Privacy Policy

USA Wallet is non-custodial software. We do not hold your funds, your private keys, or your recovery phrase. Because of that, we collect very little personal information — primarily what is needed to authenticate you on this device and to make the software work as intended.

We do not sell, rent, or trade your personal information. We do not use your information to train any model. We minimize collection, encrypt sensitive data in transit, and only share with third-party providers that are essential to the operation of the wallet.

USA Wallet is intended for individuals located in the United States. Availability of the fiat-to-crypto and crypto-to-fiat features depends on the licenses our third-party processors hold in your state.

Non-custodial means the keys that control your crypto live on your device, inside a wallet that only you can authorize. We do not have a copy of your keys. There is no “forgot password” button that gives us the ability to move your funds — because we have no such ability.

What that means in practice: (1) we cannot freeze your account, seize your assets, or reverse a transaction, even on lawful request; (2) we cannot recover funds you send to the wrong address or lose access to; (3) you are the security perimeter — protecting your sign-in credentials, your device, and any backup material is your responsibility; (4) USA Wallet is software, not a bank, exchange, money transmitter, or broker-dealer. Your funds are not FDIC-insured, SIPC-protected, or guaranteed by any government program.

Privy MPC. To make self-custody usable, your private key is split into multiple shares using multi-party computation. One share lives on your device, one is held by your authentication provider, and a recovery share is independently held — none alone is sufficient to move funds. USA Wallet does not hold any share. See https://privy.io/security for details.

Sign-in identifiers. When you sign in with email, Google, or Apple, the email address (and basic profile information returned by the OAuth provider) is processed by our authentication partner Privy and surfaced to USA Wallet to identify your account.

On-chain data. Your public wallet address, transaction history on supported blockchains, and token balances. This information is publicly observable on the underlying blockchain by anyone — we do not control or restrict its visibility.

Anonymized usage analytics. Coarse product analytics through PostHog (page views, feature usage) with autocapture disabled and IP addresses scrubbed. We do not record session replays.

Error reports. Sentry receives crash reports and stack traces with personal identifiers removed (we strip IPs, email addresses, and URL search parameters before sending).

Locally stored preferences. Theme, contacts, recent recipients, recurring buy reminders, imported tokens, and locale are stored in your browser's localStorage on your device. They never leave the device.

Information you choose to provide. If you contact support or fill out a form on the marketing site, we receive whatever you write.

Your private keys. Privy uses MPC to split your keys across your device, your authentication provider, and a recovery share. USA Wallet does not have any of those shares.

Your recovery phrase or password.

Your card numbers, bank account numbers, or any payment instrument data. Fiat purchases are processed entirely by our licensed third-party providers — we never touch payment data.

Biometrics. If you enable Face ID / Touch ID / fingerprint unlock, those biometrics are matched on-device by your operating system. They do not leave your device and are never received by USA Wallet.

USA Wallet itself does not perform Know-Your-Customer (KYC) verification, because we do not custody assets or transmit fiat. KYC is performed by our licensed fiat-ramp partners — MoonPay USA LLC and Transak USA LLC — at the moment you choose to buy or sell crypto with U.S. dollars.

When you start a fiat-ramp flow, the partner collects what U.S. money-services regulations require — typically your legal name, date of birth, residential address, government-issued ID, a Social Security or ITIN number for transactions above the partner's threshold, source-of-funds attestations for larger amounts, and (for some payment methods) a live selfie or document photo for identity matching. The data flows directly to the partner. USA Wallet does not see, store, or have access to your KYC documents, your government ID, your SSN, or your payment instrument data.

Each partner runs the verification through its own identity-verification vendors and retains the data per its own retention policies. Their privacy policies govern how that data is processed: https://www.moonpay.com/legal/privacy_policy and https://transak.com/privacy-policy.

If you only use USA Wallet to self-custody crypto you already own, swap between tokens on a decentralized exchange, or transfer between addresses, no KYC is required by USA Wallet — those flows do not involve a regulated money services business.

Sanctions screening for fiat transactions is conducted by the licensed partner that processes the transaction (MoonPay USA LLC or Transak USA LLC). They screen counterparties against the U.S. Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals list and other applicable sanctions lists, and may decline transactions originating from or destined for sanctioned jurisdictions or persons.

USA Wallet does not maintain a separate sanctions list and does not block on-chain self-custody activity. We may, where legally required, restrict access to specific features for users in sanctioned jurisdictions.

Whether you can buy or sell crypto with fiat through USA Wallet depends on whether MoonPay USA LLC and/or Transak USA LLC hold an active money-transmitter license in your U.S. state at the time of the transaction. The partner enforces these state-by-state restrictions at the point of purchase. If the fiat-ramp flow is unavailable in your state, you can still self-custody assets, receive transfers, and use on-chain swap functionality.

Privy (authentication and wallet infrastructure). Receives sign-in identifiers, manages key shares, performs authentication. https://privy.io/privacy

Alchemy (blockchain data provider). Receives wallet addresses and chain queries to read on-chain state. https://www.alchemy.com/policies/privacy-policy

MoonPay USA LLC (fiat-to-crypto). When you start a buy/sell flow with MoonPay, we forward your wallet address and the requested token/amount. MoonPay independently collects your KYC, payment information, and other data per its own privacy policy. We do not see what MoonPay collects. https://www.moonpay.com/legal/privacy_policy

Transak USA LLC (fiat-to-crypto). Same model as MoonPay. https://transak.com/privacy-policy

LI.FI (DEX aggregator). Receives swap parameters when routing trades. https://li.fi/legal/privacy-policy/

Vercel (hosting). Receives standard server logs (IP, user agent, request path) for the duration needed to deliver the page. https://vercel.com/legal/privacy-policy

Sentry (error monitoring). Receives crash reports with personal identifiers scrubbed before transmission. https://sentry.io/privacy/

PostHog (analytics). Receives anonymized usage events with autocapture disabled, IP scrubbed, no session replay. https://posthog.com/privacy

To provide the wallet software and let you sign in across devices.

To diagnose errors and improve product quality.

To prevent fraud, abuse, and unauthorized access.

To comply with legal obligations applicable to USA Wallet (which, because we are non-custodial software, are limited).

Authentication records (email and OAuth identifiers) are retained by Privy for the lifetime of your account and for a reasonable wind-down period after deletion, per Privy's policy.

Anonymized analytics events (PostHog) are retained for up to 13 months and then deleted or aggregated.

Error reports (Sentry) are retained for 90 days and then deleted.

Server access logs (Vercel) are retained per Vercel's standard logging window — typically up to 30 days for runtime logs.

Locally stored preferences live on your device until you clear browser storage or uninstall the app.

Records that we are legally required to retain (for example, fraud investigations, compliance inquiries) may be kept longer where required by U.S. law.

If you are a California resident, you have the right under the CCPA / CPRA to request access to, correction of, or deletion of personal information we hold about you, and to opt out of any sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising, so the opt-out is effectively the default state.

If you are a resident of an EU/UK/EEA jurisdiction, you have rights under the GDPR / UK GDPR including access, rectification, erasure, restriction, portability, and the right to object to processing.

To exercise any of these rights, email support@usawallet.org with the email address associated with your account. We will respond within the timeframe required by applicable law (typically 45 days under CCPA, 30 days under GDPR).

Note: blockchain data is permanent and cannot be deleted. We can remove your USA Wallet account record but cannot rewrite the public ledger. Your wallet address itself remains on-chain forever.

We use a small number of strictly-necessary cookies to remember your locale, theme, and authentication session. We do not use advertising cookies. PostHog analytics may set a session-scoped cookie; you can opt out by enabling Do Not Track or by emailing support@usawallet.org.

USA Wallet is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact support@usawallet.org and we will delete it.

We use HTTPS everywhere, modern security headers (HSTS preload, CSP, X-Frame-Options DENY, COOP, CORP), and rate limiting on our API. We undergo periodic external review. No system is perfectly secure — if you suspect a vulnerability, please email security@usawallet.org and we will respond promptly.

We may update this Privacy Policy from time to time. Material changes will be announced on the site and reflected in the Last Updated date below. Continued use of the Interface after a change constitutes acceptance of the revised policy.

Questions about privacy? Email support@usawallet.org. For security concerns specifically, security@usawallet.org. For California / EU rights requests, include your email address and the specific right you are exercising.