Privacy Policy

Last updated: January 2025 · Applies to all MyCryptoMM users

Summary: We collect only what's necessary to run the escrow service. We don't sell your data. Public blockchain addresses are permanently public by nature.

1. Introduction

MyCryptoMM ("we", "us", or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data when you use our cryptocurrency escrow service.

2. Information We Collect

2.1 Information You Provide

Data	Purpose	Required
Username	Account identification, shown to other users in deals	Yes
Password (hashed)	Authentication — stored as bcrypt hash, never in plain text	Yes
Email address	Account recovery, OAuth linking (if provided)	No
Google / Discord OAuth ID	Third-party authentication	No (if using OAuth)
Seller payout address	Sending funds released from escrow	Yes (when releasing funds)

2.2 Automatically Collected Data

IP address (for rate limiting and security purposes)
Browser/device type (general, for compatibility)
Deal activity logs (amounts, timestamps, stages)
Session/JWT token issuance timestamps

2.3 Blockchain Data

Escrow wallet addresses generated for your deals are recorded on public blockchains. Blockchain transactions are permanent and public — once a transaction is broadcast, it cannot be removed from the chain. We store the corresponding private keys encrypted in our database solely to automate fund releases.

3. How We Use Your Information

Service operation: Processing deals, detecting payments, releasing funds
Account management: Authenticating users, managing sessions
Security: Detecting fraud, abuse, and unauthorized access
Support: Responding to disputes and support requests
Legal compliance: Meeting applicable legal obligations

4. Data Sharing

We do not sell, trade, or rent your personal data. We may share data in the following limited circumstances:

With deal counterparties: Your username is visible to the other party in a shared deal
Legal requirements: When required by law, court order, or to protect against fraud
Service providers: Infrastructure providers operating under data protection agreements

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Deal records are kept indefinitely for dispute resolution and audit purposes. If you delete your account, personal data (name, email, password hash) is removed, but deal records may be retained in anonymized form.

6. Security

We take security seriously:

Passwords are hashed with bcrypt (cost factor 12)
Private keys are stored encrypted in our database
JWT tokens expire after 7 days
Rate limiting is applied to authentication endpoints
reCAPTCHA is used on registration and deal creation forms

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your credentials.

7. Cookies & Local Storage

We use localStorage in your browser to store your authentication token. We do not use tracking cookies or advertising cookies. We do not use third-party analytics that track individual users across sites.

8. Third-Party Services

We use the following third-party services:

Google reCAPTCHA v2 — for bot protection on forms (subject to Google's Privacy Policy)
Google OAuth (optional) — for sign-in via Google account
Discord OAuth (optional) — for sign-in via Discord account
Binance API — for cryptocurrency price data (no personal data sent)
Electrum servers — for Litecoin blockchain queries (wallet addresses shared)

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and personal data
Object to certain uses of your data

To exercise these rights, contact us via our contact page or Discord server.

10. Children's Privacy

MyCryptoMM is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will remove the account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or data requests, contact us:

Discord: Join our Discord server
Contact form: contact page

This Privacy Policy was last updated January 2025.