Privacy Policy

Last updated: 1 December 2025

Byte Gift Cards AG ("Byte", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Services"). We are incorporated in Zug, Switzerland, and operate under Swiss data protection law, including the Swiss Federal Act on Data Protection (FADP) and, where applicable, the European Union General Data Protection Regulation (GDPR).

Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Legal Basis for Processing
  4. 4. Data Sharing and Disclosure
  5. 5. International Data Transfers
  6. 6. Data Retention
  7. 7. Data Security
  8. 8. Your Rights
  9. 9. Cookies and Tracking
  10. 10. Children's Privacy
  11. 11. Changes to This Policy
  12. 12. Contact Us

1. Information We Collect

1.1 Information You Provide

When you create an account, make a purchase, or contact us, you may provide:

  • Account Information: Email address, name, and password credentials
  • Transaction Information: Gift card selections, purchase amounts, recipient details for gift deliveries, and cryptocurrency wallet addresses used for payments
  • Verification Information: Where required by law or our risk assessment, government-issued identification documents, proof of address, and related verification data
  • Communications: Messages you send to our support team, feedback, and survey responses

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Usage Information: Pages visited, features used, time spent on pages, and interaction patterns
  • Network Information: IP address, approximate geographic location (country/region level), and internet service provider
  • Transaction Metadata: Timestamps, transaction status, and blockchain network information (public blockchain data only)

1.3 Information from Third Parties

We may receive information from:

  • Identity Verification Providers: Results of verification checks where you have consented to such verification
  • Blockchain Networks: Publicly available transaction data from cryptocurrency networks
  • Business Partners: Information from gift card brand partners necessary to fulfil your orders

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

  • Processing your gift card purchases and delivering codes
  • Managing your account and authentication
  • Sending transaction confirmations and receipts
  • Delivering gift notifications to recipients on your behalf
  • Providing customer support and responding to inquiries

2.2 Legal and Compliance

  • Complying with anti-money laundering (AML) and know-your-customer (KYC) requirements
  • Detecting, preventing, and investigating fraud, abuse, and security incidents
  • Meeting tax reporting and regulatory obligations
  • Responding to lawful requests from authorities

2.3 Service Improvement

  • Analysing usage patterns to improve our Services
  • Developing new features and products
  • Conducting research and analytics
  • Testing and troubleshooting

2.4 Communications

  • Sending service-related announcements and updates
  • Marketing communications (only with your consent, and you may opt out at any time)
  • Responding to your comments, questions, and requests

4. Data Sharing and Disclosure

We are committed to minimising data sharing. We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who assist us in operating our Services, including payment processing, identity verification, email delivery, and infrastructure hosting. These providers are contractually bound to use your information only for the purposes we specify and to maintain appropriate security measures.

4.2 Gift Card Partners

When you purchase a gift card, we share the minimum information necessary with the relevant brand partner to fulfil your order. This typically includes order identifiers and denomination information, but not your personal contact details unless required for card activation.

4.3 Legal Requirements

We may disclose your information when required by law, regulation, legal process, or governmental request. We may also disclose information to protect the rights, property, or safety of Byte, our users, or others, and to detect, prevent, or address fraud, security, or technical issues.

4.4 Business Transfers

In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. International Data Transfers

Byte is headquartered in Switzerland. Your information may be transferred to and processed in countries other than your country of residence, including Switzerland and countries within the European Economic Area (EEA).

Switzerland has been recognised by the European Commission as providing an adequate level of data protection. For transfers to other countries, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding corporate rules where applicable
  • Your explicit consent where appropriate

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

Retention periods vary based on the type of data:

  • Account Information: Retained while your account is active and for up to 3 years after account closure
  • Transaction Records: Retained for 10 years to comply with Swiss financial regulations and AML requirements
  • Verification Documents: Retained for 10 years after the business relationship ends, as required by Swiss AML law
  • Support Communications: Retained for 3 years from the date of communication
  • Usage and Analytics Data: Retained in identifiable form for up to 2 years, then anonymised or deleted

When retention periods expire, we securely delete or anonymise your data. Anonymised data may be retained indefinitely for statistical and analytical purposes.

7. Data Security

We implement comprehensive technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
  • Access Controls: Strict role-based access controls limiting data access to authorised personnel only
  • Infrastructure Security: Enterprise-grade hosting infrastructure with ISO 27001 certification
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Regular Audits: Annual third-party security audits and penetration testing
  • Employee Training: Regular security awareness training for all staff
  • Incident Response: Documented incident response procedures with notification protocols

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to use strong, unique passwords and enable any available security features on your account.

8. Your Rights

Under Swiss and EU data protection law, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
  • Right to Erasure: You may request deletion of your personal data in certain circumstances, subject to legal retention requirements.
  • Right to Restriction: You may request that we restrict processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.

To exercise these rights, please contact us at privacy@bytegiftcards.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. Cookies and Tracking

We use cookies and similar technologies to operate our Services, remember your preferences, and understand how you use our platform.

9.1 Types of Cookies We Use

  • Essential Cookies: Required for the operation of our Services, including authentication and security. These cannot be disabled.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.
  • Analytics Cookies: Help us understand how visitors interact with our Services so we can improve them.

9.2 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our Services.

We do not use third-party advertising cookies or engage in cross-site tracking. We do not sell data collected through cookies to third parties.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@bytegiftcards.com. If we learn that we have collected personal data from a child, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you by email (if you have an account) or through a prominent notice on our Services
  • Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Byte Gift Cards AG

Data Protection Officer
Dammstrasse 16
6300 Zug
Switzerland

Email: privacy@bytegiftcards.com

Supervisory Authority

You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are located in the EU, your local data protection authority. The FDPIC can be contacted at: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, 3003 Bern, Switzerland.