Privacy is a core principle of BitBox products. The BitBoxApp is designed to operate with minimal and purpose-limited data exchange, strictly required for functionality and security.
This article explains what data may be transmitted when using the BitBoxApp, why it is needed, how Shift Crypto handles it, and which options are available to further reduce data exposure.
For general information about how Shift Crypto processes personal data, please also refer to our Privacy Policy.
Using the BitBoxApp in the most privacy-preserving way
For maximum privacy, users may configure the BitBoxApp to connect to their own Bitcoin full node.
If no custom backend is configured, the BitBoxApp connects to backend infrastructure operated by Shift Crypto. These services are designed to minimize data exposure and do not require access to private keys, recovery words, passphrases, or extended public keys.
Privacy control
You can also configure the BitBoxApp to use any public Electrum-compatible backend and optionally route all backend communication through the Tor network to further reduce network-level metadata exposure.
Why network communication is required
The BitBoxApp requires network communication with backend servers to perform the following functions:
- Broadcasting transactions to the blockchain network
- Fetching account balances and transaction history
- Synchronizing blockchain headers
- Checking for software updates
- Retrieving exchange rate information
This communication is limited to what is technically required for these functions.
What data may be transmitted when using the BitBoxApp
Depending on your configuration (default backend, custom backend, own node, Tor), the following data may be transmitted:
-
Transaction data
Transaction identifiers (TXIDs) required to broadcast transactions. -
Addresses within gap limits
Receive and change addresses required to detect balances and transaction history
(e.g., used addresses and a limited number of unused addresses per account). -
Network metadata
- IP address (processed transiently for network communication)
- Date and time of connection events
-
Sync status
Information required to determine which blockchain headers need to be synchronized.
What data is not shared
Shift Crypto does not receive or store the following data when using the BitBoxApp:
- Recovery words (seed phrase)
- Optional passphrase
- Device password
- Private keys
- Extended public keys (xpubs)
All sensitive cryptographic material remains on your device or on the BitBox hardware wallet.
How Shift Crypto handles this data
Logging and data handling are designed according to data-minimization principles:
- Logging is limited to the absolute minimum necessary for service stability and troubleshooting.
- IP addresses are either not logged at all or anonymized before being written to logs, depending on the service.
- Logged data is not profiled, sold, or used for marketing purposes.
- The BitBoxApp does not embed third-party tracking, advertising, or analytics tools.
Important clarification
Some network-level data (such as IP addresses) must be processed transiently to establish a connection. Where logging occurs, it is anonymized and minimized by design.
Bitcoin, Ethereum, and backend services
-
Bitcoin
The BitBoxApp uses Electrum-compatible servers. Shift Crypto operates its own servers with minimized logging. Users are encouraged to connect to their own Bitcoin node. -
Ethereum and ERC20 tokens
t information (balances and transactions) is retrieved via the Etherscan API.
Please refer to Etherscan’s privacy policy for details on their data handling.
Software updates and exchange rates
The BitBoxApp connects to Shift Crypto’s web servers only to:
- Check for available software updates
- Retrieve exchange rate information
No wallet-identifying information, private keys, or recovery data is transmitted during these requests.
Optional privacy enhancements
To further increase privacy, users may:
- Connect the BitBoxApp to their own Bitcoin full node
- Use a custom or public Electrum backend
- Route backend communication through the Tor network, masking IP address and location
QR code scanning and local processing
QR code scanning is performed locally on your device and only when initiated by you.
QR data is not transmitted to external servers, except when you explicitly broadcast a transaction.
Frequently Asked Questions (FAQ)
Does Shift Crypto know how much Bitcoin or crypto I own?
No. Shift Crypto does not have access to your balances, private keys, recovery words, or passphrases.
Can Shift Crypto link my identity to my wallet activity?
The BitBoxApp does not collect personal identity data. Network metadata is minimized and anonymized where logging occurs.
Can authorities force Shift Crypto to hand over my wallet data?
Shift Crypto does not store private keys, recovery words, passphrases, or extended public keys. This information is therefore not available to be disclosed.
Does the BitBoxApp use trackers or analytics?
The BitBoxApp does not embed third-party tracking or advertising analytics. Operational logging is limited to what is required for service stability.
How can I maximize privacy when using the BitBoxApp?
Use your own Bitcoin full node and route network traffic through the Tor network.
Is QR code scanning private?
Yes. QR code scanning happens locally on your device and is only transmitted when you explicitly broadcast a transaction.