Privacy Policy
EscrowCryp.to
Last updated: 2026-05-24 Effective date: 2026-05-24
1. Who we are
EscrowCryp.to (the "Service") is operated by A Nevis Company LLC, a limited liability company organized under the laws of St Kitts & Nevis, with registered office at Hunkins Waterfront Plaza Suite 556, Main Street Charlestown, Nevis, St Kitts & Nevis (the "Operator", "we", "us", "our").
This Privacy Policy explains what personal data we collect about you, how we use it, with whom we share it, how long we keep it, and your choices.
This Privacy Policy is part of, and incorporated into, our Terms of Service. Capitalized terms not defined here have the meaning given in the Terms of Service.
2. Scope and your acknowledgment
By using the Service, you acknowledge and consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy.
The Service is designed for users outside the European Union, the European Economic Area, the United Kingdom, the United States, and other Restricted Jurisdictions (see Section 2.2 of the Terms of Service). We do not represent that this Privacy Policy satisfies the requirements of GDPR, UK GDPR, CCPA/CPRA, or other privacy laws specific to those jurisdictions. If you reside in a Restricted Jurisdiction, you must not use the Service.
3. What we collect
We collect the minimum data necessary to operate the Service. We do not collect government-issued identification documents, biometric data, social security numbers, tax identification numbers, bank account information, or proof of address.
3.1 You provide
- Email address. Required for account creation. Verified by one-time code at signup.
- Tron blockchain wallet address. Required for Deal participation. Public information on the Tron blockchain.
- Deal information. Counterparty wallet address, counterparty email (if you provide one), Deal amount, Inspection Period length, Deal description text you write yourself.
- Dispute submissions. Written statements, evidence files (text, images, documents, links) you upload during a Dispute.
- Support communications. Email and any attachments you send to support@escrowcryp.to.
3.2 We collect automatically
- Technical data. IP address, browser type and version, device type, operating system, language, time zone, screen resolution, referring URL, the pages you visit on the Service, the dates and times of your visits.
- Cookies and similar technologies. As described in our Cookie Policy.
- Authentication data. Verification code timestamps, login timestamps, JWT session tokens.
3.3 We obtain from third parties
- Sanctions screening results. When we screen a wallet address through Chainalysis and TRM Labs (and any future screening provider), we receive risk indicators about that address. These results are not personal data about you in the GDPR sense, but they are associated with your wallet in our records.
- On-chain data. Public Tron blockchain data associated with addresses you submit (transaction history, token balances, contract interactions). This is publicly available regardless of the Service.
- Email deliverability data. Bounce, open, and click events from our email provider (Resend).
3.4 We do not collect
- Government IDs, passport scans, driver licenses, utility bills, selfies, video.
- Phone numbers (unless you voluntarily include one in support correspondence).
- Bank account or credit-card data — the Service does not accept fiat payments.
- Health or biometric data.
- Children's data — the Service is not for minors and we do not knowingly collect data from anyone under 18.
4. Why we use it (purposes)
| Purpose | Data used | Necessary or optional |
|---|---|---|
| Create and verify your account | Email, verification code | Necessary |
| Authenticate you to the Service | Email, password (if any), session token, wallet signature, IP | Necessary |
| Create, fund, track, and complete Deals | Wallet address, counterparty wallet, deal info, on-chain data | Necessary |
| Sanctions and AML screening | Wallet address sent to Chainalysis, TRM Labs | Necessary — legal interest |
| Arbitrate Disputes | Dispute evidence, deal info, communications | Necessary |
| Send transactional emails (deal status, dispute notices, security alerts) | Necessary | |
| Prevent fraud and abuse | IP, technical data, behavioral data | Legitimate interest |
| Comply with legal obligations and respond to lawful requests | All of the above | Legal obligation |
| Defend the Operator against legal claims | All of the above | Legitimate interest |
| Improve and debug the Service | Technical data, usage data | Legitimate interest |
We do not sell your data. We do not use your data for behavioral advertising or share it with advertisers. We do not use your data to train AI models.
5. Who we share it with
We share personal data only with the following categories of recipients, and only for the purposes described above.
5.1 Service providers
- Hosting: Hetzner Online GmbH (Germany), Cloudflare, Inc. (USA) — infrastructure.
- Email: Resend, Inc. (USA) — transactional email delivery.
- Database/Cache: Neon, Inc. (USA), Upstash, Inc. (USA) — or self-hosted.
- Sanctions screening: Chainalysis Inc. (USA), TRM Labs Inc. (USA).
- Tron network access: TronGrid (operated by the Tron Foundation), GetBlock (Lithuania), NowNodes (Estonia).
- Energy rental: Tronsave (operator of tronsave.io), JustLend DAO.
- Error monitoring and analytics: [PROVIDER, e.g., Sentry, Plausible — fill in as you add them].
Each service provider has access only to the personal data needed to perform its function and is contractually obligated to handle data confidentially and securely.
5.2 Law enforcement and regulators
We disclose data to law enforcement, regulators, tax authorities, courts, or other government bodies when we believe, in good faith, that disclosure is required by valid legal process or is necessary to protect our rights, the safety of users, or the public. We do not require a subpoena or court order before complying with valid law-enforcement requests from jurisdictions in which the Operator has presence or assets.
5.3 Tether Limited
If a Dispute or sanctions matter requires it, we may share Deal data with Tether Limited or its representatives, including in connection with seeking release of frozen USDT, responding to a freeze, or cooperating with Tether's compliance team.
5.4 Successors
If the Operator is acquired, merged, restructured, or sells its assets, your data may be transferred to the successor entity, subject to this Privacy Policy or a notice of any material change.
5.5 With your consent
We may share data for other purposes with your explicit consent.
5.6 Public on-chain data
You acknowledge that any data written to the Tron blockchain by the Service — including escrow contract addresses, deal identifiers (hashes), event logs, transaction hashes, your wallet address, and your counterparty's wallet address — is permanently public and outside our control. We cannot delete on-chain data.
6. International transfers
The Operator is based in St Kitts & Nevis. Your data may be processed in, transferred to, or stored in any country where we or our service providers operate, including jurisdictions with privacy laws that differ from those in your country and that may offer less protection than your country's laws. By using the Service, you consent to such transfers.
7. How long we keep it
| Category | Retention |
|---|---|
| Account email and authentication data | Until account deletion + 7 years for legal-defense purposes |
| Deal records (deals, events, parties) | 7 years after Deal completion |
| Dispute evidence and arbitration decisions | 7 years after Dispute resolution |
| Sanctions screening results | Indefinitely (for compliance defense) |
| IP and technical logs | 90 days, except where retained longer for fraud investigation |
| Email deliverability logs | 30 days |
| Cookies | Per Cookie Policy |
| On-chain data | Forever (outside our control) |
| Support emails | 3 years |
| Backups | Up to 90 days after primary deletion |
We may retain data longer if legally compelled, if needed for a pending or threatened legal proceeding, or if needed to investigate suspected fraud or abuse.
8. Your choices
8.1 Access, correction, deletion
You may request access to, correction of, or deletion of your personal data by emailing privacy@escrowcryp.to. We will respond within 30 days. Limitations:
- We cannot delete data we are required to retain by law or to defend against legal claims (see retention table).
- We cannot delete on-chain data. Your wallet address, Deal identifiers, and event logs remain permanently on the Tron blockchain.
- We may decline deletion requests we cannot authenticate to our reasonable satisfaction.
- Deletion of your account deletes the email-to-data linkage in our active systems but does not necessarily erase historical Deal records, sanctions logs, or backups.
8.2 Marketing emails
We do not send marketing emails. All emails we send are transactional (Deal status, Dispute notices, security alerts, account changes, Terms updates). You cannot opt out of transactional emails while maintaining an active account.
8.3 Account deletion
You may request account deletion by emailing privacy@escrowcryp.to. Account deletion is irreversible. You cannot delete an account that has an open Deal or an open Dispute.
8.4 Cookies
See the Cookie Policy.
8.5 No GDPR/CCPA representations
This Privacy Policy does not afford you GDPR, UK GDPR, CCPA/CPRA, or other-jurisdiction-specific data-protection rights. The Service is not directed at residents of jurisdictions whose laws grant such rights.
9. Security
We take commercially reasonable measures to protect your data, including encryption in transit (TLS), encryption at rest for evidence uploads, access controls, principle-of-least-privilege account provisioning, audit logging, and limited employee access.
No system is perfectly secure. We do not warrant that your data will not be accessed by unauthorized parties. Specifically, you bear the risk of (a) compromise of your own email account, wallet, or device, (b) compromise of the Tron blockchain or any third-party service provider, and (c) sophisticated attacks that no commercially reasonable measures could prevent.
If we become aware of a personal-data breach that affects you materially, we will notify you by email at the address associated with your account, where the law allows.
10. Children
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided data to the Service, contact privacy@escrowcryp.to and we will delete it.
11. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time. The current version is always at escrowcryp.to/legal/privacy with a "Last updated" date. Material changes will be notified by email to active accounts. Your continued use after the effective date of an amendment constitutes acceptance.
12. Contact
For any privacy question, request, or complaint:
Email: privacy@escrowcryp.to Postal: A Nevis Company LLC, Hunkins Waterfront Plaza Suite 556, Main Street Charlestown, Nevis, St Kitts & Nevis