Privacy Policy

Last updated: June 7, 2026

Bitsy is an independent service operated from Hawaiʻi, USA. This policy explains what information Bitsy collects when you use bitsy.bio, why, and the choices you have. Questions or requests: privacy@bitsy.bio.

The short version

• Bitsy is non-custodial: it never holds your private keys or your funds, and only displays the public receiving addresses you choose to share.
• We do not sell your data and run no third-party advertising trackers.
• Our visit analytics never store raw IP addresses, only one-way hashes.
• You can export or delete your data at any time.

Information we collect

Account information

When you create an account we store your email address and a securely hashed version of your password (using bcrypt). We never store your password in readable form.

Profile content you choose to publish

Your Bitsy profile is public by design. Anything you add to it is intended to be seen by visitors, including: your username, display name, bio, avatar and cover images, an optional public contact email, website, location text, social links, and the crypto assets and public receiving addresses you choose to list. Only add addresses you are comfortable sharing publicly.

Visit and interaction analytics

When someone views a public profile, Bitsy records first-party analytics to give the profile owner basic statistics. For each event we may store:

• A one-way hash derived from the visitor’s IP address (SHA-256). We do not store the raw IP address.
• A one-way visitor hash derived from the IP address and browser user-agent, used to estimate unique visitors.
• The referring URL and its domain, where your browser provides one.
• An approximate country, determined on our own server using a locally stored MaxMind GeoLite2 database. Your IP address is not sent to any third-party geolocation service.
• The type of interaction (for example: profile view, address copy, QR open, or link click) and the time it occurred.

Cookies

Bitsy uses a single essential session cookie to keep you logged in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies.

How we use this information

• To operate your account and display your profile.
• To provide profile owners with aggregate visit and interaction statistics.
• To send account-related email (verification, password and email-change confirmations, and account-recovery messages).
• To secure the service (for example, rate limiting to deter brute-force and abuse).

QR codes and wallet addresses

QR codes for your receiving addresses are generated on our own server. Your addresses are not sent to any third-party QR service. Because your profile is public, the addresses you list and their QR codes are visible to anyone who has your profile link.

Sharing and third parties

We do not sell, rent, or trade your personal information. We rely on a small number of service providers to run Bitsy:

• FastComet: hosting and infrastructure, including the relay used to deliver our outgoing email. Your data is hosted on FastComet’s servers.
• MaxMind GeoLite2: a country-lookup database stored locally on our server. No visitor data is transmitted to MaxMind during a lookup.

We may also disclose information if required by law, or to protect the rights, safety, and security of Bitsy and its users.

Email authentication

Our outgoing email is authenticated with SPF, DKIM, and DMARC so that you can trust a message claiming to be from Bitsy actually is.

How long we keep it

• Analytics (views, copies, and interaction events) are automatically deleted after 365 days.
• Account and profile data are kept while your account exists and are removed when you delete your account.
• Unverified accounts are automatically removed if the email address is not verified within the verification window shown at sign-up.

Your choices and rights

• Access & export: you can export your data from within your account.
• Correct: you can edit your profile and account details at any time.
• Delete: you can delete your account from Settings, which removes your associated data.

Depending on where you live (for example, the EEA, the UK, or California), you may have additional rights over your personal information. To make a request, email privacy@bitsy.bio.

Security

Connections to Bitsy are protected with TLS encryption. Passwords are hashed with bcrypt, analytics identifiers are hashed, and the service is hardened against common web attacks including injection, cross-site scripting, and cross-site request forgery. No method of storage or transmission is perfectly secure, but we work to protect your information using layered defenses.

Children

Bitsy is not intended for anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@bitsy.bio and we will remove it.

International users

Bitsy is operated from the United States and your information is processed and stored there. By using Bitsy you understand your information will be handled in the United States.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above. Significant changes may be communicated through the service.

Contact

Questions about this policy or your data: privacy@bitsy.bio.