Coinbase Commerce Privacy Policy

Last Updated: September 1, 2021

Coinbase Commerce is a service that simplifies the acceptance of cryptocurrencies as payment for goods and services provided by Toshi Holdings Pte. Ltd. (“Coinbase Commerce” or “Commerce” or “we” or “us” or “our”). This Privacy Policy (the “Policy”) helps explain how we collect, use, store, and protect your information when you use our website at, the Coinbase Commerce service or any Coinbase Commerce API or third party applications relying on such API, or any other websites, pages, features, or content related to the Coinbase Commerce service (collectively the “Services”).

Please read this Policy carefully along with the Coinbase Commerce Terms of Service (the “Terms”), which describe the terms under which you use the Services. If you have any questions, please contact us at [email protected].

Acceptance of Privacy Policy

By accessing and using our Services, you signify your acceptance to the terms of this Policy. If you do not agree with or you are not comfortable with any aspect of this Policy, you should immediately discontinue access or use of our Services.

Changes to this Policy

We reserve the right to modify this Policy at any time, and when required by law, we will notify you of changes to this Policy. If we make any material changes we will notify you via the email current on your account with us or by means of a notice on our Services prior to the change becoming effective.

Commerce may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your personal information.

Scope of this Privacy Policy

This Privacy Policy only applies to non-custodial Commerce Services. Please review our Retail Privacy Policy to understand how Coinbase collects, uses and shares personal information of its custodial customers when performing custodial Commerce Services.

Our Relationship to You

For you to understand our data protection obligations and your rights to your personal information under this Policy, it is important that you identify which relationship(s) you have with us. Toshi Holdings Pte. Ltd. (“Coinbase Commerce”) has the following relationships:

Hereinafter we may refer to Customers and Users collectively as “you.”

Information We Collect

We receive or collect personal information when we operate and provide our Services, including when you install, access, or use our Services. Personal information is data that can be used to identify you directly or indirectly, or to contact you. Our Policy governs all personal information we collect about you and obtain from third party sources. This Policy does not apply to anonymized information as it cannot be used to identify you.

Generally, we collect information to provide you with our Services. Except as described in this Policy, we will not sell, lease, rent or loan your personal information to any third party without your prior consent.

Information you provide

Information we collect from our affiliates

Our “family of companies” is the group of companies related to us by common control or ownership (“Affiliates”). In accordance with applicable law, we may obtain information about you from our Affiliates in the normal course of business to provide the Services and Affiliates’ Services to you (e.g., convert cryptocurrency into fiat and make withdrawals into your bank account).

Automatically collected information

How We Use the Information We Collect

Our primary purpose in collecting information is to help us operate, provide, improve, customize, support, and market our Services.We may use your information:

To provide Coinbase Commerce Services

We process your personal information to provide the Services. For example, if you want to use our Services to accept Digital Currency on your website, we require that you provide us with your email address and a password. We cannot provide you with Services without such information.

To provide Service communications

We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services.

To provide customer service

We process your personal information when you contact us to resolve any questions, disputes, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

To ensure quality control

We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.

Designated Countries: For individuals who reside in the United Kingdom, European Economic Area or Switzerland (collectively the “Designated Countries”), pursuant to EU General Data Protection Regulation (“GDPR”) or any equivalent legislation (collectively “DC Data Protection Laws”), we process this personal information based on our contract with you.

For research and development purposes

We process your personal information to better understand you and, if applicable, your end-users and the way you use and interact with our Services. In addition, we use such information to customize, measure, and improve our Services and the content and layout of our website and applications, and to develop new Services. Without such processing, we cannot ensure your continued enjoyment of our Services.

Designated Countries: Pursuant to DC Data Protection Laws, we process this personal information to satisfy our legitimate interests as described above.

To enhance your website experience

We process your personal information to provide a personalized experience, and implement the preferences you request. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.

Designated Countries: Pursuant to DC Data Protection Laws, we process this personal information to satisfy our legitimate interests as described above.

To facilitate corporate acquisitions, mergers, or transactions

We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.

Designated Countries: Pursuant to DC Data Protection Laws, we process this personal information to satisfy our legitimate interests as described above.

To engage in marketing activities

Based on your communication preferences, we may send you marketing communications to inform you about relevant product offers and services; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.

Designated Countries: Pursuant to DC Data Protection Laws, we process this personal information based on your consent or legitimate interest to the extent permitted by DC Data Protection Laws. To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. You may raise such objections with regard to initial or further processing for purposes of direct marketing, at any time and free of charge.

We will not use your information for purposes other than those purposes we have disclosed to you. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties, or from allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or Services may not be available to you.


We may send you communications that are related to your account or will be related to our Services or information we believe interests you. In the event we send any communication to you which is not related specifically to your account, we will provide you with an "unsubscribe" mechanism through which you may opt out of receiving other similar messages in the future.

How Your Information Is Shared With Customer End Users

If you use your account in a transaction with your Customer End User, that Customer End User will have access to an address associated with your public key allowing them to pay for their purchases.

How We Share Information With Affiliates and Third Parties

We work with our Affiliates and third-party providers to help us operate, provide, improve, customize, support, and market our Services. For example, we work with companies to provide our infrastructure, delivery, and other systems. These providers may provide us information about you in certain circumstances.

We will also share information with our Affiliates in the normal course of business to provide the Services and Affiliate services.

We may also share information with law enforcement, government officials, Affiliates or other third parties when:

How We Use Cookies

When you access our Services, we or companies we work with may place cookies on your computer or other devices. These technologies help us better understand user behavior, and inform us about which parts of our websites people have visited. Please refer to the Coinbase Cookie Policy for more information about our use of cookies.


Some Internet browsers - like Internet Explorer, Firefox, and Safari - include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, our Services do not currently process or respond to "DNT" signals.


We do not knowingly request or collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, Commerce will require the user to close his or her account and will not allow continued use of the Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

California Privacy Rights

If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your personal information with third parties for the third parties’ direct marketing purposes. California law provides that you have the right to submit a request to us at our designated address and receive the following information: (a) the categories of information we disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year; and (b) the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually. You may make such a request by emailing [email protected].

Access and Modification of Your Personal Information

You may contact us at [email protected] to access the personal information we hold about you. If any of the information is inaccurate, you may rectify such information. We reserve the right to limit your access or modifications if your requests are too frequent and/or burdensome.

For individuals residing in Designated Countries, please refer to the “International Users” section below.

Security Safeguards

We maintain, and require our service providers to maintain, appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.

However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at the email address, mailing address or telephone number listed at the end of this Privacy Policy.


We limit our retention of your personal information to the only as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.

Please contact us if you have questions about retention periods for a particular aspect of your personal information which is not detailed above.

International Transfers of Personal Information

As a global entity, Commerce may store, transfer, and otherwise process your personal information in countries outside of the country of your residence, including the United States and possibly other countries. The data protection laws of such countries may not be as protective as the laws of the country in which you reside. To ensure that personal information is adequately protected when transferred outside the Designated Countries, Commerce relies on Standard Contractual Clauses approved by the European Commission.

International Users

This section only applies to individuals residing in a Designated Country.

Your rights to personal information are not absolute. Access may be denied when:

Contact Us

If you have any questions about our Privacy Policy, please do not hesitate to contact us at [email protected], or by mailing us at Coinbase Commerce, One Marina Boulevard, #28-00, Singapore 018989.