CryptoFi, Inc. - Privacy Policy
(Rev. December 18, 2023)
Our Commitment to Privacy
At CryptoFi, Inc. (hereinafter referred to as “CryptoFi”), our client and customer relationships are our most important asset. CryptoFi is dedicated to respecting and protecting the privacy of our Banking customers’ and Credit Union members’ privacy. We maintain information about customers to provide the most effective and convenient access to our products and services.
The terms “CryptoFi,” “we,” and “us” include CryptoFi, Inc. By using the Services, you agree to the terms and conditions of this Privacy Policy.
This Privacy Policy is designed to provide details on how we collect, use, and share information. This notice serves as a standard for all CryptoFi employees for the collection, use, retention, and security of nonpublic personal consumer information in accordance with the Gramm-Leach-Bliley Act (GLBA).
Why We Collect Personal Information
CryptoFi is a technology service provider. To ensure a seamless end-user experience, we collect nonpublic personal information as it is essential to coordinate with Financial Service providers, i.e., Banks and Credit Unions, their existing mobile application technology providers, as well as our trusted and approved Qualified Custodians and Liquidity Providers. Information sharing between all parties involved is a necessary component of providing the products and services to our contracted Financial Service Providers’ customers and members.
Information We May Collect
Customer and Financial Information: When you sign up through your Financial Services Provider to participate in Services offered by CryptoFi and our partners, certain nonpublic personal information may be collected and shared between trusted parties. The personal information may include First Name, Middle Name, Last Name, Address, Email Address, Phone Number, Birth Date, Social Security Number, Nationality, Identity Document, Background Information (employment and income), and funding bank account. All personal information provided must be true, complete, and accurate, and you must notify your Financial Services Provider of any changes to such personal information.
Communications: If you contact us directly, we may request additional information about you. When you contact our Customer Service and Support Team, we will request your name, email address, phone number, contents of messages or attachments that you may send to us and other information you choose to provide.
Your Financial Services Provider may contact CryptoFi for the sole purpose and intent to assist them with end-user support, troubleshooting, or general knowledge and education. We will request additional information about the business operations, technical components, and/or your information to provide appropriate customer support. The sharing of information is deemed necessary to efficiently offer assistance to our clients in resolving customer service inquiries.
When end users of our Services access the CryptoFi website, www.cryptofi.tech, we may collect information through automated means, such as cookies, web beacons, and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs, operating system version, language preferences, referring URLs, and information about the usage of our Services. Please see our Cookie Policy posted on our website.
If you do not want information collected using cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie(s) from a particular site.
For end users accessing CryptoFi’s service delivered through the Financial Services Provider’s digital banking application, the providers of those applications may collect information through automated means, as referenced above. The information collected from these providers may or may not be shared with CryptoFi and is dependent on each provider’s technical specifications.
How We Use Your Information
We use nonpublic personal information to operate, maintain, enhance, and provide features of our services, to provide services and information that you request, to respond to comments and questions, and otherwise to provide support to you and your Bank or Credit Union.
We may use your information to analyze usage trends and preferences of end users to improve Services and to develop new products, services, features, and functionality. These insights will be shared with our contracted Financial Service Providers through the CryptoFi Operations Center.
We may use your information for administrative and informational purposes and to personalize your experience or to enforce our Terms of Service or other legal rights. This may include Customer Service and Support or sending communications.
How We Share Your Information
We will never sell or rent personal information for any purpose. We only disclose information that we collect through our Service to third parties in the following circumstances:
To our trusted partner Qualified Custodians and Liquidity Providers, third-party service providers who provide services such as payment processing, data analysis, information technology, and related infrastructure provision, customer service, email delivery, and other necessary services to maintain operations.
If required by law or in good faith, believe that such action is appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations or those of our partners; (f) to protect our rights, privacy, safety or property; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Data Analytics
CryptoFi uses a third-party analytics service to collect fully anonymized data, allowing CryptoFi to determine program and service effectiveness for our clients, such as the number of active users, number of purchases, percentage of active users transacting, users selling digital assets back to the Qualified Custodian(s) as well as the numbers and frequency of users actively utilizing the ‘learn’ feature inside the mobile banking application. CryptoFi does not transmit, view, or store Personally Identifiable Information through the use of this third-party analytics service.
Security
CryptoFi maintains physical, electronic, and procedural safeguards to protect nonpublic personal information with respect to our client’s end users, except as permitted by law. Security measures are in place for detecting possible data breaches. We will provide sufficient notice of a suspected data breach to our Financial Services clients, individual end users, and any applicable regulatory body. Data is encrypted in transit and at rest. Access to this data is secured by firewalls, IP whitelisting, and individual access keys. CryptoFi may mask non-public or sensitive data for reporting and exportable screenshots to our contracted Financial Services Providers. Adherence to this privacy policy continues whether consumer accounts are active or closed. We restrict access to nonpublic personal information to only individuals with a genuine business purpose and the need to know in order to provide products and services or to our vendors under contractual confidentiality agreements who are deemed essential to our operations. Financial Services Provider’s staff have role-based permissions through the CryptoFi Operations Center with predetermined permissions for edit or read-only capabilities. Except as required by law or court order, we will not release nonpublic information to any other third party.
We cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of user information will not occur. Consumers play a vital role in protecting their own information. When registering for our services through a Financial Services Provider (Bank or Credit Union), consumers should choose a password of sufficient length and complexity, not reveal this password to any third parties, and immediately notify the Financial Services Provider if unauthorized access is suspected or identified. The security protocols offered through digital banking applications that end users use to trade and view digital asset information are dependent on the digital banking credentials, which are maintained and monitored by the Financial Services Providers and their trusted technology partners and providers, which are independent of CryptoFi’s technology.
This policy applies to our corporate website, www.cryptofi.tech. Personal information that we receive in connection with providing products and services to Banking customers and Credit Union members is subject to our policy on the Privacy and Security of Consumer Financial Information in compliance with the Gramm-Leach-Bliley Act (GLBA) and other applicable data privacy laws and regulations.
Individual Consumer Rights
Individual consumers have certain rights regarding personal information. Consumers have the right to access or receive certain data about the personal information we process, have their personal information rectified, object to the processing of personal information, or ask us to restrict processing, delete personal information, or withdraw consent to processing. Consumers have the right to instruct the removal of personal information and close or auto-liquidate digital asset accounts; however, CryptoFi’s processes require consumers to first notify their Financial Services Provider. Please be aware it is not possible to remove all records of information provided for our services. In accordance with contractual agreements with our Financial Services client requirements, we will retain records as agreed upon by all parties involved.
To correct your account information, opt out of information sharing, close, or auto-liquidate a digital asset account, please contact your Financial Services Provider.
CCPA Privacy Notice
Under the California Consumer Privacy Act of 2018 (CCPA), we are required to provide certain information to California residents about how we collect, use, and share personal information and about the rights and choices California residents may have concerning their personal information.
The California Code of Regulations defines a “resident” as (1) every individual who is in the State of California for other than a temporary or transitory purpose and (2) every individual who is domiciled in the State of California for a temporary or transitory purpose. All other individuals are defined as “non-residents.”
Effective January 1, 2023, the California Privacy Rights Act (“CPRA”) allows for more protections for California residents (consumers, employees, and contractors). The CPRA amends and extends the CCPA. As a California resident, you have the right to ‘opt out’ of not only selling but the sharing of your personal data. CryptoFi, Inc. does not sell or share your personal data with third parties unless to satisfy our service and commitments to you in the performance of our contract with you. The CPRA expands your right to request and obtain information about categories of personal information we disclosed to our third-party providers dating back to January 1, 2022, and onward. If you wish to “Opt-Out,” please contact us at support@cryptofi.tech.
California residents have the right to the following: request a business to disclose the categories and specific pieces of personal data the business collected, request the business delete any personal data about them that the business has previously collected, and request the business not to sell their personal data.
Consumers may submit a request to access or delete personal information by contacting their Financial Services Provider so proper account management and information updating procedures can be tracked and followed.
Consumers may designate an authorized agent to make the request under the CCPA on their behalf. The authorized agent must submit proof that the consumer provided them with power of attorney pursuant to Probate Code sections 4000 – 4465. We may deny a request from the authorized agent who does not provide sufficient proof of authorization to act on the consumer’s behalf.
California residents may opt out of the “sale” of their personal information and have the right not to be discriminated against for exercising their rights. CryptoFi does not sell consumers’ personal information and will not discriminate against a resident of California for exercising rights under the CCPA.
UTAH CONSUMER PRIVACY ACT (UCPA)
The Utah Consumer Privacy Act (UCPA) was enacted on March 24, 2022, and became effective December 31, 2023. Utah consumers are granted a range of new rights over the personal data that were previously provided to CryptoFi, Inc. Under the UCPA, consumers have the right to (1) know or confirm processing activity; (2) access their personal data; (3) obtain a copy of their personal data in a portable and readily usable format; (4) ability to request for deletion of personal data; (5) opt out of targeted advertising and sales of personal information; (6) right to avoid discrimination as a result of exercising consumer rights under the UCPA. To exercise your rights as described above, please contact us at support@cryptofi.tech.
VIRGINIA CONSUMER DATA PROTECTION ACT (VCDPA)
The Virginia Consumer Data Protection Act (VCDPA), effective January 1, 2023, provides Virginia consumers with rights related to their personal data. Under the Act, these rights include (1) the right to know, access, and confirm personal data; (2) your right to request deletion of your personal data; (3) your right to correct inaccuracies of your personal data; (4) the right to portability (obtain a copy of your personal data in a portable format); (5) the right to opt out of processing of personal data for targeted advertising purposes; (6) your right to opt out of sale of your personal data; (7) your right to opt out of profiling based on your personal data; (8) your right not to be discriminated against for exercising our consumer rights under the VCDPA. To exercise your rights described above, please contact us at support@cryptofi.tech.
CONNECTICUT DATA PRIVACY ACT (CDPAC) - COLORADO PRIVACY ACT (CPA)
Connecticut Data Privacy Act (CDPAC) and the Colorado Privacy Act (CPA), both effective July 1, 2023, provide residents with the following rights:
The right to access personal data collected.
The right to correct inaccuracies in personal data.
The right to delete personal data, including personal data that a controller collected through third parties.
The right to obtain a copy of their personal data in a portable and readily usable format that allows residents to transfer the data to another controller with ease.
The right to opt-out of (1) the sale of their personal data; (2) the processing of personal data for the purposes of targeted advertising; (3) profiling that may have a legal or other significant impact.
The right to designate another person to serve as the consumer’s authorized agent and act on such consumer’s behalf, to opt out of the processing of such consumer’s personal data for one or more of the purposes specified. A consumer may designate such authorized agent by way of, among other things, a technology, including an internet link or a browser setting, browser extension, or global device setting, indicating such consumer’s intent to opt out of processing personal data.
If you are a resident of Connecticut or Colorado and wish to exercise your rights described above; please contact us at support@cryptofi.tech. CryptoFi Inc. shall respond no later than forty-five (45) days after receipt of the request. We may extend the response time by an additional forty-five (45) days when reasonably necessary, and is dependent on the number of consumer requests. As a Connecticut resident and consumer, you will be notified of such an extension. If we decline to take action regarding your request, we will inform you without delay but no later than forty-five (45) days after receipt of the request with justification for declining to take action and will provide you with instructions on how to appeal the decision. To submit an appeal, please contact us at support@cryptofi.tech.
All information provided to Connecticut or Colorado consumers is free of charge once per consumer during any twelve-month period. If excessive or repetitive requests are received, we may charge a reasonable fee to cover administrative costs associated with the request or decline to act on the request. If we are unable to authenticate a request to exercise any of the rights afforded and referenced above using commercially reasonable efforts, we shall not be required to comply with a request and shall provide notice to you that we are unable to authenticate the request to exercise such rights until you provide additional information reasonably necessary to authenticate.
Retention Period
We will only retain personal information for as long as necessary to fulfill the purposes for which user personal information was collected, including but not limited to the purpose of satisfying any legal, accounting, or reporting obligations or resolving disputes. We may retain personal information for accounting, contractual obligations with Financial Services Providers, and security purposes even after our business relationship has ceased. At a minimum, our data retention policy is five (5) years.
Privacy Policy Changes
We may amend our Privacy Policy as we deem necessary. Our policy is to post changes made with notice the policy has been updated on the website page https://www.cryptofi.tech/privacy. If we make material changes to how we treat users’ personal information, these changes will be communicated through a notice on the above website. The date the privacy policy was last revised is identified at the top of the page. We encourage review of this policy notice frequently to be informed of how we are protecting our clients and their customer and member information. The amended Privacy Policy will be deemed effective immediately upon posting on the website.
For questions and comments about privacy rights, email us at support@cryptofi.tech or contact us by mail:
CryptoFi, Inc.
8 The Green Suite 7529
Dover, DE 19901
800-839-1501 Ext. 102