Legal · Denaro Pay Incorporated

Privacy Policy

Effective date: April 19, 2026
1. Introduction

Denaro Pay Incorporated ("Denaro Pay," "we," "us," or "our") is committed to protecting your personal information. This Privacy Policy describes what data we collect, how we use it, who we share it with, how long we retain it, and what rights you have over your data.

By creating a Denaro Pay account, you consent to the data practices described in this Privacy Policy. If you do not agree, you may not use the Service.

2. Data We Collect
2.1 Identity and Account Data
  • Full legal name
  • Email address
  • Phone number
  • Date of birth
  • Country of residence
  • Government-issued photo identification (passport, driver's license, or national ID)
  • Liveness check selfie and biometric indicators (processed by Persona; biometric data is not stored by Denaro Pay)
2.2 Financial Data
  • USDC wallet address on Coinbase Base
  • USDC balance and transaction history
  • Card transaction data (merchant name, amount, currency, timestamp)
  • Yield accrual data
  • Pay Advance history
  • CREST AI trading session data and P&L
  • Prop firm OAuth token (execution scope only; stored encrypted via Fernet in AWS Secrets Manager)
2.3 Device and Technical Data
  • Device fingerprint and model
  • IP address and approximate geolocation
  • Operating system and app version
  • Session tokens and login timestamps
  • Push notification tokens
2.4 Behavioral Data
  • Transaction patterns and timing
  • Login frequency and geographic patterns
  • Anomaly signals processed by Sardine for fraud detection
3. How We Use Your Data
  • Account creation and authentication: verify identity, create wallet, issue card
  • KYC and AML compliance: mandatory regulatory screening via Persona and Chainalysis
  • Transaction processing: execute USDC transfers, card payments, and yield distribution
  • Fraud prevention: behavioral pattern analysis via Sardine; geo-anomaly detection
  • CREST AI execution: use OAuth tokens to execute trades on connected trading accounts
  • Pay Advance: detect prop firm payout approvals and disburse advances
  • Customer support: respond to inquiries and resolve disputes
  • Legal compliance: meet regulatory obligations including SAR filing, record retention, and sanctions monitoring
  • Service improvement: aggregate, anonymized usage analytics
4. Data Sharing

Denaro Pay does not sell your personal data. We share data only with the following categories of service providers, and only to the extent necessary for the stated purpose:

  • Persona: KYC identity verification and document processing
  • Chainalysis: blockchain transaction screening, OFAC sanctions watchlist screening, and AML monitoring
  • Sardine: behavioral fraud detection and anomaly scoring
  • Circle Internet Financial: USDC issuance and Circle Programmable Wallet management
  • Coinbase: Base L2 settlement infrastructure and Coinbase Prime custody
  • Marqeta: Visa card issuance and transaction processing
  • Airwallex: fiat on/off-ramp, ACH direct deposit, and multi-currency settlement
  • Twilio: SMS two-factor authentication for transfers over $500
  • Amazon Web Services: infrastructure, secrets management, and database hosting
  • Law enforcement and regulators: when required by law, court order, or regulatory obligation
5. Data Retention

We retain personal data for as long as your account is active and for a minimum of five years following account closure, in compliance with Bank Secrecy Act (BSA) record-keeping requirements applicable to Money Services Businesses. KYC documents are retained for five years from the date of collection. Transaction records are retained for five years. Behavioral and device data is retained for two years.

Biometric data collected during the Persona liveness check is processed and retained by Persona under their retention policy and is not stored by Denaro Pay systems.

6. Data Security

Denaro Pay employs the following security measures to protect your data: AES-256 encryption on all database fields containing sensitive personal information; Fernet symmetric encryption for OAuth tokens and API keys stored in AWS Secrets Manager; TLS 1.3 enforced on all API endpoints; encrypted local storage on device via Expo SecureStore; and access controls limiting employee access to personal data on a need-to-know basis. We never log sensitive data including full wallet addresses, API keys, or user PII in application logs.

7. Your Rights

Depending on your jurisdiction, you may have the right to: (a) access a copy of the personal data we hold about you; (b) correct inaccurate personal data; (c) request deletion of your personal data, subject to regulatory retention obligations; (d) restrict or object to certain processing; (e) data portability; and (f) lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at Jeffrey@denaropay.com. We will respond within 30 days. Note that certain data cannot be deleted while regulatory retention obligations apply.

8. Cookies and Tracking

The Denaro Pay web application (denaropay.com) uses strictly necessary cookies for session management. We do not use advertising cookies or cross-site tracking cookies. The mobile application (denaropay.app) does not use cookies. Device fingerprinting data collected for fraud prevention by Sardine is processed under Sardine's privacy policy.

9. Contact

Privacy inquiries should be directed to: Jeffrey Terranova, Founder, Denaro Pay Incorporated, at Jeffrey@denaropay.com.