browser and device information for debugging and compatibility
  • Transaction Data: Blockchain transaction hashes, amounts, and timestamps
  • Usage Analytics: Service usage patterns for optimization (no personal identification)

2.3 Browser Storage Data

We store the following information locally in your browser using localStorage and sessionStorage:

Local Storage (Persistent)

  • User Preferences:
    • Theme preference (light/dark/system)
    • Tutorial completion status
    • Slippage tolerance settings
    • Advanced options preferences
  • Recent Addresses: Last 5 wallet addresses used (expires after 30 days)
  • Transaction History Cache: Local copy of your transactions (expires after 90 days)
  • Service Account Data: For decentralized onramp functionality:
    • Generated wallet address and encrypted private key
    • Account creation timestamp
    • Network information
  • Quote Cache: Recent price quotes (expires after 30 seconds)

Session Storage (Temporary)

  • Temporary transaction state during active sessions
  • Wallet connection status
  • Active quote information

3. How We Use Your Information

3.1 Primary Service Functions

  • Transaction Processing: Execute cryptocurrency swaps and transfers
  • Transaction Monitoring: Track transaction status across multiple blockchains
  • Service Delivery: Deliver Voi tokens to your specified address
  • Quote Generation: Provide real-time pricing from DEX aggregators

3.2 Security and Fraud Prevention

  • Rate Limiting: Prevent abuse of service account funding (3 requests/hour, 10/day, 25/week per IP)
  • Duplicate Prevention: Ensure each funding request is legitimate
  • Network Monitoring: Detect and prevent fraudulent transactions

3.3 Service Improvement

  • Error Debugging: Diagnose and fix technical issues
  • Performance Optimization: Improve service speed and reliability
  • Feature Development: Develop new features based on usage patterns

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share limited information with the following third-party services to provide our functionality:

  • Coinbase Pay:
    • Fiat amount, currency, and destination address for onramp transactions
    • Session tokens for secure payment processing
    • Partner user IDs for transaction tracking
  • Alchemy (Blockchain Infrastructure):
    • Wallet addresses for transaction monitoring
    • Transaction hashes for status verification
    • Block numbers for efficient searching
  • Pera Wallet API:
    • Asset IDs for token metadata retrieval
    • No personal information shared
  • Vestige Labs & SushiSwap:
    • Token addresses and amounts for price quotes
    • No personal information shared
  • Google Sheets API (Optional):
    • Token listing request data when you submit requests
    • Email addresses for communication about token listings
  • Supabase (Database):
    • Transaction records for completion tracking
    • IP addresses and timestamps for rate limiting
    • Service account funding records for security

4.2 Blockchain Networks

By nature of blockchain technology, certain information becomes publicly available:

  • Transaction hashes and amounts
  • Wallet addresses involved in transactions
  • Transaction timestamps and block numbers
  • Smart contract interaction data

4.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
  • Enforce our Terms of Service

5. Data Retention

5.1 Browser Storage

  • User Preferences: Stored until manually cleared or browser data is reset
  • Recent Addresses: Automatically deleted after 30 days
  • Transaction Cache: Automatically deleted after 90 days
  • Quote Cache: Automatically deleted after 30 seconds
  • Service Accounts: Stored until manually cleared (persistent for user convenience)

5.2 Server-Side Data

  • Transaction Records: Retained for 1 year for support and compliance purposes
  • Rate Limiting Data: Retained for 7 days for security purposes
  • Service Account Funding: Retained for 30 days for abuse prevention
  • Error Logs: Retained for 30 days for debugging purposes

6. Data Security

6.1 Technical Safeguards

  • Encryption: All data transmission uses HTTPS/TLS encryption
  • Private Key Security: Private keys are encrypted before storage (when applicable)
  • API Security: JWT tokens and signed requests for third-party integrations
  • Rate Limiting: Multiple layers of abuse prevention

6.2 Operational Safeguards

  • Minimal Data Collection: We only collect data necessary for service operation
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Security Reviews: Ongoing assessment of security practices
  • Incident Response: Procedures for handling security incidents

7. Your Privacy Rights

7.1 Browser Data Control

  • Clear Local Data: You can clear all locally stored data through your browser settings
  • Disable Storage: You can disable local storage, though this may impact functionality
  • Export Data: You can export your transaction history from the browser interface

7.2 Communication Preferences

  • Token Listing Emails: You can request removal from token listing communications
  • Support Communications: We only contact you in response to your requests

7.3 Data Portability

  • Transaction data is available on public blockchains
  • You can export your local transaction history
  • You can request copies of server-side data we maintain about you

8. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Our service operates globally and may involve data transfers to countries with different privacy laws. By using our service, you consent to the transfer of your information to countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers.

10. Cookies and Tracking

We do not use traditional cookies or third-party tracking scripts. All data storage is done through browser localStorage and sessionStorage, which you can control through your browser settings. We do not track users across websites or engage in behavioral advertising.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify users of material changes through the service interface
  • Maintain previous versions for reference

Your continued use of the service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

13. Data Processing Legal Basis

Our legal basis for processing personal data includes:

  • Contractual Necessity: Processing required to provide our service
  • Legitimate Interests: Security, fraud prevention, and service improvement
  • Consent: Where you have provided explicit consent (e.g., token listing requests)
  • Legal Compliance: Where required by applicable laws

14. Specific Regional Rights

14.1 European Union (GDPR)

If you are in the EU, you have additional rights including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

14.2 California (CCPA)

If you are a California resident, you have rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

15. Acknowledgment

By using our service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.