Privacy Policy

Data We Collect

Account Data: Email address, username, encrypted password, role (buyer/vendor), account creation date, 2FA status.

Transaction Data: Purchase history, order amounts, escrow status, platform fees, vendor earnings, withdrawal requests and addresses, blockchain transaction hashes.

Usage Data: Search queries, pages visited, product views, IP address (for security purposes only), browser type, device type. Search query data is used exclusively for platform improvement and demand analysis — it is never sold or shared.

Communication Data: Support ticket content, replies, and resolution history. Email correspondence with our support team.

How We Use Your Data

• To operate and secure your account
• To process transactions and maintain accurate financial records
• To send transactional emails (purchase confirmations, escrow releases, dispute alerts)
• To detect and prevent fraud, abuse, and money laundering
• To improve Platform features based on aggregated usage patterns
• To comply with legal obligations and respond to lawful requests from authorities
• To send service announcements (not marketing) when necessary

We do not use your data for targeted advertising. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

Data Storage & Security

All data is stored on secured servers with restricted access. Passwords are hashed using bcrypt — they are never stored in plain text and cannot be retrieved even by Platform administrators.

Vendor inventory credentials (the digital assets listed for sale) are stored encrypted in our database. Transaction data is retained for a minimum of 7 years to comply with financial record-keeping obligations.

We implement industry-standard security measures including HTTPS/TLS encryption for all data in transit, regular security audits, and access controls limiting data access to authorised personnel only.

Third-Party Services

We use the following third-party services which may process limited data:

• NowPayments: Processes cryptocurrency deposits. Subject to their own privacy policy at nowpayments.io
• SMTP Provider (Namecheap/SendGrid): Delivers transactional emails. Email content is transmitted but not stored by these providers beyond their standard retention periods
• Cloudflare: Provides DDoS protection and CDN services. May log IP addresses per their privacy policy

We do not share your personal data with these providers beyond what is strictly necessary for service delivery.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your account and associated personal data (subject to legal retention requirements)
• Portability: Request your transaction history in a machine-readable format
• Objection: Object to certain types of processing
• Restriction: Request that we limit processing of your data pending a dispute

To exercise any of these rights, contact us at support@gatewaypay.online. We will respond within 30 days. Identity verification may be required before processing requests.

Cookies & Tracking

Zyvrox uses strictly necessary session cookies to maintain your login state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

No cross-site tracking is performed. We do not participate in ad networks or retargeting programs. Your browsing activity on our Platform is not shared with advertisers.

Data Retention

Account data is retained for the duration of your account plus 90 days after deletion to allow for dispute resolution on pending transactions.

Financial transaction records are retained for 7 years in compliance with financial regulations, even after account deletion.

Support ticket data is retained for 3 years. Search query logs are retained for 12 months in anonymised, aggregated form only.

Contact & Data Controller

For privacy-related enquiries, data requests, or to report a data breach, contact: