Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how 21 CBI, a service operated by Bitcitizen LLC ("Bitcitizen," "we," "us," or "our"), collects, uses, shares, and protects personal information when you access or use the 21 CBI website located at 21cbi.io and any related pages, forms, scheduling links, tools, or communications (collectively, the "Website"), and when you engage any citizenship-by-investment advisory services we offer (the "Services").

21 CBI is part of the Bitcitizen ecosystem, which also includes BitWY (bitwy.io). This Policy is part of a legal framework that includes our Terms of Service and Cookie Policy, and is designed to work alongside the Bitcitizen LLC Privacy Policy (available at bitcitizen.io/privacy) and Terms of Service (available at bitcitizen.io/terms). Where this Policy addresses a matter specific to 21 CBI, this Policy controls. For matters not specifically addressed here, the Bitcitizen LLC Privacy Policy applies.

By accessing or using the Website or Services, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Website or Services.

This document is not legal advice. You remain responsible for your own legal, tax, and regulatory obligations in all applicable jurisdictions.

2. Information We Collect

2.1 Information You Provide Directly

• Contact information (name, email, phone, Signal handle, Telegram username)
• Inquiry form data
• PPQ responses
• Cost Calculator inputs
• US Exit Tool inputs
• Newsletter subscription (email)
• Engagement documents (passport copies, birth certificates, etc.)
• Communications via email, Signal, Telegram, and WhatsApp
• Payment information (Bitcoin transaction IDs, Lightning references, USDT hashes, fiat wire details)

2.2 Information Collected Automatically

• Device and browser information
• Usage data
• IP address and approximate geolocation
• Cookies

2.3 Information from Third Parties

• Government agencies
• Local partners
• Payment processors
• Analytics providers

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and deliver the Services you request
• To respond to your inquiries and provide customer support
• To deliver results from our tools (Cost Calculator, US Exit Tool)
• To communicate with you about your engagement or application
• To send marketing communications, including newsletters (with your consent)
• To improve the Website, Services, and user experience
• To comply with legal and regulatory obligations
• To protect our rights, privacy, safety, or property

4. How We Share Your Information

We do not sell your personal information.

4.1 Within the Bitcitizen Ecosystem

We may share information with other services within the Bitcitizen ecosystem (including BitWY) to provide integrated services, improve our offerings, and maintain consistent account management.

4.2 With Government Authorities

When you engage our Services for a citizenship-by-investment application, we will share your personal information and application documents with the relevant government authorities as required by the application process.

4.3 With Local Partners

We work with licensed local agents, attorneys, and service providers in program jurisdictions to facilitate your application. We share only the information necessary to complete the services you have engaged.

4.4 With Service Providers

We use the following third-party service providers to operate the Website and Services:

• Resend (email delivery)
• Vercel (hosting and deployment)
• Google Analytics (website analytics)
• Clerk (authentication)
• BTCPay Server (payment processing)

4.5 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.6 Business Transfers

If Bitcitizen LLC or 21 CBI is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encrypted communications via Signal and PGP where applicable
• Minimal data retention practices
• Compartmentalized case handling
• HTTPS, TLS encryption, and security headers on all web traffic

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. International Data Transfers

Bitcitizen LLC is based in Wyoming, United States. By using the Website or Services, your information may be transferred to, stored, and processed in the United States and in other countries where program jurisdictions, local partners, or service providers are located.

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another jurisdiction with data protection laws, we will ensure that any transfer of your personal information is carried out in accordance with applicable law, including through the use of Standard Contractual Clauses (SCCs) approved by the European Commission where required under the GDPR or UK GDPR.

7. Cookies and Similar Technologies

The Website uses cookies and similar technologies to improve your experience. We use the following types of cookies:

• Necessary cookies: Required for the Website to function properly, including authentication and security.
• Analytics cookies: Help us understand how visitors interact with the Website so we can improve it.
• Functionality cookies: Remember your preferences and settings to provide a more personalized experience.

We do not use cookies for targeted advertising. We do not sell cookie data to third parties.

For a full breakdown of every cookie we set, the third parties involved, and how to manage them, see our Cookie Policy.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy. Our general retention periods are:

• Inquiry data: 24 months from the date of inquiry
• Client data: Duration of the engagement plus 7 years
• Application documents: Deleted within 90 days after completion of the application process
• Newsletter subscription: Until you unsubscribe
• Analytics data: Aggregated and anonymized

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information
• Restriction: Request that we restrict the processing of your information
• Portability: Request a portable copy of your information in a structured, commonly used format
• Objection: Object to the processing of your personal information
• Withdraw consent: Withdraw your consent at any time where processing is based on consent

If you are located in the European Union, European Economic Area, or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the rights listed above. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, please contact us at [email protected]with the subject line "Data Rights Request." We will respond to your request within 30 days.

10. Children's Privacy

The Website and Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child under 18, please contact us at [email protected] and we will take steps to delete such information promptly.

11. Third-Party Links

The Website may contain links to third-party websites, including government program sites, local partner sites, and other services within the Bitcitizen ecosystem. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party site you visit.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the "Last updated" date at the top of this page. If we make material changes, we will notify you by posting a notice on the Website or by other appropriate means.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Bitcitizen LLC (operating as 21 CBI)
30 N Gould St, Ste R
Sheridan, WY 82801
United States

Email: [email protected]
Website: 21cbi.io

For data rights requests, please email [email protected]with the subject line "Data Rights Request."