Privacy Policy

At BRIJ, a U.S.-based company, we are committed to protecting your privacy and empowering you with control over your data through our user-sovereign model. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services, website (brij.fi), APIs, or related tools (collectively, the "Services"). It also outlines your rights under the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR) (where applicable), and other relevant laws.

1. Who We Are

BRIJ is an API-first on-ramp aggregator facilitating fiat-to-crypto conversions (e.g., USD to SOL or USDC) within the Solana ecosystem. As a data controller, BRIJ collects and processes sensitive personal data to provide the Services. We are headquartered at [123 Main St, Wilmington, DE, USA].

2. Data We Collect

All data collected by BRIJ is considered sensitive due to its use in fraud detection and transaction facilitation. We collect:

User-Provided Data

Information you provide, such as email address, transaction details (e.g., amount, Solana wallet address).

Transaction Metadata

Data generated during fiat-to-crypto conversions, such as logs, timestamps, and wallet addresses.

Technical Data

Information collected automatically, such as IP address, device information, and usage data, to improve the Services and prevent fraud.

Third-Party On-Ramp Providers

When you use a third-party on-ramp provider (e.g., MoonPay, Ramp) for payments or KYC verifications, they collect additional sensitive data (e.g., name, ID documents, payment details) under their own Terms of Use and Privacy Policies, with your explicit consent.

3. How We Use Your Data

We use your sensitive personal information for:

Service Delivery: To facilitate fiat-to-crypto conversions and integrate with Solana-based applications (e.g., dApps, wallets).
Fraud Prevention: To monitor transactions and detect suspicious activities (e.g., using email and metadata to identify fraud patterns), in coordination with on-ramp providers.
Support: To handle disputes, refunds, or user inquiries.
Compliance: To comply with applicable laws, including the CCPA and, where applicable, GDPR.
Analytics: To improve the Services through anonymized data analysis.

4. Data Storage and Security

Security Measures

We use industry-standard encryption and security protocols. You are responsible for safeguarding your private key.

Access Control

Data is shared with third-party providers only with your explicit consent, in read-only mode, during transactions.

5. Data Retention

As a non-VASP, BRIJ is not subject to mandatory retention periods under the U.S. Bank Secrecy Act (BSA). However, due to the sensitive nature of all data (including email) for fraud detection, we retain:

All Data (Email, Transaction Metadata)

Retained for up to 5 years to support fraud prevention and coordination with on-ramp providers, then deleted or anonymized.

Third-Party Data

KYC and payment data collected by on-ramp providers are retained for 5 years under their Terms of Use, per BSA requirements. BRIJ does not control these data.

You may revoke your private key to prevent further access, achieving logical deletion. After 5 years, data is deleted using secure methods (e.g., file erasure) or anonymized for analytics.

6. Data Sharing

With On-Ramp Providers

With your explicit consent, we share sensitive data (e.g., email, transaction details) in read-only mode for payment processing, KYC verification, and fraud detection. Providers act as separate data controllers under their own policies.

With Service Providers

We may share data with trusted vendors (e.g., cloud providers) acting as data processors, under strict agreements.

Legal Obligations

We may disclose data if required by law (e.g., court orders) or to prevent fraud.

7. Your Rights

Depending on your location, you have the following rights:

CCPA (California Residents)

Right to Know: Request details about the data we collect and its use.
Right to Delete: Request deletion, subject to exceptions (e.g., fraud prevention for up to 5 years).
Right to Opt-Out: Opt out of data sharing (BRIJ does not sell data).
Right to Non-Discrimination: No retaliation for exercising rights.

GDPR (EU Residents)

Access, Rectification, Deletion: Request access, correction, or deletion, subject to fraud prevention needs.
Restriction, Objection, Portability: Restrict processing, object to certain uses, or request data in a structured format.
Withdraw Consent: Withdraw consent at any time, though we may retain data for legal reasons (e.g., fraud detection).
Lodge a Complaint: Contact the Polish UODO or your local data protection authority (see https://edpb.europa.eu/about-edpb/about-edpb/members_en).

Other Jurisdictions

Similar rights may apply (e.g., Colorado, Connecticut, Utah, Virginia). Contact privacy@brij.fi for details.

How to Exercise Rights

Submit requests via privacy@brij.fi or revoke your private key to block access. For provider-controlled data, contact them directly.

8. International Data Transfers

For users outside the U.S. (e.g., EEA), data may be transferred to the U.S. We use safeguards (e.g., encryption, standard contractual clauses) to comply with GDPR, where applicable.

9. Cookies and Tracking

If we use cookies or tracking technologies (e.g., for analytics), we will request your consent (except for essential cookies). Manage preferences via your browser or contact privacy@brij.fi. We respect Do-Not-Track (DNT) signals to enhance privacy.

10. Third-Party Links

The Services may link to third-party websites (e.g., on-ramp providers). BRIJ is not responsible for their privacy practices. Review their policies before sharing data.

11. Changes to This Policy

We may update this Privacy Policy, with changes posted on brij.fi. Significant changes will be notified via email or a prominent notice on our Services.

BRIJ Privacy Policy