-
Notifications
You must be signed in to change notification settings - Fork 12
Privacy
Bitrequest does not hold your funds or have access to your funds. It monitors addresses entered in the app.
Bitrequest is a tool for accepting cryptocurrencies. It's not possible to send any funds.
Bitrequest does not connect to a central database. All data is stored locally on the user's device.
Bitrequest does not store any personal data on external servers.
- Cryptocurrency addresses
- Extended public keys (xpub, zpub, Ltub, dgub, kpub)
- Monero view keys (for transaction scanning)
- Lightning node connection details
- Transaction data (value, date, hash, confirmations)
- Request history and metadata
- Settings and preferences
- BIP39 seed phrase (if generated)*
*The BIP39 seed phrase is generated and stored encrypted on your device using AES encryption. It is not accessible by third parties and never leaves your device unless you explicitly export a backup.
Bitrequest requires network access to fetch exchange rates and transaction data from various public APIs and block explorers.
- CoinMarketCap
- CoinPaprika
- CoinGecko
- Fixer
- Currencylayer
- ExchangeRatesAPI
- BlockCypher (Bitcoin, Litecoin, Dash, Dogecoin)
- mempool.space (Bitcoin)
- Blockchair (multi-chain)
- Ethplorer (Ethereum, ERC-20)
- Infura (Ethereum RPC)
- Alchemy (Ethereum, L2 networks)
You can connect to your own nodes for enhanced privacy:
- Electrum servers (Bitcoin, Litecoin)
- Ethereum RPC endpoints
- Monero remote nodes
- Lightning nodes (LND, LNbits, Core Lightning REST)
When using personal nodes, transaction data is fetched directly without third-party APIs.
Monero requires a private view key to scan for incoming transactions. This view key:
- Is stored locally on your device
- Cannot be used to spend funds
- Allows scanning without revealing sender information
| Request Type | View Key Handling |
|---|---|
| Point of Sale | View key stays on your device. Scanning happens locally. |
| Shared Request | View key is sent to configured Monero LWS (Light Wallet Server) for remote scanning. |
For maximum privacy with shared requests, connect to your own Monero node or a trusted LWS server.
Lightning node connections require:
- Node URL/endpoint
- Authentication (macaroon or API key)
Bitrequest only accepts read-only macaroons and invoice-only API keys. This means:
- Bitrequest can create invoices and check payment status
- Bitrequest cannot spend or move your funds
- Your channel balances and node funds remain secure
This data is stored locally and only sent to your configured Lightning node. Bitrequest supports LND, LNbits, and Core Lightning REST APIs.
You can opt-in to save your app data to Google Drive by logging in to your Google account.
This allows Bitrequest to backup and restore using the appdata folder in Google Drive.
- Google Drive access is restricted to this folder only
- No other personal data is accessible by Bitrequest
- Backups are stored in your personal Google Drive account
- You can revoke access at any time via Google account settings
Alternatively, you can download manual JSON backups without using Google Drive.
To improve user experience when sharing requests, URLs can be shortened.
| Option | Description |
|---|---|
| Bitrequest Shortener | Built-in shortener hosted on Bitrequest servers (default) |
| Bitly | Third-party service (optional, use your own API key) |
| Disabled | Share full URLs without shortening |
The original request URL contains:
-
payment— cryptocurrency type -
uoa— unit of account (fiat currency) -
amount— requested amount -
address— cryptocurrency address -
d— base64 encoded metadata (name, description, date, confirmations)
For maximum privacy:
- Disable URL shortening in settings, or
- Use your own Bitly API key, or
- Use the built-in Bitrequest shortener (no third-party tracking)
By default, API calls are routed through app.bitrequest.io to:
- Enable usage without personal API keys
- Provide caching to reduce rate limits
- Handle multi-provider fallbacks
- Exchange rate requests (no personal data)
- Blockchain queries (addresses only, no private keys)
You can self-host Bitrequest with your own API keys to bypass the proxy entirely. See the technical documentation for setup instructions.
Bitrequest supports routing API calls through TOR proxies for enhanced privacy. Configure TOR proxy settings in the app to anonymize your network requests.
| Service | Purpose | Data Shared |
|---|---|---|
| Exchange rate APIs | Fiat/crypto conversion | None (public rates) |
| Block explorers | Transaction monitoring | Addresses only |
| URL shorteners | Link sharing | Request URLs |
| Google Drive | Backup (opt-in) | Encrypted app data |
| Personal nodes | Direct blockchain access | Your choice |
Bitrequest is 100% open source. You can audit the code at:
github.com/bitrequest/bitrequest.github.io
For privacy concerns or questions, please open an issue on GitHub or contact via bitrequest.io.