Coinbase Commerce Privacy Policy
Last updated: December 3, 2024
Coinbase Commerce is a service that facilitates the acceptance of cryptocurrencies as payment for goods and services provided by Coinbase Bermuda Technologies Limited (“Coinbase Commerce”, “we”, “us”, or “our”). We respect and protect the privacy of those who explore our Services (“Users”) and Users who sign up for and access our Services (“Customers”) (together referred to as “you” and “your”).
This Privacy Policy (the “Policy”) explains how we collect, use, and share personal information when you explore, sign up for or access our “Services”, which include the services offered on our website at https://commerce.coinbase.com, the Coinbase Commerce service or any Coinbase Commerce application programming interface (“API”) or third party applications relying on such API, or any other websites, pages, features, or content related to the Coinbase Commerce service.
If you reside outside of the UK and the European Economic Area (the “EEA”), accessing and using our Services means that you accept this Policy and its terms.
This Policy does not apply to any processing which Coinbase Commerce carries out as a processor on behalf of Customers. Coinbase Commerce does not have a direct relationship with Customers’ End Users. A “Customer End User” is an individual that provides their personal information to Customers. We may ask Customers’ End Users to provide us with feedback on the Services. Please note that we do not control websites, applications, or services operated by third parties, and we are not responsible for their actions. We encourage you to review the privacy policies of the other websites and services you use to access or interact with our Services.
1. INFORMATION WE COLLECT
We collect the following personal information when providing the Services:
Information you provide
Account Information:
Name
Email
Secure Password
State (asked based on IP address region)
Products and Services Data: Information submitted by you when you create each payment button or donation button, which may include your product or service name, price and description.
Wallet Information:
Your public wallet address.
When you use our Web3 browser, self-custody, or multi-coin crypto wallet, and connect it to your Coinbase Wallet account, we collect your public wallet address and information related to integrations that you select.
Transaction Information:
Any records, histories, or metadata for the transactions you conduct on the applicable blockchain
Any personal information you choose to request from your customers as part of the transaction
The public keys associated with your private keys
Additional information you submit to us:
Communications: Survey responses, feedback, reviews, information (including call recordings) provided to our customer support or research
Automatically collected information
Metrics and Performance Data:
Service-related, diagnostic, and performance information.
This includes high level information about your activity (such as how you use our Services and how you interact with others using our Services), and diagnostic, crash, website, and performance logs and reports.
App, Browser, and Device Information:
Information about the device, operating system, and browser you’re using
Other device characteristics or identifiers (e.g. plugins, the network you connect to)
IP address
Information from cookies and similar technologies: See our Cookies Policy for more information
Information we obtain from Affiliates and third parties
Information from Coinbase Companies (“Affiliates”): In accordance with applicable law, we may obtain information about you as part of facilitating, supporting, or providing our Services. (e.g., convert cryptocurrency into fiat and make withdrawals into your bank account).
Blockchain Data: We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses
Information from Analytics Providers: We receive information about your website usage and interactions from third party analytics providers.
2. HOW WE USE THE INFORMATION WE COLLECT
We may use your personal information for the following purposes or as otherwise described at the time of collection. If you reside outside the United Kingdom or European Economic Area (“EEA”), the legal bases on which we rely in your country may differ from those listed below.
We implement technical and organizational measures designed to protect the confidentiality of your data.
Data use necessary to perform our contract with you
We use certain information that is necessary to conclude and perform our Terms of Service or other relevant contract(s) with you. We will need to terminate your account if we cannot process your personal information for such purposes.
Why and How We Use Your Information | Information Used |
To provide Coinbase Commerce Services In order to allow you to set up a Coinbase Commerce account and to provide Customers with Services. To create a Coinbase Commerce account, you must provide us with the relevant account information. | Account Information, IP address, Products and Services Data, Wallet Information, Transaction Information |
To provide service communications To send you administrative or account-related information about our Services, which can include security updates, transaction-related information through email, telephone, or in-product/push notifications. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services.
| Account Information, Products and Services Data, Transaction Information, Communications |
To provide customer service To address your request for support via our website or by email and to respond to customer care and other inquiries.
| Account Information, Products and Services Data, Transaction Information, Communications |
To ensure quality control For quality control and staff training to make sure we continue to provide you with accurate information. Without processing for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions. | Account Information, Products and Services Data, Wallet Information, Transaction Information, Communications |
To promote the safety, security and integrity of our Services To prevent and investigate potentially prohibited or illegal activities, and/or violations of our Terms of Service or policies and to maintain the integrity of our Services
| Account Information, Products and Services Data, Wallet Information, Transaction Information, Communications |
Data use to comply with our legal obligations
Why and How We Use Your Information | Information Used |
To comply with other legal and regulatory obligations We may access, read, preserve, and disclose information when we believe it is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental, and other legal requests, court orders, or for disclosure to tax authorities. Examples of laws that may require us to collect, use or disclose your information: - Civil, commercial, criminal, taxation or consumer protection matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings or regulatory inquiries (e.g. Singapore Criminal Procedure Code 2010). - Regulatory matters: to comply with our regulatory obligations, including engaging with our regulators, such as (but not limited to) the Monetary Authority of Singapore. | Account Information, Products and Services Data, Wallet Information, Transaction Information, Communications, Metrics and Performance Data, App, Browser and Device Information, Information from Affiliates, Blockchain Data, Information from Analytics Providers |
Data use for Legitimate Interests
We rely on our legitimate interests or those of third parties (like our other Customers and in some cases, the general public) where they are not outweighed by your rights and freedoms. In the EEA and UK, you have the right to object to, and seek the restriction of, this processing. See [Section 7. Your Privacy Rights and Choices] for more information.
Why and How We Use Your Information | Legitimate Interests Relied On | Information Used |
To research and innovate We use your information to support research and innovation on topics related to our Services.
| It is in our interest and our Users’ and Customers’ interest to improve and iterate our Services. | Account Information, Products and Services Data, Wallet Information, Transactions Information, Metrics and Performance Data, App, Browser, and Device Information |
To enhance your online experience We collect information about your online activity while you are using the Services (for example, when and how often pages on our website are visited, and our Services are used)., and implement the preferences you request. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.
| It is in our interest to understand how you interact with the Services in order to customize and/or improve our products and Services . | Account Information, Products and Services Data, Transactions Information, Metrics and Performance Data, App, Browser, and Device Information |
To provide marketing communications to you Based on your communication preferences, we may send you marketing communications via email to inform you about relevant product offers and services, to deliver targeted marketing, and to provide you with promotional offers based on your communication preferences. You can opt-out of our marketing communications at any time. You may also see ads for our Services when you visit other apps and websites.
| It is in our interest to promote Coinbase products and Services that you may be interested in. | Account Information, Products and Services Data, Transactions Information, Metrics and Performance Data |
We preserve and share information with others, including law enforcement, civil litigants, and others who may issue legal requests Where not otherwise required by law, and depending on the circumstances, we may preserve and share your information when: - We are compelled to do so by a subpoena, court order, or similar legal procedure; or - We believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Terms.
| It is in our interest and the interest of the general public to prevent and address fraud, unauthorized use of the Services, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, Coinbase Commerce personnel and property or the Service), our Users or Customers or others, including as part of investigations or regulatory inquiries; to defend our legal rights and resolve disputes; to secure our platform and network, to verify accounts and activity, to combat harmful conduct, to detect, prevent and address fraud, abuse, spam and other bad experiences or to prevent death or imminent bodily harm. | Account Information, Products and Services Data, Wallet Information, Transactions Information, Communications, Metrics and Performance Data, Information from Affiliates, Blockchain Data, Information from Analytics Providers |
To promote safety, security and integrity Outside of performing our contract with you, we may use and analyze your information to protect the integrity of our Services. For example, we may use it to: - log customer reports and patterns of suspicious behaviour to understand techniques being used by bad actors who may wish to interfere with the Services; and - to identify and investigate patterns of suspicious behavior or violations of our policies and Terms. | It is in our interest and the interests of our Users and Customers to secure our platform and network, to verify accounts and activity, to combat harmful conduct, to detect, prevent and address fraud, abuse, spam and other bad experiences. | Account Information, Products and Services Data, Wallet Information, Transactions Information, Communications, Metrics and Performance Data, Information from Affiliates, Blockchain Data, Information from Analytics Providers |
Data use based on your consent
When we use your information based on your consent, you have the right to withdraw your consent at any time on a go-forward basis (which will not affect our prior use of your data, which relied on your previously given consent). You may change your device-based or in-app settings anytime or as described in Section [7]. Your Privacy Rights and Choices.
Why and How We Use Your Information | Information Used |
To provide marketing communications to you We may send you marketing communications via email to inform you about relevant product offers and services, to deliver targeted marketing, and to provide you with promotional offers based on your communication preferences. You may also see ads for our Services when you visit other apps and websites. | Account Information, Products and Services Data, Transactions Information, Metrics and Performance Data |
Data use to protect your or others’ vital interests
Why and How We Use Your Information | Information Used |
Preserving, reviewing, and sharing information with law enforcement and others We may preserve, review, and share information with law enforcement and others in circumstances where someone’s vital interests require protection, such as in the case of emergencies. For example, where there is a risk to the well-being or life of a Coinbase Commerce User or Customer. | Account Information, Products and Services Data, Wallet Information, Transactions Information, Communications, Metrics and Performance Data, Information from Affiliates, Blockchain Data, Information from Analytics Providers |
If you reside outside the United Kingdom or EEA, the legal bases on which we rely in your country may differ from those listed above.
4. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We retain your information as needed to provide our Services comply with legal obligations or protect our or others’ interests. While retention requirements vary by country, we maintain internal retention policies on the basis of how information needs to be used. This includes considerations such as when the information was collected or created, whether it is necessary in order to continue offering you our Services, whether we are required to hold the information to comply with our legal obligations, other financial regulatory obligations, or information preservation requirements. We also keep certain information where necessary to protect the safety, security and integrity of our Services and Users.
Please contact us if you have questions about retention periods for a particular aspect of your personal information which is not detailed above.
5. CHILDREN’S PERSONAL INFORMATION
The Services are not directed to persons under the age of 18, and we do not knowingly request or collect personal information from any person under the age of 18. If you are under the age of 18, please do not provide any personal information through the Sites or Services. If a user submitting personal information is suspected of being younger than 18 years of age, Commerce will require the user to close his or her account and will take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.
6. INTERNATIONAL TRANSFERS
To facilitate our global operations, Coinbase Commerce, its Affiliates, third-party partners, and service providers may transfer, store, and process your personal information throughout the world, including Ireland, Germany, Singapore, the UK, the US, and the Philippines.
If you reside in the EEA, Switzerland, or the United Kingdom, we rely upon a variety of legal mechanisms to facilitate these transfers of your personal information (collectively, “European Personal Data”).
We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of European Personal Data to third countries. For a copy of the Standard Contractual Clauses, please contact dpo@coinbase.com.
We also rely on adequacy decisions from the European Commission where available and exemptions provided for under data protection law. For example, because Coinbase Commerce operates and provides its Services globally, we need to share information with our Affiliates and to data centers outside the EEA in order to develop, offer, and improve our Services (Article 49(1)(b) GDPR). In addition, we may rely on certain exemptions for sharing personal information with law enforcement outside of the EEA in emergency situations (Article 49(1)(f) GDPR).
7. YOUR PRIVACY RIGHTS AND CHOICES
Depending on where you live, you may be able to exercise certain privacy rights related to your personal information. You can make privacy rights requests relating to your personal information by contacting us at commerce@coinbase.com so that we may consider your request under applicable law. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, we have absolute discretion in providing you with these rights.
Right to withdraw your consent:
To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. The lawfulness of Coinbase Commerce’s processing before you withdraw your consent will not be affected by such withdrawal.
Right to access and portability:
You may request that we provide you a copy of your personal information held by us.
Right to rectification:
You may request us to rectify or update any of your personal information held by Coinbase Commerce that is incomplete or inaccurate by logging in to your account and clicking the Settings tab.
Right to deletion/erasure:
You may request to erase your personal information, subject to applicable law. If you close your Coinbase Commerce Account, we will retain or delete information associated with your account as described in [Section 4. How Long We Keep Your Personal Information].
Right to object or restrict processing:
You may have the right to restrict or object to us using or transferring your personal information based on our legitimate interests, in the public interest, or for direct marketing. We may continue to process your personal information where permitted or required by applicable law.
Right to lodge a complaint:
If you reside in the EEA, Switzerland, or the UK, you have the right to lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country or state.
If you reside in Australia or the Philippines, you may lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country. In Australia, the relevant data protection authority is the Office of the Australian Information Commissioner, and complaints may be made through their website at www.oaic.gov.au. In the Philippines, the relevant data protection authority is the National Privacy Commission, email: complaints@privacy.gov.ph.
To protect your privacy and security, we may take steps to verify your identity before complying with your request and we may decline your request if we are unable to verify your identity.
Under certain US data privacy laws, as well as in Brazil, you may also designate an authorized agent to make these requests on your behalf.
These rights are not absolute, and may be denied in accordance with applicable law.
8. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This section is for California residents, and describes how we collect, use, and disclose your personal information. Any terms defined in the California Consumer Privacy Act (as amended by the California Privacy Rights Act of 2020) (“CCPA”) have the same meaning when used in the California Privacy Notice. The personal information and the sources from which we have collected about California consumers in the past 12 months is described in the “Information We Collect” section above, depending on the nature of your relationship with us. In addition, the personal information that we have disclosed about California consumers for a business purpose is described in the “How We Share Information With Affiliates and Third Parties” section above. Coinbase Commerce does not use or disclose Sensitive Personal Information for purposes other than those expressly permitted under the CCPA with consent. We do not “sell” or “share” (as those terms are defined under the CCPA) personal information, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we “sell” or “share” personal information of residents under 16 years of age.
California Privacy Rights. As a California resident, you have access, correction, deletion and non-discrimination rights in relation to the personal information that we have collected about you, as described in the “Your Privacy Rights and Choices” section above.
You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
9. HOW TO CONTACT US WITH QUESTIONS
If you have any questions about this Policy, or if you have a complaint,contact us at commerce@coinbase.com or by writing to us at Coinbase Commerce, One Marina Boulevard, #28-00, Singapore 018989.
10. CHANGES TO THIS POLICY
We’re constantly trying to improve our Services, so we may need to change this Policy from time to time as well. We post any changes we make to our Policy on this page and, where appropriate, we will provide you with reasonable notice of any material changes before they take effect or as otherwise required by law. The date the Policy was last updated is identified at the top of this page.
We may provide additional "just-in-time" disclosures or additional information about how we collect or use your information in the context of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we use your information.