Privacy Policy
Version 2026-07-17
1. Data we collect
- Merchant account data: email, display name, legal name, business country, website.
- Operational data: API keys (hashed), webhook endpoints, payout destinations.
- Transactional data: payment intents, quotes, on-chain transactions, settlements, refunds.
- Compliance data: sanctions screening outcomes for payer wallet addresses.
2. Data we do not collect
Frag does not collect end-payer personal information. Only the wallet address funding a payment is recorded, along with the on-chain transaction hash.
3. How we use data
- Operate the payment primitive (route quotes, execute swaps, dispatch payouts).
- Satisfy legal obligations, including sanctions screening.
- Detect and prevent fraud, abuse, and platform risk.
4. Sharing
We share data with our infrastructure sub-processors (LI.FI for routing, Jupiter for Solana swaps, Circle for optional off-ramp, our hosting and database provider) strictly to operate the service. We do not sell personal data.
5. Retention
Transactional and compliance records are retained for at least seven years to satisfy financial recordkeeping obligations. Account data is retained until you delete your account.
6. Your rights
You may request access to, export of, correction of, or deletion of your merchant data at privacy@frag.dev.