Bitkey Privacy

Bitkey does not require KYC, store biometrics, or have customer support authorizing actions on your account. We use cryptographic keys to verify actions, and we provide features like Recovery Contacts that let you lean on your own personal network to verify recovery requests without the need or ability for Bitkey to intervene and move funds on your behalf.By providing an e-commerce platform for hardware purchases, the option to ship directly to customers, and relying on communication channels for security alerts, Bitkey shares some of the same privacy issues as most single-sig hardware wallets and collaborative custody solutions (with the notable exception that most collaborative custody providers require full KYC, customer support approval processes that involve biometrics, or both).Through both straightforward improvements, like accepting bitcoin for payment, enabling customers to ship Bitkey to thousands of third-party pickup points instead of a home address, and applying novel cryptographic innovations, we believe Bitkey sets a new, high bar for privacy.

Bitkey does not require you to provide a home address to purchase. Instead, you can buy a Bitkey on bitkey.world and have it shipped to any FedEx pick up point in the U.S., Dollar General, Albertsons, and Kroger stores, and almost 9,000 Walgreens locations. When you opt to pay with bitcoin and ship to a pickup point, the only personal information Bitkey requires is an email address and a pickup name.

In the past, collaborative custody services have been able to see not only the transactions they participate in, but every past and future transaction—an unfortunate byproduct of 3rd party signers holding a key to help in recovery scenarios. Chain Code Delegation, a bitcoin improvement invented by former and current Bitkey engineers, fixes this, bringing greater privacy to any collaborative custody provider and multisig setup that implements it. This means cosigners can still participate in actions like recovery and enabling spending limits—without learning anything about unrelated transactions or overall balances. (3rd-party keyholders can still see transactions that require their participation. In Bitkey’s case, that means recovery and transfer without hardware.)

The Bitkey team has a strong commitment to transparency and open communication with our customers and the community. We are always transparent about what data we’re collecting, why we need it, how it’s protected, and try to offer our customers choices on how it's used when possible (while also keeping a high bar on safety and experience). For instance, because Bitkey involves a hardware component, we may process personal information required to get the hardware to you - like the address you ship it to and the billing information you use. That said, we also offer the ability to buy Bitkey with bitcoin without providing billing information, and the option to pick up Bitkey at a business near you so that you don’t need to provide an address, either.Bitkey also provides comprehensive recovery tools. Part of that system includes security notifications sent to you via an email you provide, and, if you choose, via SMS to a phone number you provide. We use strong security controls in production to protect this information — everything from important basics like two-factor authentication on production accounts and a strong detection and response program, to more sophisticated technical methods for enforcing things like dual-control that requires multiple engineers to work together to make changes in production or to access this data.We have taken additional concrete steps toward making Bitkey  and self-custody private, co-authoring a BIP that all multisig and collaborative custody solutions can adopt to shield customer balances and transactions, and implementing that improvement ourselves. While Bitkey’s recovery features require us to participate as a cosigner, giving us a momentary view into your wallet balance, we do not log or otherwise store that information. We are also working on a feature that will allow anyone to verify that our servers don’t log the information they see during co-signing.You can find detailed information on the data we collect from you, why we do it, how we protect it, and how long we retain it here: https://bitkey.world/en-US/legal/privacy-notice.