Legal
Privacy Policy
Effective 16 July 2026
This Privacy Policy explains how Hashira Works Pvt Ltd (“Hashira”, “we”, “us”, or “our”) collects, uses, discloses, and protects data when you visit or use please.xyz and its related services (collectively, the “Services”).
At a glance: the current website is a product demonstration. It does not yet create user accounts, connect a wallet, submit transactions, or store AI conversations. We store a theme choice in your browser, receive information you send us directly, and use infrastructure that processes ordinary request, security, and performance data. We will update this Policy and provide notice before production account, wallet, portfolio, or AI processing goes live.
01 Who we are and scope
Hashira operates the Services and is responsible for the personal data described in this Policy. This Policy applies to data processed through our website, product interfaces, support communications, and other services that link to it.
It does not govern independent blockchains, protocols, wallet infrastructure, identity providers, websites, or services operated by others. Those parties have their own privacy practices.
02 The product today
As of the effective date, the publicly available product is a demonstration. The prompts, portfolio figures, transaction plans, review screens, and other information shown in the demonstration are illustrative. The demonstration does not maintain an account database, create or connect a wallet, broadcast a blockchain transaction, or send prompts to an AI model.
Because the Services will evolve, a feature may display a separate notice when it begins collecting additional data. That notice and the version of this Policy in effect at the time will govern that processing.
03 Data we collect
We currently collect or process the following limited categories of data:
- Technical and request data. Our hosting and security provider may process IP address, traffic routing data, browser and device information, system configuration, requested pages, timestamps, approximate location derived from IP, and diagnostic or security events when your browser requests the Services.
- Performance data. We use cookie-free performance analytics to understand page views, browser and device categories, referring pages, country, and page-load performance in aggregate.
- Theme preference. If you choose system, light, or dark appearance, that selection is stored locally in your browser under the key “please-theme”. It is used to remember your choice and is not sent to our application database.
- Font request data. Our font delivery provider receives the IP address needed to return a font file, the requested URL, and standard HTTP headers such as browser, operating system, and referring page information.
- Communications. If you contact us, we receive the information you choose to provide, such as your email address, message, feedback, and related correspondence.
Please do not send us a seed phrase, private key, password, or unnecessary sensitive personal data. We will never ask you to provide a seed phrase or private key.
04 Before production features launch
Our planned Services may allow you to sign in without connecting an external wallet, view a portfolio, ask questions, and prepare DeFi actions. Before those production features process personal data, we will update this Policy and explain the relevant providers and data practices. Depending on the feature you choose, that data may include:
- account and authentication identifiers, such as an email address, passkey-related identifier, or social sign-in profile data;
- wallet addresses and public blockchain activity;
- portfolio information derived from public chains or data providers;
- prompts, conversations, feedback, and associated product interactions;
- transaction intent, routes, quotes, simulations, approvals, and status information; and
- fraud, sanctions, or compliance signals where required to operate lawfully and protect the Services.
The product is designed so that every transaction requires your manual approval. AI output, a suggested plan, or a simulation will not itself authorise a transaction. Hashira will not need your seed phrase or private key to provide the Services.
05 How we use data
We use data only as reasonably necessary to:
- provide, maintain, personalise, and improve the Services;
- remember settings and provide requested features;
- respond to questions, support requests, and feedback;
- measure reliability and diagnose technical problems;
- protect users, investigate abuse, and prevent fraud or security incidents;
- enforce our Terms of Use and protect our rights; and
- comply with applicable law, regulation, legal process, and lawful requests.
We do not sell or rent personal data. We do not currently use personal data for targeted advertising.
06 Legal bases
Where applicable law requires a legal basis, we process personal data with your consent, to perform a contract with you, to comply with a legal obligation, or for legitimate interests such as operating, securing, and improving the Services. We do not rely on a legitimate interest where your rights and interests override it.
We collect, use, and disclose personal data for purposes that we identify and that a reasonable person would consider appropriate in the circumstances. You may withdraw consent where processing relies on consent, subject to legal and operational limits.
07 How we disclose data
We may disclose data to:
- Cloudflare, which provides website hosting, delivery, security, observability, and privacy-focused web performance analytics;
- Google Fonts, which delivers the website font and processes the technical request data described above without setting Google Fonts cookies;
- professional advisers and service providers that help us operate, secure, support, or improve the Services, subject to appropriate confidentiality and data protection obligations;
- courts, regulators, law enforcement, or other parties when disclosure is required by law or reasonably necessary to protect rights, safety, and security; and
- a buyer, successor, or other relevant party in connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar transaction, subject to applicable law.
When production authentication, wallet, AI, blockchain data, or transaction services are introduced, we will identify the relevant categories of providers and update this Policy before that processing begins.
08 Cookies and local storage
We do not currently use advertising cookies. The Services use browser local storage to remember your theme preference. Cloudflare Web Analytics measures performance without cookies, local storage, or cross-site tracking. Google Fonts does not set or log cookies through its font API.
You can change the theme within the website or clear local storage using your browser settings. Blocking local storage may prevent the Services from remembering your preference. We will update this section if we introduce additional cookies or similar technologies.
09 Public blockchains
Public blockchains are transparent, distributed records operated independently from Hashira. Wallet addresses, transaction details, token balances, smart-contract interactions, and related data recorded on a blockchain may be publicly available and permanently retained by the network.
Hashira cannot edit, delete, or control information recorded on a public blockchain. A privacy request made to us cannot require independent network participants to alter a blockchain. We will explain this limitation when responding to a relevant request.
10 Data retention
We retain personal data only for as long as reasonably necessary for the purpose for which it was collected, including to provide the Services, maintain security, comply with law, resolve disputes, and enforce agreements. We then delete, anonymise, or securely dispose of it where reasonably practicable.
Your theme preference remains in your browser until you change it or clear local storage. Support correspondence is retained as needed to respond and maintain an appropriate business record. Hosting, security, and diagnostic data is retained in accordance with our operational needs and provider settings. Public blockchain data may remain permanently available outside our control.
11 International transfers
Hashira is based in India, and our providers may process data in other countries. Those countries may have privacy laws that differ from the laws where you live. Where required, we use contractual, organisational, or other safeguards intended to ensure an appropriate and comparable standard of protection for transferred personal data.
12 Security
We use reasonable administrative, technical, and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No internet transmission or storage system is completely secure, so we cannot guarantee absolute security.
You are responsible for protecting your device, email account, passkeys, recovery material, and other credentials. Contact us promptly if you believe your interaction with the Services has been compromised.
13 Your rights and choices
Depending on the law that applies to you, you may have the right to request access to personal data we hold about you, ask us to correct inaccurate data, request deletion, restrict or object to processing, receive a portable copy, or withdraw consent. You may also have the right to complain to a relevant data protection authority.
To make a request, email hello@please.xyz with enough information for us to understand and verify it. We will use information provided for verification only to evaluate and fulfil the request. Rights are subject to exceptions under applicable law, and we may retain data where legally permitted or required. Withdrawing consent does not affect processing that was lawful before the withdrawal and may prevent us from providing a feature.
14 Children
The Services are intended for people aged 18 or older. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, contact us so we can investigate and take appropriate action.
15 Third-party services
The Services may link to or integrate with services we do not control. A third party may collect data directly from you under its own terms and privacy policy. Review those policies before using the third-party service. Hashira is not responsible for the privacy, security, or content of an independent service.
16 Changes to this Policy
We may update this Policy as the Services, providers, or legal requirements change. We will post the revised Policy and update the effective date. If a change is material, we will provide additional notice where reasonably practicable, such as a notice in the Services or an email if we have your address.
We will update this Policy before launching production account, embedded wallet, portfolio, AI conversation, or transaction processing that materially changes the practices described here.
Privacy requests
Contact us
Hashira Works Pvt Ltd2nd Floor, Sreshta Marvel, Survey No. 136
P Janardhan Reddy Nagar, Kondapur Main Road
Gachibowli, Hyderabad, India
hello@please.xyz