Privacy Policy

Effective Date: January 1, 2025

1. Introduction

This Privacy Policy explains how Expenlify LLC (“Expenlify”, “we”, “our”, or “us”) collects, processes, stores, and shares personal and business data. It applies to all users, clients, partners, and representatives interacting with our financial technology platform.

2. Who We Are

Expenlify is a fintech infrastructure provider offering Banking-as-a-Service (BaaS) and crypto-enabled financial modules. Our services include virtual and physical card issuance, IBAN/ACH accounts, wallet creation, crypto-fiat processing, and regulatory compliance APIs.

3. Data We Collect

A. Business Identification Data (KYB):

  • Legal business name and registration details
  • Incorporation documents
  • Tax Identification Number (TIN/VAT ID)
  • Ultimate Beneficial Owners (UBOs), directors, and representatives
  • Business bank account details
  • Proof of activity and source of funds (AML documentation)

B. Personal Data (Business User or Representative):

  • First and last name
  • Job title and company role
  • Business email and phone number
  • Government-issued ID, proof of identity (e.g., ID scan, selfie)
  • IP address and user-agent metadata during API or dashboard interactions

C. Technical and Transactional Data:

  • API usage logs and webhook activity
  • Payment identifiers, amounts, currencies, and crypto wallet addresses
  • Transaction metadata for audit and compliance

4. How We Use the Data

We process collected data to:

  • Verify and onboard businesses (KYB/KYC, AML/CFT checks)
  • Provide access to our APIs and platform functionality
  • Ensure platform security and prevent fraud
  • Comply with legal obligations in the EU, US, and other jurisdictions
  • Provide support and notify users about critical updates

5. Data Storage and Security

All data is securely stored using industry-standard encryption methods.

  • Data is stored in data centers within the EU or the United States, depending on the client’s jurisdiction.
  • We implement strict internal access controls and role-based permissions.
  • All transfers and storage are protected using HTTPS, TLS, and encrypted storage technologies.

6. Sharing with Third Parties

We may share certain data with:

  • Banking partners, card issuers, and payment processors
  • Government or supervisory authorities where legally required
  • Infrastructure providers under strict data protection agreements (DPAs)

We do not sell or monetize personal or business data.

7. Cookies and Tracking

Our website may use technical cookies and analytics tools to improve performance and user experience. We do not use cookies for behavioral advertising. Cookie banners and preferences are provided in compliance with GDPR and applicable US laws.

8. Data Retention

  • KYB/KYC documentation: retained for up to 5 years after the end of business relations (in accordance with AML regulations)
  • API and transaction logs: retained for up to 12 months, or longer where contractually agreed
  • Contact and communication data: retained for the duration of the partnership or until deletion is requested

9. Your Rights (EU and US Residents)

If you are located in the EU (GDPR):

  • Right to access your data
  • Right to rectification or erasure
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge a complaint with your Data Protection Authority

If you are a California resident (CCPA):

  • Right to know what data we collect
  • Right to request deletion of your data
  • Right to opt out of data sale (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

10. Contact Us

If you have any questions regarding this Privacy Policy, or if you wish to exercise your data rights, please contact us at:

Email: [email protected]

Expenlify LLC