Access, Made Native.
About This Notice
1. Introduction
ONCHAIN Labs Inc., a Texas corporation (“ONCHAIN,” “we,” “our,” or “us”), provides this Privacy Policy to explain how we collect, use, share, and protect personal information about you when you access or use our software orchestration platform, including the Universal Access Standard (UAS) gateway available at buy.uas.link, our marketplace at onchain.page, and any related websites, services, applications, browser extensions, or APIs we offer (collectively, the “Service”).
This Privacy Policy applies to information we process about visitors, users, business contacts, and any other individuals who interact with the Service. It does not apply to information processed by our third-party service providers under their own privacy policies, including but not limited to MoonPay (the licensed fiat payment provider), Privy (authentication and embedded wallet provider), Relay Protocol (decentralized routing protocol), and any other independent service providers we integrate with to deliver the Service.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
2. Who We Are
ONCHAIN Labs Inc. is incorporated in the State of Texas, United States. Our registered office address is the address of our registered agent, Northwest Registered Agent, LLC. For privacy-related correspondence, please contact us at privacy@uas.link.
ONCHAIN operates as a software orchestration platform. We do not custody user funds, do not hold cryptocurrency or fiat balances on behalf of users, do not perform Know-Your-Customer (KYC) or Anti-Money-Laundering (AML) verification, and do not execute trades or transactions ourselves. Licensed payment processing, KYC verification, and on-chain execution are performed by independent third-party service providers under their own regulatory authorizations.
3. Information We Collect
3.1 Information you provide to us
- Account information: when you authenticate via our authentication provider (currently Privy), we receive your email address, social login identifier (if applicable), and a wallet address associated with your authenticated account.
- Transaction information: when you initiate a purchase through the Service, we receive the spend amount, the requested asset, the destination blockchain, the recipient wallet address you designate, and the resulting transaction reference identifiers from our payment and routing providers.
- Communications: if you contact us by email, support form, or other channels, we receive the content of your communication and any associated identifying information you provide.
- Optional information: if you participate in surveys, beta programs, marketing communications, or community channels, we may receive additional information you voluntarily provide.
3.2 Information collected automatically
- Device and usage data: we collect technical information about the device and browser you use to access the Service, including IP address, browser type and version, operating system, device identifiers, referring and exit pages, pages viewed, time spent on pages, and similar usage metadata.
- Cookies and similar technologies: we use cookies, web beacons, local storage, and similar technologies to operate the Service, maintain session state, remember preferences, and measure usage. See Section 11 below for more detail.
- Geolocation information: we determine your approximate location based on your IP address for purposes of geographic eligibility determination, regulatory compliance, and analytics.
3.3 Information from third parties
- From our payment provider (MoonPay or similar licensed on-ramp): we may receive transaction status, payment confirmation, refund status, and aggregated KYC verification status (but not the underlying KYC documents themselves, which are held by the payment provider).
- From our routing provider (Relay Protocol): we receive on-chain transaction status, deposit address activity, and swap execution results associated with your transactions.
- From our clearance provider (Naos/Serialized, GoPlus): we receive token security screening results for tokens that pass through our clearance protocol.From our authentication provider (Privy): we receive authentication tokens, wallet association data, and verification status associated with your account.
- From analytics providers: we receive aggregated and individual usage data from third-party analytics services we use to understand how the Service is used.
4. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain the Service, including processing your transaction instructions and coordinating with our third-party service providers to execute them on your behalf.
- To authenticate your identity for access to the Service via Privy.
- To determine your eligibility to access the Service based on your geographic location and applicable legal and regulatory restrictions, including the screening of users in or from sanctioned jurisdictions identified by the U.S. Office of Foreign Assets Control (OFAC) and other applicable sanctions programs.
- To run the Token Clearance Protocol on tokens you request to purchase on Path 2 (DEX-routed tokens), to screen for known token-design risks before any transaction is initiated.To communicate with you about transactions, support requests, security notices, and material changes to the Service or this Privacy Policy.T
- o measure, analyze, and improve the Service, including understanding how users interact with the Service and identifying technical issues.
- To detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms of Service.
- To comply with our legal obligations, including responding to lawful requests from regulatory authorities and enforcing our legal rights.
- For other purposes for which we obtain your consent, where required by applicable law.
5. Legal Bases for Processing (EU/UK/EEA Users)
If you are located in the European Union, the United Kingdom, or the European Economic Area, we rely on the following legal bases to process your personal information under the General Data Protection Regulation (GDPR) and the UK GDPR:
- Performance of a contract: we process information necessary to provide the Service you have requested.
- Legitimate interests: we process information for our legitimate interests in operating, securing, improving, and growing the Service, where those interests are not overridden by your rights and freedoms.
- Legal obligation: we process information where required to comply with applicable law, including financial-services regulations, sanctions law, and lawful regulatory requests.
- Consent: where we rely on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
6. How We Share Your Information
We share information only with the following categories of recipients, and only as necessary for the purposes described in this Policy:
6.1 Service providers
We share information with the third-party service providers we use to operate the Service. These currently include:
- MoonPay (or its corporate affiliates), our licensed fiat payment provider, which performs KYC, AML screening, payment processing, foreign exchange conversion, and stablecoin or asset delivery under its own licenses.
- MoonPay processes information about you under its own privacy policy.Privy (Privy Inc.), our authentication and embedded wallet infrastructure provider.
- Relay Protocol, the decentralized on-chain routing protocol used to execute swaps for tokens not natively delivered by our payment provider.
- Relay is a smart-contract-based protocol; transactions routed through Relay are visible on the relevant public blockchain.
- Token clearance providers (Naos/Serialized and GoPlus Security), which provide automated security analysis of on-chain tokens.
- WalletConnect and similar wallet-nomination services that facilitate your designation of a recipient wallet address.
- Hosting, infrastructure, and analytics providers that support the Service.
6.2 Legal obligations
We may share information when required to do so by law, including in response to subpoenas, court orders, or other lawful requests from government authorities; to comply with applicable financial-services regulations and sanctions law; to enforce our Terms of Service or this Privacy Policy; or to protect the rights, safety, or property of ONCHAIN, our users, or others.
6.3 Business transfers
If ONCHAIN is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction, information about you may be transferred as part of that transaction. We will notify you of any such transfer if required by applicable law.
6.4 With your consent
We may share information for other purposes with your consent.
6.5 Public blockchain disclosure
Transactions executed via Relay Protocol are recorded on public blockchains. The recipient wallet addresses you designate, the source addresses funds originate from, transaction amounts, and timestamps are publicly visible on the relevant blockchain and may be associated with you by third parties using on-chain analytics. ONCHAIN does not control blockchain visibility and cannot delete or modify information recorded on a public blockchain.
7. International Data Transfers
ONCHAIN is based in the United States. Our third-party service providers operate in multiple jurisdictions, including the United States, the United Kingdom, the European Union, and other countries. By using the Service, you understand that your information may be transferred to and processed in countries other than the country in which you reside, and that the data protection laws in those countries may differ from those in your country of residence.Where required by applicable law, we put in place appropriate safeguards for cross-border data transfers, including by entering into Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office, or relying on other lawful transfer mechanisms.
8. Data Retention
We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of information, including:
- Account information: retained for the lifetime of your account plus a reasonable period thereafter for legal and operational purposes.
- Transaction records: retained for at least seven (7) years from the date of the transaction to comply with applicable financial-services record-keeping requirements.
- Support communications: retained for a reasonable period after the matter is resolved.
- Aggregated and anonymized data: retained indefinitely for analytical purposes.
9. Your Privacy Rights
9.1 Rights under the GDPR and UK GDPR
If you are located in the European Union, United Kingdom, or European Economic Area, you have the following rights with respect to your personal information:
- The right to access the personal information we hold about you.
- The right to request correction of inaccurate or incomplete information.
- The right to request deletion of your personal information, subject to applicable legal exceptions.
- The right to request restriction of processing in certain circumstances.
- The right to data portability — to receive your information in a structured, commonly used, machine-readable format.
- The right to object to processing based on legitimate interests.
- The right to withdraw consent where processing is based on consent.
- The right to lodge a complaint with your local data protection authority.
9.2 Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you have the following rights with respect to your personal information under the CCPA:
- The right to know what categories of personal information we have collected about you, the sources of that information, the purposes for which we collect it, and the categories of third parties with whom we share it.
- The right to request access to the specific personal information we have collected about you.
- The right to request deletion of personal information, subject to applicable legal exceptions.
- The right to opt out of the sale or sharing of personal information. ONCHAIN does not sell personal information.
- The right to non-discrimination for exercising your CCPA rights.
9.3 How to exercise your rights
To exercise any of these rights, please contact us at privacy@uas.link. We may need to verify your identity before fulfilling your request. We will respond to your request within the timeframe required by applicable law.
10. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. These include encryption in transit, access controls, vendor security review, and incident response procedures. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Cookies and Similar Technologies
We use cookies and similar technologies on the Service for the following purposes:
- Strictly necessary cookies: required to operate the Service, maintain session state, and provide core functionality.
- Functional cookies: remember your preferences and settings.
- Analytics cookies: help us measure and improve how the Service is used.
- Performance cookies: help us identify and fix technical issues.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.
12. Children's Privacy
The Service is not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us at privacy@uas.link and we will take appropriate action.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will update the Effective Date at the top of this Policy and provide additional notice as required by applicable law, such as by email or by prominent notice on the Service.Your continued use of the Service after the changes become effective constitutes your acceptance of the updated Privacy Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
ONCHAIN Labs Inc.
Privacy Inquiries: privacy@uas.link
General Legal: legal@uas.link
Mailing Address: c/o Northwest Registered Agent, LLC — Texas registered agent address on file with the Texas Secretary of State.
If you have any questions, please reach out to us.