Denaro
  • Capabilities
  • How it works
  • Portfolio access
  • Docs
  • Sign in
  • Get access
Legal

Privacy Policy

LAST UPDATED · MAY 15, 2026

Denaro is a payments rail operated by DDG for use by approved DDG portfolio services. This policy describes the personal data we process in operating the rail, why we process it, and how it is protected. For most consumers, your primary privacy relationship is with the portfolio service you transacted with — Denaro acts as their payments processor.

1. What We Collect

To process payments and maintain a reliable ledger, we collect:

  • Transaction data — amounts, currencies, timestamps, descriptors, ledger entries, processor responses;
  • Payment instrument data — tokenized references to the underlying card or bank account, never the raw PAN;
  • Customer reference data — the opaque identifier the portfolio service uses to associate a transaction with its end user;
  • Operator data — names, emails, and access logs of portfolio-service operators who sign in to Denaro;
  • Technical data — IPs, user agents, and request metadata associated with API and dashboard usage.

2. Why We Process It

  • To execute, record, and reconcile payments on behalf of portfolio services;
  • To detect fraud, abuse, and reconciliation exceptions;
  • To meet our legal, compliance, and card-network obligations;
  • To produce audit records both we and the portfolio service depend on;
  • To operate, secure, and improve the Denaro rail.

3. Who We Share With

  • Payment processors and card networks, only as needed to settle a transaction;
  • The originating portfolio service, which receives the data it submitted plus the lifecycle and settlement state for that transaction;
  • Service providers that operate underlying infrastructure (hosting, observability, email delivery) under contractual data-protection obligations;
  • Regulators or law enforcement, where compelled by valid legal process or required by card-network rules.

We do not sell personal data. We do not use personal data for advertising.

4. How We Protect It

  • Transport is TLS-only; HSTS is enabled on all production hosts;
  • Raw card numbers are never stored on Denaro infrastructure — only processor-issued tokens;
  • Secrets are scoped per service and per environment, rotated on suspected exposure;
  • Production data is logically segregated by service and access-audited at the operator level;
  • The ledger is content-addressed and append-only, so tampering is detectable on read.

5. Retention

Transaction and ledger records are retained for the longer of (a) the period required by applicable financial-recordkeeping laws or (b) seven years, to support reconciliation, chargeback, and audit needs. Operator account data is retained while access is active and for a reasonable period thereafter for audit purposes.

6. Your Rights

If you are a consumer of a portfolio service and want to exercise rights over your personal data, please contact that service first — they are the controller of your relationship. We will cooperate with them to fulfill validated requests under applicable law.

7. Changes

We may update this policy from time to time. Material changes will be communicated to portfolio-service operators on file at least 14 days before they take effect.

8. Contact

Privacy questions can be sent to support@denaro.money.

Denaro
The payment and transaction layer for approved DDG portfolio services.
Capabilities How it works Docs Contact
© 2026 Denaro · A DDG company
Terms Privacy Status