Summary: We collect only what we need, use it only to serve you, never sell it to third parties, and protect it with industry-leading security. Read on for full details.
1. Information We Collect
We collect information you provide directly and information generated by your use of our services:
- Identity information: Full name, date of birth, gender, nationality, SSN.
- Contact information: Email address, phone number, residential and mailing address.
- Financial information: Bank account details, transaction history, credit score data, loan and investment records.
- Identity documents: Government-issued photo ID, utility bills, selfies (for KYC compliance).
- Technical information: IP address, browser type and version, device identifiers, pages visited, session duration.
- Communications: Support tickets, chat transcripts, emails and phone call recordings.
2. How We Use Your Information
Your information is used exclusively to:
- Open and manage your accounts and execute your transactions.
- Verify your identity and comply with KYC/AML regulations.
- Detect and prevent fraud, money laundering, and unauthorised access.
- Communicate important account notifications, statements, and updates.
- Personalise product recommendations relevant to your financial profile.
- Improve our services through aggregated, anonymised analytics.
- Comply with legal obligations including reporting to the FBI, and other regulatory bodies.
We do not use your data for advertising to third parties or sell your information in any form.
3. Information Sharing
We share your data only in the following circumstances:
- Service providers: Payment processors, cloud infrastructure providers, KYC verification services  all bound by strict data processing agreements.
- Regulatory authorities: The WB, FDIC and courts as required by applicable law.
- Credit bureaus: Loan performance data shared with licensed credit bureaux as required.
- With your consent: Any other sharing only with your explicit, informed consent.
4. Data Retention
We retain your personal data for as long as your account is active and for a minimum of 7 years after account closure, in compliance with United States banking regulations. Transaction records are retained for 10 years. After the retention period, data is securely deleted or anonymised.
5. Data Security
We protect your data using:
- AES-256 encryption at rest and TLS 1.3 in transit.
- Role-based access controls  only staff with a legitimate need can access your records.
- Regular penetration testing and security audits by independent third parties.
- ISO 27001-certified data centres with 24/7 physical and logical access controls.
6. Your Rights (CCPA)
Under the State laws like California Consumer Privacy Act (CCPA), you have the right to:
- Access: Request a copy of your personal data we hold.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion (subject to regulatory retention requirements).
- Objection: Object to processing for direct marketing purposes.
- Portability: Receive your data in a structured, machine-readable format.
- Complaint: Lodge a complaint with the National Institute of Standards and Technology (NIST).
To exercise any right, contact our Data Protection Officer.
7. Cookies & Tracking
We use strictly necessary cookies (session management, CSRF protection) and optional analytics cookies to improve our service. You may disable analytics cookies through your browser settings without affecting core functionality. We do not use third-party advertising cookies.
8. Third-Party Services
Our platform may contain links to third-party websites or use third-party APIs (e.g., payment gateways). We are not responsible for the privacy practices of third parties. We encourage you to read their policies before providing any information.
9. Children's Privacy
Our services are not directed at children under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us for immediate deletion.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via email and a prominent notice on our website at least 30 days before taking effect. Continued use of our services after that date constitutes acceptance.