Privacy Policy

Last updated: 14 June 2026

This Privacy Policy explains how DuitQ ("we", "us") collects, uses, shares and protects personal data when you use the DuitQ stablecoin QR payment service ("the Service"). It should be read together with our Terms & Conditions.

1. Who we are & scope

DuitQ provides software that lets merchants accept stablecoin payments on Solana. This policy covers data processed through our website, dashboard, and API. It does not cover the Solana blockchain itself or third-party wallets, which you use at your own discretion.

2. Data we collect

Account data (business name, email, WhatsApp number), verification data (codes, status), settlement and platform wallet addresses, invoice and transaction metadata (amounts, tokens, references, on-chain signatures), API key metadata, credit ledger entries, and technical data (IP address, device/browser info, logs).

3. How we use data

To provide and operate the Service; create invoices and match payments; verify accounts and prevent fraud, abuse and sanctioned activity; bill credits; send service and verification messages (incl. via WhatsApp); provide support; comply with legal obligations; and improve reliability and security.

4. Legal bases

We process data to perform our contract with you (providing the Service), to comply with legal obligations (AML/KYC, tax, sanctions), for our legitimate interests (security, fraud prevention, product improvement), and with your consent where required.

5. On-chain & public blockchain data

Payments occur on the public Solana network. Wallet addresses, amounts, tokens, reference keys and transaction signatures are recorded publicly on-chain by design, are outside our control, and cannot be altered or deleted. Do not treat on-chain data as private.

6. Third-party services

We rely on processors such as WhatsApp messaging providers (WAHA), Solana RPC providers, cloud hosting, and database/queue infrastructure. They process data only as needed to provide their service. We do not sell your personal data.

7. Cookies & local storage

The dashboard uses browser local storage to keep your session token, selected language and onboarding state. We do not use third-party advertising or cross-site tracking cookies. Clearing local storage signs you out.

8. Data sharing & disclosure

We share data with the processors above, with authorities where legally required, and in connection with a merger or acquisition (with notice). Webhooks you configure send invoice/payment data to the endpoint you specify, signed with HMAC.

9. Data retention

We retain account, transaction and ledger data for as long as your account is active and thereafter as required for legal, tax, accounting and dispute purposes. We delete or anonymise data when it is no longer needed, subject to on-chain immutability.

10. Security

We apply technical and organisational measures including TLS, hashed API keys, HMAC-signed webhooks, sanction screening, rate limiting and access controls. No method is perfectly secure; you are responsible for safeguarding your own credentials and wallet keys.

11. Your rights

Subject to applicable law, you may request access, correction, deletion, restriction or portability of your personal data, and may object to certain processing. Contact us to exercise these rights; we may need to verify your identity. On-chain records cannot be changed.

12. International transfers, children & changes

Data may be processed in countries other than yours with appropriate safeguards. The Service is not directed to children under 18. We may update this policy; material changes will be notified, and the "last updated" date will change. Contact: privacy@duitq.com.