btcpuzzle logo
GirişPuzzle'larAnahtarlarAraçlarGiriş
Sponsored
Kriptom.comKriptom.com
Membership-free cryptocurrency exchange service.No membership required, more than 1000 cryptocurrencies and reliable and transparent
ChangeNow.ioChangeNow.io
Limitless Web3.0 Crypto ExchangeBuy, sell, swap crypto: fast & secure
Sponsored
RedotPayRedotPay
Crypto Credit Card - Get 5$Top-up with BTC, USDC or USDT. Spend crypto like fiat. Prepaid virtual/physical crypto credit card. Get your 5$ bonus now!
Bitcoin (BTC)

Gizlilik Politikası

Bu içerik yalnızca İngilizce olarak mevcuttur. - Yayınlanma Tarihi: 2026-04-04

1 - Overview & Philosophy

At btcpuzzle.info, privacy is not a checkbox — it is a core design principle. We operate a Bitcoin puzzle mining pool where participation is, by its very nature, pseudonymous. Our platform is built around the idea that you should be able to contribute computational work, earn rewards, and interact with the Bitcoin puzzle ecosystem without surrendering your personal identity to us.

We do not ask for your real name. We do not require an email address to participate. We do not build advertising profiles. We do not sell, rent, or trade any information about you. We collect the minimum amount of data technically necessary to operate the service, and nothing more.

Our guiding principle: collect as little as possible, retain it as briefly as possible, and never use it for any purpose beyond keeping the service running.

This Privacy Policy explains in plain language what we do and do not collect, why, how long we keep it, and what rights you have. If you have any questions after reading this document, you are welcome to contact us.

2 - Who We Are

btcpuzzle.info is a Bitcoin puzzle pool platform that coordinates distributed computational efforts to solve publicly known Bitcoin puzzles. The platform allows participants to connect mining/scanning workers, monitor their progress, and receive any applicable rewards associated with found keys or solutions.

For the purposes of this policy, "we," "us," and "our" refer to the operator of btcpuzzle.info. "You" and "your" refer to any visitor, registered user, or worker operator who accesses or uses any part of our platform.

Our platform serves a global, technically sophisticated audience that values privacy and decentralization. This policy is written to reflect those values.

3 - Data We Do Not Collect

We want to be explicit about what we deliberately choose not to collect, because this is as important as what we do collect.

  • Email addresses. Registration and participation do not require an email address. We have no email verification flow, no marketing lists, and no email-based account recovery. You cannot accidentally give us your email because we never ask for it.
  • Real names or legal identity. We do not perform KYC (Know Your Customer) checks. We do not ask for government-issued identification, passports, or any form of legal identity document.
  • Phone numbers. We do not collect phone numbers for verification, recovery, or any other purpose.
  • Physical addresses. Unless required for a specific payment method's legal compliance (see Section 7), we do not ask for or store your physical mailing address.
  • Biometric data. We collect no fingerprints, facial recognition data, voice prints, or any other biometric identifiers.
  • Social media accounts or login credentials. We do not offer "Login with Google," "Login with X," or similar OAuth flows that would expose your social identity to us or expose our platform relationship to third-party providers.
  • Behavioral advertising profiles. We do not participate in any advertising network. We do not build interest profiles. We do not track you across other websites.
  • Location data. We do not request or record GPS location. We do not use IP geolocation data for any purpose beyond basic abuse prevention (rate limiting), and we do not store derived location records.

4 - Data We Do Collect

  • The following categories of data are collected because they are technically necessary to run the service. We collect the minimum required for each function.

    Account credentials
    When you register, we store a username of your choice and a hashed password. Passwords are never stored in plaintext; they are processed through a one-way cryptographic hashing function before being written to our database. We have no means of recovering your password — only resetting it via a mechanism that does not require email.

    Bitcoin wallet address
    To credit any rewards or payouts, we associate your account with one or more Bitcoin wallet addresses that you provide. A wallet address is a pseudonym — it does not inherently identify you as a person. We store it in association with your account solely to process payouts.

    Worker statistics and activity data
    When a connected worker (mining client, scanning node, GPU instance) performs work on our pool, we record metrics including: worker identifier (chosen by you), computational work submitted, hash ranges scanned, connection timestamps, and last-seen timestamps. This data is used to calculate contribution, display your dashboard, and detect connectivity issues. Worker identifiers are arbitrary strings that you define.

    Session data
    When you log into the web interface, a session token is created and stored server-side. This token allows you to remain authenticated across page loads. Sessions expire after a period of inactivity. We do not use persistent login cookies that survive browser restarts unless you explicitly opt into a "stay logged in" option.

    Server logs
    Our web servers and API generate standard access logs that may include IP addresses, request timestamps, HTTP method and path, response codes, and user agent strings. These logs are used for debugging, uptime monitoring, and security (e.g., detecting brute-force attempts or DDoS traffic). Log retention is limited — see Section 9.

    Payment-related data
    If you purchase a premium plan or paid feature via our payment processor, certain transaction data is processed. See Section 7 for full details on how payment data is handled.

5 - How We Use Your Data

  • We use the data we collect for the following purposes only:

    • Service delivery: Authenticating your account, displaying your worker statistics, calculating your contribution share, and processing any applicable rewards.
    • Platform security: Detecting and blocking abusive behavior, rate-limiting API requests, preventing unauthorized access, and maintaining system integrity.
    • Technical debugging: Diagnosing errors, outages, or anomalies in the platform's operation. Server logs may be reviewed by our technical team in response to incidents.
    • Legal compliance: In jurisdictions where payment processing creates legal obligations (see Section 7), retaining the minimum records required by applicable law.
    • Fraud prevention: Detecting coordinated manipulation of pool statistics, submission fraud, or abuse of the reward system.

    We do not use your data for marketing, advertising, sale to third parties, profiling, automated decision-making that affects your rights, or any purpose not listed above.

6 - Cookies & Tracking Technologies

We use two categories of cookies: strictly necessary cookies required for the service to function, and statistical analytics cookies used to understand aggregate platform usage. We do not use advertising or behavioral profiling cookies.

Strictly necessary cookies

  • Session cookie: Set when you log in, containing your encrypted session identifier. Required for authentication across page loads. HttpOnly, Secure, first-party. Deleted on logout or session expiry.
  • CSRF protection token: Set on page load to protect form submissions from cross-site request forgery. A security control, not a tracking mechanism.
  • User preference cookies: Stores interface preferences such as language selection. No personal data is embedded.

Analytics cookies

We use third-party analytics tools (such as Google Analytics) solely to collect aggregated, statistical information about how visitors use the platform — for example, which pages are visited most frequently, general geographic distribution of traffic, and session durations. This data helps us improve the platform.

  • Analytics data is collected in aggregate and is not used to identify individual users.
  • We configure analytics tools with IP anonymization enabled, meaning your full IP address is never stored by the analytics provider.
  • Analytics cookies are set by third-party providers (e.g., Google LLC) and are subject to those providers' own privacy policies. Google's privacy policy is available at policies.google.com/privacy.
  • Analytics data may be processed on servers outside your country of residence, including in the United States.

Because analytics cookies are not strictly necessary, we obtain your consent before setting them where required by applicable law (e.g., GDPR, KVKK). A cookie consent notice is displayed on your first visit for this purpose.

7 - Payment Data

btcpuzzle.info may offer paid features or subscription plans. Payment processing is handled by third-party payment processors (such as Iyzico or similar licensed payment service providers). We do not handle raw card data ourselves.

What the payment processor handles: Full credit/debit card numbers, CVV codes, and card holder billing information are entered directly on the payment processor's secure checkout form and transmitted to and stored by the processor — not by us. The payment processor is responsible for PCI-DSS compliance for this data.

What we receive and store: Upon a successful payment, we receive from the processor a transaction confirmation containing: a masked card identifier (e.g., last 4 digits), transaction ID, payment amount, currency, and timestamp. We associate this record with your account to activate the paid feature. We may also retain basic billing identifiers required for customer support or refund processing.

Legal retention: Financial transaction records may be subject to retention requirements under applicable commercial or tax law. We retain the minimum legally required transaction records and purge them at the earliest permissible time.

Cryptocurrency payments: If you pay via Bitcoin or another cryptocurrency, the only data associated with the payment is the wallet address used and the on-chain transaction hash. On-chain data is public by the nature of blockchain technology; we do not control or have responsibility for the public visibility of on-chain transactions.

8 - Third-Party Services

We rely on a limited number of third-party infrastructure providers to operate the platform. We select providers based on reliability, security practices, and data minimization principles.

  • Hosting / VPS providers: Our servers are hosted on one or more virtual private server providers. These providers have physical or logical access to server infrastructure, but do not process your personal data on our behalf in any application-layer sense. Data on these servers is subject to our security controls.
  • Cloudflare: We use Cloudflare as a CDN and DDoS protection layer. Cloudflare may process IP addresses and HTTP headers as traffic passes through their network. Cloudflare's privacy practices are governed by their own privacy policy. We use Cloudflare's services in a configuration designed to minimize data retention at their edge.
  • Payment processor: As described in Section 7, a licensed payment processor handles card transactions. Your payment data submitted to their checkout form is governed by their privacy policy.
  • GPU compute infrastructure (Vast.ai or similar): Pool clients may run on third-party GPU compute providers. Workers connecting from these environments are identified to our platform only by their worker identifier and IP address. We do not have visibility into or responsibility for the privacy practices of compute providers that individual participants choose to use.

We do not use any social media integrations, embedded advertising networks, or data broker services. We do not embed third-party scripts beyond what is necessary for payment processing.

9 - Data Retention

We retain data only as long as it serves the purpose for which it was collected, or as required by law. The following retention schedules apply:

  • Account data (username, hashed password, wallet addresses): Retained for the lifetime of your account. You may request account deletion at any time, after which this data is purged within 30 days.
  • Worker statistics: Aggregate and per-worker statistics are retained for up to 12 months of historical data visible in your dashboard. Older raw data may be purged or anonymized.
  • Session tokens: Expire after a period of inactivity (typically 30 days). Expired sessions are purged from the database.
  • Server access logs: Retained for a maximum of 30 days, then automatically deleted. Logs associated with an active security investigation may be retained for the duration of the investigation.
  • Payment transaction records: Retained for the period required by applicable financial law (typically 5–7 years), then purged. We retain only the minimum legally required fields.

When data is deleted, it is permanently removed from our live databases. Backups containing historical data may persist for up to 30 additional days before being overwritten by the backup rotation cycle.

10 - Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data. We respect these rights regardless of where you are located, to the extent technically and legally feasible.

  • Right of access: You may request a copy of the personal data we hold about your account.
  • Right of rectification: You may update your wallet address or other account information at any time through your account settings.
  • Right of erasure ("right to be forgotten"): You may request deletion of your account and associated data. We will fulfill this request within 30 days, subject to any legally mandated retention obligations (e.g., payment records).
  • Right to data portability: Upon request, we can provide your account data (username, wallet addresses, worker statistics) in a machine-readable format such as JSON or CSV.
  • Right to restrict processing: You may request that we limit the processing of your data while a dispute or correction request is pending.
  • Right to object: You may object to any processing of your data that is not strictly necessary for service delivery.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Because we do not collect email addresses, requests must be submitted through the contact method described in Section 14. We may need to verify your identity as the account holder before fulfilling a request; we will do this using information already associated with your account (e.g., confirming knowledge of your username and wallet address).

EU/EEA residents: if you believe your rights under GDPR have been violated, you have the right to lodge a complaint with your local supervisory authority.

11 - Security

We implement technical and organizational security measures appropriate to the sensitivity of the data we hold. These measures include:

  • All data in transit is encrypted using TLS 1.2 or higher. Connections over plain HTTP are automatically redirected to HTTPS.
  • Passwords are stored using a modern one-way hashing algorithm (bcrypt or equivalent) with appropriate cost factors. Plaintext passwords are never logged or stored.
  • Database access is restricted to application processes only; no public database ports are exposed.
  • Server access is limited to authenticated operators using SSH key authentication. Password-based SSH is disabled.
  • We apply security headers (Content Security Policy, HSTS, X-Frame-Options, etc.) on all web responses.
  • API endpoints are rate-limited to prevent brute-force and enumeration attacks.
  • We perform periodic review of server configurations, dependency versions, and access controls.

Despite these measures, no system is perfectly secure. In the event of a data breach that affects your personal information, we will notify affected users through the platform interface (or any contact method on file if available) within a reasonable timeframe, and we will take immediate remediation steps.

Because we collect minimal personal data, the impact of a hypothetical breach is significantly lower than with platforms that store extensive personal information. Your email, phone number, and real identity are not at risk from us — because we never had them.

12 - Children

btcpuzzle.info is not directed at, and does not knowingly collect data from, individuals under the age of 18 (or the applicable age of majority in your jurisdiction). The platform involves cryptocurrency, computational resource management, and financial transactions — activities intended for adults.

If we become aware that a user is under the applicable minimum age, we will take steps to delete their account and associated data. Because we do not collect age-verifying information by design, we rely on users to self-represent their eligibility. If you are a parent or guardian and believe your minor child has registered on this platform, please contact us using the information in Section 14.

13 - Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective date" at the top of this document and, where feasible, display a notice on the platform for a reasonable period.

Because we do not collect email addresses, we cannot notify you of policy changes via email. We encourage you to review this page periodically. The version history of this document will note the nature of any changes made.

Continued use of the platform after a policy update constitutes acceptance of the revised policy. If you do not agree with the updated policy, you should discontinue use of the platform and may request account deletion as described in Section 10.

We will never make retroactive changes that reduce your privacy rights with respect to data we have already collected — any changes that reduce protections will apply only to data collected after the effective date of the change.

14 - Contact

For privacy-related inquiries, data access requests, deletion requests, or any other questions about this policy, you may reach us through the following channel:

Platform: btcpuzzle.info / (BTC Puzzle)

Contact method: Use the contact or support form available in the platform interface, or reach us at the email address listed on our official contact page.

Response time: We aim to respond to privacy-related requests within 14 business days. Complex requests (e.g., full data exports) may take up to 30 days.

Language: We accept requests in English