Privacy Policy.

01 / Introduction

Introduction.

02 / Information We Collect

Information we collect.

2.1 Information you provide directly

• Contact information (name, email, phone, encrypted-messaging handle, Telegram username).
• Inquiry form data.
• Passport Program Quiz (PPQ) responses.
• Cost Calculator inputs.
• US Exit Tool inputs.
• Newsletter subscription (email).
• Engagement documents (passport copies, birth certificates, residency proofs, source-of-funds artifacts, and similar).
• Communications via email, PGP, Signal, and Telegram.
• Payment metadata (Bitcoin transaction IDs, Lightning payment references, USDT transaction hashes, fiat wire references).

2.2 Information collected automatically

• Device and browser information.
• Aggregate usage data (page views, navigation paths).
• IP address and approximate geolocation, retained only for security and rate limiting.
• Cookies and similar technologies (see Section 7).

2.3 Information from third parties

• Government agencies that process your application (Financial Intelligence Units, immigration authorities, licensed local agents).
• Local partners (licensed agents and attorneys in program jurisdictions).
• Payment processors (BTCPay Server transaction confirmations; Stripe charge metadata when fiat is used).
• Analytics provider (aggregate page-view counts via Plausible Analytics).

03 / How We Use Your Information

How we use your information.

We use the information we collect for the following purposes:

• To provide and deliver the Services you request.
• To respond to your inquiries and provide client support.
• To return results from our tools (Cost Calculator, PPQ, US Exit Tool).
• To communicate with you about your engagement, application, or scheduled call.
• To send newsletter communications you have opted into; you can unsubscribe at any time.
• To improve the Website, the Services, and the user experience.
• To comply with legal, regulatory, and sanctions obligations.
• To protect our rights, your safety, or the safety of others.

Where the legal basis for processing is consent (for example, newsletter signup), you may withdraw that consent at any time. Where the basis is contract performance (engagement delivery), legal obligation (sanctions screening), or legitimate interest (security, fraud prevention), we process accordingly and document the basis on request.

04 / How We Share Your Information

How we share your information.

We do not sell your personal information.

4.1 Within the Bitcitizen ecosystem

We may share information with other services within the Bitcitizen ecosystem to deliver integrated services, maintain consistent account management, and route cross-domain referrals (for example, US-renunciation matters routed to Exitly). Sharing is on a need-to-know basis; no ecosystem service receives more than the engagement requires.

4.2 With government authorities

When you engage our Services for a citizenship-by-investment application, we share your personal information and application documents with the relevant government authorities as required by the application process. Each program names its receiving authority on its program page; for El Salvador, that authority is The Bitcoin Office and the Dirección General de Migración y Extranjería.

4.3 With local partners

We work with licensed local agents, attorneys, and service providers in program jurisdictions to file your application. We share only the information necessary to complete the services you have engaged.

4.4 With service providers

We use a small set of third-party processors to operate the Website and Services. Each is named below with its role; sub-processor lists are available on request.

• Cloudflare: edge delivery, DDoS protection, and TLS termination for 21cbi.io.
• Self-hosted application infrastructure: the 21 CBI application runs on infrastructure under Bitcitizen LLC’s direct operational control, behind Cloudflare.
• Clerk: authentication, session management, and account-security primitives.
• Resend: transactional and newsletter email delivery.
• Plausible Analytics: cookie-less, EU-hosted, aggregate page-view counts.
• BTCPay Server: self-hosted Bitcoin and Lightning payment processing.
• Stripe: fiat credit-card and bank-transfer processing when those payment rails are used.

4.5 Legal requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.6 Business transfers

If Bitcitizen LLC or 21 CBI is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

05 / Data Security

Data security.

We implement technical and organizational measures that match the sensitivity of the data the firm handles. The controls below are what we actually run, not aspirational language.

• Encryption in transit. HTTPS with Transport Layer Security (TLS) 1.2 or higher on all web traffic; HTTP Strict Transport Security (HSTS) preload; modern ciphers only.
• Encryption at rest. All persisted personal data is encrypted at rest at the storage layer.
• End-to-end encrypted communications. Sensitive communications travel over PGP (for email) and Signal (for messaging). PGP keys and Signal handles are published on request.
• Hardware-key second factor. Administrative access to client systems requires a hardware security key (FIDO2 / WebAuthn) on top of strong authentication via Clerk.
• Compartmentalized case handling. Each engagement is isolated at the file, wallet, and advisor layer. No shared client database is exposed across engagements; one client’s file does not see another.
• Minimum-necessary data retention. Inquiry data, application documents, and analytics are retained per the schedule in Section 8 and deleted on schedule.
• Content Security Policy and security headers. Strict CSP, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy are set at the edge; violations are logged.
• Audit logging. Administrative actions on client records are logged with actor, action, and timestamp; logs are retained for incident review.
• Self-custody payment posture. Bitcoin and Lightning payments are received into wallets the firm self-custodies; no third-party custodian holds client funds in transit.

No method of transmission over the internet or electronic storage is ever absolutely secure. We commit to applying the controls above and to disclosing any material incident affecting your personal data without undue delay.

06 / International Data Transfers

International data transfers.

Bitcitizen LLC is registered in the State of Wyoming, United States. By using the Website or Services, your information may be transferred to, stored, and processed in the United States and in any country where a program jurisdiction, local partner, or service provider is located. Program jurisdictions currently include Vanuatu, São Tomé & Príncipe, Türkiye, El Salvador, and Argentina.

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with cross-border data protection rules, we carry out transfers of your personal information in accordance with applicable law, including the General Data Protection Regulation (GDPR) and the UK GDPR. Where required, this includes the use of Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, and equivalent mechanisms.

07 / Cookies and Similar Technologies

Cookies and similar technologies.

The Website uses a small set of cookies and similar technologies. They fall into three categories:

• Necessary cookies: required for the Website to function (authentication, CSRF protection, cookie-consent state).
• Analytics: aggregate page-view counts via Plausible Analytics, which is cookie-less by design.
• Functionality cookies: remember your preferences and tool state across visits.

We do not run advertising cookies, retargeting pixels, session recording, or device fingerprinting. We do not sell cookie data.

For a full breakdown of every cookie we set, the third parties involved, and how to manage them, see our Cookie Policy.

08 / Data Retention

Data retention.

We retain personal information only for as long as the purpose described in this Policy requires. Standard retention schedule:

• Inquiry data: 24 months from the date of the inquiry, then deleted.
• Client engagement records: duration of the engagement plus 7 years, for tax, regulatory, and audit purposes.
• Application documents: deleted within 90 days after completion of the application process; the file is then closed.
• Newsletter subscription: retained until you unsubscribe.
• Aggregate analytics: retained anonymized, up to 14 months in Plausible.
• Security and audit logs: 12 months, then rotated.

Where a legal hold, sanctions inquiry, or active matter requires longer retention, we retain the affected records for the duration of that obligation. We document and disclose the basis on request.

09 / Your Rights

Your rights.

Depending on your location and the applicable law, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request that we delete your personal information, subject to legal-hold and regulatory-retention exceptions.
• Restriction: request that we restrict the processing of your information.
• Portability: request a portable copy of your information in a structured, commonly used format.
• Objection: object to processing where the basis is legitimate interest.
• Withdraw consent: withdraw consent at any time where processing is based on consent.

If you are located in the European Union, the European Economic Area, or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and the UK GDPR, including the rights listed above. You also have the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”). These include the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) provides analogous rights. If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation apply. If you are located in Australia, the Australian Privacy Principles apply. Where another jurisdiction grants rights not listed here, we honor those rights to the extent the law applies to our processing.

To exercise any of these rights, contact us at [email protected]with the subject line “Data Rights Request.” We will acknowledge receipt within 10 business days and respond substantively within 30 days, extendable as the applicable law allows.

10 / Children’s Privacy

Children’s privacy.

The Website and Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. Where a citizenship application includes dependent children, the information we receive is provided by the engaging adult applicant on the dependents’ behalf and is used only to support the application. If you believe we have inadvertently collected information directly from a child under 18, contact [email protected] and we will take steps to delete that information promptly.

11 / Third-Party Links

Third-party links.

The Website may contain links to third-party websites, including government program sites, licensed local partner sites, and other services within the Bitcitizen ecosystem. We are not responsible for the privacy practices or content of those third-party sites. Review the privacy policy of any third-party site you visit.

12 / Changes to This Policy

Changes to this policy.

We update this Policy when our practices, technology, or legal requirements change. The “Effective” date at the top of this page reflects the date of the most recent update. Material changes are announced through the Website and, where appropriate, by direct notice to active engagement clients. Historical versions are retained internally and made available to regulators on request.

13 / Contact Us

Contact us.

Questions about this Privacy Policy or our data practices can be directed to:

Bitcitizen LLC (operating as 21 CBI)
30 N Gould St, Ste R
Sheridan, WY 82801
United States

General contact: [email protected]
Privacy and data-rights requests: [email protected]
Website: 21cbi.io

For matters that warrant encryption, request our current PGP public key by replying to any signed message we have sent you, or open a Signal conversation; we will share the public key in-channel.