Legal

Imprint, Privacy Policy, and Terms of Service

Imprint

Statement according to § 5 TMG

Company

Bitbond GmbH
Torstraße 105-107
10119 Berlin
Germany

Represented by

Radoslav Albrecht

Contact

Phone: +49 30 5683 8191
Email: service@bitbond.com

Register

Commercial register: Berlin-Charlottenburg
Register number: HRB 146980 B

VAT-ID

VAT identification number according to §27 a of the German VAT act:
DE 288 357 799

Liability for Contents

The contents of our pages have been created with the utmost care. However, we cannot guarantee the accuracy, completeness and timeliness of the content. As a service provider, we are responsible for our own content on these pages in accordance with § 7 paragraph 1 TMG under the general laws. According to §§ 8 to 10 TMG, however, we are not obligated as a service provider to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected. However, liability in this regard is only possible from the point in time at which a concrete infringement of the law becomes known. If we become aware of any such infringements, we will remove the relevant content immediately.

Copyright

The contents and works created by the site operators on these pages are subject to German copyright law. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is identified as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. If we become aware of any infringements, we will remove such content immediately.

Privacy Policy

Last updated: April 2026

1. Data Controller

This platform is operated by Bitbond GmbH (“Platform Provider”) as a white-label investment platform on behalf of the issuer (“Issuer”) who offers the token offering you are investing in. Two separate roles apply to the processing of your personal data:

  • The Issuer is the data controller (Art. 4(7) GDPR) for the processing of your personal data for the purposes of your investment, investor onboarding, KYC/AML verification, and any contractual relationship arising from your investment.
  • Bitbond GmbH acts as a data processor (Art. 4(8) GDPR) on behalf of the Issuer, providing the technical platform infrastructure to facilitate the investment process. In addition, Bitbond GmbH is an independent data controller for a limited set of processing activities carried out for its own legitimate purposes, specifically: platform security monitoring, fraud prevention, service reliability, and aggregated usage analytics. These independent processing activities are based on Art. 6(1)(f) GDPR (legitimate interest).

The Issuer's identity and contact details are disclosed on the offering page and in the Issuer's own privacy policy, which is linked during the checkout process. If you have questions about how the Issuer processes your data, please contact them directly.

For inquiries about Bitbond GmbH's processing activities (whether as processor or independent controller), you may contact:

Bitbond GmbH
Torstraße 105-107
10119 Berlin, Germany
Email: service@bitbond.com
Phone: +49 30 5683 8191

2. Types of Data Collected

When you use the Bitbond Offering Manager, we may collect the following categories of personal data:

  • Account Data: Name, email address, phone number, company name, and role within your organization.
  • Identity Verification Data: Information provided during KYC (Know Your Customer) processes, including government-issued identification documents, proof of address, and related verification data processed through our KYC partners (Blockpass, Sumsub).
  • Financial Data: Investment amounts, payment method details (processed via Checkout.com), wallet addresses for cryptocurrency transactions, and bank transfer information.
  • Usage Data: IP addresses, browser type, device information, pages visited, timestamps, and interaction data collected through server logs and analytics tools.
  • Communication Data: Content of emails and messages exchanged with our platform.

3. Purpose of Processing

We process your personal data for the following purposes:

  • Providing and maintaining the Offering Manager platform and its services.
  • Processing and managing token offering subscriptions and investments.
  • Conducting identity verification and KYC/AML compliance checks as required by applicable regulations.
  • Processing payments and tracking transaction status.
  • Communicating with you about your account, transactions, and platform updates.
  • Improving our services, analyzing usage patterns, and ensuring platform security.
  • Complying with legal and regulatory obligations.

4. Legal Basis (GDPR)

We process your data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Contractual Necessity (Art. 6(1)(b) GDPR): Processing necessary for the performance of the services you have requested.
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with KYC/AML regulations, tax laws, and securities regulations.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing for platform security, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a) GDPR): Where applicable, for analytics cookies and marketing communications. You may withdraw consent at any time.

5. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

  • KYC/AML Providers: Identity verification services (see sub-processor registry below).
  • Payment Processors: Card payment and fiat settlement providers.
  • Cloud Infrastructure: Hosting and database providers necessary for platform operation.
  • Email Services: Transactional email delivery providers.
  • Regulatory Authorities: Where required by law or regulation.

We do not sell your personal data to third parties.

Sub-Processor Registry

The following sub-processors are engaged to process personal data on our behalf:

Sub-ProcessorPurposeData ProcessedLocation
PrivyAuthentication & Wallet InfrastructureEmail address, wallet addresses, authentication tokensUSA (SCCs in place)
BlockpassKYC / Identity VerificationName, ID documents, selfie, proof of addressHong Kong / EU
SumsubKYC / Identity VerificationName, ID documents, selfie, proof of addressEU (Berlin)
Checkout.comPayment ProcessingName, email, payment card details, transaction amountsUK / EU
Postmark (ActiveCampaign)Transactional Email DeliveryEmail address, nameUSA (SCCs in place)
Google Cloud PlatformCloud Infrastructure & HostingAll platform data (encrypted at rest and in transit)USA / EU (SCCs and EU-US Data Privacy Framework in place)
Stripe, Inc.Payment Processing & Subscription BillingPayment method details, billing address, invoice dataUSA / EU (EU-US Data Privacy Framework; SCCs in place)
Google Analytics (GA4)Website AnalyticsIP address (anonymised), page views, session dataUSA (EU-US Data Privacy Framework; consent required)

We will notify Data Controllers of any intended changes to sub-processors, providing the opportunity to object before such changes take effect.

6. Cookies and Analytics

This platform uses essential cookies necessary for the operation of the service (such as session and authentication cookies). These cookies do not require consent as they are strictly necessary for the platform to function.

Analytics cookies (consent required): We use Google Analytics (GA4) to understand how visitors interact with our website. GA4 scripts are not loaded until you explicitly accept analytics cookies via the cookie consent banner. If you decline, no analytics data is collected. You may change your preference at any time via the cookie consent banner at the bottom of the page.

When accepted, Google Analytics collects information such as pages visited, session duration, and general geographic location. IP addresses are anonymised. This data is used solely for improving our services. You can additionally opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Cookie Overview

CookieTypePurposeDuration
Session cookiesEssentialAuthentication and session managementSession
om_cookie_consentEssentialStores your cookie consent preference365 days
_ga, _ga_*AnalyticsGoogle Analytics tracking (only if consented)Up to 2 years

7. Billing Data

When you subscribe to a paid plan, we collect and process the following billing-related data:

  • Company Details: Company name, billing address, and VAT identification number, used for invoice generation and tax compliance.
  • Payment Method Metadata: Last four digits of the payment card or SEPA account, card brand, and expiry date. Full payment details are stored exclusively by our payment processor (Stripe, Inc.) and are never stored on the Platform.
  • Invoice Data: Invoice amounts, billing periods, payment status, and invoice PDFs.

Purpose: Subscription billing, invoice generation, and tax compliance (§ 14 UStG).

Legal Basis: Contractual necessity (Art. 6(1)(b) GDPR) for payment processing; legal obligation (Art. 6(1)(c) GDPR) for tax record retention.

Retention: Billing records are retained for 10 years in accordance with § 257 HGB and § 147 AO (German commercial and tax law).

8. General Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Specifically:

  • Account data is retained for the duration of your account and for a reasonable period thereafter.
  • KYC/AML data is retained in accordance with regulatory requirements (typically 5-10 years after the end of the business relationship).
  • Transaction records are retained as required by applicable financial regulations and tax laws.
  • Usage and analytics data is retained in anonymized form for up to 26 months.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete data.
  • Right to Erasure: You may request deletion of your data, subject to legal retention requirements.
  • Right to Restriction: You may request restriction of processing in certain circumstances.
  • Right to Data Portability: You may request your data in a structured, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

You may exercise your right of access and right to erasure directly through the platform via the “Privacy & Data” section in your account settings. For all other requests, please contact us at service@bitbond.com.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.

11. Contact

If you have questions about this privacy policy or our data practices, please contact us:

Bitbond GmbH
Torstraße 105-107
10119 Berlin, Germany
Email: service@bitbond.com
Phone: +49 30 5683 8191

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.