FAST PRIVACY POLICY
Effective Date: February 16, 2026 Last Updated: February 2026
1. Introduction
This Privacy Policy describes how Pi Squared Inc. ("Company," "we," "us") collects, uses, and discloses personal information in connection with Fast, a decentralized payment and settlement network.
Fast does not hold, control, or access user funds, private keys, or seed phrases. Transaction data settled through Fast may be recorded on underlying public ledgers and may be inherently public.
2. Data Controller
| Entity | Pi Squared Inc., Delaware Corporation |
| Address | 301 N Neil St #503, Champaign, IL 61820, USA |
| Contact | contact@fast.xyz |
3. Information We Collect
On-Chain Data (Public). Wallet addresses, transaction hashes, amounts, timestamps, and smart contract interactions. This data is public and immutable by nature of the underlying public ledgers.
Technical Data. IP addresses, device type, browser type, connection data, and session timestamps. IP addresses are processed through geolocation services (e.g., MaxMind GeoIP2) to derive approximate geographic location. This data is used for three distinct purposes: (a) OFAC sanctions screening — determining whether a connection originates from a comprehensively sanctioned jurisdiction; (b) geoblocking enforcement — restricting access from jurisdictions where Fast services are unavailable; and (c) network security — detecting anomalous access patterns, VPN/proxy usage, and potential abuse. IP-derived geolocation data may be shared with compliance vendors (e.g., Chainalysis, TRM Labs) for sanctions screening and with infrastructure providers (e.g., Cloudflare) for access control.
Communication Data. Name, email, and message content if you contact our support team.
Analytics Data. Aggregated usage patterns, feature engagement, error logs, and performance data.
We do NOT collect: private keys, seed phrases, bank account details, government-issued IDs, or biometric data.
4. Legal Bases for Processing (GDPR Article 6)
Legitimate Interest (Art. 6(1)(f)): Network security, fraud prevention, service optimization.
Legal Obligation (Art. 6(1)(c)): OFAC sanctions screening, geoblocking, AML compliance, law enforcement requests.
Contract Performance (Art. 6(1)(b)): Operating Fast and providing support.
Consent (Art. 6(1)(a)): Marketing communications and non-essential analytics (where you opt in).
5. How We Use Information
- Operating and maintaining Fast
- Sanctions screening (OFAC SDN List and international lists)
- Geoblocking enforcement
- Network security and fraud prevention
- Service improvement and bug fixes
- Responding to support inquiries and service notifications
- Complying with legal obligations
6. Data Sharing
Service Providers. Infrastructure, analytics, and compliance providers, bound by data processing agreements.
Legal Requirements. Court orders, subpoenas, government requests, and protection of rights and safety.
Business Transfers. In connection with a merger or acquisition, with notice to affected users.
We do not sell personal information. On-chain data is inherently public.
7. GDPR Rights (EU/EEA Users)
You have the right to access, rectify, erase, restrict processing, port your data, and object to processing. You may withdraw consent at any time.
On-chain limitation: On-chain data cannot be modified or deleted due to ledger immutability. Off-chain data subject to legal retention requirements may also be excluded from erasure.
To exercise rights: contact@fast.xyz. We verify your identity by matching request details against information already in our records. We respond within 30 days. You may lodge a complaint with your local data protection authority (https://www.edpb.europa.eu/).
8. CCPA Rights (California Residents)
You have the right to know what personal information we collect, request deletion, opt out of sale (we do not sell personal information), and request correction. We will not discriminate against you for exercising these rights.
Categories collected in last 12 months:
| Category | Collected | Purpose |
|---|---|---|
| Identifiers (IP, device ID) | Yes | Security, geoblocking |
| Commercial info (transactions) | Yes | Service, compliance |
| Internet activity | Yes | Analytics |
| Geolocation (from IP) | Yes | Sanctions compliance |
| Communications | If provided | Support |
To submit a request: contact@fast.xyz. We verify your identity by matching request details against information already in our records before processing your request. We respond within 45 days.
9. International Transfers
Data is stored in the United States. For EEA transfers, we rely on Standard Contractual Clauses (SCCs). We implement encryption, access controls, and security audits as safeguards.
10. Data Retention
On-chain data: Permanent (ledger immutability). Sanctions screening records (IP addresses, geolocation results, and screening outcomes linked to OFAC compliance): 10 years, consistent with OFAC recordkeeping requirements (31 CFR § 501.601). General technical logs (device type, browser, session data not linked to sanctions screening): 12 months. Server logs: 90 days. Support communications: Duration of relationship plus 3 years. Aggregated analytics: Retained indefinitely (non-identifying).
Upon request, we delete off-chain personal information where not prohibited by law. Sanctions screening records are exempt from deletion requests due to legal retention obligations.
11. Security
We implement encryption in transit (TLS) and at rest, role-based access controls, network security monitoring, and secure development practices. All personnel sign confidentiality agreements. In the event of a data breach, we notify affected users within 72 hours and relevant authorities as required.
No system is completely secure. Users interact with Fast at their own risk.
12. Cookies
Fast uses essential cookies for functionality and security. We do not use third-party advertising cookies. You can manage cookies through your browser settings. We honor Do Not Track signals.
13. Children
Fast is not intended for users under 18. We do not knowingly collect information from minors. If we discover such collection, we promptly delete it.
14. Changes
We may update this Privacy Policy periodically. Material changes will be posted with an updated date and, where feasible, communicated via email or website notice. Continued use constitutes acceptance.
15. Contact
Pi Squared Inc. 301 N Neil St #503, Champaign, IL 61820 Email: contact@fast.xyz
GDPR requests: 30 days response time. CCPA requests: 45 days response time.
Escalation: EU/EEA: Your local supervisory authority (https://www.edpb.europa.eu/) California: California Privacy Protection Agency (https://cppa.ca.gov/)
END OF PRIVACY POLICY