Privacy Policy
Last updated: March 1, 2026. Infracash is committed to protecting your personal data.
1. Information We Collect
We collect information you provide directly when creating an account, using our services, or contacting us. This includes personal identification data (name, email, phone), business data (company name, registration number, role), financial data required for KYC/AML (identity documents, proof of address), transaction data (amounts, recipients, timestamps), and technical data (IP address, browser type, access logs).
2. How We Use Your Information
We use your information to provide and maintain our payment services, process transactions and settlements, comply with KYC/AML and Travel Rule regulatory obligations, prevent fraud and illicit activities, improve and personalize user experience, send service communications (updates, security alerts), and generate aggregated and anonymized reports for market analysis.
3. Data Sharing
We share personal data only when necessary for service delivery: with banking partners for payment processing (PIX, ACH, SEPA), with compliance providers for KYC/AML verification (Chainalysis, Elliptic, Jumio), with regulatory authorities when required by law or regulation, with infrastructure providers (AWS, Cloudflare) for platform operation. We do not sell personal data to third parties. All partners are subject to Data Processing Agreements (DPAs) compatible with LGPD and GDPR.
4. Data Security
We implement robust technical and organizational measures to protect your data: AES-256 encryption for data at rest and TLS 1.3 for data in transit, Hardware Security Modules (HSMs) for cryptographic key management, role-based access control (RBAC) with multi-factor authentication, continuous security monitoring and intrusion detection, quarterly penetration testing by independent firms, and SOC 2 Type II certification.
5. Data Retention
We retain personal data for the period necessary to fulfill the purposes described in this policy and to meet legal and regulatory requirements. Transaction data is retained for at least 5 years per AML regulatory requirements. Account data is retained while the account is active and for 2 years after closure. KYC data is retained according to applicable legislation in each jurisdiction. After the retention period, data is anonymized or securely deleted.
6. Your Rights
Under LGPD (Brazil), GDPR (EU), and applicable legislation, you have the right to: access your personal data, correct incorrect or outdated data, request data deletion (when there is no legal retention obligation), data portability to another provider, revoke consent at any time, and object to data processing for specific purposes. To exercise your rights, contact us at [email protected].
7. International Transfers
As we operate globally, your data may be transferred to servers in different jurisdictions. We ensure all international data transfers are carried out with adequate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and data transfer impact assessments as required by LGPD and GDPR.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to maintain your authenticated session, remember your language and configuration preferences, analyze platform usage for improvements, and ensure account security. You can manage your cookie preferences through browser settings. For more details, see our Cookie Policy.
9. Changes to This Policy
We may update this policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a notice on the platform. The date of the last update is indicated at the top of this page.
10. Contact
For privacy and data protection questions, contact our Data Protection Officer (DPO): Email: [email protected]. Address: Faria Lima, São Paulo - SP, Brazil. For unresolved complaints, you may contact the National Data Protection Authority (ANPD) in Brazil or the data protection authority in your jurisdiction.