Privacy Policy

Last updated: 15 June 2026

1. Introduction

Kash ("we", "us") operates the website kash.cards, the Kash app, and the Kash virtual card. This Privacy Policy explains how we collect, use, disclose, and protect your personal information, in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Service you agree to the handling of your information as described here.

2. Information we collect

Identity & verification (KYC)

Full name, date of birth, residential address, government identification (such as passport or driver licence), and a selfie/liveness check. We are legally required to collect and verify this to meet AML/CTF obligations.

Account & contact

Email address, phone number, password (stored hashed), and account preferences.

Transaction & financial

Top-up records, your USDT wallet/transfer details, card transactions, balances, fees, and conversion records.

Technical & usage

Device and browser information, IP address, app interactions, and cookies or similar technologies.

3. How we collect it

We collect information directly from you (when you register, verify, top up, or contact us), automatically (when you use the Service), and from third parties such as identity-verification providers, our card-issuing partner, fraud-prevention services, and blockchain data where relevant.

4. How we use it

• To create and operate your account and provide the Service.
• To verify your identity and meet AML/CTF, sanctions, and other legal obligations.
• To process top-ups, conversions, card transactions, and fees.
• To detect, prevent, and investigate fraud and security incidents.
• To provide support and respond to your requests.
• To improve the Service and, where permitted, send you relevant communications.

5. When we share it

We share personal information only as needed to run the Service and meet our obligations, including with:

• Our card-issuing partner, card schemes, and payment processors to issue cards and settle transactions.
• Identity-verification, fraud-prevention, and cloud/IT service providers.
• Regulators and law-enforcement (including AUSTRAC) where required or authorised by law.
• Professional advisers, and parties to a business transfer (for example, a sale of the business), under appropriate confidentiality.

We do not sell your personal information.

6. Overseas disclosure

Some of our service providers may store or process information outside Australia. Where this happens, we take reasonable steps to ensure your information is handled consistently with the APPs and is protected by appropriate safeguards.

7. How we protect it

We use technical and organisational measures including encryption in transit and at rest, access controls, monitoring, and staff confidentiality obligations. No system is perfectly secure, but we work to protect your information and to notify you and the regulator of an eligible data breach as required by law.

8. How long we keep it

We keep personal information for as long as needed to provide the Service and to meet legal obligations. AML/CTF law generally requires us to retain identity and transaction records for at least seven years after your account closes. We then delete or de-identify information we no longer need.

9. Your rights

You may ask to access or correct the personal information we hold about you. We will respond within a reasonable time and may need to verify your identity first. Some information must be retained for legal reasons and cannot be deleted on request. To make a request, contact us using the details below.

10. Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand usage. You can control cookies through your browser settings; disabling some may affect functionality.

11. Marketing

With your consent or as otherwise permitted, we may send you product updates and offers. You can opt out at any time using the unsubscribe link or by contacting us. We will still send essential service and security messages.

12. Complaints

If you have a privacy concern, contact us first and we will try to resolve it. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Changes

We may update this Policy from time to time. We will post the updated version with a new "last updated" date and, where the change is material, take reasonable steps to notify you.

14. Contact

For privacy questions or requests, contact our privacy team at privacy@kash.cards. See also our Terms of Service.