Sentral

Privacy Policy

Last updated: March 29, 2026

Effective Date: March 29, 2026

1. INTRODUCTION AND SCOPE

1.1 Our Commitment to Privacy. Sentral Inc. ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Sentral mobile application, website at sentral.cash, and related services (collectively, the "Services").

1.2 Acceptance. By accessing or using the Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our policies and practices, you must not access or use the Services.

1.3 Changes to This Policy. We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our Services and updating the "Last Updated" date. Your continued use of the Services following the posting of changes constitutes your acceptance of such changes.

1.4 Incorporation by Reference. This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined in this Privacy Policy shall have the meanings given to them in the Terms of Service.

Core Privacy Principles

  • Self-Custody: We never have access to your private keys or Digital Assets.
  • Data Minimization: We collect only the minimum data necessary to operate the Services.
  • No Identity Verification: We do not require KYC (Know Your Customer) or identity documents.
  • Transparency: All blockchain transactions are public and immutable by design.
  • User Control: You can export your wallet and stop using our Services at any time.

2. INFORMATION WE COLLECT

2.1 Information You Provide

2.1.1 Account Information. When you create a Wallet using the Services, we generate cryptographic key pairs locally on your device. We do NOT have access to your private keys. You may optionally provide:

  • Email address (for account recovery or notifications, if you opt in)
  • Username or display name (optional)

2.1.2 Communications. If you contact us for support or provide feedback, we collect:

  • Your email address
  • The content of your communications
  • Any information you choose to provide

2.2 Information Collected Automatically

2.2.1 Device Information. When you access the Services, we automatically collect:

  • Device Identifiers: Device type, operating system version, unique device identifiers
  • Mobile Network Information: Mobile carrier, network type, connection quality
  • App Version: Version of the Sentral app you are using
  • Time Zone and Locale: Your device's time zone and language settings

2.2.2 Usage Data. We collect information about how you interact with the Services:

  • Features accessed and frequency of use
  • Time spent in the app
  • Navigation patterns and user flows
  • Error logs and crash reports
  • Performance metrics

2.2.3 Location Information. We may collect:

  • Approximate Location: Based on IP address or mobile network data (city/country level)
  • Precise Location: Only if you grant location permissions (you can revoke this at any time)

2.2.4 Cookies and Similar Technologies. We use cookies, local storage, and similar technologies to:

  • Remember your preferences and settings
  • Analyze usage patterns and improve the Services
  • Provide security features and fraud detection
  • Enable certain features of the Services

2.3 Blockchain Data

2.3.1 Public Blockchain Information. All transactions executed through the Services are recorded on public blockchains. This information includes:

  • Your wallet addresses (public keys)
  • Transaction histories
  • Digital Asset balances
  • Smart Contract interactions
  • Timestamps of transactions

IMPORTANT: Blockchain transactions are permanent, public, and immutable. Anyone can view your transaction history associated with your wallet address. We have no control over blockchain data and cannot delete, modify, or hide this information.

2.4 Information We Do NOT Collect

As a self-custody platform committed to user privacy, we explicitly DO NOT collect:

  • Private Keys or Seed Phrases: These are generated and stored only on your device
  • Government-Issued IDs: No passports, driver's licenses, or national ID cards
  • Social Security Numbers or Tax IDs
  • Banking or Credit Card Information: Fiat on/off-ramps are handled by third-party payment processors
  • Biometric Data: Fingerprints, facial recognition data, etc.
  • Employment Details: Employer name, salary, employment status
  • Personal Identification Numbers (PINs) or Passwords: These are stored locally on your device only

2.5 Public Financial Information on Blockchain

While we do NOT collect traditional detailed financial information (employment, salary, etc.), certain financial data is inherently public and visible on blockchain networks:

2.5.1 Wallet Balances and Net Worth. Your Digital Asset holdings and net worth are publicly visible to anyone who knows your wallet address. Blockchain explorers and analytics tools can calculate and display your total holdings in real-time.

2.5.2 Transaction History and Revenue. All incoming and outgoing transactions are public, allowing anyone to infer your income, spending patterns, and financial activities. This information is permanent and immutable.

2.5.3 Smart Contract Interactions. Your interactions with DeFi protocols, including loans, trades, liquidity provision, and yields earned, are publicly visible.

IMPORTANT: This public financial data exists on the blockchain itself, not in our systems. We do not collect, store, or control this information—it is inherent to how blockchain technology operates. Anyone, including governments, researchers, and analytics firms, can access this data without our involvement or permission.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses. We use the information we collect to:

  • Provide and Operate the Services: Enable you to create a Wallet, interact with blockchain protocols, and access features
  • Process Transactions: Facilitate your interactions with decentralized protocols and Smart Contracts
  • Improve User Experience: Analyze usage patterns to enhance features, fix bugs, and optimize performance
  • Customer Support: Respond to your inquiries, troubleshoot issues, and provide technical assistance
  • Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activities
  • Compliance: Comply with applicable legal obligations, including sanctions screening
  • Communications: Send important updates about the Services, security alerts, and policy changes
  • Analytics: Understand how users interact with the Services to make data-driven improvements

3.2 Legal Bases for Processing (GDPR). If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Services you requested
  • Legitimate Interests: For fraud prevention, security, improving Services, and analytics
  • Legal Obligation: To comply with laws, regulations, and legal processes
  • Consent: Where you have provided explicit consent (which you can withdraw at any time)

3.3 Automated Decision-Making. We may use automated systems to:

  • Screen for sanctioned individuals or entities
  • Detect suspicious or fraudulent activity
  • Provide personalized content and features

You have the right to object to automated decision-making that has legal or similarly significant effects on you.

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do Not Sell Your Personal Information. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers. We may share information with third-party service providers who perform services on our behalf, including:

  • Cloud Infrastructure Providers: AWS, Google Cloud, or similar (for hosting and storage)
  • Analytics Providers: To understand usage patterns and improve the Services
  • Crash Reporting Services: To identify and fix technical issues
  • Communication Tools: Email service providers for support communications

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Blockchain Networks. When you execute transactions, your wallet address and transaction details are broadcast to public blockchain networks. This information is visible to:

  • Anyone viewing the blockchain
  • Block explorers and analytics services
  • Other users and Smart Contracts

4.4 Third-Party Protocols. The Services enable you to interact with third-party protocols such as Hyperliquid. When you use these protocols:

  • Your wallet address and transaction data are shared with those protocols
  • Those protocols may have their own privacy policies
  • We are not responsible for how third parties handle your information

4.5 Legal Requirements and Safety. We may disclose your information if required to do so by law or if we believe such action is necessary to:

  • Comply with legal obligations, court orders, or governmental requests
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, or safety of the Company, our users, or others
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to claims that any content violates the rights of third parties

4.6 Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. You will be notified of any such change via email or prominent notice on our Services.

4.7 With Your Consent. We may share your information with third parties when you explicitly consent to such sharing.

5. DATA RETENTION

5.1 Retention Periods. We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.2 Specific Retention Policies:

  • Account Data: Retained while your Wallet is active
  • Device and Usage Data: Typically retained for 90 days to 2 years for analytics and security purposes
  • Support Communications: Retained for up to 3 years to maintain service quality and resolve disputes
  • Legal Compliance Data: Retained as required by applicable laws (typically 5-7 years)
  • Blockchain Data: Permanent and immutable; cannot be deleted by us or anyone

5.3 Deletion. When personal information is no longer needed, we will securely delete or anonymize it. However, we may retain certain information if required for legal, regulatory, dispute resolution, or security purposes.

6. DATA SECURITY

6.1 Security Measures. We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted using AES-256
  • Access Controls: Strict access controls and authentication requirements for our systems
  • Security Audits: Regular security assessments and penetration testing
  • Monitoring: Continuous monitoring for suspicious activity and security threats
  • Incident Response: Protocols for detecting and responding to security breaches

6.2 Your Responsibility. However, as a self-custody platform:

  • YOU are solely responsible for securing your private keys and seed phrase
  • We cannot recover your private keys if you lose them
  • We cannot reverse transactions or restore lost funds
  • You should use device security features (passcodes, biometrics, etc.)
  • You should never share your private keys with anyone, including us

6.3 No Absolute Security. While we strive to protect your information, no system is completely secure. We cannot guarantee absolute security, and you use the Services at your own risk.

6.4 Breach Notification. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

7. YOUR PRIVACY RIGHTS

7.1 General Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Restriction: Request restriction of processing under certain circumstances
  • Objection: Object to processing of your personal information for certain purposes
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time

7.2 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to lodge a complaint with your local data protection authority
  • Right to object to automated decision-making
  • Right to data portability
  • Right to be forgotten (with certain exceptions)

7.3 CCPA/CPRA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so this right is not applicable
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: If applicable

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at sumfxn@gmail.com. We will respond to your request within the timeframe required by applicable law (typically 30 days).

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

7.5 Limitations

Certain rights may be limited by applicable law. For example:

  • We cannot delete information required for legal compliance or dispute resolution
  • We cannot delete blockchain data (as it is immutable and beyond our control)
  • We may deny requests that are manifestly unfounded, excessive, or repetitive

8. INTERNATIONAL DATA TRANSFERS

8.1 Global Operations. The Services are operated from the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate.

8.2 Data Protection Standards. We ensure that international data transfers comply with applicable laws, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Other appropriate safeguards recognized under applicable law

8.3 Your Consent. By using the Services, you consent to the transfer of your information to the United States and other countries that may have different data protection laws than your country of residence.

9. CHILDREN'S PRIVACY

9.1 Age Restriction. The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

9.2 Parental Notice. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at sumfxn@gmail.com. We will take steps to delete such information from our systems.

9.3 Age Verification. We may implement age verification mechanisms to ensure compliance with this policy.

10. THIRD-PARTY LINKS AND SERVICES

10.1 Third-Party Websites. The Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10.2 Third-Party Protocols. When you interact with third-party protocols (such as Hyperliquid) through the Services:

  • Those protocols may collect information about you independently
  • Their privacy policies govern their collection and use of your information
  • We are not responsible for their privacy practices

10.3 Payment Processors. If you use fiat on/off-ramp features, payment is processed by third-party providers (such as Stripe, MoonPay, or others). We do not collect or store your payment card information. The payment processor's privacy policy governs the collection and use of your payment information.

11. DO NOT TRACK SIGNALS

Some web browsers transmit "do not track" (DNT) signals. The Services do not currently respond to DNT signals because there is no industry-wide standard for how to interpret and respond to such signals.

12. UPDATES TO THIS PRIVACY POLICY

12.1 Changes. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.2 Notice of Material Changes. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website and in the App
  • Updating the "Last Updated" date at the top of this Privacy Policy
  • Sending you an email notification (if you have provided your email address)
  • Displaying a prominent notice in the App

12.3 Your Continued Use. Your continued use of the Services after we post changes constitutes your acceptance of the updated Privacy Policy.

12.4 Review Regularly. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.