Privacy Policy

This Privacy Policy describes how sendusd.to(the “Platform”) collects, uses, and shares information when you use our services. By using the Platform, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of information:

• Wallet addresses — Your Ethereum wallet address, provided when you sign in using Sign-In with Ethereum (EIP-4361/SIWE).
• Usernames — The username you claim on the Platform, which is publicly associated with your wallet address.
• IP addresses — Collected automatically when you access the Platform, used for security, fraud prevention, and sanctions compliance (geo-blocking).
• Device information — Browser type, operating system, and device identifiers collected through standard web protocols.
• Transaction data — Records of payments sent and received through the Platform, including amounts, timestamps, and blockchain transaction hashes.
• MoonPay-collected payment and KYC data— When senders make payments, MoonPay (or another independent third-party onramp provider) collects payment card or bank account details, billing information, and identity verification data (including, where required, government- issued ID, selfie, proof of address, and source-of-funds information) directly from the sender. MoonPay acts as an independent data controller for that information. The Platform does not receive or store payment card numbers, bank credentials, or KYC documents. See MoonPay’s privacy policy for details on its data practices.
• Sanctions and compliance signals — Results of OFAC and other sanctions screening, wallet risk scores from blockchain analytics providers, geolocation derived from your IP address, and any compliance-related flags or determinations associated with your wallet, username, or transactions.

2. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Platform and its features;
• Process and facilitate cryptocurrency payments between senders and recipients;
• Perform compliance checks, including sanctions screening against OFAC, UK OFSI, EU, UN, and other applicable sanctions lists, geo-blocking of Restricted Jurisdictions, wallet risk and blockchain analytics, and anti-money laundering and counter-terrorist financing checks;
• Detect, prevent, and investigate fraud, sanctions evasion, money laundering, unauthorized access, and other prohibited or unlawful activities;
• Generate aggregated, anonymized analytics to understand usage patterns and improve the service;
• Communicate with you about your account, service updates, and relevant announcements;
• Comply with applicable legal obligations, including reporting obligations to OFAC, FinCEN, and other regulators, and respond to lawful requests from law enforcement, regulatory, tax, or governmental authorities.

3. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

• MoonPay and other onramp providers — We share necessary transaction information (such as recipient wallet address, amount, and reference identifiers) with MoonPay or another independent third-party onramp provider for payment processing, KYC, identity verification, and sanctions screening of senders. MoonPay acts as an independent data controller for the payment, billing, and identity verification data it collects directly from senders.
• Compliance and screening providers — We may share wallet addresses, IP addresses, transaction details, and other information with sanctions screening, blockchain analytics, KYC/AML, and fraud-prevention providers in order to perform compliance checks.
• Blockchain — By nature, blockchain transactions are public and permanent. Your wallet address and transaction history on the blockchain are visible to anyone. The Platform has no ability to delete or modify on-chain data.
• Law enforcement and regulators — We may disclose information, including without your consent and without notice to you where prohibited by law, to OFAC, FinCEN, the U.S. Department of Justice, the U.S. Department of Commerce, the IRS, the UK OFSI, EU competent authorities, or any other law enforcement, regulatory, tax, or governmental authority, where required by law, subpoena, court order, administrative request, or where we reasonably believe disclosure is necessary to comply with sanctions, anti-money laundering, counter-terrorist financing, or other legal obligations, to file suspicious activity or similar reports, to respond to legal process, or to protect the rights, safety, or property of the Platform, our users, or third parties.
• Service providers — We may share information with third-party service providers who assist in operating the Platform (e.g., hosting, monitoring, analytics, customer support), subject to confidentiality obligations.
• Corporate transactions — In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, we may transfer information to the relevant counterparty.

4. Cookies and Tracking

The Platform uses essential session cookies to maintain your authentication state and provide core functionality. We do not use third-party tracking cookies or advertising cookies. No information is shared with third-party advertisers through cookies or similar tracking technologies.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account termination, we may retain certain information as required by law, for legitimate business purposes (such as resolving disputes, enforcing agreements, defending claims, and cooperating with investigations), or to comply with regulatory obligations, including anti-money laundering, counter-terrorist financing, sanctions, and tax record-keeping requirements, which may require us to retain records for five (5) years or longer after the end of our relationship with you. Anonymized and aggregated data that cannot identify you may be retained indefinitely.

6. Data Security

We implement industry-standard security measures, including encryption in transit and at rest, secure infrastructure, and access controls to protect your information. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control. You are responsible for maintaining the security of your wallet and private keys.

7. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from your jurisdiction. By using the Platform, you consent to the transfer of your information to such countries. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal information we hold about you.
• Correction — Request correction of inaccurate or incomplete information.
• Deletion — Request deletion of your personal information, subject to legal retention requirements and the limitations of blockchain technology (on-chain data cannot be deleted).
• Portability — Request a portable copy of your data in a structured, commonly used format.

To exercise any of these rights, please contact us at the email address listed below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

9. Children’s Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

10. Blockchain Data Disclaimer

Blockchain transactions are inherently public, permanent, and immutable. Once a transaction is recorded on a blockchain, it cannot be altered or deleted by the Platform or any other party. Your wallet address and all associated transactions are publicly visible on the blockchain. The Platform has no control over and assumes no responsibility for the public nature of blockchain data. You should be aware of this before using the Platform and consider the privacy implications of blockchain-based transactions.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

12. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@sendusd.to.