Information You Provide Directly

Contact Data

• First and last name
• Email address
• Mailing address
• Phone number (required for account creation, verification, and transaction routing)

Identity Data

• Date of birth
• Social Security Number or Taxpayer Identification Number
• Driver's license number
• Copy of government-issued identification
• Other information required for identity verification and regulatory compliance

Financial Data

• Bank account information
• Payment card details
• Other payment method information
• Funding source metadata (transaction amounts, funding method, confirmation status)

Note: We do not store full card numbers or complete bank account credentials—these are handled by our payment processing partners.

Transaction Data

• Information about payments you send or receive
• Transaction amounts, timestamps, and recipient identifiers
• Token types and associated metadata
• Messages, photos, or content attached to transactions

Profile Data

• Display name and avatar
• Biographical information you choose to share
• Preferences and settings

Communications

• Messages exchanged with us through the App, email, social media, or other channels
• Support communications including chat logs and call recordings (where permitted)
• Feedback and survey responses

User-Generated Content

• Token creation metadata (name, symbol, supply parameters) if you create branded stablecoins
• Content you post or share through the Services

Marketing Data

• Preferences for receiving marketing communications
• Details about your engagement with marketing content

Information from Third-Party Sources

We may combine personal information we receive from you with information obtained from other sources, including:

Public Sources

• Government agencies and public records
• Social media platforms (publicly available information)
• Public blockchain data

Data Providers

• Information services and data licensors
• Identity verification services
• Credit reporting agencies (where applicable)

Payment Partners

• Transaction confirmations and status updates from payment processors
• Banking partners and financial institutions

Other Users

• Information about you provided by other users (e.g., when they send you a payment or message)

Information Collected Automatically

We, our service providers, and business partners may automatically collect information about you, your device, and your interactions with our Services.

Device Data

• Device type, operating system, and browser type
• Unique device identifiers
• IP address
• Language settings
• Mobile network information
• General location derived from IP address

Online Activity Data

• Pages or screens viewed within the App
• Navigation paths and feature usage
• Access times and session duration
• Actions taken within the Services
• Crash reports and error logs

Location Data

• Precise location when you authorize the App to access your device's location services
• General location derived from IP address

Wallet and Blockchain Data

• Smart wallet address generated upon registration
• Transaction history and metadata
• On-chain data recorded on public blockchain networks

Important: Blockchain data is immutable and publicly accessible. We cannot delete or modify information once recorded on a blockchain.

Service Delivery

• Create and maintain your account and wallet
• Process transactions and display balances
• Enable payments between users and businesses
• Deliver messages and content attached to transactions
• Provide customer support and respond to inquiries
• Enable security features and authenticate access

Communications

• Send transactional notifications via SMS, push notifications, or email
• Deliver service announcements and updates
• Communicate about your account and activity
• Respond to your requests and feedback

Research and Development

• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Conduct research and analytics
• Test and troubleshoot products

Marketing

• Send promotional communications (with your consent)
• Personalize your experience based on preferences
• Measure marketing effectiveness

Compliance and Protection

• Comply with applicable laws, regulations, and legal processes
• Meet anti-money laundering (AML), know-your-customer (KYC), and FinCEN requirements
• Respond to lawful requests from government authorities
• Detect, investigate, and prevent fraud or illegal activity
• Enforce our Terms of Service and other agreements
• Protect our rights, privacy, safety, or property

With Your Consent

• For any other purpose disclosed to you with your explicit consent

Service Providers

We engage trusted third-party companies to perform services on our behalf, including:

• Cloud Hosting: Infrastructure, storage, and computing services
• Payment Processing: Partners facilitating funding, withdrawals, and transactions
• Identity Verification: KYC and fraud prevention services
• Messaging Infrastructure: SMS, push notification, and email delivery
• Customer Support: Tools and platforms for managing support requests
• Analytics: Services helping us understand usage patterns
• Security: Fraud detection and cybersecurity services

These providers are contractually obligated to protect your information and use it only for services they provide to us.

Professional Advisors

We may share information with lawyers, auditors, bankers, and insurers where necessary for professional services.

Blockchain Networks

When you conduct transactions, certain information is recorded on public blockchain networks:

• Your wallet address
• Transaction amounts and timestamps
• Token information

Important: Blockchain data is immutable and publicly accessible. We cannot delete, modify, or control information once recorded on a blockchain. While your wallet address is pseudonymous, third parties may associate it with your identity through blockchain analysis.

Other Users

When you send or receive payments, other users may see:

• Your phone number (if shared or mutually recognized)
• Your display name and avatar
• Transaction amounts and token types
• Messages, photos, or content attached to transactions

Exercise discretion when adding content to transactions or sharing information with other users.

Affiliates

We may share information with subsidiaries and affiliates under common ownership or control. Their use will be subject to this Privacy Policy.

Authorities and Legal Requirements

We may disclose information when necessary to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from law enforcement or government authorities
• Meet regulatory reporting requirements (AML, KYC, tax)
• Enforce our Terms of Service or other agreements
• Protect rights, privacy, safety, or property
• Investigate potential violations or fraud

Business Transfers

If we are involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

With Your Consent

We may share information for other purposes with your explicit consent.

Message Frequency

Message frequency varies based on your account activity, including transaction confirmations, security alerts, and service updates.

Third-Party SMS Partners

We share your phone number and related metadata with messaging infrastructure partners solely to support message delivery. These partners include carriers, platform providers, and SMS gateway services. We do not share your SMS opt-in or consent status with third parties for unrelated purposes.

SMS Consent

Your opt-in to receive text messages is used solely for delivering Caplito-related communications. We do not share opt-in data or consent with third parties for marketing or unrelated campaigns.

Opting Out

You may opt out of promotional SMS messages at any time by replying STOP to any message. Note that opting out may not apply to transactional or security notifications essential to your account.

For SMS assistance, reply HELP

What We Use

We use cookies, local storage, and similar technologies to:

• Maintain your session and authenticate your identity
• Remember your preferences and settings
• Enhance security features
• Measure and analyze usage patterns
• Improve performance and user experience

Types of Cookies

Managing Cookies

You can manage cookie preferences through your browser or device settings. Disabling certain cookies may affect Service functionality.

Do Not Track

Some browsers offer "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, as there is no industry-standard interpretation. We will update this policy if a standard is established.

General Rights

You may have the right to:

• Access: Request confirmation of whether we process your data and obtain a copy
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request a copy of your data in a portable, machine-readable format
• Restriction: Request that we limit how we use your information
• Objection: Object to certain processing of your information

Withdraw Consent: Withdraw consent where processing is based on consent

Marketing Opt-Out

You may opt out of marketing communications by:

• Following unsubscribe instructions in emails
• Replying STOP to SMS messages
• Adjusting notification preferences in the App
• Contacting us at privacy@caplito.com

Opting out of marketing does not affect transactional or service-related messages.

Account Deletion

You may delete your account through the App settings or by contacting us. Account deletion will remove all associated personal data, subject to our legal retention obligations and blockchain immutability.

Exercising Your Rights

To exercise your rights, contact us at privacy@caplito.com. We will verify your identity before processing requests and respond within the timeframe required by applicable law (typically 30-45 days).

We will not discriminate against you for exercising your privacy rights.

Limitations

Certain rights may be limited where:

• We are required by law to retain information
• Information is necessary to complete a requested transaction
• Deletion would impair legitimate interests (e.g., fraud prevention)
• Information exists on public blockchains (which we cannot modify)

The App is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13 without parental consent, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at privacy@caplito.com.

For users between 13 and 18, we encourage parental involvement in online activities.

We may use automated systems to help detect fraud, verify identity, enforce our Terms of Service, and improve our Services. These systems may analyze transaction patterns, device information, and usage data.

You have the right to request human review of decisions made solely through automated processing that significantly affect you. Contact us at privacy@caplito.com to request review.

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

Notification

We will notify you of material changes by:

• Updating the "Last Revised" date at the top of this policy
• Posting the updated policy in the App
• Sending notice via email or in-app notification for significant changes

Acceptance

Your continued use of the App after changes become effective constitutes acceptance of the modified Privacy Policy. If you do not agree with changes, you should discontinue use of the Services.

Prior Versions

Prior versions of this Privacy Policy are available upon request.

Financial Regulatory Compliance

As a financial services provider, we are required to collect, retain, and report certain information to comply with:

• Anti-money laundering (AML) laws and regulations
• Know-your-customer (KYC) requirements
• FinCEN (Financial Crimes Enforcement Network) regulations
• Bank Secrecy Act obligations
• Tax reporting requirements
• Other applicable financial regulations

Blockchain Transparency

Transactions conducted through our Services are recorded on public blockchain networks. Blockchain data is:

• Public: Viewable by anyone with internet access
• Immutable: Cannot be deleted, modified, or reversed
• Permanent: Exists indefinitely on the blockchain

Pseudonymous: Wallet addresses do not directly reveal identity, but may be linked through analysis

Aggregated and De-Identified Data

We may create aggregated or de-identified data that cannot reasonably be used to identify you. Such data is not subject to this Privacy Policy and may be used for any lawful purpose, including analytics, research, and service improvement.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:

HIG, Inc.

📧 Privacy Inquiries: privacy@caplito.com

📧 General Support: help@caplito.com

For SMS support, text HELP.

Response Time

We aim to respond to all privacy inquiries within 30 days, or sooner if required by applicable law.