Privacy Policy

RIFTPAY™ PRIVACY POLICY

Last modified: August 31, 2020

RiftPay Inc., a Delaware corporation (" RiftPay") operates the RiftPay.io (" Site"), the RiftPay mobile application, and the related payment services offered by RiftPay (together with the Site, the " Services").

RiftPay respects and protects the privacy of the users that use our Services. We maintain strict policies to ensure the privacy of those who use our Services (" End Users") or those who may just be visiting our Site (" Visitors ," together with End Users, " Users"). This policy (" Privacy Policy") describes the types of information we may collect from you, the User, and our practices for how we collect, use, maintain, protect, and disclose such information. The way that we collect and use your information depends on the way you access the Services. This Privacy Policy also includes a description of certain rights that you may have over information that we may collect from you.

By using the Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, your choice is to not use our Services.

• Name;

• Username;

• Email;

• Mailing Address;

• Birthdate;

• Profile Photo;

• Phone Number; and

• Payment Information (collected and processed by third party vendor).

  | | Non-Personal Data | Non-personal data includes any data that cannot be used on its own to identify, trace, or identify a person. We may collect your IP Address, device information, or location information. When non-Personal Data you give to us is combined with Personal Data we collect about you, it will be treated as Personal Data and we will only use it in accordance with this Privacy Policy. | | How we collect information. | We collect information about you in two ways: (1) when you provide it do us directly through an interaction with us; for example, when you register for the service, when you contact us for service request, surveys, or during live chats; (2) through automated collection methods like cookies or log files; and(3) when we obtain the information through a third party, including third party data verification and marketing services.

  | | Why we collect and how we use your information. (Legal Basis) | We collect and use your Personal Data when we have a legitimate purpose to do so, including the following reasons:

• when it is necessary for the general functioning of the Services, including to facilitate payments or to contact you;

• when it is necessary in connection with any contract you have entered into with us (including our terms of service) or to take steps prior to entering into a contract with us;

• when we have obtained your prior consent to the use, including to send information to you about our service offerings or features;

• when we have a legitimate interest in processing your information for the purpose of providing or improving our Services;

• when have a legitimate interest in using the information for the purpose of contacting you, subject to compliance with applicable law; or

• when we have a legitimate interest in using the information for the purpose of detecting, and protecting against, breaches of our policies and applicable laws. We may use aggregated (anonymized) information about our Users, and information that does not identify any individual, without restriction. | | Information Collected from Third Parties | Information from our service providers: We may receive information about you from third-party service providers that we engage for marketing our products and services. | | Accessing and Controlling Your Information | If you would like to prevent us from collecting your information completely, you should cease use of our Services. You can also control certain data via these other methods: Opt-out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the 'unsubscribe' function included in all such messages. However, you will continue to receive notices and essential transactional emails. Optional information: You can always choose not to fill in non-mandatory fields when you submit any form linked to our services. If you are a California resident, you also have the rights disclosed below. | | Data Rights for California U** sers** | If you are a California resident, you have the following rights with respect to information that we hold about you. We attempt to provide you the same rights no matter where you choose to live. Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared. Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database. Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected. Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means. Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing. | | Exercise Your Data Rights for California Users | We acknowledge your right to request access, amendment, or deletion of your data. We also recognize that you have the right to prohibit sale of your data, but we do not sell data. You can exercise the rights described above, by sending an email or mail to the addresses listed in the Contact section below. Only you, or an agent authorized to make a request on your behalf, may make a request related to your personal information. We cannot respond to your request if, (i) we cannot verify your identity; or (ii) your request lacks sufficient details to help us handle the request. Any information we provide will only cover the 12-month period preceding the request's receipt. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We are not obligated to provide responses to your data requests more than twice in a 12-month period.

If you are a resident of the State of California, under the California Consumer Privacy Act (CCPA), you have the right to request information on how to exercise your disclosure choice options from companies conducting business in California. Specifically: through email or physical mail to the address of 6718 Deloache Ave, Dallas, TX 75 | | How Long do we Store Personal Data? | We will only retain your Personal Data for up to 2 years if it is not being used for the necessary purposes as to supply our application with pertaining information. | | Automated Data Collection Methods | Cookies | A cookie is a small file placed on the hard drive of your computer. Cookies are used to help us manage and report on your interaction with the Services. Through cookies, we are able to collect information that we use to improve the Services, keep count of return visits to our website, session times, click stream data, manage multiple instances of the Site in a single browser, and keep track of usernames and passwords. If you turn off cookies, your experience on the Services may be impaired. | | Log Files | We use means through the Services to collect IP addresses, browser types, access times, physical location, operating system, and device information. Occasionally, we use the information to improve our Services. | | Users under the age of 16 | Our Services are not intended for anyone under 16 and we do not knowingly collect Personal Data from children under 16. If you are under 16, do not use or register on the Services, make any purchases, use any of the interactive or public comment features, or provide any information about yourself to us. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address listed below. | | Do Not Track Settings | We do not track our Users over time and across third party websites to provide targeted advertising and do not specifically respond to Do Not Track ("DNT") signals. | | Electronic Fund Transfers ("EFTs") and Account Balances | RiftPay has partnered with financial services software company Sila Inc. to offer you EFTs. When you create a RiftPay Account, you might also be prompted to sign up for a Sila Account. You authorize RiftPay to share your identity and banking information with Sila Inc. to open and support your RiftPay Account. It is your responsibility to make sure the data you provide us is accurate and complete. You must comply with Sila Inc.'s privacy policy (the "Sila Privacy Policy") when creating or using your RiftPay Account. The Sila Privacy Policy may be modified from time to time, and the governing version is incorporated by reference into this Privacy Policy. Any term not defined in this [paragraph, section, or addendum] but defined in the Sila Privacy Policy assumes the meaning as defined in the Sila Privacy Policy. |

We may use aggregated (anonymized) information about our Users, and information that does not identify any individual, without restriction.

We do not sell or otherwise disclose Personal Data specific personal or transactional information to anyone except as described below. | | Other Users | We may share your public profile information so that other users may find you to send or request funds from you, invite you to a Circle, or for an instant-share transaction. You may manage the people your profile is shared with within the Services. | | Affiliates and Subsidiaries | We may, for our legitimate interests, share your information with entities under common ownership or control with us who will process your information in a manner consistent with this Privacy Policy and subject to appropriate safeguards. Such parent companies, affiliates, or subsidiaries may be located in the United States. | | Successors in Interest. | We may, for our legitimate interests, share your information with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which Personal Data about our Users is among the assets transferred. You will be notified of any such change by a prominent notice displayed on our Services or by email. Any successor in interest to this Privacy Policy will be bound to the Privacy Policy at the time of transfer. | | Law enforcement and other governmental agencies. | We may share your information when we believe in good faith that such sharing is reasonably necessary to investigate, prevent, or take action regarding possible illegal activities or to comply with legal process. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organizations. | | Service Providers. | We may, for our legitimate interests, share certain information with contractors, service providers, third party authenticators, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. Some of the functions that our service providers provide are as follows:

• Host server infrastructure and storage;
• Business analytics services;
• Payment processing;
• Marketing, sales, and service management; and
• Email management services.

Some of our current service providers include Amazon Web Services, Google Cloud Platform, Sila Inc., Google Analytics, Hotjar, Marqueta, and Trulioo. |

|

|

|