{"success":true,"data":{"schemaVersion":1,"contentType":"privacy","activeVersionCode":"v1.0.0","versions":[{"versionCode":"v1.0.0","versionLabel":"v1.0.0","isDefault":true,"publishedAt":"2026-05-29T17:31:14.716Z","updatedAt":"2026-07-09T06:10:10.598Z"}],"version":{"versionCode":"v1.0.0","versionLabel":"v1.0.0","isDefault":true,"publishedAt":"2026-05-29T17:31:14.716Z","updatedAt":"2026-07-09T06:10:10.598Z"},"page":{"slug":"index","title":"Privacy Policy","description":"Privacy Policy for Stafiel stablecoin checkout and merchant payment services.","navSection":"Legal","navOrder":20,"html":"<h1>Privacy Policy</h1>\n<p>This Privacy Policy explains how Stafiel collects, uses, discloses, stores, and\nprotects information in connection with Stafiel websites, dashboards, hosted\ncheckout, widgets, APIs, documentation, operational tools, and related services.</p>\n<p>The Services are intended for merchants, platforms, and other business users.\nWhen a customer pays a merchant through a Stafiel checkout flow, Stafiel processes\ninformation to provide the payment experience and related services for the\nmerchant.</p>\n<p>For merchant account, website, security, compliance, support, and service\noperation data, Stafiel generally acts as an independent controller or business\nwhere applicable. For customer checkout, order, and payment data processed to\nprovide services to a merchant, Stafiel generally acts as a processor, service\nprovider, or similar role on behalf of that merchant, subject to applicable law\nand any written agreement.</p>\n<h2>1. Information We Collect</h2>\n<p>We may collect information directly from you, from merchants, from customers,\nfrom devices and browsers, from blockchain networks, from service providers, and\nfrom other sources.</p>\n<p>Information we collect may include:</p>\n<ul>\n<li>account information, such as name, business name, email address, login method,\nrole, permissions, account identifiers, and authentication metadata;</li>\n<li>business information, such as merchant profile, website, business category,\nservice configuration, supported assets, supported networks, wallet\nconfiguration, and settlement preferences;</li>\n<li>checkout and order information, such as checkout session identifiers, order\namounts, currency, token, network, order metadata, product or service\ndescriptions submitted by the merchant, customer email if provided, return\nURLs, and payment status;</li>\n<li>wallet and blockchain information, such as wallet addresses, signatures,\ntransaction hashes, token addresses, chain identifiers, contract addresses,\non-chain events, settlement records, refund records, confirmation data, and\npublicly available blockchain information;</li>\n<li>API and integration information, such as API keys, webhook configuration,\nwebhook delivery records, request and response metadata, event logs,\nidempotency keys, IP addresses, user agents, device identifiers, and technical\ndiagnostics;</li>\n<li>support and communication information, such as messages, form submissions,\nattachments, email metadata, preferences, and records of communications;</li>\n<li>security, compliance, and risk information, such as fraud signals, abuse\nindicators, sanctions or KYT/AML screening signals, blocked activity,\nrestricted region indicators, device and network signals, and investigation\nnotes;</li>\n<li>service measurement and, where enabled, analytics or marketing information,\nsuch as website visits, referral data, engagement data, preferences, business\ninterests, and communications with Stafiel.</li>\n</ul>\n<p>You should not submit sensitive personal information unless it is necessary for\nyour use of the Services or requested by Stafiel.</p>\n<p>The individuals whose information may be processed include merchant users and\nteam members, merchant customers or payers, website visitors, support contacts,\nand other people who interact with the Services or with merchant-configured\ncheckout flows.</p>\n<h2>2. How We Use Information</h2>\n<p>We may use information to:</p>\n<ul>\n<li>provide, operate, maintain, and improve the Services;</li>\n<li>create and manage merchant accounts, sessions, dashboards, and access controls;</li>\n<li>create checkout sessions, process payment status, monitor blockchain events,\nsupport settlement paths, and provide refund or operational tools;</li>\n<li>authenticate users, support OAuth login, protect credentials, and secure\naccounts;</li>\n<li>provide APIs, widgets, hosted checkout pages, webhooks, documentation, and\nsupport;</li>\n<li>detect, prevent, investigate, and respond to fraud, abuse, security incidents,\nunauthorized activity, service misuse, and technical issues;</li>\n<li>perform risk, sanctions, fraud, abuse, wallet, transaction, merchant,\ncustomer, and region screening, including KYT, AML, and similar controls where\navailable, required, or enabled;</li>\n<li>enforce terms, policies, service limits, and compliance controls;</li>\n<li>maintain records, audit logs, operational logs, backups, and business records;</li>\n<li>communicate with merchants and users about accounts, service updates, support,\nsecurity, billing, legal notices, and operational matters;</li>\n<li>analyze usage, measure performance, understand product adoption, improve user\nexperience, and develop new features;</li>\n<li>conduct service measurement and performance analytics, and, where enabled and\npermitted by applicable law, marketing, merchant communications, product\neducation, and business development;</li>\n<li>comply with law, legal process, tax, accounting, sanctions, regulatory,\nreporting, audit, dispute, and enforcement obligations;</li>\n<li>protect the rights, safety, property, service integrity, and legitimate\ninterests of Stafiel, merchants, customers, partners, service providers, and\nothers.</li>\n</ul>\n<p>Where applicable law requires a legal basis for processing, those bases may\ninclude performance of a contract, steps requested before entering into a\ncontract, compliance with legal obligations, legitimate interests in operating\nand securing the Services, consent where required, and other bases permitted by\napplicable law.</p>\n<h2>3. Blockchain Data</h2>\n<p>Blockchain networks are public or partially public systems. Wallet addresses,\ntransaction hashes, token transfers, contract events, timestamps, balances, and\nrelated activity may be publicly visible, permanent, copied by third parties, and\noutside Stafiel's ability to delete or modify.</p>\n<p>Stafiel may read, index, verify, store, display, and use blockchain data to\nprovide payment status, settlement, refund, monitoring, compliance, support,\nanalytics, and operational features. Blockchain data may be combined with\nmerchant account data, checkout data, order metadata, wallet configuration, and\ntechnical logs.</p>\n<h2>4. Cookies and Similar Technologies</h2>\n<p>We may use cookies, local storage, session storage, scripts, and similar\ntechnologies for:</p>\n<ul>\n<li>strictly necessary functions, such as authentication, session continuity,\nsecurity, fraud prevention, and service operation;</li>\n<li>security and anti-abuse controls, such as Turnstile challenges, signed\nverification sessions, rate limiting, and bot protection;</li>\n<li>functional preferences, such as language, theme, and privacy preference\nsettings;</li>\n<li>analytics or marketing features where enabled, permitted by applicable law,\nand subject to any consent or preference choices that apply.</li>\n</ul>\n<p>You may be able to control cookies through your browser, device settings, or\nin-product privacy preference controls. Some features may not work correctly if\ncookies or similar technologies are disabled.</p>\n<h2>5. Service Providers and Third Parties</h2>\n<p>We may disclose information to vendors, service providers, infrastructure\nproviders, professional advisers, financial or compliance partners, and other\nthird parties that help us provide, secure, analyze, market, support, or improve\nthe Services.</p>\n<p>These may include:</p>\n<ul>\n<li>Cloudflare for hosting, Workers, Pages, D1, KV, R2, Queues, CDN, WAF, security,\nTurnstile, bot management, logging, and infrastructure operations;</li>\n<li>Resend and email delivery providers for service emails, transactional emails,\naccount notices, order-related emails, and operational communications;</li>\n<li>GitHub for OAuth login, content versioning, legal and documentation sync,\nwebhooks, source management, and operational workflows;</li>\n<li>Google for OAuth login and account authentication;</li>\n<li>Alchemy for RPC services, webhook services, node infrastructure, chain data,\nevent monitoring, and payment detection;</li>\n<li>Ankr for RPC services and chain data;</li>\n<li>Helius for Solana RPC services, chain data, account data, and monitoring;</li>\n<li>TronGrid and TronScan for Tron RPC, explorer, transaction, wallet, contract,\nand chain data services;</li>\n<li>blockchain networks, RPC providers, indexers, node operators, explorers, and\ninfrastructure providers for supported or future networks;</li>\n<li>analytics, measurement, marketing, attribution, and business development\nproviders where engaged;</li>\n<li>compliance, fraud prevention, AML/KYT, sanctions screening, abuse prevention,\nsecurity, and risk service providers where engaged;</li>\n<li>hosting, storage, monitoring, logging, database, queue, developer, and\noperational service providers;</li>\n<li>lawyers, accountants, auditors, insurers, banks, payment partners, and other\nprofessional or business advisers.</li>\n</ul>\n<p>We may also send checkout, payment, refund, settlement, webhook, and event data\nto merchant-configured endpoints or integrations. Merchants are responsible for\ntheir own systems, endpoints, privacy practices, and customer communications.</p>\n<h2>6. Third-Party Wallets and Merchant Tools</h2>\n<p>If you or your customers use a third-party wallet, browser extension, exchange\nwallet, blockchain explorer, RPC endpoint, or similar tool, that provider may\ncollect information directly under its own privacy policy and terms.</p>\n<p>Stafiel may receive wallet addresses, signatures, transaction hashes, chain or\nnetwork identifiers, token information, wallet connection metadata, and related\npayment status data needed to provide the Services. Stafiel does not control the\nprivacy or security practices of third-party wallet providers, exchanges,\nbrowser extensions, or other external tools.</p>\n<h2>7. Legal, Compliance, and Safety Disclosures</h2>\n<p>We may disclose information if we believe disclosure is appropriate to:</p>\n<ul>\n<li>comply with law, legal process, sanctions, tax, accounting, regulatory,\nsupervisory, audit, or reporting obligations;</li>\n<li>respond to lawful requests from courts, regulators, law enforcement, government\nauthorities, or other authorized third parties;</li>\n<li>enforce our terms, policies, agreements, and service limits;</li>\n<li>detect, prevent, investigate, or respond to fraud, abuse, security incidents,\nmoney laundering, sanctions risk, prohibited activity, or other harmful\nactivity;</li>\n<li>protect the rights, property, safety, service integrity, or legitimate\ninterests of Stafiel, merchants, customers, service providers, partners, or\nothers;</li>\n<li>support a merger, acquisition, financing, restructuring, sale of assets,\nbankruptcy, corporate transaction, or similar business event.</li>\n</ul>\n<h2>8. Automated Decisions and Service Limits</h2>\n<p>Stafiel may use automated or rule-based controls to protect the Services,\nincluding blocklists, restricted region controls, wallet or transaction risk\nrules, rate limits, abuse detection, security checks, and compliance controls.\nThese controls may block, reject, delay, suspend, limit, or flag accounts,\ncheckout sessions, merchant configurations, wallet addresses, return URLs,\ntransactions, or other activity for review.</p>\n<p>Where required by applicable law, you have the right to request human review,\nexpress your point of view, and contest a decision or limitation that\nsignificantly affects you. Stafiel may keep applying controls where needed for\nsecurity, legal, sanctions, fraud, abuse, service integrity, or risk reasons.</p>\n<h2>9. International Processing</h2>\n<p>Stafiel and its service providers may process information in multiple countries\nand regions. Privacy, data protection, government access, and other laws may\ndiffer from those in your location. By using the Services, you understand that\ninformation may be processed, stored, transferred, or accessed internationally\nwhere permitted by applicable law.</p>\n<h2>10. Data Retention</h2>\n<p>We retain information for as long as reasonably needed for the purposes described\nin this Privacy Policy, including service operation, security, fraud prevention,\nAML/KYT monitoring, sanctions compliance, legal compliance, tax, accounting,\naudit, dispute resolution, contract enforcement, backup retention, business\nrecords, product improvement, and legitimate business purposes.</p>\n<p>Retention periods may vary depending on the type of information, the service\ncontext, legal requirements, risk considerations, merchant instructions, and\noperational needs. Blockchain data may be public, permanent, and outside\nStafiel's ability to delete or modify. Audit logs, security records, transaction\nrecords, AML/KYT records, sanctions records, tax records, accounting records,\ndispute records, legal hold records, and compliance-related information may be\nretained for longer periods where appropriate or required.</p>\n<h2>11. Security</h2>\n<p>We use technical, administrative, and organizational measures designed to protect\ninformation. No system, network, blockchain, wallet, or transmission method is\nfully secure. You are responsible for securing your accounts, credentials,\ndevices, wallets, private keys, seed phrases, API keys, webhook secrets, and\nmerchant systems.</p>\n<p>If you believe your account, wallet, credentials, or integration has been\ncompromised, contact us promptly and take steps to secure your systems.</p>\n<h2>12. Your Choices and Rights</h2>\n<p>Depending on your location and applicable law, you may have rights to request\naccess, correction, deletion, portability, restriction, objection, consent\nwithdrawal, or review of certain decisions regarding personal information.</p>\n<p>We may deny, limit, delay, or condition requests where permitted by law, including\nwhere information is needed for compliance, security, fraud prevention, AML/KYT\nmonitoring, sanctions screening, tax, accounting, audit, dispute resolution,\ncontract enforcement, service integrity, backup retention, legal claims, or\nprotection of rights and safety.</p>\n<p>If Stafiel processes information on behalf of a merchant, we may direct customer\nrequests to that merchant and may reasonably assist the merchant in responding\nwhere required by applicable law or a written agreement. Blockchain data may be\npublic, permanent, and outside Stafiel's ability to delete or modify.</p>\n<p>To exercise the rights described above, please contact us at\n<a href=\"mailto:privacy@stafiel.com\">privacy@stafiel.com</a>, or use any data subject request mechanism Stafiel may make\navailable. Stafiel may verify your identity and the scope of your request before\nresponding.</p>\n<p>You may opt out of certain marketing communications by using the unsubscribe\nmechanism in those communications or by contacting us. We may still send service,\nsecurity, legal, transactional, and operational messages.</p>\n<h2>13. Children</h2>\n<p>The Services are not intended for children or for individuals under 18. We do not\nknowingly collect personal information from children. If you believe a child has\nprovided information to us, contact us so we can review the request.</p>\n<h2>14. Merchant Responsibilities</h2>\n<p>Merchants are responsible for providing legally required notices to their\ncustomers, obtaining required consents, responding to customer privacy requests,\nand ensuring that merchant-provided order data, customer data, webhook endpoints,\nreturn URLs, and integrations comply with applicable law.</p>\n<p>Merchants should not submit customer information to Stafiel unless they have the\nright to do so and the information is appropriate for the payment, checkout,\nsupport, compliance, or operational purpose.</p>\n<h2>15. Changes to This Privacy Policy</h2>\n<p>We may update this Privacy Policy from time to time. Updates may be posted on the\nwebsite, shown in the dashboard, or communicated by other reasonable means where\nrequired by applicable law. Continued use of the Services after an update becomes\neffective means the updated Privacy Policy applies to your use of the Services.</p>\n<h2>16. Contact</h2>\n<p>Questions about this Privacy Policy may be sent to <a href=\"mailto:privacy@stafiel.com\">privacy@stafiel.com</a>.</p>\n<p>The English language version of this Privacy Policy controls. Translations, if\nprovided, are for convenience only.</p>","effectiveDate":"2026-05-18T00:00:00.000Z","updatedAt":"2026-07-09T06:10:10.598Z"},"generatedAt":"2026-07-13T11:39:01.305Z","canonicalUrl":"https://stafiel.org/privacy-policy","jsonUrl":"https://stafiel.org/privacy-policy.json","markdownUrl":"https://stafiel.org/privacy-policy.md","text":"This Privacy Policy explains how Stafiel collects, uses, discloses, stores, and\nprotects information in connection with Stafiel websites, dashboards, hosted\ncheckout, widgets, APIs, documentation, operational tools, and related services.\n\nThe Services are intended for merchants, platforms, and other business users.\nWhen a customer pays a merchant through a Stafiel checkout flow, Stafiel processes\ninformation to provide the payment experience and related services for the\nmerchant.\n\nFor merchant account, website, security, compliance, support, and service\noperation data, Stafiel generally acts as an independent controller or business\nwhere applicable. For customer checkout, order, and payment data processed to\nprovide services to a merchant, Stafiel generally acts as a processor, service\nprovider, or similar role on behalf of that merchant, subject to applicable law\nand any written agreement.\n\n1. Information We Collect\n\nWe may collect information directly from you, from merchants, from customers,\nfrom devices and browsers, from blockchain networks, from service providers, and\nfrom other sources.\n\nInformation we collect may include:\n\naccount information, such as name, business name, email address, login method,\nrole, permissions, account identifiers, and authentication metadata;\n\nbusiness information, such as merchant profile, website, business category,\nservice configuration, supported assets, supported networks, wallet\nconfiguration, and settlement preferences;\n\ncheckout and order information, such as checkout session identifiers, order\namounts, currency, token, network, order metadata, product or service\ndescriptions submitted by the merchant, customer email if provided, return\nURLs, and payment status;\n\nwallet and blockchain information, such as wallet addresses, signatures,\ntransaction hashes, token addresses, chain identifiers, contract addresses,\non-chain events, settlement records, refund records, confirmation data, and\npublicly available blockchain information;\n\nAPI and integration information, such as API keys, webhook configuration,\nwebhook delivery records, request and response metadata, event logs,\nidempotency keys, IP addresses, user agents, device identifiers, and technical\ndiagnostics;\n\nsupport and communication information, such as messages, form submissions,\nattachments, email metadata, preferences, and records of communications;\n\nsecurity, compliance, and risk information, such as fraud signals, abuse\nindicators, sanctions or KYT/AML screening signals, blocked activity,\nrestricted region indicators, device and network signals, and investigation\nnotes;\n\nservice measurement and, where enabled, analytics or marketing information,\nsuch as website visits, referral data, engagement data, preferences, business\ninterests, and communications with Stafiel.\n\nYou should not submit sensitive personal information unless it is necessary for\nyour use of the Services or requested by Stafiel.\n\nThe individuals whose information may be processed include merchant users and\nteam members, merchant customers or payers, website visitors, support contacts,\nand other people who interact with the Services or with merchant-configured\ncheckout flows.\n\n2. How We Use Information\n\nWe may use information to:\n\nprovide, operate, maintain, and improve the Services;\n\ncreate and manage merchant accounts, sessions, dashboards, and access controls;\n\ncreate checkout sessions, process payment status, monitor blockchain events,\nsupport settlement paths, and provide refund or operational tools;\n\nauthenticate users, support OAuth login, protect credentials, and secure\naccounts;\n\nprovide APIs, widgets, hosted checkout pages, webhooks, documentation, and\nsupport;\n\ndetect, prevent, investigate, and respond to fraud, abuse, security incidents,\nunauthorized activity, service misuse, and technical issues;\n\nperform risk, sanctions, fraud, abuse, wallet, transaction, merchant,\ncustomer, and region screening, including KYT, AML, and similar controls where\navailable, required, or enabled;\n\nenforce terms, policies, service limits, and compliance controls;\n\nmaintain records, audit logs, operational logs, backups, and business records;\n\ncommunicate with merchants and users about accounts, service updates, support,\nsecurity, billing, legal notices, and operational matters;\n\nanalyze usage, measure performance, understand product adoption, improve user\nexperience, and develop new features;\n\nconduct service measurement and performance analytics, and, where enabled and\npermitted by applicable law, marketing, merchant communications, product\neducation, and business development;\n\ncomply with law, legal process, tax, accounting, sanctions, regulatory,\nreporting, audit, dispute, and enforcement obligations;\n\nprotect the rights, safety, property, service integrity, and legitimate\ninterests of Stafiel, merchants, customers, partners, service providers, and\nothers.\n\nWhere applicable law requires a legal basis for processing, those bases may\ninclude performance of a contract, steps requested before entering into a\ncontract, compliance with legal obligations, legitimate interests in operating\nand securing the Services, consent where required, and other bases permitted by\napplicable law.\n\n3. Blockchain Data\n\nBlockchain networks are public or partially public systems. Wallet addresses,\ntransaction hashes, token transfers, contract events, timestamps, balances, and\nrelated activity may be publicly visible, permanent, copied by third parties, and\noutside Stafiel's ability to delete or modify.\n\nStafiel may read, index, verify, store, display, and use blockchain data to\nprovide payment status, settlement, refund, monitoring, compliance, support,\nanalytics, and operational features. Blockchain data may be combined with\nmerchant account data, checkout data, order metadata, wallet configuration, and\ntechnical logs.\n\n4. Cookies and Similar Technologies\n\nWe may use cookies, local storage, session storage, scripts, and similar\ntechnologies for:\n\nstrictly necessary functions, such as authentication, session continuity,\nsecurity, fraud prevention, and service operation;\n\nsecurity and anti-abuse controls, such as Turnstile challenges, signed\nverification sessions, rate limiting, and bot protection;\n\nfunctional preferences, such as language, theme, and privacy preference\nsettings;\n\nanalytics or marketing features where enabled, permitted by applicable law,\nand subject to any consent or preference choices that apply.\n\nYou may be able to control cookies through your browser, device settings, or\nin-product privacy preference controls. Some features may not work correctly if\ncookies or similar technologies are disabled.\n\n5. Service Providers and Third Parties\n\nWe may disclose information to vendors, service providers, infrastructure\nproviders, professional advisers, financial or compliance partners, and other\nthird parties that help us provide, secure, analyze, market, support, or improve\nthe Services.\n\nThese may include:\n\nCloudflare for hosting, Workers, Pages, D1, KV, R2, Queues, CDN, WAF, security,\nTurnstile, bot management, logging, and infrastructure operations;\n\nResend and email delivery providers for service emails, transactional emails,\naccount notices, order-related emails, and operational communications;\n\nGitHub for OAuth login, content versioning, legal and documentation sync,\nwebhooks, source management, and operational workflows;\n\nGoogle for OAuth login and account authentication;\n\nAlchemy for RPC services, webhook services, node infrastructure, chain data,\nevent monitoring, and payment detection;\n\nAnkr for RPC services and chain data;\n\nHelius for Solana RPC services, chain data, account data, and monitoring;\n\nTronGrid and TronScan for Tron RPC, explorer, transaction, wallet, contract,\nand chain data services;\n\nblockchain networks, RPC providers, indexers, node operators, explorers, and\ninfrastructure providers for supported or future networks;\n\nanalytics, measurement, marketing, attribution, and business development\nproviders where engaged;\n\ncompliance, fraud prevention, AML/KYT, sanctions screening, abuse prevention,\nsecurity, and risk service providers where engaged;\n\nhosting, storage, monitoring, logging, database, queue, developer, and\noperational service providers;\n\nlawyers, accountants, auditors, insurers, banks, payment partners, and other\nprofessional or business advisers.\n\nWe may also send checkout, payment, refund, settlement, webhook, and event data\nto merchant-configured endpoints or integrations. Merchants are responsible for\ntheir own systems, endpoints, privacy practices, and customer communications.\n\n6. Third-Party Wallets and Merchant Tools\n\nIf you or your customers use a third-party wallet, browser extension, exchange\nwallet, blockchain explorer, RPC endpoint, or similar tool, that provider may\ncollect information directly under its own privacy policy and terms.\n\nStafiel may receive wallet addresses, signatures, transaction hashes, chain or\nnetwork identifiers, token information, wallet connection metadata, and related\npayment status data needed to provide the Services. Stafiel does not control the\nprivacy or security practices of third-party wallet providers, exchanges,\nbrowser extensions, or other external tools.\n\n7. Legal, Compliance, and Safety Disclosures\n\nWe may disclose information if we believe disclosure is appropriate to:\n\ncomply with law, legal process, sanctions, tax, accounting, regulatory,\nsupervisory, audit, or reporting obligations;\n\nrespond to lawful requests from courts, regulators, law enforcement, government\nauthorities, or other authorized third parties;\n\nenforce our terms, policies, agreements, and service limits;\n\ndetect, prevent, investigate, or respond to fraud, abuse, security incidents,\nmoney laundering, sanctions risk, prohibited activity, or other harmful\nactivity;\n\nprotect the rights, property, safety, service integrity, or legitimate\ninterests of Stafiel, merchants, customers, service providers, partners, or\nothers;\n\nsupport a merger, acquisition, financing, restructuring, sale of assets,\nbankruptcy, corporate transaction, or similar business event.\n\n8. Automated Decisions and Service Limits\n\nStafiel may use automated or rule-based controls to protect the Services,\nincluding blocklists, restricted region controls, wallet or transaction risk\nrules, rate limits, abuse detection, security checks, and compliance controls.\nThese controls may block, reject, delay, suspend, limit, or flag accounts,\ncheckout sessions, merchant configurations, wallet addresses, return URLs,\ntransactions, or other activity for review.\n\nWhere required by applicable law, you have the right to request human review,\nexpress your point of view, and contest a decision or limitation that\nsignificantly affects you. Stafiel may keep applying controls where needed for\nsecurity, legal, sanctions, fraud, abuse, service integrity, or risk reasons.\n\n9. International Processing\n\nStafiel and its service providers may process information in multiple countries\nand regions. Privacy, data protection, government access, and other laws may\ndiffer from those in your location. By using the Services, you understand that\ninformation may be processed, stored, transferred, or accessed internationally\nwhere permitted by applicable law.\n\n10. Data Retention\n\nWe retain information for as long as reasonably needed for the purposes described\nin this Privacy Policy, including service operation, security, fraud prevention,\nAML/KYT monitoring, sanctions compliance, legal compliance, tax, accounting,\naudit, dispute resolution, contract enforcement, backup retention, business\nrecords, product improvement, and legitimate business purposes.\n\nRetention periods may vary depending on the type of information, the service\ncontext, legal requirements, risk considerations, merchant instructions, and\noperational needs. Blockchain data may be public, permanent, and outside\nStafiel's ability to delete or modify. Audit logs, security records, transaction\nrecords, AML/KYT records, sanctions records, tax records, accounting records,\ndispute records, legal hold records, and compliance-related information may be\nretained for longer periods where appropriate or required.\n\n11. Security\n\nWe use technical, administrative, and organizational measures designed to protect\ninformation. No system, network, blockchain, wallet, or transmission method is\nfully secure. You are responsible for securing your accounts, credentials,\ndevices, wallets, private keys, seed phrases, API keys, webhook secrets, and\nmerchant systems.\n\nIf you believe your account, wallet, credentials, or integration has been\ncompromised, contact us promptly and take steps to secure your systems.\n\n12. Your Choices and Rights\n\nDepending on your location and applicable law, you may have rights to request\naccess, correction, deletion, portability, restriction, objection, consent\nwithdrawal, or review of certain decisions regarding personal information.\n\nWe may deny, limit, delay, or condition requests where permitted by law, including\nwhere information is needed for compliance, security, fraud prevention, AML/KYT\nmonitoring, sanctions screening, tax, accounting, audit, dispute resolution,\ncontract enforcement, service integrity, backup retention, legal claims, or\nprotection of rights and safety.\n\nIf Stafiel processes information on behalf of a merchant, we may direct customer\nrequests to that merchant and may reasonably assist the merchant in responding\nwhere required by applicable law or a written agreement. Blockchain data may be\npublic, permanent, and outside Stafiel's ability to delete or modify.\n\nTo exercise the rights described above, please contact us at\nprivacy@stafiel.com , or use any data subject request mechanism Stafiel may make\navailable. Stafiel may verify your identity and the scope of your request before\nresponding.\n\nYou may opt out of certain marketing communications by using the unsubscribe\nmechanism in those communications or by contacting us. We may still send service,\nsecurity, legal, transactional, and operational messages.\n\n13. Children\n\nThe Services are not intended for children or for individuals under 18. We do not\nknowingly collect personal information from children. If you believe a child has\nprovided information to us, contact us so we can review the request.\n\n14. Merchant Responsibilities\n\nMerchants are responsible for providing legally required notices to their\ncustomers, obtaining required consents, responding to customer privacy requests,\nand ensuring that merchant-provided order data, customer data, webhook endpoints,\nreturn URLs, and integrations comply with applicable law.\n\nMerchants should not submit customer information to Stafiel unless they have the\nright to do so and the information is appropriate for the payment, checkout,\nsupport, compliance, or operational purpose.\n\n15. Changes to This Privacy Policy\n\nWe may update this Privacy Policy from time to time. Updates may be posted on the\nwebsite, shown in the dashboard, or communicated by other reasonable means where\nrequired by applicable law. Continued use of the Services after an update becomes\neffective means the updated Privacy Policy applies to your use of the Services.\n\n16. Contact\n\nQuestions about this Privacy Policy may be sent to privacy@stafiel.com .\n\nThe English language version of this Privacy Policy controls. Translations, if\nprovided, are for convenience only."}}