Account data: Email address, hashed password, 2FA settings.
On-chain data: Public wallet address, transaction hashes. On-chain data is public by nature of blockchain technology.
Usage data: App interaction logs for security purposes (IP hash, device fingerprint, session duration).
We do NOT collect: Private keys, seed phrases, personal financial information beyond what you voluntarily provide.
Account data is retained while your account is active and for 5 years after deletion for legal compliance. On-chain data is permanent by nature of blockchain technology.
Request a copy of all personal data we hold about you
Correct inaccurate personal data in your account
Delete your off-chain account data (on-chain data cannot be deleted)
Download your account data in machine-readable format
Opt out of analytics and marketing communications
Withdraw consent for non-essential data processing at any time
Email privacy@cashmereum.com to exercise any of the above rights. We respond within 30 days. For GDPR erasure requests, we will delete all off-chain data. On-chain data is permanent and cannot be erased — this is disclosed at registration.
Essential cookies (cannot be disabled): Authentication session, CSRF protection.
Analytics cookies (optional): Pseudonymised usage analytics to improve the app.
We use AES-256-GCM encryption, TLS 1.3, and quantum-resistant cryptography for all data at rest and in transit. An independent third-party security audit is planned ahead of mainnet; none has been completed yet. See our Security page for details.
Data Protection Officer: dpo@cashmereum.com