Privacy Policy

Global Coin Wholesale Inc. (“Global Coin,” “we,” “us”) operates CoinSuite, the internal operations dashboard at globalcoinsuite.com. This policy explains what personal and business information we collect, how we use it, and who we share it with.

CoinSuite is an internal tool used by Global Coin employees and authorized sales representatives. It is not a consumer-facing product.

We collect only what is needed to operate our wholesale business:

• Account identity — name, email address, and Google account identifier of authorized employees and sales representatives signing in via Google OAuth.
• Customer business records — name, billing and shipping addresses, phone number, email, order history, and account notes for our wholesale customers.
• Transaction data — sales orders, invoices, payments, refunds, credit memos, fulfillment records, returns, and accounting documents created in the course of business.
• Vendor records — vendor name, contact information, purchase orders, and bills.
• Inventory and product data — SKUs, item descriptions, costs, and pricing.
• Audit and security data — sign-in timestamps, MFA enrollment state, activity logs of significant actions, and error telemetry collected via Sentry.

We do not knowingly collect data from anyone under 18, and CoinSuite is not directed at children.

• Process and fulfill customer orders.
• Generate and send accounting documents (sales receipts, invoices, refunds, credit memos).
• Manage inventory, purchasing, and vendor relationships.
• Authenticate employees and enforce role-based access controls.
• Reconcile accounting records with our general ledger.
• Investigate errors, security incidents, and abuse.
• Comply with applicable legal, tax, and regulatory obligations.

CoinSuite connects to a small set of third-party services that process data on our behalf. We share only the data necessary for each integration to function.

• Intuit QuickBooks Online— accounting source documents (invoices, sales receipts, customer payments, refunds, vendor bills and payments) are pushed to QuickBooks so our books of record stay in sync. The QuickBooks integration is authorized through Intuit OAuth 2.0; access tokens are stored server-side and never exposed to clients.
• NetSuite— historical customer, order, and accounting data is read from NetSuite via SuiteQL during the migration period.
• Stripe— processes card payments and refunds. Stripe stores the cardholder data; CoinSuite stores only Stripe-issued identifiers (PaymentIntent, Charge, Refund, PaymentMethod ids) and Radar risk signals.
• EasyPost— produces shipping labels and tracking records.
• AfterShip— tracks shipment delivery status.
• eBay— mirrors inventory listings.
• Klaviyo— sends transactional and marketing email on our behalf.
• Google— provides sign-in (Google OAuth) and Workspace email delivery.
• Sentry— receives error telemetry and session replays used for debugging.
• Hetzner, Supabase, and Caddy— provide our hosting, database, and edge infrastructure inside the European Union and North America.

We do not sell personal information. We do not share information with advertising networks. We do not use customer data to train third-party machine-learning models.

• All access to CoinSuite requires Google OAuth sign-in plus mandatory MFA for administrators.
• Database tables enforce row-level security; only service-role credentials may write, and they are held server-side.
• Data is encrypted at rest by our hosting providers and in transit via TLS.
• Production databases are backed up hourly via encrypted Borg archives and a redundant 30-day offsite copy in Google Cloud Storage.
• Significant administrative actions are written to an audit log.

No system is perfectly secure. If you believe your data has been exposed by an incident involving Global Coin, please contact us using the address below.

We retain business records for as long as needed to support the wholesale relationship and to satisfy our legal, tax, and accounting obligations — typically a minimum of seven years for accounting source documents. Audit logs and error telemetry are retained for shorter periods commensurate with their purpose.

If you are a Global Coin wholesale customer or vendor and want to access, correct, or request deletion of the personal information we hold about you, contact us at the email address below. We will respond within a reasonable time and may need to verify your identity before acting on a request. We may decline requests that conflict with our legal record-keeping obligations.

CoinSuite users (employees and authorized sales representatives) can manage their account through their Global Coin Google Workspace administrator.

We are based in the United States. If you are accessing CoinSuite from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate.

We may update this policy from time to time. When we do, we will update the “Effective” date at the top of this page. Material changes will also be announced inside CoinSuite for signed-in users.

Questions about this policy or our data practices? Email privacy@globalcoinsuite.com.

Global Coin Wholesale Inc.
United States