Privacy Policy

Effective Date: May 10, 2026 Last Updated: May 10, 2026

1. Introduction

Flash Lightning Solutions Incorporated ("Flash," "we," "us," or "our"), a Delaware corporation, operates the website paywithflash.com and the Flash treasury management platform (the "Service"). This Privacy Policy explains how we collect, use, share, and protect your information when you use the Service.

By using Flash, you agree to the collection and use of your information in accordance with this Policy. If you do not agree, please do not use the Service.

This Privacy Policy is designed to comply with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR), the United Kingdom's Data Protection Act, the California Consumer Privacy Act and California Privacy Rights Act (CCPA / CPRA), and other relevant regulations.

2. Information We Collect

Information You Provide

When you create an account or use Flash, we collect:

Account information: name, email address, password (stored as a salted cryptographic hash; we never see your plaintext password)
Business information: company name, business address, tax identification number (e.g., EIN), business structure, beneficial ownership information for Know Your Business (KYB) and compliance purposes
Identity information: date of birth, government-issued identification documents (collected when required for KYB / KYC processes by us or our payment partners)
Wallet and account identifiers: Bitcoin wallet addresses (including extended public keys, or xpubs), Lightning addresses, exchange account credentials (read-only API keys), and other identifiers necessary to connect external accounts to your Flash account
Customer and recipient information: names, email addresses, billing addresses, and other contact information for parties you invoice or otherwise transact with through Flash
Communications: information you provide when you contact us for support, give feedback, or otherwise communicate with us

Information Collected Automatically

When you use Flash, we automatically collect:

Transaction data: Bitcoin and fiat transaction history synced from your connected wallets, exchanges, and payment processors
Usage data: pages visited, features used, time spent on the Service, clicks, and other interactions
Device information: IP address, browser type and version, operating system, device identifiers
Cookies and similar technologies: see Section 10

Information We Receive From Third Parties

Payment processors: transaction status and metadata from Maverick / Polaris Payments
Exchange and wallet data aggregators: balance and transaction data from Vezgo and similar providers
Identity verification providers: verification results and metadata during KYB / KYC processes
Integration partners: data necessary to provide functionality you have authorized (for example, when you connect your Flash account to QuickBooks Online, your accounting platform, or other authorized third parties)

3. Important Note on Funds

Flash is a non-custodial platform. We do not hold, store, custody, or have access to your Bitcoin, cryptocurrency, or fiat funds at any time, including during transactions, swaps, settlements, or any other movement of funds. Bitcoin transactions occur peer-to-peer between you and the counterparty. Fiat transactions are processed by third-party payment processors that you authorize. Cryptocurrency swap functionality, when offered, is provided through third-party swap services that execute transactions through their own infrastructure; Flash does not receive, hold, or transfer user funds at any point in such transactions. Flash is a technology platform that connects to your wallets, exchanges, and payment processors and does not act as a money transmitter, money services business, custodian, exchange, broker, or financial institution.

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, our legal basis for collecting and processing your information includes:

Performance of a contract: processing necessary to provide the Service you have requested
Legitimate interests: processing necessary for our legitimate interests, such as improving the Service, detecting fraud, and ensuring security, where those interests are not overridden by your rights and freedoms
Compliance with legal obligations: processing required by applicable law, such as financial regulations and KYB requirements
Consent: where you have given specific consent, such as for marketing communications

5. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Process and display your transactions and treasury data
Generate and send invoices on your behalf and track payment status
Communicate with you about your account, the Service, and updates
Provide customer support and respond to your inquiries
Detect, prevent, and address technical issues, fraud, abuse, and security threats
Comply with legal, regulatory, and contractual obligations
Improve and develop new features and services
Send marketing communications, only with your consent where required by law

We share your information only as described in this Section.

Service Providers and Partners

We share data with third parties that provide services on our behalf or in connection with the Service:

Maverick / Polaris Payments: for fiat payment processing
Vezgo: for exchange and wallet data aggregation
Boltz and other swap service providers: for atomic swap functionality, when you initiate or accept such transactions
Cloud hosting and infrastructure providers: for hosting, storage, and operation of the Service
Email and communications providers: for transactional and support communications
Analytics providers: for understanding service usage and improving the Service
Customer support tools: for handling inquiries
Identity verification providers: for KYB / KYC processes
Accounting and integration partners: including Intuit / QuickBooks Online, when you authorize the integration

These service providers have access only to the information necessary to perform their services and are contractually required to protect your information.

Other Users You Authorize

If you grant access to other users (team members, accountants, advisors), they will see information you authorize them to view, such as transaction history, balances, and reports. You are responsible for granting and revoking access appropriately.

Legal and Compliance

We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Flash, our users, or others, or to enforce our terms.

Business Transfers

If Flash is involved in a merger, acquisition, financing, sale of assets, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any change to this Privacy Policy that results.

We may share information with other third parties when you have given us your explicit consent.

We do not sell your personal information.

7. International Data Transfers

Flash is incorporated in the United States, and our team operates from the European Union and other jurisdictions. By using the Service, you understand and consent that your information may be transferred to, stored in, and processed in countries other than your own, including countries that may have different data protection laws than your country of residence.

For users in the EEA, United Kingdom, or Switzerland, where personal data is transferred outside those regions, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses or other lawful transfer mechanisms.

8. Data Retention

We retain your information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we will securely delete or anonymize it.

You may request deletion of your account at any time by contacting us at the address in Section 14. Some information may be retained after account closure where necessary for legal, accounting, regulatory, or security purposes.

9. Your Rights

Depending on your location, you have the following rights regarding your personal information.

Right of access: to obtain a copy of your personal information
Right to rectification: to correct inaccurate or incomplete information
Right to erasure: to request deletion of your information ("right to be forgotten")
Right to restriction: to restrict processing in certain circumstances
Right to data portability: to receive your information in a structured, machine-readable format
Right to object: to object to processing in certain circumstances, including for direct marketing
Right to withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal

Rights for California Residents (CCPA / CPRA)

Right to know: what personal information we collect, use, disclose, and (if applicable) sell or share
Right to delete: to request deletion of your personal information
Right to opt out: of the sale or sharing of personal information (note: we do not sell personal information)
Right to correct: inaccurate personal information
Right to limit: the use of sensitive personal information
Right to non-discrimination: for exercising any of these rights

How to Exercise Your Rights

To exercise any of these rights, contact us at the email address in Section 14. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

If you have unresolved concerns, you have the right to lodge a complaint with your local data protection authority.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate the Service, remember your preferences, analyze usage, and improve the Service. Categories include:

Essential cookies: required for the Service to function
Functional cookies: to remember your preferences
Analytics cookies: to understand how the Service is used

You can control cookies through your browser settings. Disabling some cookies may affect the functionality of the Service.

11. Security

We implement industry-standard security measures to protect your information, including encryption in transit and at rest, access controls, and ongoing security reviews. Passwords are stored as salted cryptographic hashes; we never see, store, or transmit your plaintext password.

However, no method of transmission or storage over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for keeping your account credentials secure and for notifying us immediately if you suspect unauthorized access.

In the event of a personal data breach affecting your information, we will notify you and the relevant supervisory authorities as required by applicable law and within the timeframes required by such law.

12. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, please contact us so we can delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last Updated" date and notify you through the Service or by email where appropriate. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Flash Lightning Solutions Incorporated Email: [email protected] Website: paywithflash.com

For users in the EEA, our representative for GDPR matters can be reached at the same email address.