Privacy Policy
Last Updated: April 24, 2026
This Privacy Policy explains how POSX Inc (“POSX,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you access or use the POSX mobile application, websites, accounts, payment features, digital asset features, merchant rewards, referral features, notifications, customer support, and related services (collectively, the “Services”). POSX is designed as a cross-merchant rewards network for stablecoin-era payments. Certain payment, banking, card, stablecoin, wallet, identity verification, compliance, and blockchain-related features may be provided by regulated third- party partners. Those partners may provide their own privacy notices and terms, which may apply in addition to this Privacy Policy. By using the Services, you acknowledge that you have read this Privacy Policy. If you do not agree with our practices, do not use the Services.
1. Personal Information We Collect
We collect information directly from you, automatically from your device and use of the Services, from merchants and transaction counterparties, from blockchain networks, and from third-party service providers such as identity verification, payment, banking, card, fraud prevention, analytics, and customer support providers.
Category
Examples
Account and profile information
Email address, password credentials or password hash, nickname, user ID, invite code, profile photo if uploaded, language, country/region, account status, and account creation date.
Identity, KYC, and compliance information
Legal name, date of birth, residential address, phone number, email verification status, government identification information, identity document images, selfie or liveness check information, sanctions or politically exposed person screening results, risk ratings, source-of-funds information, tax information where required, and KYC status.
Payment, bank, card, and transaction information
Balances, deposits, withdrawals, merchant payment details, order IDs, transaction IDs, payment method, card tokens or last four digits, bank account and routing information, bank account owner name, billing or residential address, withdrawal recipients, fees, timestamps, payment password status, verification codes, and transaction history.
Digital asset and blockchain information
Digital asset balances shown in the app, wallet addresses, network selections, whitelisted addresses, transaction hashes, confirmations, network fees, public blockchain records, and related metadata.
Merchant, offer, rewards, and referral information
Offers viewed or redeemed, cashback or rebate amounts, reward eligibility, invite codes, invite links, referral network information, direct and indirect referral activity, commission or rebate records, tier or membership eligibility, and promotional notification interactions.
Device, security, and usage information
IP address, device identifiers, operating system, app version, browser or device settings, language, approximate location derived from IP, login records, security logs, crash logs, diagnostic data, clickstream data, fraud signals, and device integrity signals.
Location information
Approximate location from IP address, and precise location only if you grant permission for features such as nearby offers, merchant discovery, fraud prevention, or compliance checks.
Camera, QR, and media permissions
Camera access for QR code scanning, payment QR display, document verification, or similar features. Photo library or file access is collected only if you choose to upload or save an item, such as a QR code or referral poster.
Communications and support information
Messages with support, emails, phone or chat records, feedback, help requests, notification preferences, and records of your consent or choices.
Information from partners and public sources
Information from payment processors, card networks, banks, stablecoin infrastructure providers, merchants, wallet or blockchain analytics providers, identity verification vendors, fraud prevention vendors, sanctions databases, and publicly available sources.
2. How We Use Personal Information
We use personal information for the following purposes:
To create, maintain, secure, and authenticate your account.
To verify your identity, perform KYC, AML, sanctions, fraud, and risk checks, and comply with applicable law and partner requirements.
To process merchant payments, deposits, withdrawals, internal transfers, digital asset transfers, refunds, chargeback inquiries, confirmations, and transaction records.
To display balances, transaction history, payment status, QR codes, wallet addresses, whitelisted recipients, and other account information.
To administer merchant offers, cashback, rebates, network rewards, referral programs, and promotional eligibility.
To send service messages, security alerts, transaction confirmations, verification codes, support responses, product updates, and marketing messages where permitted by law or your consent.
To detect, investigate, and prevent fraud, scams, unauthorized activity, market abuse, sanctions violations, money laundering, account takeovers, security incidents, and misuse of the Services.
To troubleshoot, test, analyze, improve, and develop the Services, including app performance, product analytics, crash reporting, and user experience improvements.
To enforce our Terms of Service and other agreements, resolve disputes, collect fees, and protect our rights, users, merchants, partners, and the public.
3. Legal Bases for Processing
Where the laws of the European Economic Area, United Kingdom, Switzerland, or similar jurisdictions apply, our legal bases may include: performance of a contract with you; compliance with legal obligations; our legitimate interests in operating, securing, improving, and protecting the Services; your consent; and, where necessary, the establishment, exercise, or defense of legal claims.
4. How We Share Personal Information
We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising unless we clearly disclose that practice and provide any legally required choice. We may share personal information as described below:
With service providers and processors that support hosting, cloud storage, analytics, crash reporting, communications, customer support, identity verification, KYC, AML screening, fraud prevention, compliance, security, and technical operations.
With regulated financial, payment, card, banking, stablecoin, wallet, and digital asset infrastructure partners as needed to provide deposits, withdrawals, payments, transfers, verification, custody or wallet infrastructure, settlement, and compliance services.
With merchants, recipients, senders, and transaction counterparties as necessary to complete or confirm a transaction, refund, payment, transfer, offer redemption, or dispute.
With blockchain networks and participants when you initiate or receive an on-chain transaction. Public blockchain data may be visible to anyone and may be permanent.
With affiliates and business partners where necessary to operate the Services and subject to appropriate confidentiality, security, and data protection obligations.
With professional advisers, auditors, insurers, regulators, law enforcement, courts, government authorities, and other parties where required by law or where we believe disclosure is necessary to comply with legal obligations or protect rights and safety.
In connection with a merger, acquisition, financing, restructuring, bankruptcy, sale of assets, or similar corporate transaction, subject to appropriate safeguards.
With your consent or at your direction.
5. Third-Party Services
The Services may integrate with third-party payment methods, wallet providers, blockchain networks, banking partners, identity verification providers, card processors, merchants, analytics tools, customer support tools, and other services. Your use of those services may be subject to their own privacy policies, terms, fees, and compliance requirements. POSX is not responsible for the privacy practices of third parties that we do not control.
6. Cookies, Analytics, and Similar Technologies
We and our service providers may use cookies, mobile SDKs, local storage, device identifiers, pixels, and similar technologies to operate the Services, keep you signed in, remember preferences, secure accounts, measure performance, detect fraud, diagnose issues, and improve the Services. If we use analytics or marketing technologies that require consent in your jurisdiction, we will request consent and provide a method to withdraw it.
7. Push Notifications, Email, and SMS
We may send transaction, security, account, compliance, service, and promotional communications. Transactional and security messages may be required to operate the Services. You can manage marketing communications through app settings, unsubscribe links, device settings, or by contacting us. Standard carrier rates may apply to SMS messages.
8. Data Retention
We retain personal information for as long as needed to provide the Services, comply with legal, tax, accounting, AML, sanctions, fraud prevention, payment, dispute resolution, and regulatory obligations, enforce agreements, protect rights, and maintain security. Retention periods vary by data type and jurisdiction. For example:
Account information is generally retained while your account is active and for a reasonable period after closure.
KYC, AML, sanctions, and transaction records may be retained for the period required by applicable law or partner requirements, often five years or longer.
Security logs, fraud signals, and technical logs are retained for a reasonable period needed for security, fraud prevention, and troubleshooting.
Marketing preferences are retained until you change them or request deletion, subject to our need to keep suppression lists.
When retention is no longer necessary, we delete, de-identify, or aggregate information according to our retention procedures, unless law requires or permits continued retention.
9. Account Deletion and Data Deletion Requests
If you create an account, you may request account deletion from within the app at [IN-APP PATH, e.g., Profile > Account Settings > Delete Account], by visiting [ACCOUNT DELETION URL], or by contacting privacy@posx.io. We may need to verify your identity before processing a request. Deleting your account may not delete information we are required or permitted to retain for legal, compliance, security, fraud prevention, accounting, dispute, or regulatory reasons. On-chain blockchain records cannot be deleted by POSX.
10. Your Privacy Rights and Choices
Depending on your location, you may have the right to request access to, correction of, deletion of, portability of, or restriction or objection to processing of your personal information. You may also have the right to withdraw consent and to appeal a denied privacy request. To exercise rights, contact privacy@posx.io or use [PRIVACY REQUEST URL]. We will respond as required by applicable law. California and other U.S. state privacy rights. If applicable, residents of California and certain other U.S. states may have the right to know, access, correct, delete, obtain a copy of, and opt out of the sale or sharing of personal information or certain profiling. We do not sell personal information and do not share personal information for cross-context behavioral advertising unless disclosed. We do not use or disclose sensitive personal information for purposes that require a right to limit under California law unless we provide the required notice and choice. EEA/UK/Swiss users. If applicable, you may contact our data protection contact at [DPO/REPRESENTATIVE EMAIL]. You may also lodge a complaint with your local supervisory authority.
11. Security
We use administrative, technical, and organizational safeguards designed to protect personal information. These safeguards may include encryption in transit, access controls, authentication, monitoring, tokenization through payment processors, password hashing, fraud detection, secure development practices, and vendor security reviews. No method of transmission or storage is completely secure. You are responsible for keeping your account credentials, device, verification codes, and payment password confidential.
12. International Transfers
We may process and store personal information in the United States and other countries where we, our affiliates, service providers, and partners operate. Those countries may have data protection laws different from your country. Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections or other lawful transfer mechanisms.
13. Children
The Services are not directed to children. You must be at least 18 years old, or the age of majority in your jurisdiction, to use the Services. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact privacy@posx.io.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date and provide additional notice where required by law. Your continued use of the Services after an update means you acknowledge the updated Privacy Policy.
15. Contact Us
support team: support@posx.io
privacy team: privacy@posx.io