Legal

Data Processing Addendum

Last updated: April 1, 2026

This Data Processing Addendum, or DPA, forms part of the agreement between KryptoPay and the customer using KryptoPay services.

Roles and duration

To the extent KryptoPay processes personal data on behalf of the customer, the customer acts as the controller and KryptoPay acts as the processor, unless applicable law requires otherwise.

KryptoPay will process personal data as necessary to provide the services under the applicable agreement for the duration of that agreement, unless longer retention is required by law or necessary for security, fraud prevention, dispute resolution, or financial recordkeeping.

Nature of processing

Processing may include collection, storage, organization, retrieval, transmission, analysis, security monitoring, and deletion of personal data as necessary to provide payment infrastructure, merchant dashboards, APIs, SDK support, monitoring, and related business operations.

Data subjects and data types

  • Data subjects may include customer personnel, merchant users, and end users or payers where personal data is included in transaction flows or support records.
  • Types of personal data may include names, email addresses, account identifiers, IP addresses, device and usage data, wallet addresses where treated as personal data under applicable law, transaction metadata, and support communications.

Operational commitments

  • KryptoPay will process personal data only on documented instructions from the customer, unless required to do otherwise by applicable law.
  • Personnel authorized to process personal data are subject to appropriate confidentiality obligations.
  • KryptoPay will implement appropriate technical and organizational measures designed to protect personal data.
  • Customers authorize KryptoPay to use subprocessors to provide the services, and KryptoPay will impose appropriate obligations on those subprocessors where required by law.

Assistance, transfers, and deletion

Taking into account the nature of processing, KryptoPay will provide reasonable assistance with data subject requests, security obligations, breach response requirements, and data protection impact assessments where required and appropriate.

Where personal data is transferred internationally, KryptoPay will implement appropriate safeguards where required by applicable law. At the end of the services, KryptoPay will delete or return personal data as required by applicable law and the parties' agreement, except where retention is required by law or necessary for legitimate security, audit, dispute resolution, or financial recordkeeping purposes.

More legal pages

Privacy PolicyTerms of ServiceCookie NoticeAcceptable Use PolicySecurity & ReliabilitySubprocessorsBilling and RefundsRestricted Use Policy