Home
Round-Ups
Card
Business
Security
Learn Bitcoin
About
Bitcoin price

Privacy Policy

Date written : 03/04/2024

Legal notice

Bitstack, a French simplified joint-stock company with share capital of €4,758,724.64, registered with the Aix-En-Provence Trade and Companies Register under the number 899 125 090 and domiciled at 100 impasse des Houillères - Le Pontet, 13590 Meyreuil, France.

Bitstack is registered with the French Financial Markets Authority as a Digital Asset Service Provider (“DASP”) for the activities of holding digital assets and buying/selling digital assets against legal tender, under the number E2021-027.

The Managing Editor is Mr Alexandre Roubaud

Contact: hello@bitstack-app.com

The website is hosted by Namecheap.

The app is available exclusively through the Apple App Store and Google Play Store

​1. Preface

The Company is convinced that trust is the crucial element of successful and lasting relationships. The protection of the personal data and privacy of its current or potential customers (the "Users") is no exception to this.

This is why the Company pays particular attention to collecting and processing their personal data only with the utmost care and in strict compliance with the applicable legal framework.

In order to provide information as transparently as possible, the Company has drafted the following privacy notice. It intends to explain in detail why and how Users' personal data is processed when they browse the bitstack.fr website (the "Website") or the mobile application (together the "Platform") or use the services offered by the Company (the "Services").

​2. Scope and purpose of this privacy notice

This privacy notice (hereinafter the "Privacy Policy") aims to inform you, as a User, about how the Company, as the data controller, processes information that identifies you, directly or indirectly (the "Personal Data"), when you use the Website.

This Policy is accessible at all times on the Platform and is the only applicable policy and prevails over all previous versions.

3.Data categories, processing purposes and legal bases

When a User uses the Services, the Company processes their Personal Data for various purposes detailed below, each of which is duly legitimised by a valid legal basis.

Browsing information. In order to enhance the User experience, the Company wants to understand their interactions with the Services. That is why the Company needs

to analyse various browsing information collected through Cookies in order to analyse performance related to the use of the Services.

For this, the Company relies on its legitimate interest which consists of (i) understanding

how its Platform is navigated by Users; and (ii) improving the Platform if necessary.

Correspondence and communications. The Company collects and processes Personal

Data in order to address any questions, requests or feedback that Users may submit to the Company, whether initiated by the Company or not.

Thus, the collection and processing of Personal Data by this means can only take place following a question, request or feedback which is directly addressed by post or email to the Company. Apart from this situation, Personal Data will never be collected through this means.

This processing involves the collection of the following categories of Personal Data: (i) identification data (i.e. the information provided, including name and email address) and (ii) the content of the message(s) you send to the Company.

This processing is based on the Company's legitimate interest in having to manage its relations with Users.

Account management. Users must create an account on the Platform to access the Services, involving having to go through an important know-your-customer (KYC) procedure. To manage this account, and in particular to allow Users to access content reserved for account holders only, the Company thus collects and processes a certain amount of the following types of Personal Data:

​•​concerning the data of natural persons: first names and surname, date and place of birth, age, nationality, socio-professional category, sector of activity, income, tax return, domicile, email address, IP address, list of contacts, images of contacts, digital asset wallet details, copy of an official identity document, username and password to access the account;

​•​concerning the data of legal persons: trade name, company name, registration number, registered office address, email address of the natural person representing the legal person, wallet details; email address; IP address; wallet details of the legal person, mobile telephone number of the natural person representing the legal person, copy of its up-to-date Articles of Association, copy of a document identifying the legal person, namely, in the case of French companies: a Kbis registration certificate less than 3 months old, in the case of foreign companies: a certificate of legal validity or a certificate of incorporation of the company and in the case of an association: an extract from the Official Journal recording its declaration in prefecture, the surnames, first names, address of the natural person representing the legal person if this natural person is not a legal representative, the first names, surnames, date and place of birth of the legal representative, copy of an official identity document of the natural person representing the legal person and beneficial owners, sector of activity, turnover; tax return or accounting situation, username and password to access the account.

The legal basis for this processing lies in the need for the Company (i) to perform a contract to which the User is a party and (ii) to comply with its anti-money laundering and terrorist financing (AML/CFT) obligations.

Collection of contacts and contact images. When a User decides to synchronise their address book with Bitstack, the Company collects the following information relating to the User's contacts: names, email addresses, telephone numbers, and, where applicable, the images associated with these contacts. This data is used to enhance the user experience on the Platform and facilitate interaction between Users and their contacts.

The legal basis for this processing is the User's consent, which is requested at the time of synchronisation of their address book with the Platform.

The User has the right to withdraw their consent at any time, which will result in the cessation of contact data processing and its deletion.

Order management. The Company is required to collect Personal Data necessary for the management of orders and invoicing, under the following conditions

​•​concerning the data of natural persons: bank details, account number, first name(s) and surname, email address, IP address, and digital asset wallet details;

​•​concerning the data of legal persons: bank details, account number, company name, registration number, email address; IP address and digital asset wallet details.

The legal basis for this processing is the need to perform a contract to which the User is a party.

Management of payments and withdrawals. The management of payments and withdrawals is carried out by a service provider external to the company, under the conditions specified below (4. Recipients of Personal Data). For the operation of the Service, Users will have to consent to the collection of Personal Data by service providers external to the Company, which will be transmitted to Bitstack. This data is the User's bank details and account information collected as part of the rounding savings service, in accordance with the Company's general terms and conditions of sale.

The legal basis for this processing lies in (i) the need to execute a contract to which the Users are parties as soon as they become customers of the Company (management of payments, withdrawals and subscriptions) as well as in (ii) compliance with the legal obligations related to the prevention of payment card fraud.

Users are never obliged to provide any Personal Data that the Company may request from them. Nevertheless, the Company draws their attention to the fact that if they refuse, access to the Services may be limited, suspended or even impossible.

In any case, and irrespective of the purpose pursued by the processing in question, the Company will adhere to a strict principle of data minimisation and will therefore collect and process only the Personal Data necessary for the aforementioned purposes.

4. Recipients of Personal Data

The Company shares Personal Data with third party service providers and suppliers who assist the Company in achieving the purposes specified in this Privacy Policy and participate in the provision of the Services. As subcontractors of the Company, service providers and suppliers may have access to Personal Data for the sole and exclusive purpose of carrying out the tasks entrusted to them. The Company ensures that its subcontractors provide sufficient guarantees for the performance of the assignment and comply with applicable laws and regulations.

When required to do so, the Company shares Personal Data with the courts

and any other governmental and/or public authority requesting access to Personal Data, to the extent that this is legally permitted.

In any event, the Company communicates Personal Data only to the aforementioned recipients on the basis of the strict need to know and only to the extent necessary to achieve the duly identified processing objectives.

If the Company considers that it is not necessary to keep the User's Personal Data in its active database, the Company shall archive it and shall ensure that access thereto is restricted to a limited number of persons having a genuine need to access the Personal Data.

5. Retention periods

The Company retains the Personal Data for a limited period that may not exceed in all circumstances the time necessary to achieve the purposes described in Article 3 of this Privacy Policy.

Browsing information. The period of time for which Cookies are retained is specified below in accordance with the provisions of Article 9 of this Privacy Policy.

Correspondence and communications. The Personal Data resulting from Users' questions, requests or feedback shall not be kept for more than five (5) years after the last contact at the User's initiative.

Account management. The Company will keep the Personal Data until the account is closed. Nevertheless, if the Company needs to retain Personal Data for evidentiary purposes beyond the closing date of your online account, then the applicable maximum retention period will be in accordance with the statutory limitation periods.

Order management. With regard to the management of orders, Personal Data will be stored for the duration of the commercial relationship and ten (10) years after this period pursuant to accounting obligations.

Payment management. Personal Data is retained:

​•​in the case of a purchase and sale transaction, until the service is provided;

​•​in the event of a subscription, until the last payment due date, if the subscription does not provide for tacit renewal;

Regarding the retention of evidence to manage any potential claims, the data is kept for a period of 13 months from the debit date. The data thus kept for evidentiary purposes must be kept in an intermediate archive and be used only in the event of a dispute over the transaction.

If the Company considers that it is not necessary to keep the Personal Data in the Company's active database, it will be archived and the Company will ensure that access thereto will be restricted to a limited number of persons having a proven need to access the Personal Data.

6. Transfer of Personal Data

Personal Data may be processed outside the territory of the European Union. In this situation, the Company takes all necessary precautions and ensures alternatively or cumulatively that (i) an adequacy decision has been taken by the European Commission concerning the country of destination; (ii) contractual clauses adopted by the European Commission or the supervisory authority have been signed with the recipient; (iii) the recipient adheres to an approved code of conduct or certification mechanism.

7. Users’ Rights

As a data subject, you have various rights regarding the processing of Personal Data. These are as follows:

​•​The right to ask the Company for access to Personal Data and its correction or deletion;

​•​The right to ask the Company to restrict the processing operations concerning you;

​•​The right to object to the processing of Personal Data;

​•​The right to the portability of Personal Data;

​•​The right to give instructions regarding the use of Personal Data after the User’s death; and

​•​The right to lodge a complaint with the French data protection authority (CNIL), the competent supervisory authority.

To exercise their rights or for any question on the protection of Personal Data, Users must make the request accompanied by proof of identity by letter addressed to Bitstack SAS, 100 impasse des Houillères - Le Pontet, 13590 Meyreuil, France or by email to hello@bitstack.fr.

The Company shall endeavour to respond without undue delay and at the latest within one (1) month of receipt of the request. The Company reserves the right to extend this period to three (3) months in the event of a complex request.

The Company undertakes to protect Personal Data and to comply with the applicable legal framework on data protection.

This is the reason why the Company collaborates with Users. Thus, you undertake to inform the Company if the Personal Data that Users have shared with the Company becomes obsolete or inaccurate.

In addition, in the event that you provide the Company with information that directly or indirectly identifies any other natural person (for example, Users have sent a request to the Company and share Personal Data about another natural person in the email), you represent and warrant that, prior to sharing such information with the Company, such other natural persons have received this Privacy Policy and, to the extent applicable, have consented to the processing of their data.

8. Security

The Company undertakes to take the appropriate technical and organisational measures to ensure the security and confidentiality of the Personal Data processed.

9. Cookies

You are informed that information called Cookies may be transmitted to the User's browser or device by the Service when using the Website. When you first browse the Website, a "Cookies" banner may appear and ask you to accept, refuse or configure Cookies.

The maximum retention period for Cookies is thirteen (13) months from the moment they are placed on the User's browser or device. At the end of this time period, new consent will be required.

You can accept, reject and delete some or all Cookies.

You are informed that the refusal of certain Cookies may affect the provision of the Service provided and browsing on the Website.

The Company informs you that Cookies can be configured in the browser's help menu, at the following URLs: Google; Mozilla Firefox; Safari; Edge and Opera.

The #1 Bitcoin savings app.
Product
Roundups
Card
What is Bitcoin
Security
Pricing
Bitstack
About
Learn Bitcoin
Business
Media & Press
News
Careers
Help
FAQ
Community
Contact us
Language
© 2025 Bitstack
Terms and conditions
Privacy
Legal agreements
Bitstack SAS, a company registered with the Aix-en-Provence Trade and Companies Register under number 899 125 090 and operating under the trade name Bitstack, is licenced as an agent of Xpollens — an electronic money institution authorized by the ACPR (CIB 16528 – RCS Nanterre no. 501586341, 110 Avenue de France, 75013 Paris) — with the Autorité de Contrôle Prudentiel et de Résolution (ACPR) under number 747088, and is also licensed as a Crypto-Assets Service Provider (CASP) with the French Financial Markets Authority (AMF) under number A2025-003 for the following activities: exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of orders for crypto-assets on behalf of clients, providing custody and administration of crypto-assets on behalf of clients, and providing transfer services for crypto-assets on behalf of clients, with its registered office located at 100 impasse des Houillères, 13590 Meyreuil, France.

Investing in digital assets carries a risk of partial or total loss of the invested capital.
Past performance is not indicative of future results.