ionux
commented
9 years ago Hi Rachel, thanks for writing! If you don't mind, I'd like to separate our plugin from the Prestashop eCommerce software itself and answer your question that way since they are two distinct items. You can also view the BitPay Privacy Policy here: https://bitpay.com/about/privacy. I spoke to our Legal department as well and they asked me to highlight the following section for the purpose of clarity:
But we never sell [your personal information]. Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal information to:
- provide the BitPay services and customer support you request;
- process transactions and send notices about your transactions;
- resolve disputes, collect fees, and troubleshoot problems;
- prevent potentially prohibited or illegal activities, and enforce our Terms of Use;
- customize, measure, and improve the BitPay Services and the content and layout of our website and applications;
- deliver targeted marketing, service update notices, and promotional offers based on your communication preferences;
- compare information for accuracy and verify it with third parties.
We may share your personal information with:
- other BitPay entities, in order to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications.
- service providers under contract who help with our business operations by verifying merchant information.
- law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to BitPay; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to report suspected illegal activity or to investigate violations of our Terms of Use.
Think of our plugin as basically just a bridge from an eCommerce website using Prestashop to the BitPay payment gateway. So when you indicate to Prestashop that you are ready to checkout and pay with bitcoin, Prestashop passes your order information to our plugin and requests a bitcoin invoice for you to pay. The invoice is then displayed to you for payment and, once you've paid, notification messages are sent back to Prestashop to update the order status.
The source code for our plugin is freely available here in this repository so you're welcome to take a look at what our plugin does when a customer pays for an order. Not everyone is a programmer though so I understand that looking at source code doesn't help much if you don't speak the language! :) Nevertheless, here's the specific function that handles the payment request from Prestashop: https://github.com/bitpay/prestashop-plugin/blob/master/modules/bitpay/bitpay.php#L244
I'll walk you through this code and explicitly state what is happening in this function:
public function execPayment($cart) {In this opening line, Prestashop passes the $cart object to our plugin. This represents the items in your shopping cart along with any information Prestashop collected about you and also internal values like the order number.
$currency = Currency::getCurrencyInstance((int)$cart->id_currency);Here we are getting an instance of the Currency object that we will use a bit later to retrieve the ISO currency code.
$options = $_POST;The $_POST variable is an array of all the values sent to the webserver when you submitted the payment form on the store's website.
$options['currency'] = $currency->iso_code;This is where we specifically get the currency code for an order so BitPay can convert the amount into a bitcoin value on the invoice. It can be a code like "USD" for U.S. Dollars or "EUR" for Euros, for example.
$total = $cart->getOrderTotal(true);As you might guess, here we get the total amount of your order from the Prestashop cart object.
$options['notificationURL'] = (Configuration::get('PS_SSL_ENABLED') ? 'https://' : 'http://').htmlspecialchars($_SERVER['HTTP_HOST'], ENT_COMPAT, 'UTF-8').__PS_BASE_URI__.'modules/'.$this->name.'/ipn.php';
if (_PS_VERSION_ <= '1.5')
$options['redirectURL'] = (Configuration::get('PS_SSL_ENABLED') ? 'https://' : 'http://').htmlspecialchars($_SERVER['HTTP_HOST'], ENT_COMPAT, 'UTF-8').__PS_BASE_URI__.'order-confirmation.php?id_cart='.$cart->id.'&id_module='.$this->id.'&id_order='.$this->currentOrder;
else
$options['redirectURL'] = Context::getContext()->link->getModuleLink('bitpay', 'validation');These lines refer to two values: the notification URL and the redirect URL. The notification URL parameter tells BitPay where to send IPNs (Instant Payment Notifications) back to the merchant's shopping cart server. An IPN is a message that lets Prestashop know when you have paid for an order so the merchant will know that your order can be shipped. Without these messages, the merchant would never know if you paid for something or not! :)
The redirect URL is the link back to the merchant's website where you are sent after you paid for the order. It's usually something like a "thank you for your order" type of page. On a BitPay invoice, you can see this as the "Click here to return to SomeSuperWebsite.com" button after you paid.
$options['posData'] = '{"cart_id": "' . $cart->id . '"';
$options['posData'] .= ', "hash": "' . crypt($cart->id, Configuration::get('bitpay_APIKEY')) . '"';
$this->key = $this->context->customer->secure_key;
$options['posData'] .= ', "key": "' . $this->key . '"}';Here we are setting the posData passthru parameter array consisting of three values: the internal Prestashop identification number for your order, a cryptographic hash of this order number and the merchant's API key and the internal secure key Prestashop assigned to you as a customer.
This is an optional parameter used internally by Prestashop to identify invoices and payments with a specific order on the merchant's store. It's called a "passthru" value because, as you might have guessed by the name, BitPay simply passes whatever is in this parameter back to Prestashop. It's not changed or altered and can be omitted without any effect on a BitPay invoice. However, it's used by ecommerce software like Prestashop to store a unique value to match messages coming back from BitPay to related orders in the merchant's database.
$options['orderID'] = $cart->id;This line simply stores the internal order ID into the options array.
$options['price'] = $total;We are storing the order total obtained from Prestashop earlier.
$options['fullNotifications'] = true;This is an internal true/false parameter that tells BitPay whether or not to send every payment status message back to the merchant's server. If true, then every status change in an invoice will be sent. For example, an invoice starts out with the "new" status and can progress to "paid", "confirmed" or "expired". There are other statuses but these are the most common. Prestashop will then use these values internally to update your order status which will in turn inform the merchant when you've paid for an order.
$postOptions = array('orderID', 'itemDesc', 'itemCode',
'notificationEmail', 'notificationURL', 'redirectURL',
'posData', 'price', 'currency', 'physical', 'fullNotifications',
'transactionSpeed', 'buyerName', 'buyerAddress1',
'buyerAddress2', 'buyerCity', 'buyerState', 'buyerZip',
'buyerEmail', 'buyerPhone');
foreach($postOptions as $o) {
if (array_key_exists($o, $options))
$post[$o] = $options[$o];
}These lines are directly related to your question regarding any personal information collected. The first line creates a new array of values and calls it postOptions. You can see the values that make up this new array such as "orderID" and "buyerName". This might be a bit confusing at first glance because someone could think the plugin is actually using all of this information. However, that's not necessarily the case. This array consists of the names of all possible values - not the actual bits of information themselves - that a merchant could send on an invoice and is used as a filter to ensure our plugin only uses valid parameters for an invoice.
In the next few lines of code, we go into a loop that looks at every possible valid invoice parameter in the postOptions array, compares it with what is already present in the options array and, if it is present, stores the information for that option into the post variable.
Don't worry if this is a bit confusing but just know that here is specifically where our plugin handles personal information like email address, phone, name, zipcode, etc. that is passed to it by Prestashop. Let me emphasize that last part: information for your order is collected by Prestashop - not our plugin. Our plugin simply takes the information sent to it from the merchant's Prestashop store and adds it to the invoice.
The rest of the code in the execPayment() function is responsible for formatting the invoice request per the BitPay payment gateway invoice specifications (JSON format), setting cURL options (handles the actual transmission), sending the request and then processing the response back from the gateway. The only optional HTTP header field set by our plugin is "X-BitPay-Plugin-Info" which we use to create reports on which plugins are used the most. The exact value of this optional header in our plugin is "prestashop0.4" so as you can see does not contain anything personally identifiable. Once again, it's simply a hardcoded, constant value we use in each one of our plugins (and code libraries) to track the popularity of our plugins themselves, not to track customers or merchants.
To sum up, our plugin does not collect any information from you - the Prestashop eCommerce software does. As far as what a particular merchant collects, you'll have to refer that question to the merchant themselves because Prestashop is configurable and can be modified to collect various bits of information. Our BitPay Payment Plugin is passed information to it from Prestashop, but we compare these items against a list of valid possible invoice values and only send those to BitPay when making the request for a new invoice. So, no, information like software running on your computer is not something that's transmitted to BitPay and certainly not something our plugin collects or even cares about for that matter.
Sorry for the super long response but I hope this thoroughly answers your question and demonstrates how transparent we are regarding the handling of any information sent to our plugin. If you have any more questions or concerns about our privacy policy, please send them to support@bitpay.com and they'll be routed to the correct team for answering. Thanks again for writing!
rrachel
Hi i would like to know what private inof your bitpay prestashop plugin collects and sends to bitpay.
does it collect software running on your computer ,location and ip ,names etc.
sick of company's collecting private info and selling it :-(
Thanks for any help you can give Rachel.