Legal

Privacy Policy

Effective: February 20, 2026

ALIAS is a no-KYC virtual card platform built on Solana. This policy explains what data we collect, how we use it, and the technical privacy guarantees our protocol provides. We are committed to collecting the minimum information necessary to operate the service.

1. Information We Collect

To operate the platform, ALIAS collects only what is necessary:

  • Wallet address (public key) for authentication and transaction tracking
  • Transaction amounts and timestamps for card provisioning
  • Session data (JWT tokens) for maintaining authenticated sessions
  • On-chain commitment hashes for privacy pool operations

2. Information We Do Not Collect

ALIAS is a no-KYC platform. We do not collect, store, or process any of the following:

  • Names, email addresses, phone numbers, or physical addresses
  • Government-issued identification documents
  • Social security numbers or tax identification numbers
  • Biometric data of any kind

3. How We Use Your Information

The data we collect is used exclusively for operating the platform:

  • Processing virtual card issuance and funding
  • Verifying wallet ownership via cryptographic signature verification
  • Managing privacy pool deposits and withdrawals
  • Preventing fraudulent or duplicate transactions via nullifier tracking

4. Zero-Knowledge Privacy

ALIAS's privacy pool is engineered so that even the platform itself cannot link a deposit to a withdrawal. The following technical guarantees apply:

  • Privacy pool deposits use Poseidon hash commitments: commitment = Poseidon(secret, nullifier, amount)
  • Withdrawals require SHA-256 binding proofs without revealing the original secret
  • The relayer service processes withdrawals without knowledge of the deposit-withdrawal linkage
  • Multi-hop routing via Jupiter DEX swaps breaks on-chain transaction trails between deposit and withdrawal
  • Split deposits randomize amounts across 2–4 parts for additional on-chain obfuscation

5. Data Retention

  • Active sessions expire automatically after their JWT lifetime
  • Transaction records are retained for operational and dispute-resolution purposes
  • On-chain data (commitment hashes, nullifiers) is permanent and immutable on the Solana blockchain
  • Server logs are retained for 30 days for debugging purposes and then deleted

6. Third-Party Services

ALIAS integrates with the following third-party services to deliver core functionality. Each service governs data it independently processes under its own privacy policy.

Reloadly

Virtual card issuance and management

Helius

Solana RPC infrastructure

Jupiter

Decentralized exchange for privacy routing

Light Protocol

Compressed token operations for the privacy pool

7. Cookies

  • We use HTTP-only JWT session cookies solely for authentication
  • We do not use tracking cookies, advertising cookies, or third-party analytics
  • No cookies are shared with external parties

8. Changes to This Policy

  • We may update this policy from time to time as the platform evolves
  • Changes will be posted on this page with an updated effective date
  • Continued use of ALIAS after changes constitutes acceptance of the revised policy

9. Contact

For privacy-related inquiries, please reach out to us at:

privacy@alias.cards