Privacy Policy

Last updated: January 2026

1. Introduction

2EARN CASH ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, website, and mobile applications.

As a regulated fintech company, we comply with applicable data protection laws, including GDPR (for European users), SAMA regulations (supervision in progress for Saudi Arabian users), and other local data protection requirements.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Identity Information: Name, date of birth, national ID/passport number, photographs
  • Contact Information: Email address, phone number, postal address
  • Financial Information: Bank account details, payment card information, transaction history
  • KYC/AML Data: Identity verification documents, proof of address, source of funds information
  • Account Information: Username, password, security questions, authentication credentials
  • Usage Data: Transaction patterns, platform interactions, preferences, device information
  • Location Data: IP address, geolocation data (with your consent)

2.2 Automatically Collected Information

We automatically collect technical information including IP address, browser type, device identifiers, operating system, and usage statistics through cookies and similar technologies.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: To provide, maintain, and improve our fintech services
  • Identity Verification: To comply with KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements
  • Transaction Processing: To process payments, cashback, and financial transactions
  • Security: To detect, prevent, and address fraud, security breaches, and illegal activities
  • Compliance: To comply with legal obligations, regulatory requirements, and court orders
  • Communication: To send service updates, notifications, and respond to your inquiries
  • Personalization: To customize your experience and provide relevant offers and recommendations
  • Analytics: To analyze usage patterns and improve our services

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: To fulfill our contractual obligations
  • Legal Obligation: To comply with financial regulations and AML/KYC requirements
  • Legitimate Interests: For fraud prevention, security, and service improvement
  • Consent: For marketing communications and optional features (you can withdraw consent at any time)

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Payment processors, cloud hosting, analytics providers, customer support
  • Regulatory Authorities: SAMA (supervision in progress), financial regulators, law enforcement when required by law
  • Business Partners: Merchants, partners in our ecosystem (with your consent or as necessary for service delivery)
  • Legal Requirements: When required by court order, subpoena, or applicable law
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (with notice to users)

We do not sell your personal information to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information:

  • ISO 27001 Certification: Information Security Management System
  • PCI-DSS Compliance: Secure payment card data handling
  • Encryption: End-to-end encryption for sensitive data in transit and at rest
  • Access Controls: Role-based access controls and authentication mechanisms
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Procedures for detecting and responding to security breaches

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal and regulatory obligations (e.g., AML/KYC records typically retained for 5-7 years)
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

8. Your Rights (GDPR & Data Protection)

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing based on consent
  • Complain: Lodge a complaint with your local data protection authority

To exercise these rights, please contact us at contact@2earn.cash. We will respond within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. You can control cookies through your browser settings.

Types of cookies we use:

  • Essential Cookies: Required for basic functionality and security
  • Analytics Cookies: Help us understand how users interact with our services
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

10. International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction, including Saudi Arabia, where our headquarters are located.

For EEA users, we ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions where applicable.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our platform. The "Last updated" date at the top indicates when this policy was last revised.

13. Contact Us

For privacy-related questions, requests, or concerns, please contact our Data Protection Officer:

Email: contact@2earn.cash
Subject Line: "Privacy Policy Inquiry"

Address:
2EARN CASH
King Abdulaziz University
Jeddah, Saudi Arabia

Legal Notice | Terms of Service | Home