possible privacy issue

  • Resolved frenkie19

    (@frenkie19)


    4 years, 1 month ago

    hi
    interested in possbile privacy issue
    when using bitcoin to bitcoin mode personal user data (from client who is buying an digital item) is being sent to your moneyoverip.com api

    it includes private details such as name,address,country etc…why this data is being sent to your api?

    can you please elaborate?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Triple-A.io

    (@tripleatechnology)

    Hi @frenkie19
    The first plugin version took inspiration from the Stripe and Paypal plugins’ code. Stripe sends all this info, and more (detailed info about what the user purchased) to its own backend.

    We had a dashboard in the works and it seemed like we might want to display order IDs, client name and related info about the client in our merchant dashboard so we decided to at least keep that that info.

    We do not collect any information about what was purchased.

    I will raise this topic of privacy concerns internally to see if we can limit this for btc2btc or offer the option in the plugin settings (so that the merchant can choose how useful or complete the info in the merchant dashboard is).

    There is strictly no other use made of that data (internally, and certainly not shared with 3rd parties).

    Regards,
    TripleA Team

    Plugin Author Triple-A.io

    (@tripleatechnology)

    Apologies @frenkie19 , did not address the “moneyoverip” mention. It was the name we used for early versions of our server. Different domain name, same infrastructure.
    So no 3rd party involved or privacy risk.

    Regards,
    TripleA Team

    Thread Starter frenkie19

    (@frenkie19)

    thanks for answer

    moneyoverip api is fine,as its used to generate qr code and verify transaction,but i would really like to get rid of that part of sending customer details because i will have to declare it in privacy policy to not get penalised by some institution at some point.

    also is public key being sent to your api after activating it in backend?

    can you put some code here or details how to stop sending this data?

    Plugin Author Triple-A.io

    (@tripleatechnology)

    Hi @frenkie19 ,
    The public key is sent once to our API, for account activation. We generate an API ID which is used thereafter. No user will ever see your public key in any connections on the front-end.
    The public key is used internally by TripleA to monitor incoming payments.

    Please reach out to [email protected] and mention your username (frenkie19) so that we can show you how to adjust the code.

    (As the code is open-source and you clearly had a look, you may also just experiment and comment out some parts.)

    Regards,
    TripleA Team

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘possible privacy issue’ is closed to new replies.