Effective 2026-06-01.
Hash Bags is a non-custodial wallet. Your seed phrase and private keys live on your device and never touch us. We don't run servers that store user data. We don't operate analytics, crash reporting, or telemetry of any kind. We don't have accounts, emails, passwords, or logins.
Where data does leave your device, it goes to (a) the blockchain nodes you query to read balances and broadcast transactions, and (b) third-party services you explicitly opt in to — Trocador for swaps, MoonPay for fiat buys (when enabled). Those providers have their own privacy policies, linked below.
Nothing. Hash Bags has no backend. There are no accounts to sign up for, no servers we run that your wallet contacts for tracking purposes, and no analytics SDK embedded in the app. Specifically, we do not integrate Sentry, Firebase Analytics, Crashlytics, Amplitude, Mixpanel, Google Analytics, or any equivalent.
These are stored in your device's secure storage (Keychain on iOS / macOS, Keystore on Android, encrypted file storage on Windows / Linux) plus the app's local data directory. They are not transmitted anywhere by Hash Bags. Uninstalling the app deletes them; your seed phrase still works to restore the wallet on another device.
To show your balance, fetch transactions, and broadcast new transactions, the app connects to one or more nodes per chain. The operator of whichever node you're using can see your IP address and the queries you make (which may include the addresses you control).
The default node lists ship in the app at first launch. For Monero
the default is a public privacy-leaning community node
(node.sethforprivacy.com). For Wownero, community nodes
from the Wownero project. For Bitcoin, Litecoin, etc., a mix of
well-known public Electrum / RPC providers including Blockstream,
Stack Wallet, and others. You can switch to a node you trust — or
run your own — from Settings → Connection & Sync at any time.
For maximum privacy we recommend running your own node.
The app fetches current crypto-to-fiat exchange rates from
prices.neroswap.com (a Cloudflare Worker operated by
Such Software that aggregates Kraken and other public sources). The
worker sees your IP and the list of currencies you're displaying.
It does not see your addresses or balances.
When you initiate an in-app swap between two coins, Hash Bags sends the order details (input currency, output currency, amount, your destination address) to Trocador's API. Trocador may store this order data and is subject to its own privacy policy at trocador.app/en/privacypolicy/. Trocador typically does not require KYC for swaps below their configured limits but can ask for verification in larger-volume or regulator-flagged cases.
(Disabled in v1.0. This section applies once the MoonPay integration is enabled in a later release.) When you initiate a buy or sell of crypto for fiat via MoonPay, Hash Bags sends order details (currencies, amount, your destination address) to MoonPay's API. MoonPay performs KYC / AML verification independently of Hash Bags: they collect your name, date of birth, address, government-issued ID, and may require a live selfie. That data is held by MoonPay, not by us — Hash Bags only sees the resulting order ID and on-chain transaction hash. MoonPay's policy: moonpay.com/legal/privacy_policy.
If you connect to a custom non-default node, configure a hardware wallet, or paste a third-party WalletConnect / dApp link, those endpoints see whatever your interactions with them entail. Hash Bags neither manages nor monitors those connections.
Hash Bags is not directed to people under 18. We don't knowingly collect data from minors; there is no account creation in which such data could be collected. If you believe a minor has used the app and you want to delete any associated state, uninstalling the app on the relevant device removes all local data.
Because we don't store data about you on our servers, there is nothing for us to delete or export on request — every byte of identifying state is on your own device, under your control.
For data held by third parties you've used through the app (Trocador, MoonPay, node operators), contact those providers directly using the privacy contact in their respective policies. EU residents (GDPR Articles 15–22) and California residents (CCPA / CPRA) have rights against those providers — exercise them through the providers' own processes.
We'll post any update to this page with a new effective date. Material changes will be announced via @such_software and the app's release notes. Continued use of Hash Bags after a change indicates acceptance of the revised policy.
Privacy questions: support@such.software
Hash Bags is developed and maintained by Such Software LLC.