This Privacy Policy describes how Alpha Collective, Inc., doing business as Stable Genius ("Stable Genius," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the Stable Genius payment processing software, hardware, websites, applications, and related services (collectively, the "Service"). It also describes the choices and rights available to you.
The Service includes the Stable Genius mobile application for iOS and Android, the merchant web dashboard at app.stablegenius.co, and associated hardware devices.
This Privacy Policy applies to:
Merchants — the businesses and individuals who create an account and use the Service to accept payments.
End Customers — the customers of Merchants who use the Service (for example, by scanning a QR code on a Terminal or within the Mobile Application) to pay a Merchant.
Visitors — people who visit our websites or marketing pages without creating an account.
By using the Service, you acknowledge that your information will be handled as described in this Privacy Policy. If you do not agree, do not use the Service.
This Privacy Policy is incorporated into and forms part of the Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in the Terms of Service.
The Service is currently offered only in the United States and its territories. We do not knowingly direct marketing to, or collect information from, persons located outside the United States. If you are outside the United States, please do not use the Service.
We collect information that you or your representatives provide directly, including:
Account and business information: business name, business type (individual sole proprietor or business entity), business category, business address, mailing address, country, annual revenue range, and (for individual sole proprietors) the business owner's name.
Contact information: email address, and any phone number or additional contact you provide.
Identity-related confirmations: authentication codes (such as one-time passcodes sent to your email) and a record of your acceptance of the Terms of Service (timestamp and IP address).
Wallet information: public wallet addresses associated with your Account, including the Merchant Wallet address and Payment Addresses assigned to you.
Communications: the content of messages you send to us (for example, support tickets, emails, or feedback).
When you interact with the Service, we automatically collect certain information, including:
Device and Terminal information: device identifiers, Terminal serial numbers, hardware model, operating system, firmware and application version, and device diagnostics (for example, connectivity status, failure logs).
Usage information: pages visited, features used, events (e.g., login, settlement, withdrawal initiated), timestamps, and referring URLs.
Network information: IP address (including approximate location derived from IP), browser type and language, and network connection type.
Camera access: if prompted during identity verification, camera data is used in-session by our identity verification partner and is not stored by Stable Genius.
Device sensors: motion data (such as accelerometer) is used for user interface features within the mobile application. This data is processed locally on your device and is not transmitted or stored.
Cookies and similar technologies: see Section 6.
We receive information about you from third parties, including:
Identity verification partner: confirmation of verification status, verification identifiers, and compliance flags. We do not directly collect or store government-issued identification documents, social security numbers, or equivalent identifiers. Those documents are collected and stored by our identity verification partner under its own privacy policy.
Wallet infrastructure provider: wallet creation confirmations, public wallet addresses, and, where applicable, a pseudonymous user identifier.
Off-ramp and banking partner: status of linked bank accounts (by reference identifier), withdrawal status, and compliance flags. We do not directly collect or store bank account numbers, routing numbers, or similar banking identifiers; those are collected and stored by the off-ramp and banking partner under its own privacy policy.
Commerce provider for hardware sales: order confirmations, shipping information, and order reference identifiers. Payment card information for hardware purchases is processed by the commerce provider; we do not receive full payment card details.
Analytics and infrastructure providers: aggregate and event-level information relating to use of the Service, security, and performance.
Publicly available sources: information from public records, government lists (for example, sanctions lists), and public blockchain networks.
Payments and related transactions are recorded on public Blockchain Networks. Blockchain data — including transaction hashes, sender and recipient addresses, amounts, timestamps, and smart-contract event logs — is publicly visible and permanent, and is not under our control once recorded. We read this data in the ordinary course of providing the Service, and we associate blockchain data with your Account when it involves addresses we have assigned to you or that you have provided.
Our collection of information about End Customers at the point of sale is limited. When an End Customer pays a Merchant using the Service, we collect and process the End Customer's public wallet address, the transaction hash, the amount, the timestamp, and related on-chain metadata, together with basic technical information about any payment page the End Customer loads (for example, IP address, device type, and browser type).
We do not ordinarily collect names, email addresses, phone numbers, or other personally identifying information from End Customers. If an End Customer voluntarily provides additional information (for example, to request an email receipt), we will handle that information as described in this Privacy Policy.
Stable Genius does not collect or store:
Private keys or wallet seed phrases;
Bank account numbers, routing numbers, or similar banking credentials (these are handled by the off-ramp and banking partner);
Government-issued identification documents, social security numbers, or equivalent (these are handled by the identity verification partner);
Full payment card information (this is handled by the commerce provider for hardware sales);
Biometric data (such as Face ID, Touch ID, or fingerprint data) — the application does not use biometric authentication;
Sensitive categories of personal information beyond what is described in this Privacy Policy.
We use information for the following purposes:
Providing the Service — creating and administering your Account, provisioning the Merchant Wallet, assigning and routing Payment Addresses, processing payments, calculating and deducting platform fees, and facilitating withdrawals.
Verifying identity and business information — coordinating identity verification and ongoing due diligence as required by our compliance program and Applicable Law.
Compliance and security — detecting, preventing, and responding to fraud, money laundering, sanctions violations, unauthorized access, and other harmful activity; screening against government watchlists; maintaining the records required by record-keeping obligations including those that may apply under the Bank Secrecy Act.
Support and communications — responding to inquiries, providing customer support, and sending you transactional and service-related communications (such as account notices, settlement notifications, and security alerts).
Product improvement — analyzing usage to understand how the Service is used, developing new features, troubleshooting, and improving security and performance.
Marketing — with your consent where required, sending you marketing communications about new features or services. You can opt out at any time (see Section 10.4).
Legal and regulatory obligations — complying with Applicable Law, responding to lawful requests from governmental and regulatory authorities, and enforcing our agreements.
Legal Bases (Where Applicable)
Our processing is generally based on one or more of: (a) performance of our contract with you; (b) compliance with legal obligations; (c) our legitimate interests in operating, securing, and improving the Service; and (d) where required by law, your consent.
We share information only as described below. We do not sell personal information for money, and we do not share personal information for cross-context behavioral advertising.
We share information with third-party service providers that help us operate the Service, including: wallet infrastructure providers, identity verification partners, off-ramp and banking partners, blockchain data and infrastructure providers, cloud hosting and database providers, commerce providers (for hardware sales), email and messaging providers, analytics providers, error-monitoring and security providers, and customer support tooling providers. These service providers may only use the information to perform services for us, subject to confidentiality and data-protection obligations.
We may disclose information when we reasonably believe it is necessary to: (a) comply with Applicable Law, legal process, or lawful requests from governmental or regulatory authorities (including subpoenas, court orders, and requests from law enforcement and tax authorities); (b) respond to sanctions, anti-money-laundering, or similar compliance obligations; (c) prevent, investigate, or address fraud, security issues, or illegal activity; (d) enforce our Terms of Service, including to collect amounts owed; or (e) protect the rights, property, or safety of Stable Genius, our Merchants, End Customers, employees, or others.
If Stable Genius is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be transferred to the counterparty as part of that transaction. We will notify you (for example, by email or by posting a notice on our Service) of any change in control or ownership of your information.
We may share information with other parties at your direction or with your consent.
We may share information that has been aggregated or de-identified so that it does not reasonably identify you. We will not attempt to re-identify such information and will require recipients to contractually agree not to re-identify it.
Information we write to a public Blockchain Network (for example, a payment settlement or withdrawal) becomes publicly visible and permanent as part of the nature of that network. We cannot redact, delete, or recall information once it is written on-chain.
We use cookies and similar technologies (such as pixels and local storage) on our websites and dashboards to operate the Service, remember your preferences, authenticate your session, measure usage, and improve performance. We use cookies that are:
Strictly necessary (for authentication, security, and session management);
Functional (to remember your preferences); and
Analytics (to understand how the Service is used).
We do not use cookies for cross-site behavioral advertising. You may set your browser to refuse or delete cookies, but some parts of the Service may not function properly without them.
Do Not Track. Because there is no commonly accepted standard for responding to "Do Not Track" signals, we do not currently respond to them. However, we do not use cookies for cross-context behavioral advertising, as described above.
Global Privacy Control (GPC). Where required by Applicable Law, we treat an opted-in GPC signal as a valid request to opt out of "sale" or "sharing" of personal information as those terms are defined under applicable state law.
We implement administrative, technical, and physical safeguards designed to protect information from loss, misuse, and unauthorized access. These measures include: encryption in transit and at rest for sensitive data; strong authentication; role-based access controls; network segmentation; logging and monitoring; and regular security reviews.
No security measure is perfect. The internet, blockchain networks, and any method of electronic storage carry inherent risks. You are responsible for protecting your Account credentials, your one-time passcodes, any exported private key, and the security of your devices. If you suspect your Account has been compromised, contact us immediately at security@stablegenius.co.
The Service is not intended for, and we do not knowingly collect information from, anyone under 18 years of age. If you believe a person under 18 has provided us with information, please contact us at privacy@stablegenius.co so we can delete it.
We retain information for as long as reasonably necessary to operate the Service and to comply with our legal obligations. Specifically:
Account, business, and compliance records — retained for the duration of your Account and for a minimum of five (5) years after Account closure, in line with record-keeping obligations that may apply under the Bank Secrecy Act and related regulations.
Transaction and financial records — retained for a minimum of five (5) years after the transaction, as above.
On-chain information — information recorded on a public Blockchain Network is permanent and cannot be deleted, regardless of Account status.
Operational data — device registrations, notification preferences, and cached settings are typically deleted upon Account deactivation, unless retention is required for a specific purpose described in this Privacy Policy.
Support communications — retained for up to 24 months after the relevant issue is resolved, unless a longer retention is required.
Marketing contacts — retained until you opt out or for a reasonable period thereafter.
After the applicable retention period expires, we will delete or de-identify the information. If deletion is not reasonably feasible (for example, because of backups or legal hold), we will isolate and protect the information until deletion is feasible.
Regardless of state of residence, you may:
Access and update your Account information through the Service's settings.
Request a copy of your data by contacting privacy@stablegenius.co.
Close your Account (subject to any applicable balance, withdrawal, and verification requirements described in the Terms of Service).
Opt out of marketing emails by following the unsubscribe instructions in any marketing email or by contacting us. You cannot opt out of transactional or service-related communications while your Account is active.
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") provides you with the following rights:
Right to Know — the categories and specific pieces of personal information we have collected about you; the categories of sources; the purposes for collecting, using, or sharing the information; and the categories of third parties with whom we have shared it.
Right to Delete — request deletion of personal information we have collected about you, subject to exceptions (including our obligation to retain records for five years).
Right to Correct — request correction of inaccurate personal information.
Right to Portability — receive a copy of your personal information in a portable and, where feasible, machine-readable format.
Right to Opt Out of "Sale" or "Sharing" — we do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under California law. No opt-out is required, but you may confirm this by contacting us.
Right to Limit Use of Sensitive Personal Information — we use sensitive personal information only as reasonably necessary to provide the Service and as permitted by law.
Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights.
Categories of information collected. Over the preceding 12 months, we have collected the following categories of personal information about California residents (as defined by the CCPA/CPRA): identifiers; customer records; commercial information; internet and network activity information; geolocation data (approximate, from IP); professional or employment-related information (business context); and inferences drawn from the foregoing. Sources of collection and purposes of processing are described in Sections 3 and 4. Categories of recipients are described in Section 5.
Categories of sensitive personal information. We do not collect sensitive personal information beyond what is necessary to provide the Service (for example, account access credentials and, by way of our identity verification partner, information needed to verify identity that is held by that partner).
How to exercise your rights. Send a request to privacy@stablegenius.co with "California Privacy Request" in the subject line. We will verify your request (which may require additional information to confirm your identity) and respond within the timeframes required by law, typically 45 days, with one 45-day extension if necessary and notified to you. Authorized agents may submit requests on your behalf with written authorization and verification of identity.
Notice of financial incentive. We do not offer financial incentives or price/service differences in exchange for personal information.
Residents of other states with comprehensive privacy laws (including, without limitation, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and any additional states whose laws come into effect from time to time) may have rights similar to those described above in Section 10.2, which may include:
The right to access, correct, delete, and obtain a portable copy of personal data;
The right to opt out of the sale of personal data, of targeted advertising, and of certain profiling for decisions with significant legal or similar effects;
The right to appeal a refusal to act on a rights request.
We do not sell personal data, do not engage in targeted advertising as defined under these laws, and do not use personal data for profiling in furtherance of decisions that produce significant legal or similar effects on consumers.
How to exercise your rights. Send a request to privacy@stablegenius.co with the name of your state in the subject line. We will verify your request as required by law and respond within the applicable statutory timeframe (typically 45 days). If we decline to act on your request, you may appeal by replying to the decision; we will respond to your appeal within the timeframe required by your state's law.
You may opt out of marketing emails at any time by clicking the unsubscribe link in a marketing email or by contacting privacy@stablegenius.co. Opting out of marketing does not affect transactional or service-related communications.
An authorized agent may submit a privacy request on your behalf. We will require: (a) written authorization from you; and (b) verification of the agent's identity and, in most cases, verification of your identity. We may deny requests from agents who do not provide adequate proof of authorization.
Because the Service uses public Blockchain Networks:
On-chain data is public. Transaction amounts, wallet addresses, transaction hashes, and timestamps associated with your use of the Service may be visible to anyone.
On-chain data is permanent. We cannot delete, redact, or modify data that is recorded on a public Blockchain Network. The right to deletion described in Section 10 does not apply to on-chain data.
On-chain data may allow re-identification. Wallet addresses, while pseudonymous, can, with additional information, be associated with real-world identities.
By using the Service, you understand and accept these characteristics of public Blockchain Networks.
The Service may contain links to third-party websites and may integrate with third-party services. We are not responsible for the content or privacy practices of those third parties. Their services are governed by their own privacy policies.
We may update this Privacy Policy from time to time. We will post the updated Privacy Policy with a new "Last Updated" date and, for material changes, will notify you by email or through the Service at least 30 days in advance where required by law. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the update.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: privacy@stablegenius.co
Security incidents: security@stablegenius.co
Mail: Alpha Collective, Inc. (dba Stable Genius), 1 Pine Street, Apt. 2209, San Francisco, CA, 94111
If you need this Privacy Policy in an alternative format for accessibility reasons, please contact privacy@stablegenius.co and we will work with you to provide reasonable accommodations.
End of Privacy Policy.
.png){kind=logo}
