Privacy Policy

Last updated: April 2026

This Privacy Policy explains how PaiyBit ("we", "us", "the Platform") collects, uses, stores, and shares personal data when you use the Platform. It applies in addition to our Terms of Service.

We aim to comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR. If you are in the EEA or the UK, you have specific rights set out in Section 9 below.

1. Who We Are

PaiyBit is the data controller for personal data processed through the Platform. For privacy questions or to exercise your rights, contact privacy@paiybit.com.

2. Data We Collect

2.1 Account data

Username — required, public, used as your handle
Email address — optional at signup; required for magic-link login, password reset, booking confirmations
Password — stored only as a salted bcrypt hash; we never see your plaintext password
Display name, avatar colour, profile imagery — optional, public
BSV wallet address — public on the Bitcoin SV blockchain by design; required to send and receive payments on the Platform
Phone number — optional, private; used only if you choose to enable phone-based features such as contact discovery, SMS callbacks, or a phone-shaped BIB handle. Never shown publicly or included in share URLs.

2.2 Profile and content data

Vyb profile data — bio, interests, location (What3Words), avatar identity (palette, shape, accessories) — stored if you create a Vyb profile
Geographic coordinates — latitude/longitude — stored if you enable location-based features (e.g. ridesharing, location-tagged paiyges)
User-generated content (paiyges) — text, images, audio, video, live-stream metadata that you publish
Messages — direct messages and forum messages you send
Reading and viewing activity — which paiyges you have purchased or progressed through

2.3 Transaction data

BSV transaction IDs and payment-channel records — broadcast to the public Bitcoin SV blockchain; permanently and publicly visible by design
Booking and session records — buyer / publisher addresses, amounts, timestamps
Credit / top-up history — record of platform credits added to your account

2.4 Technical data

IP address — captured in server logs for security and abuse prevention
Session cookie (connect.sid) — required to keep you logged in
Language preference cookie (lang) — remembers your chosen language
Device and browser information — captured in server logs and error reports

3. Why We Process Your Data (Lawful Basis)

Purpose	Lawful basis
Providing the Platform (account, content hosting, payments, messaging)	Performance of a contract with you
Authentication, fraud prevention, abuse moderation, security logging	Legitimate interests in keeping the Platform safe
Sending transactional emails (verification, booking confirmations, password reset)	Performance of a contract
Optional features such as Vyb profiles, location-based discovery, phone-number features	Your consent (which you can withdraw at any time)
Legal compliance (DMCA, law-enforcement requests, tax records)	Legal obligation

4. How Long We Keep Your Data

Active accounts — kept for as long as the account exists
Deactivated accounts — kept for a 30-day grace period, then permanently deleted (see Section 9)
Server logs — kept for up to 90 days then rotated
Transactional records (payments, bookings, tax-relevant data) — kept for the period required by applicable law (typically up to 7 years), even after account deletion
Bitcoin SV blockchain data — by the nature of a public blockchain, transaction data is permanent and cannot be deleted by us or by anyone

5. Third Parties That Process Your Data

We rely on the following sub-processors. Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses adopted by the European Commission (or equivalent UK safeguards) together with appropriate technical measures.

Processor	Purpose	Region
Amazon Web Services (S3)	Storage of uploaded images, audio, video	EU (Stockholm, eu-north-1)
MongoDB	Application database	EU (configured per deployment)
Resend	Transactional email delivery	USA — SCCs
OpenAI	Automated content moderation of text	USA — SCCs
Anthropic	Automated content moderation, image safety analysis, AI-generated cover/metadata	USA — SCCs
xAI	AI-generated cover imagery	USA — SCCs
Sentry	Error reporting (PII fields scrubbed before transmission)	EU
WhatsOnChain	Bitcoin SV blockchain explorer (transaction lookups)	Global — pseudonymous on-chain data only
ARC	Bitcoin SV transaction broadcasting	Global — pseudonymous on-chain data only
HandCash	Optional wallet integration (only if you connect HandCash)	USA — SCCs

Content you publish or send to the Platform may be analysed by automated moderation services to detect prohibited content before it goes live. Only the content you submit (not your account credentials or wallet keys) is sent to these services.

6. Bitcoin SV Blockchain

The Platform records payments and certain session metadata on the public Bitcoin SV blockchain. Blockchain data is permanent and globally replicated. Once a transaction is broadcast, neither we nor anyone else can delete it. We minimise what is written on-chain to the technical minimum (transaction outputs, addresses, payment-channel state). We do not write your name, email, phone number, or other directly identifying personal data to the blockchain.

7. Cookies

Cookie	Purpose	Duration
`connect.sid`	Keeps you logged in (strictly necessary)	Session
`lang`	Remembers your language choice	365 days

We do not use advertising or third-party tracking cookies. We do not use Google Analytics, Meta Pixel, or similar trackers.

8. Children

The Platform is not intended for and may not be used by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has created an account, please email privacy@paiybit.com and we will delete the account.

9. Your Rights

If you are in the EEA or the UK, you have the following rights:

Access — obtain a copy of the personal data we hold about you. You can download a machine-readable export from your account settings, or email privacy@paiybit.com.
Rectification — correct inaccurate or incomplete data. Most fields can be edited directly in your account settings.
Erasure ("right to be forgotten") — delete your account and associated personal data. You can deactivate your account from settings; permanent deletion follows after a 30-day grace period. Note: data written to the Bitcoin SV blockchain and records we are legally required to retain cannot be deleted.
Restriction — ask us to limit how we process your data while a query is resolved.
Portability — receive your data in a structured, commonly-used, machine-readable format (JSON).
Objection — object to processing based on our legitimate interests.
Withdrawal of consent — where we rely on your consent (e.g. optional location features), you can withdraw it at any time.
Complaint — lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk). In the EU you can find your authority at edpb.europa.eu.

We aim to respond to all rights requests within 30 days.

10. Security

We use industry-standard technical and organisational measures to protect your data, including encrypted transport (HTTPS), bcrypt password hashing, scrubbing of sensitive fields before they reach our error-reporting service, and access controls on storage. No system is perfectly secure; you are responsible for keeping your password and 12-word recovery phrase confidential.

11. International Transfers

Some of the processors listed in Section 5 are based outside the EEA, primarily in the United States. Where personal data is transferred outside the EEA or the UK, we rely on Standard Contractual Clauses approved by the European Commission (or equivalent UK safeguards) and supplementary technical measures. You can request a copy of the transfer mechanism we rely on by emailing privacy@paiybit.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows when it was last changed. If we make material changes we will notify you through the Platform or by email where we reasonably can.

13. Contact

For privacy questions, rights requests, or to report a concern, email privacy@paiybit.com.