Legal

Privacy Policy

Last updated · April 28, 2026 Applies to all zScrow users
The short version We collect what we need to run a regulated escrow service and nothing else. We don’t sell your personal data. KYC information is required by law and is shared only with our banking, payment, and verification partners.

Overview

This Privacy Policy explains how zScrow, Inc. (“zScrow”, “we”, “us”) collects, uses, shares, and protects information about you when you use our website, dashboard, and APIs (the “Service”).

If you have questions or want to exercise any of the rights described below, you can reach us at [email protected] or via the contact page.

Information we collect

Information you give us

  • Account data: name, email, password (hashed), company information.
  • Identity / KYC data: government-issued ID, date of birth, address, beneficial-ownership documents, and any data required by anti-money-laundering law.
  • Deal data: deal title, amount, currency, asset description, counterparty contact, signed terms, and message history attached to a deal.
  • Payment data: bank-account or card details, wallet addresses, and payment metadata required to fund or release a deal.
  • Support content: the messages, attachments, and screenshots you send us when contacting support or opening a dispute.

Information we collect automatically

  • Usage data: pages viewed, actions taken in the dashboard, timestamps, and similar product analytics.
  • Device data: IP address, browser, operating system, language, and device identifiers.
  • Cookies and similar technologies: see section 5.

Information from third parties

We receive identity-verification results from KYC providers, fraud and sanctions signals from compliance partners, and payment confirmations from our banking and stablecoin partners.

How we use information

We use personal information to:

  • Operate the escrow Service and process deal lifecycles end-to-end;
  • Verify your identity and meet our anti-money-laundering, sanctions, and tax-reporting obligations;
  • Communicate with you about your account, deals, and disputes;
  • Detect, investigate, and prevent fraud, abuse, and security incidents;
  • Improve the Service, including measuring how features are used and debugging issues;
  • Comply with legal obligations and lawful requests from regulators and authorities.

We rely on a mix of legal bases: performance of our contract with you, our legitimate interests in running and securing the Service, your consent (for marketing where required), and compliance with legal obligations.

Sharing & disclosure

We share personal information only as needed and only with these categories of recipients:

  • Counterparties: the other party to a deal sees the agreed terms, your display name, deal-related messages, and confirmation that you have completed identity verification.
  • Service providers: banking and payment partners, KYC and fraud-prevention providers, cloud hosting, customer-support tooling, and analytics vendors that act on our instructions.
  • Regulators and authorities: when required by law, court order, or to protect rights, property, and safety.
  • Successors: in the event of a merger, acquisition, or sale of assets, subject to the same protections described here.

We do not sell personal information, and we do not use KYC documents for marketing or profiling.

Cookies & tracking

We use a small number of cookies and similar technologies for: keeping you signed in, remembering preferences, measuring product usage, and detecting fraudulent sessions. Where required, we ask for your consent before setting non-essential cookies and let you change that choice at any time from the cookie banner or your account settings.

You can also block or delete cookies in your browser. Some essential cookies are required for the Service to function — disabling them may prevent you from signing in or completing a deal.

International transfers

zScrow operates in multiple countries and uses cloud infrastructure that may store and process your data outside your home jurisdiction, including in the United States and the European Economic Area. When we transfer personal data internationally we rely on appropriate safeguards, including standard contractual clauses, adequacy decisions, or your explicit consent where required.

Data retention

We keep personal data only for as long as necessary to provide the Service and meet our legal obligations. In practice that means:

  • Account & deal records: retained while your account is active and for up to seven years after closure, to satisfy financial-recordkeeping rules.
  • KYC documents: retained for the minimum period required by anti-money-laundering law in the relevant jurisdiction (typically five to seven years after the last transaction).
  • Support content: retained for up to three years.
  • Marketing preferences: retained until you opt out.

When data is no longer needed, we delete or irreversibly anonymise it.

Security

We protect personal data with industry-standard administrative, technical, and physical safeguards, including encryption in transit and at rest, role-based access controls, audit logging, and continuous monitoring. We test our controls regularly and align our program with SOC 2 and similar frameworks. No system is perfectly secure, however, and we encourage you to use a strong, unique password and enable two-factor authentication on your account.

Your rights

Depending on where you live you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete personal data we no longer need to keep by law;
  • Object to or restrict certain processing;
  • Receive a copy of your data in a portable format;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with your local data-protection authority.

You can exercise these rights at [email protected]. We will verify your identity before responding and will reply within the timeframe required by applicable law.

Children’s privacy

zScrow is not directed at children under 18 and we do not knowingly collect personal information from anyone under that age. If you believe a minor has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

Contact

Privacy questions, data-rights requests, and any concerns about how we handle personal data can be sent to [email protected], or via the contact page. For matters related to a specific deal please use the in-product dispute or support flow so the relevant context is attached automatically.