Privacy Policy

Last updated: June 2025

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address, display name, and hashed password. We never store plaintext passwords.

1.2 Payment Information

Payment processing is handled by PayPal or direct cryptocurrency transfers. We do not store credit card numbers. We record transaction IDs, amounts, and payment status for billing purposes.

1.3 Usage Data

We collect data about how you use the Service, including:

• License key verification requests (IP address, device fingerprint, timestamp)
• API call counts for rate limiting and plan enforcement
• Dashboard login sessions and audit logs

1.4 Device Information

For device fingerprinting and license enforcement, we collect hardware identifiers (hashed), operating system type, and IP addresses of machines running protected software.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To process payments and manage subscriptions
• To enforce license terms and prevent unauthorized use
• To send transactional emails (welcome, payment receipts, OTP codes)
• To respond to support tickets and inquiries
• To detect and prevent fraud or abuse

3. What We Do NOT Collect

We do not access, read, store, or transmit the source code of your protected software. The BoltHash CLI processes files locally on your machine. Only integrity hashes and license metadata are communicated to our servers.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties except:

• Payment processors (PayPal) to complete transactions
• As required by law or valid legal process
• To protect the rights, property, or safety of BoltHash, our users, or the public

5. Data Security

We implement industry-standard security measures including:

• Passwords hashed with bcrypt (12 rounds)
• HTTPS/TLS encryption for all data in transit
• JWT-based stateless authentication
• Rate limiting on all API endpoints
• Audit logging of administrative actions

6. Data Retention

We retain your account data as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records for tax compliance).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent for marketing communications

8. Cookies

We use minimal cookies and localStorage for session management and language preferences. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the website.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at service@boltopen.com.