At Shift Crypto AG ("Shift Crypto", "BitBox", "we", "us", or "our"), your privacy is of fundamental importance to us. We are committed to protecting your personal data and being transparent about the data we collect, how we use it, and the rights you have under applicable law.
Our values—rooted in privacy, transparency, and Swiss quality—guide every decision we make. We believe that individuals have the right to control their personal information, and we design our systems to minimize data collection wherever possible. This privacy-by-design approach is part of our core philosophy, reflected in our open-source ethos, independent infrastructure, and customer-first support.
This Privacy Policy describes how we, as the data controller, process your personal data in accordance with the Swiss Federal Act on Data Protection (nFADP), the General Data Protection Regulation (GDPR), and similar applicable privacy regulations. Our services include operation of the website, our webshop, customer support, marketing communications, and the BitBox software applications.
We process personal data exclusively for internal purposes based on clearly defined legal bases. We never sell, rent, or lease your information to third parties.
If you have any questions about this policy or wish to exercise your legal rights, you may contact us at [email protected].
By accessing our services, placing an order, using our software, or interacting with us in any way, you consent to the practices described in this Privacy Policy and acknowledge that your data may be processed as described. Where required by law, we will ask for your explicit consent (e.g., for marketing communications).
We collect only the personal data that is necessary for the performance of our services or as required by law. This may include:
We rely on the following legal bases for processing personal data:
Our website (https://bitbox.swiss) and affiliated domains (including our self-hosted shop and blog) are designed with privacy by default. We collect and process minimal personal data during website usage.
To ensure functionality, performance, and security, we collect technical data such as IP address, browser type, operating system, referrer URL, and access timestamps. This data is used solely for fraud detection, service optimization, and abuse prevention.
We use Google Analytics to understand website usage and improve our services. Cookies may be placed on your device to collect anonymized usage statistics. Data sharing settings are configured to minimize personal information exposure. You can manage cookie preferences via our Cookie Consent tool or your browser settings.
For protection, performance, and global content delivery, we use Cloudflare as a reverse proxy and CDN. They operate under strict data processing agreements, with all international transfers safeguarded by Standard Contractual Clauses (SCCs).
Cookies and similar technologies are used to store visitor preferences, maintain shopping cart contents, and manage sessions. If the cookie pop-up does not appear, please clear your browser cache and reload the page.
Our webshop is fully self-hosted to minimize exposure to third parties. Personally identifiable information is retained only as needed to complete and document your order. After 30 days, all such data is anonymized in our live systems. For delayed shipments (e.g., preorders), data is anonymized upon fulfillment.
Invoices are retained in accordance with Swiss law for ten years. These are stored securely and encrypted, with access protected by strong cryptographic controls and strict access management protocols.
Processing of fiat currency payments is handled by third-party providers, including Stripe, PayPal, and Crypto.com Pay. We do not process or store your payment credentials. Bitcoin payments are processed via our self-hosted BTCPay Server, which stores only anonymized invoice metadata.
Shipping providers (Swiss Post, UPS, DHL, etc.) receive only the data required to deliver your order: name, address, and email. We avoid referencing cryptocurrency terms in submitted data to minimize the risk of personal data inference. A third-party order fulfillment platform is used to manage labels and order tracking; order data is anonymized after 180 days.
The BitBoxApp requires network communication with backend servers for broadcasting transactions, fetching balances, and checking for software updates. Our servers either don’t log IP addresses at all, or they are anonymized before being written into the logs. In general, logging is limited to the absolute minimum necessary for service stability.
Users may configure the BitBoxApp to use their own Bitcoin Full Node or any public Electrum-compatible backend. This traffic can be routed through the Tor network for added privacy.
For Ethereum and ERC20 tokens, BitBoxApp retrieves account information from Etherscan (see Etherscan’s Privacy Policy).
QR code scanning is performed locally on the device only when initiated by the user. We do not embed any third-party trackers or analytics in the BitBoxApp. This has been independently verified.
The BitBoxApp integrates optional third-party services ("Partner Services") for user convenience. No personal data is transmitted to any Partner Service unless and until the user explicitly initiates an interaction and consents through an in-app disclaimer.
Each Partner Service is solely responsible for its own data processing activities. We recommend reviewing their respective privacy policies:
Support messages are handled through our self-hosted support platform. Support inquiries are initiated through our self-hosted contact form. Outbound support messages, including order confirmations and customer replies, are sent via Brevo, a GDPR-compliant email delivery service based in the European Union. Brevo processes message metadata solely for the purpose of reliable delivery, diagnostics, and security. Email replies are handled through Soverin.net, a privacy-first email service located in the Netherlands, and immediately fetched into our internal support platform, after which they are deleted from the mail server.
Inactive tickets are closed and deleted after a short period of inactivity unless follow-up is requested.
We operate our customer Knowledge Base using HelpJuice. They may collect limited technical information (such as IP address, browser type, operating system, and device information) for operational purposes like service delivery, security, and performance analytics. HelpJuice does not sell personal information and processes data in compliance with applicable data protection laws, including the GDPR. We do not actively collect or transmit any personally identifiable information through the Knowledge Base.
We use GoAffPro to manage our affiliate program. This involves basic referral link tracking. No personal data of customers is collected or processed by GoAffPro. Affiliates may provide email and payout details, which are processed securely and used solely for program participation.
If you subscribe to our newsletter or other marketing communications, we process your email address and consent timestamp using Brevo, a GDPR-compliant email provider based in the European Union.
Each message includes an unsubscribe link. If you choose to unsubscribe, your email address will be permanently removed from our mailing list within 30 days. Brevo collects open and click metrics and provides us with aggregated, non-identifiable engagement statistics. We cannot access or use any data that tracks individual recipients by design.
We use secure, encrypted automation tools to streamline operations (e.g., follow-up flows, review invitations). These tools do not store message content and are designed to operate with minimal access.
For surveys and feedback collection, we use a self-hosted Formbricks instance, retaining full control over collected data. Surveys are anonymous by default unless specific data is requested.
For public reviews, we partner with Trustpilot. After purchase, you may be asked—via a self-hosted confirmation page—if you'd like to leave a review. Only after explicit consent will your email address be transmitted to Trustpilot.
Our services are hosted on dedicated infrastructure located in Europe, operated by providers that are subject to strict EU data protection laws. We retain full administrative control over these systems and do not rely on shared hosting environments. Personal data is stored and processed exclusively within the European Union, unless otherwise stated.
To safeguard against DDoS attacks, malicious traffic, and other abusive activities—and to ensure high availability and performance—we use Cloudflare as a reverse proxy and content delivery network (CDNs). They operate under strict data processing agreements that limit access to personal data and restrict processing to what is necessary for service delivery, diagnostics, and security. Data transfers to their infrastructure outside the EU are protected by Standard Contractual Clauses (SCCs) as recognized by Swiss and EU regulators.
We also operate additional backend services (e.g., cryptocurrency nodes and infrastructure) on dedicated bare-metal servers hosted within the EU, selected to meet high regulatory compliance and data protection standards. Software downloads are hosted on GitHub, which does not involve the processing of personal data.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal obligations.
>Customer data associated with webshop orders is anonymized in our systems after 30 days. Invoices are retained securely for 10 years in accordance with Swiss regulatory requirements, and are encrypted to ensure confidentiality.
If you unsubscribe from our marketing communications, your email address is deleted from our mailing systems within 30 days.
Support tickets and related correspondence are deleted automatically after a period of inactivity, unless further follow-up is requested by the user.
You may request earlier deletion of your data at any time by contacting [email protected], unless we are legally required to retain it.
Under the GDPR and Swiss nFADP, you have the following rights:
You also have the right to lodge a complaint with your local supervisory authority. To exercise your rights, contact us at [email protected]. We will respond within 30 days.
We do not knowingly collect personal data from children under the age of 13. If you believe that your child has provided us with personal information, please contact us immediately. We will promptly delete such data in accordance with applicable regulations.
We have internal processes to detect, assess, and mitigate data breaches. If a breach poses a risk to your rights and freedoms, we will notify you and the relevant authority as required by law.
We reserve the right to update this Privacy Policy to reflect new legal requirements, changes to our data practices, or service enhancements. Material updates will be communicated transparently via our website. The "Effective Date" at the top will always reflect the latest version.
Shift Crypto AG (data controller)
Soodmattenstrasse 4
8134 Adliswil
Switzerland
September 2025: Full rewrite to align with updated Swiss nFADP and GDPR guidance; restructured priority of components; added sections for BitBoxApp Partner Services, Knowledge Base, Marketing Communications (Brevo), and Children's Information; updated hosting and compliance details.