Privacy Policy
Last updated July 2026
Your privacy matters. This Policy explains what information OS handles when you use our app and website, why, the legal bases we rely on, and the rights and choices you have wherever you live. In short: we collect as little as possible, we never sell your data, and we hold no keys to your funds. The Service is for adults aged 18 and over.
Who we are
OS provides the OS app and website and is the controller of the limited personal data described here. For any privacy question or to exercise your rights, contact support@useos.xyz.
What we collect
Account and sign-in: your email. Profile you choose to add: display name, peertag, optional phone number, location, language, and an optional photo. Discoverability: your setting for whether others can find you by number, email, or peertag. Contacts: contacts you save or import from your device (with permission) so you can pay them. External wallets: the public address of any external wallet (such as Phantom, Solflare, Backpack, or MetaMask) you choose to connect to your account — we never receive its keys. Activity: a cache of your on-chain transactions and any short notes you add to payments. Technical: device and push-notification tokens, and basic usage and cookie/local-storage data needed to run and secure the app.
What we never have
OS is non-custodial. We do not hold, store, or have access to your private keys, recovery, or funds; we cannot move your money; and we cannot see anything that is not already public on the blockchain.
How and why we use it (legal bases)
We use your information to: provide the Service and your account (performance of a contract); keep the app and users safe, prevent fraud, and improve the Service (our legitimate interests); send notifications and use optional cookies (your consent, which you can withdraw); and meet legal and regulatory obligations (legal obligation). Where we rely on consent, you can withdraw it at any time.
Partners and processors
We use trusted providers to run OS, including embedded-wallet infrastructure, cloud hosting and database, and push delivery, and — for regulated features — on/off-ramp and card partners. These act as our processors or, for the licensed services they provide directly to you (such as buying crypto, card issuing, and any KYC/AML checks), as independent controllers under their own privacy policies. We share only what is needed for these services, and we never sell your data or share it for third-party advertising.
International transfers
We and our providers may process data in countries outside your own, including the UK, the EU/EEA, and the United States. Where we transfer personal data internationally, we use appropriate safeguards such as the UK/EU Standard Contractual Clauses or an equivalent lawful transfer mechanism.
Retention
We keep account information while your account is open and for as long as needed for the purposes above or to meet legal obligations, then delete or anonymise it. You can ask us to delete your account at any time; because your funds live in your own wallet, you keep them after your OS account is closed.
Security
We use technical and organisational measures to protect your information. No system is perfectly secure, and you remain responsible for safeguarding your own device, sign-in, and any exported keys.
Your rights — UK & EU (GDPR)
If you are in the UK or EU/EEA, you have the right to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. You can also complain to your data-protection authority (in the UK, the ICO). We do not use solely automated decision-making that produces legal effects about you.
Your rights — California & the US
If you are a California resident, you have the right to know, access, correct, and delete your personal information, and to opt out of its “sale” or “sharing” — which we do not do — without discrimination for exercising your rights. Residents of other US states with privacy laws have similar rights. To exercise them, contact us using the details below.
Your rights — other regions
Wherever you live — including across Asia, Latin America, and elsewhere — we honour the data-protection rights that apply to you under your local law. Contact us and we will help you exercise them.
Notifications
If you turn on push notifications, we store the technical token needed to deliver them. You can turn notifications off at any time in settings, which removes that subscription.
Cookies
We use essential cookies and local storage to run the app, and only use optional cookies if you allow them. See our Cookie Policy for details.
Pearl (AI assistant)
If you use Pearl, the messages you send — together with a minimal snapshot of your balances and holdings needed to answer questions about your account — are processed by our AI infrastructure provider to generate the reply, under our instructions. Conversations are kept on your device (cleared daily and on sign-out), are never used for advertising, and are never sold. Do not include sensitive personal data in your messages.
Children
OS is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has used OS, contact us and we will delete the information.
Changes and contact
We may update this Policy and will notify you of material changes in the app. For any privacy question or to exercise your rights, contact support@useos.xyz.
Company details
OS is operated by OS Market Labs, a company registered in United Kingdom. General enquiries: support@useos.xyz. Data-protection enquiries: privacy@useos.xyz.