Privacy Policy

Last updated: October 31, 2025

Overview

This Privacy Policy explains how CofyCash (“we”, “us”, “our”) collects, uses, discloses, and retains information about you when you use our website, mobile experiences, and related services (collectively, the “Services”). By using the Services, you agree to this Policy and to our Terms of Service.

This Policy describes the categories of data we handle (for example, account, device, usage, and payout information), why we process it (such as account security, fraud prevention, and reward fulfillment), how long we keep it, who we share it with, and your choices and rights. Region-specific rights for GDPR/UK GDPR and CCPA/CPRA are provided below.

Information We Collect

  • Account & Contact: name, email address, country/region, and account identifiers.
  • Authentication: login status (e.g., cookies/session tokens), verification codes, and related timestamps.
  • Profile & Activity: tasks viewed/completed, reward balances, payout preferences, in-app actions, support history.
  • Device & Usage: IP address (for security/region features), device and browser type/version, OS, language, time zone, pages/screens viewed, referrers, and interaction logs (e.g., clicks, errors, load times).
  • Approximate Location: derived from IP address for fraud prevention, localization, and compliance.
  • Transaction & Payout: payout method identifiers (e.g., email or wallet handle), amounts, currency, status, and timestamps. We do not collect your full bank/credit card numbers if they are processed by third-party providers.
  • Cookies & Similar: identifiers and settings used for authentication, security, performance, and analytics.
  • Anti-Abuse Signals: rate-limit counters, device/connection reputation, and logs used to detect spam, bots, multi-accounting, and other policy violations.
  • Information from Partners: where permitted, limited confirmation that a task, survey, or payout was completed, and basic fraud/safety signals to protect the platform.

We collect information directly from you, automatically via your device/browser, and from service providers that support hosting, analytics, email delivery, security, and payouts.

How We Use Information

  • Provide & operate the Services, including account creation, login, and task/reward features.
  • Secure the platform, authenticate users, prevent fraud/abuse, and enforce our Terms of Service.
  • Process rewards & payouts, maintain financial records (e.g., for accounting/tax purposes), and resolve disputes.
  • Customer support and service communications about your account and activity.
  • Improve performance and usability through analytics, debugging, and feature development.
  • Personalize certain content or settings (e.g., dark mode, language, region).
  • Compliance with legal obligations and requests from regulators or law enforcement, where required.

We do not sell your personal information. We may use aggregated or de-identified data for statistics, research, and service improvement.

Cookies & Tracking

We use the following categories of cookies/technologies:

  • Strictly necessary — login/session, security, anti-abuse; required for core functionality.
  • Performance & analytics — to understand usage and improve reliability and speed.
  • Preferences — to remember choices like theme or language.

You can manage cookies in your browser settings. Disabling essential cookies may break key features. We currently do not respond to “Do Not Track” signals. Where required by law, we will honor applicable browser-level privacy controls in the regions that mandate them.

How We Share Information

We may share information with:

  • Service providers (processors) — hosting, storage, analytics, email delivery, security, and payout partners. They act under contract and process data on our instructions.
  • Compliance & safety — regulators, law enforcement, and third parties when required by law or to protect our rights, users, or the public.
  • Business transfers — in case of a merger, acquisition, or similar event, subject to this Policy.

We do not sell your personal information or permit third parties to use it for their own marketing without your consent.

Payouts & Payment Partners

To send rewards, we share only the information necessary with payout partners (e.g., wallet handle, payout email, amount, currency). Sensitive financial information (such as full card or bank details) is handled by those partners where applicable and is not stored by us.

Anti-Abuse, Safety & Automated Decisions

We use automated signals (e.g., IP reputation, device characteristics, rate limits, unusual activity patterns) to detect and prevent spam, botting, multi-accounting, and fraud. These systems help protect the platform and our community.

If you believe an automated decision affected you unfairly (for example, a mistaken block), please reach us via the Contact Us page. We will review and, where appropriate, re-evaluate your case.

Data Retention

We keep information only as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and legal requirements (for example, certain financial records must be kept for statutory accounting/tax periods).

When you request deletion of your account, we begin removing or de-identifying associated personal data. Because of operational needs, logs, and backups, completing deletion can take several weeks to months. We may retain limited information where necessary to:

  • Meet legal, tax, accounting, and regulatory obligations;
  • Resolve disputes or enforce our Terms of Service; and
  • Prevent fraud and platform abuse (for example, keeping minimal anti-abuse signals such as hashed identifiers, device/IP reputation, and fraud logs).

Backup copies are purged on a scheduled rotation and are not routinely accessed except for disaster recovery or security reasons.

Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information (for example, encryption in transit, access controls, monitoring, and data minimization). No system is completely secure; you are responsible for safeguarding your credentials and promptly reporting suspected compromise.

Your Rights & Choices

Depending on your location, you may have rights to:

  • Access, correct, or delete certain personal information;
  • Object to or restrict certain processing, or request portability;
  • Withdraw consent where processing is based on consent; and
  • Lodge a complaint with a supervisory authority (e.g., in the EEA/UK).

To exercise rights or request data deletion, contact us via the Contact Us page. Deletion requests may take several weeks to months to complete due to system logs and backups. Even after deletion, we may retain limited information as described in Data Retention to comply with law and prevent system abuse.

You can manage cookies in your browser settings. Disabling essential cookies may affect functionality.

GDPR / UK GDPR Information

For users in the European Economic Area and the United Kingdom, CofyCash acts as the data controller for processing activities described in this Policy. Our purposes and legal bases are outlined in Legal Bases.

You have the right to:

  • Access your personal data and obtain a copy;
  • Rectify inaccurate or incomplete data;
  • Erase your data (the “right to be forgotten”) where applicable;
  • Restrict or object to certain processing, including profiling based on legitimate interests;
  • Portability — receive your data in a structured, commonly used, machine-readable format;
  • Withdraw consent at any time where processing is based on consent; and
  • Complain to your local supervisory authority if you believe we have infringed your rights.

To exercise these rights, please contact us through the Contact Us page. We will verify your request and respond within applicable timeframes. Where we rely on legitimate interests, you may object, and we will assess your request against our compelling legitimate grounds or legal obligations.

California Privacy (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the CPRA provides the rights and notices below. This section describes our practices for the past 12 months and going forward.

Categories of Personal Information Collected (examples):

  • Identifiers (e.g., name, email, account IDs, IP address);
  • Internet / electronic activity (usage logs, device/browser data, interactions);
  • Geolocation (approximate) from IP for fraud prevention/localization;
  • Inferences / anti-abuse signals (e.g., device/IP reputation);
  • Financial/payout info limited to what is needed to send rewards (e.g., payout email/handle, amount, currency).

Sources: directly from you; automatically from your device/browser; and from service providers (hosting, analytics, email, payout, security).

Business or Commercial Purposes: providing and securing the Services; processing rewards/payouts; analytics and improvement; customer support; compliance with law.

Disclosures for a Business Purpose: to service providers (processors) such as hosting, analytics, email delivery, security, and payout partners; to regulators/law enforcement where required; and in connection with business transfers.

Sale/Share of Personal Information: We do not sell personal information and we do not share personal information for cross-context behavioral advertising. If this changes, we will update this Policy and provide a method to opt-out.

Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted by California law (e.g., to provide the Services, ensure security/integrity, prevent fraud, comply with law).

Your CCPA/CPRA Rights:

  • Right to know/access the categories and specific pieces of personal information we collected;
  • Right to delete personal information, subject to legal exceptions;
  • Right to correct inaccurate personal information;
  • Right to opt-out of sale or share (not applicable because we do not sell/share as defined);
  • Right to limit the use/disclosure of sensitive personal information (not applicable beyond permitted uses stated above);
  • Right to non-discrimination for exercising your rights.

To make a request, contact us via the Contact Us page. We will verify your identity (e.g., by confirming control of your account/email). You may also use an authorized agent; we may require proof of authorization and verification of your identity. If we deny a request, we will explain our reasons as permitted by law.

Notice at Collection: The categories, purposes, retention, and sharing practices are described in this Policy, including Information We Collect, How We Use Information, How We Share Information, and Data Retention.

Children’s Privacy

Our Services are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please notify us via the Contact Us page so we can take appropriate action.

International Transfers

Your information may be processed in countries that may have data-protection laws different from those in your jurisdiction. Where required, we use appropriate safeguards (for example, contractual commitments) for such transfers.

Third-Party Links & External Services

The Services may link to third-party websites or apps. Those services are governed by their own privacy policies. We are not responsible for their practices. Review their policies before providing personal information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date above, and where appropriate, provide additional notice. Continued use of the Services after changes means you accept the updated Policy.