Acceptable Use Policy
Last updated: June 21, 2026
This Acceptable Use Policy ("Policy") applies to the official cloud-hosted service (dash.xca.sh). We provide neutral crypto payment infrastructure, but we firmly refuse to serve certain illegal or high-risk activities. By using the cloud-hosted edition you agree to comply with this Policy. Self-hosted, open-source merchants decide their own use but must likewise comply with the laws that apply to them.
Prohibited uses
You may not use the official cloud-hosted service for, or to collect payment for, any of the following:
- Online gambling, betting, and similar speculative activities;
- Fraud, scams, phishing, and investment schemes such as Ponzi, pyramid, or "guaranteed high-return" programs;
- Money laundering, terrorist financing, or channeling proceeds of crime;
- Transactions involving sanctioned individuals, entities, or countries/regions (e.g., OFAC and other sanctions lists);
- Drugs, weapons and ammunition, stolen data or accounts, and other goods or services prohibited by law;
- Ransomware, malware, intrusion, or other services related to cyberattacks;
- Child sexual abuse material (CSAM) — zero tolerance, strictly prohibited, and reported to authorities as required by law.
Lawful but regulated industries
For industries that are lawful but regulated in their jurisdiction (for example, adult content services or network services such as VPNs), we do not impose a blanket ban. However, you must ensure your business is legal and compliant where you and your customers are located, implement necessary measures (such as age verification), and never cross into the prohibited uses and red lines listed above. Compliance responsibility rests with you.
On-chain screening and anti-money laundering
We do not perform traditional identity verification (KYC). Instead, we rely on on-chain risk intelligence (such as tools like MistTrack) and sanctions lists to screen the relevant collection addresses and transactions, in order to identify and reject addresses associated with sanctioned parties, stolen funds, fraud, or other high-risk sources. For addresses or transactions that trigger high-risk signals, we may refuse to process them, suspend the service, and cooperate with the competent authorities where required by law. This screening is a risk-control measure and does not constitute any guarantee as to the legality of a transaction.
Consequences of violations
If we find a violation of this Policy, we may suspend or terminate your account and cloud-hosted service, ceasing to process collections, generate collection addresses, or provide related features for you. Because the service is non-custodial and collection funds flow through smart contracts straight to your own collection address, we do not hold and cannot seize those funds. As for the platform-fee balance you prepaid or any related records we hold, we will not seize them ourselves; where required by applicable law, we will deal with them under the direction of the competent authority or law enforcement.
Reporting and cooperation with law enforcement
Where required by law or upon a lawful request, we will cooperate with investigations by competent authorities and law enforcement and provide the relevant information we hold (such as account email, sign-in and usage records, IP, and related on-chain addresses and transaction records). If you discover anyone abusing this service for the prohibited activities above, please report it to [email protected].
Updates and contact
We may update this Policy from time to time; when we do, we will revise the "Last updated" date at the top of this page. If you have any questions about this Policy, contact [email protected].