Data Disclosure Policy
Bittylicious and Data Disclosure
Bittylicious Ltd is registered with the UK Information Commissioner's Office and is fully committed to handling customer data legally and responsibly. If you are a law enforcement or other UK authority and seek to request information from us, please read the following first to ensure that your request is dealt with as promptly and effectively as possible.
Bittylicious Ltd cooperates with UK authorities, and we are mindful of our legal obligations regarding data under UK law. Requests for information from legally sanctioned UK authorities and which satisfy the Data Protection Act 2018 (DPA) requirements will be dealt with as quickly and fully as possible. However, we will not entertain speculative, incomplete, legally dubious or vague requests for information, as this is in breach of our legal obligations.
Please note that confirming the existence or activites of a customer is in itself a disclosure of customer data. We will not confirm the existence of any account or transaction unless we are also ready to disclose all relevant information pertaining to it.
Making a Successful Request with Bittylicious
So that we can best deal with any formal and legally sound request for information, please consider the following:
- Provide as many identifying data points as possible to enable us to identify a customer correctly. This might be a name, phone number, date of birth, postcode, specific account activity, etc.
- Blockchain analysis-based information alone is not sufficient for us to reliably identify the correct customer data. Any such information must therefore be accompanied by other types of identifying information. More information on this below.
- Only send us sensitive customer information in an encrypted format. We can assist you in setting this up. Never send sensitive information insecurely (e.g. e-mailing a password).
- Provide information about the investigation, e.g. the crime, arrests, pending trials, links to a specific enquiry, and an explanation as to why the information is being sought.
- Let us know if any of the information will be shared directly or indirectly with law enforcement or government of a foreign state.
- Tell us if the customer has explicitly consented to the disclosure of data, as this simplifies the procedure.
Please send your request to firstname.lastname@example.org stating the authority you are requesting this under.
If you cannot meet the requirements above, you may need to obtain a judge-signed, UK court order. In some cases, this may be the only way we can discharge our legal responsibilities under the DPA while providing you with the information you require. We are keen to cooperate, and are committed to doing so in a legally compliant way.
We can provide standard witness statements where needed in the course of an investigation. The witness statement must be provided by yourself, but we can provide a template which can be used as a starting point.
We prefer to send filled in witness statements in an electronic manner, e.g. over email. If you insist on this being physically signed and sent, you will need to print this off and send a stamped self address envelope. Contact us for the address to send this SSAE to.
In the unlikely event that anyone from Bittylicious is called to testify as an expert witness, we can only point to exhibits. We do not offer theories or provide expert opinions as a matter of policy.
When you use blockchain analysis in your investigation, you are relying on a proprietary algorithm by a business to make a best guess. Depending on which company's website you are using, you may get different results. Just because blockseer, walletexplorer or chainalysis claims an address belongs to Bittylicious, it isn't necessarily so. When you follow the path of coins, any unknown address in the chain of transactions may belong to a shared wallet, which means the transaction you see is almost guaranteed to involve two random people not actually connected to the source address in any way. Shared wallets (such as Bittylicious and most other marketplaces and exchanges) have one common bitcoin wallet where funds are pooled and only the operators of these websites know which address belongs to whom. We welcome enquiries and will do our best to help, but please handle any leads from blockchain analysis with caution. Blockchain analysis software is provided by private companies to paying customers, and their claims of reliability should be taken with a pinch of salt.
Security when Sending Data
If we approve your request, we will need to send you data.
We only send any data in a secure format. We will never send unencrypted data over email.
Our standard practice is to use Firefox Send and to encrypt the data with a password which we can give to you securely. Firefox Send does not require installation of any software, and is essentially a time and download-limited portal which password protects files.
If you cannot use this for whatever reason, you need to come up with a simple solution in which we can upload files securely. We will not install any software on our computers to do this, so would rely on secure web portals. It is at our discretion if we consider your suggestion sufficiently secure.
In a worst case scenario, it may be possible for you to post us a USB stick along with a self stamped address envelope to us. We would encrypt the data and email you the password. The USB stick would need to be pre-formatted to your specifications, and would need to be sent to wherever we are working at the time. We do not promise to return USB sticks in any specific timescale. We will not send out data in an unencrypted format under any circumstances, and this includes printing out personal data.