Back to Qash
0%

Effective May 5, 2026

Privacy Policy

1. Introduction

This Privacy Policy explains how Qash, a product operated by Quantum3 Labs Pte. Ltd. (Singapore, registration no. 202334922W) (“Qash,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you access or use our platform at qash.finance, our web and mobile applications, APIs, and related services (collectively, the “Services”).

This Policy applies to business entities that use Qash and to the directors, beneficial owners, employees, and other authorized representatives who interact with the Services on their behalf.

Qash is software for self-custodial treasury management. We are not a bank, broker-dealer, money transmitter, or custodian of customer funds. You retain control of your private keys and digital assets at all times. Certain services available through Qash, including fiat off-ramp and corporate card issuance, are provided by regulated third-party partners under their own terms and privacy policies.

By using the Services, you confirm that you have read this Policy and accept the practices described in it.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use the Services, you may provide:

  • Business information, including legal entity name, registration number, jurisdiction of incorporation, registered address, ownership structure, and nature of business activities.
  • Identity verification information (KYB and KYC), including government-issued identification, proof of address, beneficial ownership documentation, source of funds documentation, tax identification numbers, and other materials required by our regulated partners for compliance with anti-money laundering, counter-terrorist financing, and sanctions laws.
  • Authorized representative information, including full name, date of birth, nationality, role within the business, email address, phone number, and government-issued identification.
  • Financial and operational information, including payment instructions, invoices, payroll records, off-ramp destinations, counterparty details, and transaction history.
  • Communications, including support requests, feedback, and any correspondence you send to us.

2.2 Information Collected Automatically

When you access the Services, we automatically collect:

  • Device and connection data, including IP address, browser type, operating system, device identifiers, and time zone.
  • Usage data, including pages visited, features used, session duration, referral sources, and interaction patterns.
  • Log data, including access timestamps, error reports, and security events.

2.3 Information from Third Parties

We may receive information about you from:

  • Regulated partners that provide off-ramp, banking, custody-adjacent services, or corporate card issuance.
  • Identity verification providers, sanctions screening databases, and blockchain analytics vendors.
  • Service providers that support hosting, security monitoring, and customer support.
  • Public sources, including company registries and corporate transparency databases.

2.4 Blockchain Data

Qash interacts with blockchain networks, including Miden and other supported chains.

  • On Miden, transactions use zero-knowledge proofs and are not publicly visible on the network by default. We may still store transaction details associated with your account in our systems for service delivery, support, and compliance purposes.
  • On other supported chains, transactions, wallet addresses, balances, and smart contract interactions are recorded on public ledgers and may be visible to anyone, including blockchain explorers, analytics providers, and counterparties. We do not control the operation of these networks and cannot modify or remove information that has been recorded on a public blockchain.

You should consider blockchain visibility before initiating transactions on public chains.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Services, including creating accounts, processing transactions, facilitating payments and off-ramp, issuing corporate cards through partners, and maintaining platform features.
  • Meet legal and regulatory obligations, including KYB and KYC verification, sanctions screening, ongoing transaction monitoring, suspicious activity reporting, tax reporting, and record-keeping under applicable laws.
  • Detects and prevents fraud, abuse, and security threats, including unauthorized access, account takeover, and illegal activity.
  • Improve and develop the Services, including diagnosing issues, analyzing usage patterns, testing features, and improving user experience.
  • Communicate with you, including service notifications, security alerts, compliance updates, and, where you have opted in, product updates and marketing.

4. How We Share Your Information

We do not sell your personal information.

We share information with the following categories of recipients:

  • Regulated partners who provide fiat off-ramp, corporate card issuance, banking, or other regulated services. Each partner processes information under its own privacy policy and regulatory framework.
  • Compliance and verification providers that assist with KYB, KYC, sanctions screening, and ongoing monitoring.
  • Service providers and sub-processors, including cloud infrastructure, security monitoring, analytics, error reporting, and customer support tools, under contractual safeguards limiting use to the purposes for which we engage them.
  • Law enforcement, courts, and regulators, where required by law, legal process, or regulatory request, or where we believe in good faith that disclosure is necessary to protect rights, safety, or the integrity of the Services.
  • Successor entities, in connection with a merger, acquisition, reorganization, financing, or sale of assets, subject to this Policy or a successor policy of comparable protection.

5. International Data Transfers

Qash operates globally. Your information may be transferred to, stored in, and processed in countries other than your country of residence, including jurisdictions where Quantum3 Labs Pte. Ltd., our partners, and our service providers are located. These jurisdictions may have data protection laws that differ from those in your home jurisdiction.

Where required by applicable law, we use appropriate safeguards for international transfers, including standard contractual clauses or other recognized mechanisms.

6. Data Retention

We retain your information for as long as your account is active and as necessary to provide the Services. We retain certain information for longer where required to comply with legal and regulatory obligations, including AML and KYB record-keeping requirements that typically require retention for at least five (5) years after the end of the business relationship, or longer where applicable law requires.

When retention is no longer necessary, we delete or anonymize the information in accordance with our internal procedures.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, and loss. Measures include encryption of data in transit and at rest, access controls, secure key management, regular security reviews, and incident response procedures.

Self-custody reduces, but does not eliminate, the security responsibilities you bear. You are responsible for protecting the private keys, recovery phrases, and authentication credentials associated with your account. We cannot recover funds or restore access to assets that you control directly. No method of transmission or electronic storage is fully secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on the laws of your jurisdiction, you may have the following rights with respect to your personal information:

  • Access to the personal information we hold about you.
  • Correction of inaccurate or incomplete information.
  • Deletion, subject to legal retention requirements.
  • Portability, in a structured, commonly used, machine-readable format.
  • Objection or restriction of certain processing activities.
  • Withdrawal of consent, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at contact@qash.finance. We will respond within the timeframe required by applicable law and may need to verify your identity before acting on a request.

9. Jurisdiction-Specific Provisions

The following provisions supplement Section 8 for users located in specific jurisdictions.

9.1 Singapore

If you are located in Singapore, you have rights under the Personal Data Protection Act 2012 (PDPA), including the right to request access to and correction of your personal data, and to withdraw consent for processing where consent was the basis for collection. Requests may be sent to contact@qash.finance. You may also file a complaint with the Personal Data Protection Commission of Singapore.

9.2 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the United Kingdom, or Switzerland, you have rights under applicable data protection laws, including the EU and UK General Data Protection Regulation (GDPR).

We process personal data on one or more of the following lawful bases:

  • Performance of a contract (Article 6(1)(b)), for account creation, transaction processing, and customer support.
  • Compliance with legal obligations (Article 6(1)(c)), for KYB, KYC, AML, sanctions, and tax compliance.
  • Legitimate interests (Article 6(1)(f)), for fraud prevention, platform security, service improvement, and internal analytics.
  • Consent (Article 6(1)(a)), for marketing communications and non-essential cookies.

You have the right to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.

9.3 United States (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended, including the right to:

  • Know what personal information we collect, use, and disclose about you.
  • Request access to and deletion of your personal information.
  • Correct inaccurate personal information.
  • Receive a portable copy of your personal information.
  • Non-discrimination for exercising your rights.

We do not sell personal information and do not share personal information for cross-context behavioral advertising. To exercise your rights, contact contact@qash.finance.

9.4 Other Jurisdictions

If you are located in another jurisdiction with applicable data protection laws, including Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act), or other regimes, you may have rights similar to those described above. Contact contact@qash.finance to exercise any rights granted under your local law.

10. Cookies and Tracking Technologies

We use cookies and similar technologies, including pixels and local storage, to operate the Services, remember your preferences, analyze usage, and support security. You may manage your cookie preferences through your browser settings. Disabling certain cookies may limit features such as session persistence or analytics.

11. Children’s Privacy

The Services are intended for use by business entities and their authorized adult representatives. We do not knowingly collect personal information from individuals under the age of 18. If we learn that a minor has provided us with personal information, we will delete it promptly. If you believe a minor has submitted information through the Services, contact us at contact@qash.finance.

12. Third-Party Services and Wallets

The Services may link to or integrate with third-party services, including regulated financial partners, identity verification providers, blockchain infrastructure providers, and self-custodial wallets. This Policy does not apply to those services. We encourage you to review their privacy policies before connecting accounts or sharing information.

When you connect a third-party wallet or account to Qash, your interactions with that service are governed by its own terms and privacy policy, and the responsibilities for security, custody, and processing rest with the third party.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or operations. When we make material changes, we will update the Effective Date above and, where practicable, provide notice through the Services or by email. Your continued use of the Services after the effective date of an updated Policy constitutes acceptance of the changes.

14. Contact Us

For questions, concerns, or requests regarding this Policy or our data practices, contact:

Qash, operated by Quantum3 Labs Pte. Ltd. (Singapore, registration no. 202334922W)

Email: contact@qash.finance

Website: qash.finance