BIX® Payment System — Privacy Policy

Privacy

Privacy Policy

How BIX® protects your personal identity information, ensures data privacy, and maintains compliance with global standards.

1 Introduction

BIX System Corporation ("BIX®," "we," "us," or "our") is committed to protecting the personal identity information ("PII") of every individual and business entity that uses the BIX® Payment System and BIX® Ledger platform. This Privacy Policy describes the types of information we collect, how we protect it, how it is used, and the rights you have over your data.

Our approach to data protection is grounded in nationally and internationally recognized standards, including requirements established by the National Institute of Standards and Technology (NIST SP 800-122) and the European Union's General Data Protection Regulation (GDPR). We are committed to ensuring that all personal data within our systems is strongly protected against forgery, misuse, and unauthorized access, and that the correctness of data and its relationship to its owner can be verified and validated.

2 Information We Collect

In order to provide secure financial transactions and identity-enhanced services, we collect and process the following categories of personal information:

2.1 Personal Identity Information

Full legal name
Date of birth
Government-issued identification numbers (where required by law or regulation)
Contact information, including email address, phone number, and physical address

2.2 Financial Information

Bank account details (account number, routing number, account type)
Payment card information (processed in compliance with PCI DSS Level 1)
Transaction history and records

2.3 Business Entity Information

Business name and legal structure
Employer Identification Number (EIN) or equivalent
Authorized representative details

2.4 Technical & Usage Data

Device identifiers and session data
Authentication logs and access records
Cryptographic key identifiers (public keys only — private keys are never accessible to BIX®)

3 How We Protect Your Data

Your personal identity information within the BIX® Ledger is protected through a multi-layered security architecture. Each layer adds an independent safeguard, ensuring that your data remains secure even if any single layer were compromised.

Self-Signed Identity Each user in the system holds a unique private/public key pair. Your identity data is cryptographically hashed and digitally signed using your own private key, ensuring that only you can authorize and attest to the authenticity of your identity.

Self-Encrypted Identity Your identity data is cryptographically enveloped using your public key, meaning that only you (or parties you explicitly authorize) can decrypt and access the underlying information.

Ledger-Chained Immutability Your identity is loaded into the Secure BIX® Identities Ledger and chained into your Personal Identity Chain. This blockchain-based approach provides immutability and verifiability — once recorded, your identity data cannot be tampered with, deleted, or falsified without detection.

These three layers operate together to ensure that your data is protected, authentic, and verifiable at all times — meeting or exceeding NIST SP 800-122 requirements for PII protection.

4 Identity Verification & Reliability

The BIX® platform requires verified, reliable identities to ensure that only authorized and qualified users can access the system and conduct transactions. We achieve this through Bank ID (KYC) verification procedures.

4.1 How Verification Works

When you register on the BIX® platform, your personal identity information is validated through your banking institution. By providing your bank account and/or payment card details, we leverage the rigorous verification your bank has already performed — including identity confirmation, address verification, and financial standing checks — to establish a trusted, reliable identity within our system.

4.2 Assurance Levels

Based on the outcome of the verification process, the BIX® Ledger assigns an Assurance Level to your identity. Your Assurance Level determines the scope of access rights and transaction capabilities available to you within the platform. Higher assurance levels, achieved through more comprehensive verification, unlock broader functionality.

5 Your Privacy Rights

We believe you should have full control over your personal data. In accordance with GDPR and applicable privacy regulations, you have the following rights:

5.1 Data Privacy

Your personal identity information is encrypted using your own cryptographic keys. It cannot be revealed to or accessed by any party that is not a direct participant in a specific transaction you have authorized. No third party — including BIX® — can access your decrypted PII without your explicit permission.

5.2 Consent-Based Sharing

Your data will only be distributed to or used by other parties with your explicit consent. When you choose to authorize another party to access your information, the system re-encrypts your PII using that party's cryptographic key — ensuring that sharing is always deliberate, controlled, and traceable.

5.3 Right to Be Forgotten

You have the right to request the deletion of your account and all associated personal data from the BIX® Ledger at any time. Upon such a request, we will remove your data from our active systems in accordance with applicable legal and regulatory requirements.

5.4 Right to Access

You may request a copy of the personal data we hold about you at any time. We will provide this information in a clear, accessible format within a reasonable timeframe.

5.5 Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request correction. Updated information will be re-verified and re-chained into the BIX® Ledger to maintain the integrity and reliability of your identity.

6 Data Sharing & Consent

BIX® does not sell, rent, or trade your personal information to third parties. Data sharing occurs only under the following circumstances:

Transaction processing: Your data is shared with payment processors, issuing banks, and acquiring banks solely to the extent necessary to complete transactions you have initiated.
With your explicit consent: When you authorize another party within the BIX® ecosystem to access your identity information, the system facilitates the transfer using end-to-end encryption under your control.
Legal obligations: We may disclose your information if required by law, regulation, court order, or governmental authority, in which case we will notify you to the extent permitted by law.
System operations: BIX® technical staff may access system-level data (not your decrypted PII) for the purpose of maintaining, monitoring, and securing the platform infrastructure.

7 Global Identity Infrastructure

The BIX® Ledger operates as a globally distributed network of nodes. Each local user community is associated with a specific BIX® Ledger node, and all nodes are interconnected through the BIX® Ledger Broadcast Protocol.

When your identity is uploaded to your local BIX® Ledger node, it is distributed across all other nodes in the network. This ensures that your verified identity is accessible — with your authorization — to any authorized participant in the global system, enabling seamless cross-border transactions and identity verification.

Your identity is only accessible to other members of the network if you have explicitly granted authorization. Distribution across nodes does not mean open access — all data remains encrypted and under your control.

8 Single Sign-On & Authentication

BIX® Ledger supports a globally shared, secure, and privacy-enhanced identity system with a Single Sign-On (SSO) authentication protocol. This means:

Register once: You register your identity a single time with a BIX® Ledger Identity Provider node. Your verified identity is then available to all connected applications and services within the BIX® ecosystem.
Authenticate everywhere: Applications integrated with the BIX® Ledger can verify your identity without requiring separate registration or redundant identity validation.
Security by design: Your identity data is stored across distributed ledgers, eliminating single points of failure. Cryptographically protected identities are inserted into verifiable, non-repudiable identity chains — preventing deletion, falsification, or tampering after insertion.
Privacy preserved: All identity information is cryptographically protected through public-key technology, ensuring privacy, authenticity, and content correctness throughout the authentication process.

9 Regulatory Compliance

The BIX® platform is designed and operated in compliance with the following standards and regulations:

NIST SP 800-122: We adhere to the National Institute of Standards and Technology guidelines for the protection of Personal Identity Information, ensuring that PII is protected against forgery, misuse, and identity fraud.
EU General Data Protection Regulation (GDPR): Our system implements the core GDPR principles of data privacy, user consent, and the right to be forgotten through cryptographic controls that place data ownership in the hands of the user.
PCI DSS Level 1: All financial transaction processing within the BIX® platform complies with the Payment Card Industry Data Security Standard at the highest certification level.
KYC / Bank ID: Identity verification follows established Know Your Customer procedures and Bank ID validation protocols as required by national regulations in our countries of operation.

Because all identities within the system are under user control and can only be shared with other parties under the user's explicit consent, the platform maintains compliance with applicable national regulations and EU GDPR requirements.

10 Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your data rights, or need to report a privacy concern, please contact us at admin@bixsystem.com.