Privacy Policy

1. Who we are

xchng ("xchng," "we," "our," or "us") is a peer-to-peer payments platform that allows users to fund a virtual wallet, send value to others by wallet address or @handle, and register autonomous spending agents for programmatic commerce. This Privacy Policy applies to the xchng application and the website at xchng.app.

2. Information we collect

We collect only the minimum information required to operate the service:

• Account information — your full name, display handle, and email address, provided when you create your wallet.
• Transaction data — records of deposits, transfers, and withdrawals you initiate, including amount, timestamp, and counterparty address. This data is stored locally on your device and mirrored to our server ledger for balance consistency.
• Confirmation codes — a one-time numeric code is generated and temporarily held in server memory (maximum 10 minutes) when you log in. The code is deleted immediately after it is verified or expires. We do not log codes.
• Agent records — if you register spending agents, the agent's name, description, and policy settings are stored in our database. Agent API keys are generated at registration and stored only in your browser's sessionStorage — they are never retained by xchng after the session ends.

We do not collect passwords, Social Security numbers, government-issued IDs, or any financial account credentials.

3. Transaction PIN

xchng requires a 4-digit transaction PIN to authorize sends, deposits, and withdrawals. This PIN is hashed using SHA-256 on your device before being stored in your browser's localStorage. The hashed PIN is never transmitted to xchng's servers. xchng has no ability to recover or read your PIN.

4. Bank account linking

Bank account linking is handled entirely by Stripe Financial Connections, a product of Stripe, Inc. When you link a bank account:

• Your bank login credentials are entered directly on Stripe's hosted interface — they are never transmitted to or stored by xchng.
• xchng receives only a tokenized account reference from Stripe, along with the institution name, last four digits of the account number, and available balance for display purposes.
• We request the balances and payment_method permissions solely to verify sufficient funds and initiate ACH deposits. We do not store balance data beyond your current session.
• Stripe's handling of your data is governed by the Stripe Privacy Policy.

5. Stripe Connect (payouts)

If you set up a payout account via Stripe Connect Express, Stripe collects and processes the identity and tax information required for payouts. xchng stores your Stripe Connect account ID to associate your wallet with your payout account. All verification and onboarding is handled by Stripe. See the Stripe Privacy Policy for details.

6. Spending agents

xchng allows you to register autonomous spending agents. Agent records (name, description, policy limits, and audit log entries) are stored in our database linked to your wallet address. Agent API keys are shown once at registration and stored only in your browser's sessionStorage — they are cleared when the session ends and cannot be retrieved from xchng. We log agent actions (approved, rejected, or circuit-broken transactions) for audit purposes. These logs are accessible to you and are not shared with third parties.

7. How we use your information

We use the information we collect for the following purposes:

• Email address — to deliver one-time login codes. We do not send marketing emails, newsletters, or promotional content.
• Name and handle — your handle is stored in a lookup index so other users can send funds to you by @handle. Your full name is used for display within the app only.
• Transaction ledger — wallet balances and transaction records are maintained in our server ledger for balance consistency across devices. This data is associated with your wallet address.
• Agent data — agent records and audit logs are stored to enforce policy controls and provide you with a complete activity history.

8. Email delivery

Login code emails are delivered via Resend (resend.com). When we send you an email, Resend processes your email address to deliver the message. Resend's handling of this data is governed by the Resend Privacy Policy. We do not share any other information with Resend.

9. Data storage

Your wallet profile, linked bank references, transaction PIN hash, and local transaction cache are stored in your browser's localStorage. Your wallet balance and transaction ledger are also mirrored to our server (Firebase / Firestore) to ensure consistency across sessions and devices.

Agent records and audit logs are stored in our Firestore database. Login codes are held in server memory only (up to 10 minutes) and deleted immediately upon verification or expiry.

10. Data sharing

We do not sell, rent, or share your personal information with third parties for their own purposes. The only third-party services that receive any data from xchng are:

• Stripe — for bank account linking and Connect payouts (see Sections 4 and 5).
• Resend — for email delivery of login codes (see Section 8).
• Google Firebase / Firestore — for server-side ledger storage and agent records.

We may disclose information if required to do so by law or in response to a valid legal request from a governmental authority.

11. Data retention

Local wallet data (profile, PIN hash, bank references) is retained in your browser's localStorage until you delete your account or clear local storage. Server ledger entries and agent records are retained until you request deletion. Login codes are deleted from memory within 10 minutes.

12. Your rights

Depending on your location, you may have rights under applicable privacy laws, including:

• The right to access personal data we hold about you.
• The right to request correction of inaccurate data.
• The right to request deletion of your data.
• The right to object to or restrict certain processing.
• The right to data portability.

To exercise any of these rights, contact us at team@contact.xchng.app. Local data can be removed immediately by using the "Delete account" option in the app or by clearing your browser's local storage.

13. Children's privacy

xchng is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: team@contact.xchng.app
Website: xchng.app