Privacy policy

Last Update: April 21, 2022

OpenNode, Inc. (“Company”, “we,” “us,” or “our”), provides multi-layered Bitcoin and Lightning Network payment processing solutions through our web-based platform, mobile applications, and technical interfaces. This Privacy Policy is designed to help you understand how we collect, use, process, and share personal information, and to help you understand and exercise your privacy rights.

This Privacy Policy applies to any/all personal information processed by us, including through our web-based platform, mobile applications, and technical interfaces. To make this Privacy Policy easier to read, our web-based platform, mobile applications, and technical interfaces are collectively called the “Services.”

The following provides examples of the type of information we collect and how that information is handled.

Context	Types of Data	Primary Purpose for Collection and Use of Data
Account Creation	We collect your name, email address, company name, date of birth, phone number, and country/home currency when you create an account.	We have a legitimate interest in providing account related functionality to users. Accounts can be used to receive payments, send payments, convert funds, initiate bank and bitcoin transfers, define account settings, and view/download transaction history.
Cookies and First Party tracking	We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. Our cookies collect your web browser type, server, IP address, language preference, referring site, and the time of each visit.	We have a legitimate interest in making our web-based platform operate optimally.
Cookies and Third Party Tracking	We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. Third party cookies collect your email address, IP address, country code, technical data, website errors, and your actions on our site.	We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics.
Email Interconnectivity	If you receive email from us, we may use certain tools to capture data related to your interaction with our messages.	We have a legitimate interest in understanding how you interact with our communications to you.
Feedback/Support	If you provide us feedback or contact us for support we collect your name and e-mail address, as well as any other content that you send to us, in order to reply.	We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Mailing List	When you sign up for one of our mailing lists we collect your email address.	We share our newsletter, as well as information about our products and services with individuals who consent to receive such information. We also have a legitimate interest in sharing information about our products and services.
Payment Data	When you initiate a payment request or payout, we collect information to confirm and process it. This may include: transaction ID, payment method, the payment value in fiat currency and bitcoin, the price, the choice of fiat currency used, time stamps, and business information. This information may be shared with our regulated bank/exchange partners to facilitate the transaction.	We require this information in order to perform our contract with you.
KYC/KYB, Bank Verification, and Account Activity	In order to activate your account, we need to collect information to verify your identity. This may include images of your face and identification documents, identity verification information from other sources including third-parties, as well as bank account information. We may also collect your email address and mobile phone number from third-parties if you initiate or receive a transaction. We also collect information relating to the actions that you perform while logged into your account.	We have a legitimate interest in the prevention, detection, and investigation of fraud, money laundering, criminal activity, and other misuse of our services. We may also have a legal obligation to collect this information or validate your identity for compliance with Anti-Money Laundering and other finance laws in the jurisdictions where we operate. We have a legitimate interest in confirming that you are an active OpenNode account holder, that you have enabled payments and transfers, and to notify you when funds have been sent and received. We also have a legitimate interest in creating a trustworthy, safe, and reliable platform.
Web logs	We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.	We have a legitimate interest in monitoring our networks and the visitors to our platform. Among other things, it helps us understand how users are interacting with capabilities.
User Data	User personal information, company information, phone number, country, ID, and proof of address.	Compliance with international regulatory laws for payment processing services. While collecting this information, we are GDPR and CCPA compliant. All data is encrypted by bank level security in private secured servers. General international data protection information followed by OpenNode can be found here: GDPR, and in Section 7 entitled “Information for California Residents,” for the CCPA

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, we may supplement our identity verification by comparing your information against a third-party database.

Use And Processing Of Information.

In addition to the purposes and uses described above, we use information in the following ways:

To identify you when you use our Services.
To provide our Services, including processing your transactions, or sending notices to you about your transactions.
To improve our Services.
To streamline the transaction process.
To conduct analytics and improve your experience on our Services
To respond to inquiries related to support or other requests.
To send marketing and promotional materials, including information relating to our Services.
To enforce our agreements with third parties, to resolve disputes, collect fees, and troubleshoot problems.
For quality control and staff training.
For internal administrative purposes, as well as to manage our relationships.
To comply with our legal obligations.
To enhance our security, to monitor and verify identity or service access, to combat spam or other malware or security risks, or to investigate potential violations of the law or our posted terms of use.

Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you complete a transaction we will collect your information to perform our contract with you, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your transaction. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.

We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, and as described below:

Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
Blockchain. When a digital currency or digital asset transfer is completed, the transaction may be recorded on a public block chain which constitutes a publicly distributed ledger. Because block chain are decentralized networks that are beyond the control of OpenNode or its affiliates, we are unable to modify or erase these transactions once recorded.
Third Parties. We may share your personal information with business or third-party partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
Other Disclosures with Your Consent. You may request that we validate your status as an OpenNode customer with a third party, and we will do so. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.
Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our digital Services are used and to continually improve and personalize our Services. Some of our analytics partners include:
- Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other data), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
- LinkedIn Analytics. For more information about how LinkedIn uses your personal information, please visit LinkedIn Analytics’ Privacy Policy. To learn more about how to opt-out of LinkedIn’s use of your information, please click here.

Social Media. Our Services may contain social media buttons, such as Facebook, Twitter, LinkedIn, Twitter. These features may collect personal information such as your IP address and which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.
Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the provision of services by a third party.
APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.
Service Providers. We may share your information with service providers. Among other things service providers may help us to administer our website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of transactions.

Your Choices.

You can make the following choices regarding your personal information:

Access To Your Personal Information. You may request access to your personal information by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you.
Changes To Your Personal Information. We rely on you to update and correct your personal information. Most of our websites allow you to modify or delete your account profile. Note that we may keep historical information in our backup files as permitted by law. If our website does not permit you to update or correct certain information, contact us at the address described below.
Deletion Of Your Personal Information. Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When required, we delete your personal information consistent with our deletion and retention policies. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us using the information provided below, in the “Contact Us” section. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us at the address described below. For example, California residents may be entitled to object, or opt-out, of having their information sold to third parties.
Automated Decision-Making. We may use automated decision-making to decide whether we can provide services to you based on automated identity verification. If you wish to have a human review the decision or otherwise object, you may do so by contacting us at the address described below.
Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include "Do Not Track" instructions.
Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
Revocation Of Consent. If you revoke your consent for the processing of personal information then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.

Data Protection

We believe in the utmost care and security of our user data. We use best in class security practices and partner with Compliance partners that physically and programmatically encrypt all user data, within reasonable industry standards. Our data systems are constantly audited to ensure up to date security standards and prevent data leaks. While no data transmission system is entirely secure, we will notify all relevant regulatory and enforcement agencies of any data breach that is required under applicable law.

Data Retention We do not store any personal data longer than is necessary for payment processing purposes. Our retention policy is to utilize minimal data as needed for processing before deletion in accordance to all regulatory and applicable laws regarding retention periods.

User Protections Under the GDPR, CCPA, and other relevant data implementation acts, users have statutory rights to their personal data. Every user should be well informed of their protection; you can find more information about the GDPR here and the CCPA, in Section 7 entitled “Information for California Residents.” Please understand that these rights are not absolute and may be subject to change or certain conditions.

Key user protections are as follows:

Right to erasure - You have the right to request erasure of your personal data
Right to restriction - You have the right to request restrictions of processing your personal data
Right of access - You have the right to request access to your personal data
Right of recertification - You have the right to request we recertify the information we have about you
Right to object - You have the right to object to the processing of your personal data. Under most circumstances we will have a compelling legal reason for the continuation of processing of your data. But for personal data in regards to profiling, marketing, etc, your requests will always be honored

If you wish to utilize any of the aforementioned rights in the regulatory links or stated in this document, please feel free to connect with us at support@opennode.com

How We Protect Personal Information

No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

Some of our websites permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

Information for California Residents

For purposes of the CCPA, we do not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age. We may, however, share information with third-party advertising partners for the purpose of promoting our Services as described above, such as for cross-context behavioral advertising. To the extent that such sharing is considered a “sale” under California law, you may limit such sharing by following the instructions found in Section 5 above, entitled “Data Protection.”

This supplemental notice for California Residents only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information we have collected about them, and whether we disclose that personal information for a business (e.g., to a service provider) in the preceding twelve months. California Residents can find this information below:

Category of Personal Information	Is information collected by us?	Is information transferred for business purposes?
Audio, electronic, visual, thermal, olfactory, or similar information	✔	✔
Bank account number	✔	✔
Characteristics of protected classifications (e.g., age, sex, race, ethnicity, physical or mental handicap, etc.)	✔	✔
Commercial information (e.g., products or services purchased, or other purchasing or consuming histories or tendencies)	✔	✔
Driver’s License Number / State ID	✔	✔
Electronic network activity (e.g., browsing history)	✔	✔
Email address	✔	✔
Employment	✔	✔
Employment history
Geolocation data
Identifiers (e.g., name or alias)	✔	✔
Online identifier (e.g. IP address)	✔	✔
Other financial information	✔	✔
Passport Number	✔	✔
Physical Characteristics	✔	✔
Postal address	✔	✔
Signature	✔	✔
Social Security Number	✔	✔
Telephone Number	✔	✔
Transaction information	✔	✔
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent and contact us as set forth in Section 5, above, entitled “Data Protection.”

Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in Section 5, above, entitled “Data Protection.” We will process such requests in accordance with applicable laws.

De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.

Miscellaneous

The following additional information relates to our privacy practices:

Transmission Of Information To Other Countries. As we are an American company, your information will be transferred out of the European Economic Area. By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. Where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intent to license or sell that personal information. You can exercise this right by contacting us at compliance@opennode.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us at compliance@opennode.com.
Third Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own.
Changes To This Privacy Policy. We may change our privacy policy and practices over time. To the extent that our policy changes in a material way, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy policy.

Contact Information. If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

compliance@opennode.com

5700 Wilshire Blvd, Suite 460, Los Angeles 90036

+1 (818) 497-5574

If you are not satisfied with our response, you may have a right to lodge a complaint with your local supervisory authority.