BFM Company Limited (hereinafter also – "BFM", "we", "us", "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you interact with: (i) our website available at bitcoinist.app (the "Website"), which provides a link to download our applications for iOS/iPadOS/tvOS; (ii) our mobile applications branded as Bitcoinist (the "App"); and/or (iii) our communications channels (including support requests, feedback, surveys, and other interactions you initiate) (the "Voluntary Provision of Data"). This Policy also describes your rights and choices and the safeguards we apply when handling personal data. If you do not agree with this Policy, you should discontinue use of the Website and the App.
BFM Company Limited ("BFM", "we", "us", "our") is a company incorporated in Ras Al Khaimah, United Arab Emirates, and registered with RAK Digital Assets Oasis (RAK DAO). For the purposes of applicable data protection laws, BFM acts as the controller (or equivalent concept) of the personal data described in this Privacy Policy, unless stated otherwise.
Privacy contact: privacy@bitcoinist.app
This Privacy Policy aims to give you information on how BFM collects and processes personal data through your use of the Website and/or the App and/or Voluntary Provision of Data, including any data you provide directly, data we collect automatically when you use the Website or App, and data we may obtain from third parties that help us operate, secure, measure, and improve our services (for example, analytics and crash reporting providers). This Policy should be read together with any specific notices we may provide at or before the time of collection (for example, in-app notices, consent prompts, or device permission dialogs). Where we provide a separate notice for a specific processing activity, that notice will supplement this Policy.
This version was last updated on the date indicated above. We may update this Privacy Policy from time to time to reflect changes in our practices, the App, technology, or legal requirements. The updated version will be indicated by updating the "Last updated" date. If we make material changes, we may notify you by posting the updated Privacy Policy on the Website and/or within the App, or by other reasonable means. Where you provide information to us (for example, by contacting support), you should ensure the information you provide is accurate and up to date.
"Personal data" means any information about an individual by which that individual can be identified directly or indirectly. It does not include data that has been anonymized so it can no longer be associated with you. We may collect, use, store, and transfer different kinds of personal data grouped as follows.
When you contact us, request support, send feedback, respond to surveys, subscribe to communications, or otherwise communicate with us, you may provide personal data such as your email address, any name or identifier you choose to provide, the contents of your message, and any attachments you send (for example, screenshots). You control what you share. We recommend you do not include sensitive personal data in communications unless it is strictly necessary to address your request.
When you use the App (and, to a limited extent, the Website), we may automatically collect technical and usage information about your device and how you interact with our services. This typically includes device model, operating system version, language and time zone settings, app version/build, app instance identifiers, IP address and user agent (generally in logs), timestamps, session information, feature interactions (such as screens viewed and buttons tapped), and similar telemetry. We may also collect crash reports, error logs, and performance metrics to diagnose issues, maintain stability, prevent abuse, and improve the App. Where location-related information is processed, it is generally limited to approximate location inferred from IP address (e.g., city/country level) or other coarse signals used for security, performance, and localization.
If the App provides push notifications and you choose to enable them, we may process a device token and related delivery metadata required to send notifications via Apple Push Notification service (APNs). You can disable notifications at any time through your device settings. If you disable notifications, we stop sending them to your device; we may retain limited records necessary to maintain system integrity and suppress further deliveries.
We may use third-party tools and SDKs to help operate, secure, and improve the Website and App. These may include analytics and measurement tools (for example, Google Firebase Analytics) and diagnostics/crash reporting tools (for example, Firebase Crashlytics), as well as infrastructure providers (hosting, content delivery, security services) and customer support systems. Depending on configuration, these providers may collect or receive technical and usage information such as device identifiers, app events, crash traces, performance data, and basic interaction data. Where such providers act as our processors/service providers, they process personal data on our behalf under contractual obligations, only for the purposes we specify, and subject to appropriate safeguards.
We use personal data only where permitted by applicable law. In practice, we use personal data to: (i) provide and operate the Website and App, including making features available, maintaining performance, and ensuring compatibility; (ii) administer and improve the App through analytics, testing, debugging, troubleshooting, research, and product development; (iii) manage safety, security, and integrity, including preventing abuse, detecting suspicious activity, maintaining logs, and protecting our users and infrastructure; (iv) provide customer support and communicate with you about your requests; (v) send marketing communications where you have provided permission (or where otherwise permitted under applicable law), including product announcements, updates, and promotions; and (vi) comply with applicable legal obligations and respond to lawful requests, enforce our policies, and protect rights, property, and safety.
Where GDPR/UK GDPR or similar laws apply, we rely on one or more lawful bases depending on the context: performance of a contract (to provide the App/Website features you request), legitimate interests (to operate, secure, and improve our services; prevent abuse; measure performance and reliability), consent (for example, where required for certain marketing communications or where applicable for analytics configurations), and/or legal obligation (to comply with applicable laws and lawful requests). Where processing is based on consent, you may withdraw your consent at any time (see Section 14).
If you allow us (for example, by opting in, enabling a setting, or otherwise providing permission), we may use your contact information to send you marketing communications such as product updates, feature announcements, and promotional offers. Marketing communications are optional. You may opt out at any time by using the unsubscribe mechanism included in the message (where provided) or by contacting us at privacy@bitcoinist.app. Opting out of marketing does not affect essential operational communications (for example, security notices, transactional messages you request, or material policy updates).
We may share personal data with: (i) service providers that help us deliver, maintain, measure, and secure the Website/App (analytics, crash reporting, infrastructure, customer support, security), who are authorized to process data only on our instructions and for specified purposes; (ii) affiliates within our corporate group where necessary for internal administration, security, and continuity, subject to appropriate safeguards; (iii) professional advisers (lawyers, auditors, insurers, consultants) where necessary for legitimate business purposes; (iv) authorities and third parties where disclosure is required by law, regulation, legal process, or lawful governmental request, or where necessary to enforce our rights, investigate wrongdoing, or protect safety; and (v) business transfer parties if we sell, merge, reorganize, or transfer assets, in which case personal data may be transferred as part of that transaction subject to appropriate protections.
We do not sell personal data.
The App may use permissions and platform controls provided by Apple (for example, notifications). If we ever implement functionality that requires "tracking" as defined by Apple (for example, accessing the advertising identifier or linking data collected across apps/websites for advertising purposes), we will do so only in accordance with applicable law and platform requirements, including presenting the AppTrackingTransparency prompt where required. You can control permissions and privacy choices through your device settings and applicable in-app settings (where available).
Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including where our service providers operate. These jurisdictions may have different data protection laws. Where required by law, we use appropriate safeguards designed to protect personal data, which may include contractual protections (such as standard contractual clauses or equivalent measures), vendor due diligence, and technical and organizational security controls.
We implement appropriate technical and organizational measures designed to protect personal data against accidental loss, unauthorized access, alteration, and disclosure. These measures may include access controls, least-privilege practices, encryption in transit where applicable, logging and monitoring, secure development practices, and incident response procedures. However, no method of transmission or storage is completely secure; therefore, while we strive to protect your personal data, we cannot guarantee absolute security.
We retain personal data only for as long as necessary to achieve the purposes described in this Policy, unless a longer retention period is required or permitted by law. Retention periods depend on the nature of the data and the purpose of processing. For example, support communications may be retained for as long as needed to resolve the issue and for a reasonable follow-up period; diagnostics and crash data may be retained for limited periods appropriate for troubleshooting and product improvement; and security-related logs may be retained for periods necessary to protect the App and users, investigate incidents, and meet legal requirements. When personal data is no longer needed, we delete it, anonymize it, or securely store it until deletion is feasible.
Depending on your jurisdiction, you may have rights regarding your personal data, such as the right to request access, correction, deletion/erasure, restriction, objection, portability, and the right to withdraw consent where processing is based on consent. You may exercise your rights by contacting privacy@bitcoinist.app. We may request information necessary to verify your identity and to understand and process your request. Where required by law, we will respond within applicable legal timeframes. If you are located in certain jurisdictions, you may also have the right to lodge a complaint with your local supervisory authority.
The Website and App may include links to third-party websites and services (including the Apple App Store). Third parties may collect data about you in accordance with their own policies. We do not control and are not responsible for third-party privacy practices. You should review the privacy policies of any third-party services you use.
The Website is primarily a download/link page. If we use cookies or similar technologies on the Website (for example, for essential functionality, security, or limited analytics), these technologies may collect information such as IP address, browser type, device identifiers, and interaction events. Where required by applicable law, we will provide a cookie notice and consent mechanism for non-essential cookies. You can manage cookies through your browser settings; however, disabling cookies may affect how the Website functions.
Mobile apps typically do not use browser cookies, but they may use SDKs, device identifiers, and similar technologies to collect usage and diagnostics data (for example, via Firebase Analytics and Crashlytics). Where required, we provide appropriate consent mechanisms and respect your choices. You may also be able to limit certain data collection through your device settings and platform controls, subject to how the App is designed and the lawful bases applicable.
The Website and App are not intended for children under the age where parental consent is required under applicable law. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at privacy@bitcoinist.app and we will take appropriate steps consistent with applicable law.
If you have questions, comments, or requests regarding this Privacy Policy or our processing of personal data, contact: privacy@bitcoinist.app.