Privacy Policy

Account: email, phone (if $300+), government ID (if $1,000+). KYC documents are handled by our identity partner and never stored on our servers in raw form.

Transactions: wallet addresses, transaction hashes, denomination, timestamps, and device fingerprint for fraud prevention.

Customization: recipient name, message, theme. These are stored to render the gift page.

To fulfill the gift card — issue the token, route USDT, deliver physical cards.

To comply with AML/KYC laws in our operating jurisdictions.

To prevent fraud, abuse, and referral manipulation.

We use essential cookies (session, CSRF) and analytics cookies (Plausible, self-hosted). A referral tracking cookie stores your referrer code for 90 days.

We do not serve third-party ad cookies.

You may request a copy of your data, correction of inaccuracies, or deletion of your account. Some records (transactions, KYC logs) must be retained for 5 years under Singapore MAS requirements.

Email privacy@tonpass.io to exercise your rights. We respond within 30 days.

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). KYC documents are encrypted per-user and accessible only to compliance staff.

We will notify you within 72 hours of confirming any breach that affects your personal data.