Privacy Policy

1. INTRODUCTION

SYNCSFER CORP., a Delaware corporation doing business as TrustSfer (collectively referred to as "TrustSfer," "we," "us," or "our"), is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information and organizational data when you access or use our Services, website, mobile applications, and related platforms (collectively, the "Services"). This Privacy Policy applies to all users of the Services, including individual users, organizational administrators, authorized users within organizations, and visitors to our website. By accessing or using the Services, creating an account, or providing information to us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Services. This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service. We encourage you to read this Privacy Policy carefully and to review it periodically for any updates or changes.

2. INFORMATION WE COLLECT

We collect various categories of personal information and organizational data to provide, maintain, improve, and secure the Services. The information we collect falls into the following categories, collected through different means and for specific purposes described throughout this Policy.

2.1 Information You Provide Directly

We collect information that you provide directly to us when you interact with the Services. This includes account registration information such as your full name, email address, company or organization name, job title or role within your organization, phone number, business address, and payment information including credit card details or bank account information, which is processed through our secure payment partners. When you create an account, you provide this information voluntarily, and it is necessary for us to establish and maintain your account and provide the Services. We collect organizational and operational information that you upload, create, or transmit through the Services, including project data, documents and files that you store or share through the platform, digital signatures and electronic signature data, transaction records and audit trails, collaboration notes and communications within the platform, and any other content or materials that you choose to upload, store, or process through the Services. This information constitutes Customer Data as defined in our Terms of Service, and you retain ownership of such data subject to the license granted to us to provide the Services. We collect support and communication information when you contact us for customer support, provide feedback, or communicate with us through email, chat, phone, or other channels. This includes the content of your messages, inquiries, or feedback, information about your use of the Services that helps us troubleshoot issues, attachments or documents you provide to assist with support requests, and records of our interactions and correspondence with you. This information helps us respond to your requests, improve our Services, and maintain records of our customer relationships. We collect information through surveys and research when you choose to participate in surveys, focus groups, user research, or beta testing programs. This includes your responses to survey questions, feedback about features and functionality, opinions about your experience with the Services, and demographic information you choose to provide. Participation in surveys and research activities is always voluntary, and we use this information to improve the Services and develop new features.

2.2 Information Collected Automatically

We automatically collect certain information about your device and how you interact with the Services using various technologies including cookies, web beacons, log files, and similar tracking technologies. This automatic data collection enables us to provide, secure, and improve the Services. We collect technical information about your device and connection, including your Internet Protocol (IP) address and general location derived from your IP address, browser type and version, operating system and version, device type and model, device identifiers such as advertising identifiers or device fingerprints, screen resolution and display characteristics, language preferences and time zone settings, and information about your internet service provider and mobile carrier. This information helps us optimize the Services for different devices and browsers, diagnose technical issues, and detect and prevent fraud and security threats. We collect usage data and analytics about how you interact with the Services, including the pages you visit and features you use, the date, time, and duration of your visits and sessions, the sequence of pages visited and actions taken, search queries you enter within the Services, files you upload, download, or access, documents you create, edit, or sign, links you click on, referring and exit pages that brought you to or from the Services, and performance data including load times and error messages. This usage data helps us understand how users interact with the Services, identify areas for improvement, measure the effectiveness of features, and optimize performance. We collect information through cookies and similar technologies. Cookies are small text files stored on your device that allow us to recognize your browser and capture certain information. We use both session cookies that expire when you close your browser and persistent cookies that remain on your device for a longer period. We use cookies and similar technologies for authentication and security purposes to keep you logged in and protect your account, to remember your preferences and settings, to analyze usage patterns and improve the Services, to measure the effectiveness of marketing campaigns, and to provide certain features and functionality. You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of the Services.

2.3 Information from Third Parties

We may receive information about you from third-party sources to supplement the information we collect directly from you, to verify the accuracy of information you provide, and to enhance our Services. These third-party sources include business partners and service providers who help us deliver the Services, identity verification services that help us confirm your identity and prevent fraud, payment processors that facilitate transactions and verify payment information, data analytics providers that help us understand user behavior and improve the Services, public databases and commercially available sources that provide business contact information, social media platforms if you connect your social media account to the Services or interact with us through social media, and other users who may provide information about you when they use collaboration features of the Services. When we receive information from third parties, we treat that information in accordance with this Privacy Policy and applicable law. We also require third parties to represent that they have obtained appropriate consent and authorization to share information with us.

2.4 Sensitive Personal Information

In certain circumstances, we may collect or process categories of personal information that are considered sensitive under applicable privacy laws. Sensitive personal information may include financial account information necessary for payment processing, government-issued identification numbers when required for identity verification or compliance purposes, precise geolocation data if you enable location services on your mobile device, the content of communications that you create or transmit through the Services, and biometric data if you choose to use biometric authentication features. We collect and process sensitive personal information only when necessary to provide the Services you request, when required by applicable law or regulation, or when we have obtained your explicit consent. We implement additional security measures to protect sensitive personal information and limit access to such information on a strict need-to-know basis. You have the right to limit our use and disclosure of sensitive personal information as described in the Your Rights and Choices section below.

2.5 Information About Minors

The Services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal information from children under 13 years of age. Our Services are designed for professional and institutional users conducting business activities. If we become aware that we have collected personal information from a child under 13 without proper parental consent, we will take steps to delete such information promptly. If you believe that we may have collected information from a child under 13, please contact us immediately at privacy@trustsfer.com so that we can investigate and take appropriate action.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes related to providing, maintaining, improving, and securing the Services. The specific purposes for which we use your information depend on how you interact with the Services and the nature of your relationship with us. Our use of your information is based on specific legal grounds as described in Section 4 below.

3.1 Providing and Operating the Services

We use your information to provide, operate, and maintain the Services, which constitutes the core purpose for which we collect information. This includes creating and managing your account and authenticating your identity when you log in, processing your transactions and maintaining records of your activities, enabling you to upload, store, access, and manage your documents and data, facilitating electronic signatures and maintaining audit trails of signing activities, providing collaboration features that allow you to work with team members and external parties, generating dashboards, reports, and analytics based on your activities, processing payments and managing your subscription, providing customer support and responding to your inquiries, communicating with you about your account and the Services, and enforcing our Terms of Service and other policies.

3.2 Improving and Developing the Services

We use information to improve, enhance, and develop the Services and to create new features and functionality. This includes analyzing usage patterns to understand how users interact with the Services and which features are most valuable, identifying technical issues, bugs, and performance problems that need to be addressed, conducting research and development to create new features and enhance existing functionality, testing new features and improvements through beta programs, personalizing your experience based on your preferences and usage patterns, and developing machine learning models and algorithms to improve functionality, provided that such models use aggregated or de-identified data that does not identify individual users.

3.3 Security and Fraud Prevention

We use information to protect the security and integrity of the Services and to detect, prevent, and respond to fraud, abuse, security threats, and illegal activities. This includes monitoring for suspicious activity, unauthorized access attempts, and potential security breaches, implementing access controls and authentication mechanisms to protect accounts, detecting and preventing fraud, spam, phishing, and other malicious activities, investigating security incidents and responding to threats, enforcing our Terms of Service and Acceptable Use Policy, complying with legal obligations related to security and data protection, and conducting security audits and assessments to identify vulnerabilities.

3.4 Legal Compliance and Protection of Rights

We use information to comply with legal obligations, respond to legal processes, and protect our rights and the rights of others. This includes complying with applicable laws, regulations, and legal processes including subpoenas, court orders, and law enforcement requests, fulfilling regulatory requirements including anti-money laundering (AML), know-your-customer (KYC), and tax reporting obligations, maintaining records as required by law or regulation, responding to data subject requests and exercising rights under privacy laws, protecting against legal liability and defending our rights in disputes or litigation, enforcing our Terms of Service, policies, and agreements, protecting the safety, security, and rights of SYNCSFER, our users, and the public, and investigating and preventing fraud, illegal activities, and violations of our policies.

3.5 Communications and Marketing

We use your contact information to communicate with you about the Services and to provide marketing communications where permitted by law. This includes sending transactional emails and notifications about your account, transactions, and service-related updates, providing important notices about changes to our Terms of Service, Privacy Policy, or Services, responding to your inquiries, requests, and customer support issues, sending newsletters, promotional materials, and marketing communications about our Services and related offerings where you have opted in or where permitted by law, conducting surveys and requesting feedback about the Services, and notifying you about new features, updates, and enhancements to the Services.

You can opt out of marketing communications at any time by following the unsubscribe instructions in our emails, adjusting your communication preferences in your account settings, or contacting us at privacy@trustsfer.com. Even if you opt out of marketing communications, we will still send you transactional and service-related communications that are necessary for the provision of the Services.

3.6 Analytics and Business Operations

We use information for analytics, business intelligence, and operational purposes that help us run and grow our business effectively. This includes analyzing business metrics, usage trends, and customer behavior to make informed business decisions, conducting financial reporting, accounting, and audit activities, managing our business relationships with customers, partners, and vendors, performing due diligence in connection with corporate transactions such as mergers, acquisitions, or financing, creating aggregated, anonymized, or de-identified data for benchmarking, research, and industry analysis, and improving our internal business processes and operational efficiency.

3.7 Customization and Personalization

We use information to customize and personalize your experience with the Services, making them more relevant and useful to you. This includes remembering your preferences, settings, and customization choices, providing personalized recommendations for features or workflows that may benefit you, customizing the user interface based on your usage patterns, pre-populating forms with information you have previously provided, and tailoring communications and content to your interests and needs. Personalization helps us provide a better user experience while respecting your privacy preferences.

4. LEGAL BASIS FOR PROCESSING

For users located in jurisdictions that require a legal basis for processing personal information, including the European Economic Area, United Kingdom, and other regions with comprehensive data protection laws, we process your personal information based on one or more of the following legal grounds. We process your personal information to perform our contract with you under our Terms of Service. This includes processing necessary to create and manage your account, provide access to the Services, process transactions and payments, deliver customer support, and fulfill other obligations under our Terms of Service. Without this processing, we would not be able to provide the Services to you. We process your personal information based on our legitimate interests in operating, improving, and securing our business and the Services, provided that these interests are not overridden by your rights and interests. Our legitimate interests include improving and developing the Services and new features, conducting analytics to understand user behavior and preferences, ensuring the security and integrity of the Services, detecting and preventing fraud and abuse, enforcing our Terms of Service and policies, managing business operations and relationships, marketing our Services to existing customers, and defending our legal rights and interests. We process your personal information where you have provided your consent. This includes processing for marketing communications where required by law, use of certain cookies and tracking technologies, processing of sensitive personal information where consent is required, and other processing activities where we have specifically requested and obtained your consent. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal. We process your personal information where necessary to comply with legal obligations imposed on us by applicable law or regulation. This includes complying with tax, accounting, and financial reporting obligations, responding to lawful requests from law enforcement and government authorities, complying with anti-money laundering, know-your-customer, and other regulatory requirements, maintaining records as required by law, and complying with court orders, subpoenas, and legal processes. In rare circumstances, we may process your personal information where necessary to protect vital interests, meaning to protect someone's life, physical integrity, or safety. This would only occur in emergency situations requiring immediate action to prevent serious harm.

5. HOW WE SHARE YOUR INFORMATION

We may share your personal information with third parties in the circumstances described below. We do not sell your personal information to third parties for monetary consideration, and we do not share your personal information for cross-context behavioral advertising purposes. When we share information with third parties, we require them to protect the information appropriately and to use it only for the purposes for which it was shared.

5.1 Service Providers and Business Partners

We share information with service providers and business partners who perform services on our behalf and help us operate the Services. These service providers include cloud hosting and infrastructure providers that host our servers, databases, and applications, payment processors and financial institutions that process transactions and manage billing, identity verification services that help us confirm identities and prevent fraud, email service providers that help us send transactional and marketing communications, customer support platforms that enable us to provide support services, analytics providers that help us understand usage patterns and improve the Services, security and fraud prevention services that protect against threats, professional advisors including lawyers, accountants, and consultants who provide professional services, and other vendors and contractors who provide business services to us.

These service providers are contractually required to use personal information only for the specific purposes for which we engage them, to protect the information with appropriate security measures, and to comply with applicable privacy laws. We conduct due diligence on our service providers and require them to maintain privacy and security standards consistent with this Privacy Policy and applicable law.

5.2 Within Our Corporate Family

We may share information with our parent company, subsidiaries, affiliates, and other entities under common control for purposes consistent with this Privacy Policy. This sharing enables us to provide integrated services, conduct business operations efficiently, and offer enhanced features and functionality. All entities within our corporate family are required to protect personal information in accordance with this Privacy Policy and applicable law.

5.3 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, consolidation, restructuring, sale of assets, bankruptcy, or other corporate transaction or proceeding involving SYNCSFER, your information may be transferred, sold, or shared as part of that transaction. In such circumstances, we will notify you before your information is transferred and becomes subject to a different privacy policy. We will require any successor entity to honor the commitments made in this Privacy Policy unless you consent to different treatment of your information.

5.4 Legal Requirements and Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, to respond to subpoenas, court orders, search warrants, or other legal demands, to investigate, detect, prevent, or take action regarding fraud, security breaches, illegal activities, or violations of our Terms of Service, to protect the rights, property, safety, or security of SYNCSFER, our users, or the public, to enforce our Terms of Service, policies, and agreements, or to defend against legal claims or demands. We will carefully review each legal request and will only disclose information to the extent reasonably necessary to comply with the request while protecting your privacy to the maximum extent possible.

5.5 With Your Consent or Direction

We may share your information with third parties when you specifically consent to or request such sharing. This includes when you direct us to share information with third-party applications or services that you connect to your account, when you provide consent for us to share information for a specific purpose, when you publicly post information through features of the Services that are designed for sharing, or when you participate in joint programs or initiatives with partners and consent to sharing information with those partners.

5.6 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that does not identify you or any individual with third parties for various purposes including research, analytics, benchmarking, industry reports, marketing, and business intelligence. Once data has been properly aggregated or de-identified such that it cannot reasonably be used to identify an individual, it is no longer considered personal information and may be used and shared without restriction.

5.7 Auditors, Regulators, and Donors

We may share information in aggregated, anonymized, or pseudonymized form with auditors who verify our compliance with legal and contractual obligations, with regulatory authorities as required by law or regulation, particularly in industries where we operate under regulatory supervision, and with donors, grantors, or funding organizations that support our mission, where sharing is necessary to demonstrate impact and maintain transparency. Such sharing is always conducted in a manner designed to protect individual privacy to the maximum extent possible.

6. INTERNATIONAL DATA TRANSFERS

SYNCSFER is based in the United States, and the Services are hosted on servers located primarily in the United States. When you use the Services, your personal information may be transferred to, stored in, and processed in the United States and potentially in other countries where we or our service providers maintain facilities. These countries may have data protection laws that differ from the laws of your jurisdiction and may not provide the same level of protection for personal information. When we transfer personal information from the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with comprehensive data protection laws to the United States or other countries, we implement appropriate safeguards to protect your information. These safeguards include Standard Contractual Clauses approved by the European Commission or other relevant data protection authorities, compliance with adequacy decisions issued by the European Commission recognizing certain countries as providing adequate protection, binding corporate rules that ensure consistent protection across our corporate family, and other transfer mechanisms recognized under applicable law. We conduct due diligence on international service providers and sub-processors to ensure they implement appropriate security measures and comply with applicable data protection requirements. Where required by law, we will obtain your explicit consent before transferring your personal information to countries that do not provide adequate protection. You can contact us at privacy@trustsfer.com for more information about the safeguards we have implemented for international data transfers.

7. DATA SECURITY AND PROTECTION

We implement comprehensive administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. While no security measures are completely infallible, we use industry-standard practices and continuously update our security protocols to address evolving threats.

7. DATA SECURITY AND PROTECTION

We implement comprehensive administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. While no security measures are completely infallible, we use industry-standard practices and continuously update our security protocols to address evolving threats.

7.1 Technical Security Measures

We implement multiple layers of technical security controls to protect your information throughout its lifecycle. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) version 1.2 or higher, which is the same encryption technology used by banks and financial institutions. All personal information stored on our servers is encrypted at rest using Advanced Encryption Standard (AES) with 256-bit encryption keys or equivalent cryptographic algorithms, ensuring that even if storage media were compromised, the data would remain protected.

We implement strong authentication mechanisms including password complexity requirements that mandate minimum length and character diversity, account lockout policies that temporarily disable accounts after multiple failed login attempts to prevent brute force attacks, support for two-factor authentication and multi-factor authentication to provide an additional layer of security beyond passwords, and session management controls that automatically log users out after periods of inactivity. We encourage all users to enable two-factor authentication and to use strong, unique passwords for their accounts.

Our systems undergo regular security testing and assessment through multiple methods including automated vulnerability scanning that continuously monitors for known security weaknesses, penetration testing conducted by qualified security professionals who simulate real-world attacks, security code reviews that examine our software for potential vulnerabilities, and third-party security audits that provide independent validation of our security controls. We address identified vulnerabilities promptly based on their severity and potential impact.

7.2 Administrative Security Measures

We implement organizational policies and procedures to ensure that personal information is handled securely throughout our operations. Access to personal information is restricted on a strict need-to-know basis using role-based access controls that grant employees and contractors only the minimum access necessary to perform their job functions. All personnel with access to personal information are required to sign confidentiality agreements and to complete regular security awareness training that covers data protection principles, common security threats, incident reporting procedures, and their responsibilities under our security policies.

We maintain detailed incident response procedures that enable us to detect, investigate, contain, and remediate security incidents promptly. Our incident response plan includes defined roles and responsibilities, escalation procedures, communication protocols, evidence preservation requirements, and steps for notifying affected individuals and relevant authorities as required by law. We regularly test and update our incident response plan to ensure its effectiveness.

We maintain vendor management procedures that require service providers with access to personal information to implement appropriate security measures, to undergo security assessments before engagement, to comply with our security requirements, and to notify us promptly of any security incidents affecting the information they process on our behalf. We conduct periodic reviews of service provider security practices to ensure ongoing compliance.

7.3 Physical Security Measures

Our data centers and servers are hosted by reputable cloud infrastructure providers that implement comprehensive physical security controls. These facilities feature 24/7 security monitoring and surveillance, restricted access with multi-factor authentication and biometric controls, environmental controls to protect against fire, flood, power outages, and temperature fluctuations, redundant power supplies and network connectivity, and compliance with industry standards including SOC 2, ISO 27001, and other certifications. We select hosting providers carefully and require them to maintain physical security standards that meet or exceed industry best practices.

7.4 Blockchain Security

For documents and transactions that are anchored to blockchain technology, we utilize the inherent security properties of distributed ledger technology. Blockchain anchoring creates an immutable, timestamped record that provides strong verification of authenticity and integrity without storing the actual document content or personally identifiable information on the blockchain. Instead, we store only cryptographic hashes, which are unique digital fingerprints that cannot be reverse-engineered to reveal the underlying data. This approach provides verification benefits while protecting privacy. The blockchain records are distributed across multiple nodes, making tampering virtually impossible without detection.

7.5 Employee Access and Monitoring

Access to systems containing personal information is logged and monitored to detect unauthorized access or suspicious activity. We implement automated alerting for unusual access patterns, maintain audit trails of data access and modifications, conduct periodic access reviews to ensure that access privileges remain appropriate, and promptly revoke access when employees change roles or leave the organization. Our employees are prohibited from accessing personal information except when necessary to perform their job duties or to provide customer support with appropriate authorization.

7.6 Security Limitations and Your Responsibilities

Despite our comprehensive security measures, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. You play an important role in protecting your information by maintaining the confidentiality of your account credentials, using strong, unique passwords, enabling two-factor authentication, promptly notifying us of any unauthorized access to your account, keeping your contact information current so we can reach you about security matters, exercising caution when sharing sensitive information through the Services, and regularly reviewing your account activity for suspicious transactions or changes.

If you have reason to believe that your account security has been compromised or that your personal information has been accessed without authorization, please notify us immediately at security@trustsfer.com so that we can investigate and take appropriate action to protect your account.

8. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes, to enforce our agreements, and for other legitimate business purposes. The specific retention period depends on the nature of the information, the purposes for which it is processed, and applicable legal requirements.

8.1 Retention of Account Information

We retain account information including your name, email address, organization details, and contact information for the duration of your active subscription plus an additional 12 months following account termination or subscription expiration. This retention period allows us to maintain continuity if you decide to reactivate your account, to respond to inquiries you may have after termination, to comply with financial reporting and tax obligations, and to maintain records necessary for dispute resolution. After this retention period expires, we will delete or anonymize your account information unless we are required by law to retain it for a longer period.

8.2 Retention of Transaction and Project Data

We retain transaction records, project data, and operational information for up to seven years following account termination or the completion of the relevant transaction. This extended retention period is necessary to comply with legal and regulatory requirements including tax laws that require maintenance of business records, anti-money laundering regulations, electronic signature laws that mandate retention of signing records, audit and compliance requirements, and statutes of limitations for contract disputes. After the retention period expires, we will securely delete this information unless we have a legal obligation to retain it longer.

8.3 Retention of Blockchain Records

Information anchored to blockchain technology, specifically cryptographic hashes and transaction references, is permanently immutable in accordance with the inherent characteristics of distributed ledger technology. However, these blockchain records are pseudonymous and do not contain personally identifiable information or document content. The blockchain records serve as permanent verification of document authenticity and integrity but cannot be used to access or reconstruct the underlying documents or to identify individuals without additional information that we control.

8.4 Retention of Support Communications

We retain customer support communications, including emails, chat transcripts, and support tickets, for three years following the resolution of the support issue. This retention enables us to maintain continuity in ongoing support relationships, to improve our support processes, to defend against potential disputes, and to comply with regulatory requirements. Support communications are securely stored with restricted access and are deleted after the retention period unless extended retention is required for pending legal matters or investigations.

8.5 Retention of Analytics and Usage Data

We retain usage data, system logs, and analytics information for varying periods depending on the nature and purpose of the data. Detailed individual-level usage data is typically retained for 18 months to enable service improvement and security monitoring. Aggregated and anonymized analytics data may be retained indefinitely for research, benchmarking, and business intelligence purposes since such data does not identify individuals. Security logs and audit trails may be retained for longer periods as necessary for security investigations and compliance with regulatory requirements.

8.6 Early Deletion and Data Subject Requests

Notwithstanding the retention periods described above, we will delete or anonymize personal information earlier upon your request when technically feasible and legally permissible. If you request deletion of your personal information, we will honor your request subject to certain exceptions including information we must retain to comply with legal obligations, to complete transactions you have authorized, to detect and prevent fraud and security threats, to defend against legal claims, or to exercise our legal rights. When we cannot fully delete information due to legal requirements, we will restrict its use to only those purposes for which we are required to retain it.

9. YOUR RIGHTS AND CHOICES

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with meaningful control over your information. This section describes the rights available to you and how to exercise them.

9.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act provides you with specific rights regarding your personal information. You have the right to know what personal information we have collected about you, including the categories of personal information collected, the categories of sources from which information was collected, the business or commercial purposes for which we collect or sell personal information, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected about you. You can request this information for the preceding 12 months or, if we have retained information for longer periods, dating back to January 1, 2022.

You have the right to delete your personal information, subject to certain exceptions where we must retain information to complete transactions, detect security incidents and fraud, comply with legal obligations, or exercise free speech and other rights. When you request deletion, we will delete your personal information from our records and will direct our service providers to delete the information from their records, except where retention is required or permitted by law.

You have the right to correct inaccurate personal information that we maintain about you. If you believe that any personal information we hold about you is inaccurate, you can request that we correct it, and we will take reasonable steps to verify and update the information based on the documentation you provide.

You have the right to opt out of the sale or sharing of your personal information. While we do not sell personal information in the traditional sense of exchanging it for monetary consideration, certain data sharing practices such as allowing third-party analytics or advertising technologies to collect information through our Services could be considered a "sale" or "sharing" under California law. You can opt out by clicking "Do Not Sell or Share My Personal Information" on our website or by contacting us at privacy@trustsfer.com.

You have the right to limit the use and disclosure of your sensitive personal information to only those purposes necessary to provide the Services, to prevent security incidents and fraud, to comply with legal obligations, and for other specified purposes under California law. You can exercise this right by adjusting your privacy settings in your account or by contacting us at privacy@trustsfer.com.

You have the right not to receive discriminatory treatment for exercising your privacy rights. We will not deny you the Services, charge you different prices or rates, provide you with a different level or quality of service, or suggest that you will receive a different price or level of service solely because you exercised your privacy rights under California law. However, we may charge different prices or provide different services if the difference is reasonably related to the value provided by your data or if permitted by law.

9.2 Rights Under GDPR (European Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation and equivalent laws provide you with specific rights. You have the right to access your personal data and receive information about how we process it, including confirmation of whether we process your personal data, the purposes of processing, the categories of data processed, the recipients of the data, the retention periods, and information about your rights.

You have the right to rectification of inaccurate personal data and to have incomplete personal data completed. You have the right to erasure (also known as the "right to be forgotten") in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent on which processing is based, when you object to processing and there are no overriding legitimate grounds, or when the data has been unlawfully processed.

You have the right to restriction of processing in certain circumstances, which means we will store your data but not actively process it. You have the right to data portability, meaning the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from us.

You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to direct marketing, we will stop processing your data for those purposes. You have the right not to be subject to automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for entering into or performing a contract, is authorized by law, or is based on your explicit consent.

You have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of alleged infringement if you believe our processing of your personal data violates applicable law.

9.3 Exercising Your Rights

To exercise any of the rights described above, please submit a request by emailing privacy@trustsfer.com with "Privacy Rights Request" in the subject line, by using the data subject request form available on our website, or by postal mail to the address provided in the Contact Information section. When submitting a request, please provide sufficient information to enable us to verify your identity and locate your information in our systems, including your full name, email address associated with your account, organization name if applicable, and a description of your request.

We will acknowledge receipt of your request within 10 business days and will respond substantively within 45 calendar days for requests under California law or within one month for requests under GDPR. If we need additional time, we may extend the response period for an additional 45 days under California law or two months under GDPR, and we will notify you of the extension and the reason for it. To protect your privacy and security, we will verify your identity before fulfilling your request, which may require you to provide additional information or documentation depending on the sensitivity of the request.

You may designate an authorized agent to make requests on your behalf under California law by providing written authorization signed by you and your agent or by providing your agent with power of attorney. We will require the authorized agent to provide proof of authorization and may require you to verify your identity directly with us and to confirm that you provided the agent with authorization.

9.4 Communication Preferences

You can control the communications you receive from us through several methods. To opt out of marketing emails, you can click the "unsubscribe" link in any marketing email we send you, adjust your communication preferences in your account settings, or contact us at privacy@trustsfer.com. Please note that even if you opt out of marketing communications, we will still send you transactional and service-related communications that are necessary for the operation of your account and the provision of the Services.

9.5 Cookie Controls

You can control cookies and similar technologies through your browser settings. Most browsers allow you to refuse cookies or to alert you when cookies are being sent. You can also clear cookies from your browser at any time. Please note that if you disable or refuse cookies, some features of the Services may not function properly. For more information about cookies and how to control them, visit www.allaboutcookies.org or www.youronlinechoices.eu for European users.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, pixels, local storage, and similar tracking technologies to collect information about your use of the Services and to provide certain functionality. This section explains what these technologies are, how we use them, and how you can control them.

10.1 Types of Technologies We Use

Cookies are small text files placed on your device by websites you visit. Cookies allow websites to remember your actions and preferences over time and to recognize you when you return. We use both session cookies that expire when you close your browser and persistent cookies that remain on your device for a longer period or until you delete them.

Web beacons, also called pixels or clear GIFs, are tiny graphics with a unique identifier that are embedded in web pages and emails. Web beacons allow us to track whether you have viewed a particular web page or email message and to collect information about your device and browser.

Local storage technologies, including HTML5 local storage and similar mechanisms, allow websites to store information locally on your device. Local storage is similar to cookies but can store larger amounts of data and is not transmitted to our servers with every request.

10.2 How We Use These Technologies

We use essential cookies and similar technologies that are strictly necessary to provide the Services and to enable core functionality. These technologies are used for authentication and security to keep you logged in and protect your account from unauthorized access, for load balancing to distribute traffic efficiently across our servers, for session management to maintain your state as you navigate through the Services, for fraud prevention and detection, and to enable core features that you have requested. These essential technologies cannot be disabled without severely limiting your ability to use the Services.

We use functional cookies that remember your preferences and settings to provide enhanced functionality and personalization. These cookies remember your language preference, time zone, and display settings, save your customization choices, pre-populate forms with information you have previously provided, and remember which notifications you have dismissed. While not strictly necessary, these cookies significantly improve your user experience.

We use analytical cookies to understand how users interact with the Services and to identify opportunities for improvement. These cookies collect information about the pages you visit, the features you use, the time you spend on different pages, the links you click, the search terms you enter, and error messages you encounter. We use this information to analyze usage patterns, measure the effectiveness of features, identify technical issues, and optimize the Services. We may use third-party analytics services such as Google Analytics to help us collect and analyze this information.

We use performance cookies to monitor and improve the speed, reliability, and performance of the Services. These cookies collect information about page load times, server response times, error rates, and other performance metrics. This information helps us identify performance bottlenecks and optimize the Services for different devices and network conditions.

We use marketing cookies for advertising and promotional purposes where you have provided consent or where permitted by law. These cookies may be set by us or by third-party advertising partners and may track your activity across websites to deliver targeted advertising. Marketing cookies remember whether you have visited our website, collect information about your interests and preferences, measure the effectiveness of advertising campaigns, and limit the number of times you see the same advertisement.

10.3 Third-Party Technologies

We allow certain third-party service providers to place cookies and similar technologies on the Services to provide analytics, advertising, and other services on our behalf. These third parties include analytics providers such as Google Analytics that help us understand user behavior, advertising networks that may display our advertisements on other websites you visit, social media platforms if you interact with social media features on our Services, payment processors that facilitate transactions, and customer support platforms that enable chat and support functionality.

These third parties have their own privacy policies governing their collection and use of information, and we are not responsible for their practices. We encourage you to review the privacy policies of these third parties to understand how they collect, use, and share information. Where required by law, we will obtain your consent before allowing third-party technologies that are not strictly necessary for the Services.

10.4 Your Choices About Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse all cookies, to accept only certain cookies, to be notified when a cookie is set or updated, and to delete cookies that have been set previously. Please consult your browser's help documentation for instructions on managing cookies. Common browsers provide cookie controls at the following locations: Chrome settings under "Privacy and security," Firefox preferences under "Privacy & Security," Safari preferences under "Privacy," Edge settings under "Cookies and site permissions," and other browsers through similar privacy or security settings.

Please note that if you choose to block or delete cookies, some features of the Services may not function properly, you may need to manually adjust some preferences every time you visit, and you may experience reduced functionality. Essential cookies cannot be disabled without preventing you from using core features of the Services.

You can opt out of interest-based advertising from participating companies by visiting the Digital Advertising Alliance opt-out page at www.aboutads.info/choices, the Network Advertising Initiative opt-out page at www.networkadvertising.org/choices, or for European users, the European Interactive Digital Advertising Alliance at www.youronlinechoices.eu. Please note that opting out does not mean you will no longer receive advertisements, but rather that the advertisements you see will be less targeted to your interests.

10.5 Do Not Track Signals

Some browsers support a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. There is currently no universal standard for how to interpret and respond to Do Not Track signals, and we do not currently respond to these signals. However, you can use the cookie controls described above to manage tracking technologies on our Services.

11. CHILDREN'S PRIVACY

The Services are intended exclusively for professional and institutional users conducting business activities and are not directed to individuals under the age of 18. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 13, or under the age of 16 for users in the European Economic Area, or knowingly allow such persons to register for or use the Services. If you are under the age of 18, you may not use the Services or provide any personal information to us. If we learn that we have collected personal information from a child under 13, or under 16 for European users, without verification of parental consent where required by law, we will promptly delete that information. If you believe that we might have collected information from a child under the applicable age threshold, please contact us immediately at privacy@trustsfer.com with details so that we can investigate and take appropriate action. Parents and guardians who believe their child has provided personal information to us should contact us at privacy@trustsfer.com to request deletion of such information. We will verify the identity of the person making the request to ensure they are the parent or guardian before taking action.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy and will provide notice of material changes through one or more of the following methods: sending an email notification to the email address associated with your account, displaying a prominent notice on the Services or our website, providing an in-application notification when you next access the Services, or posting an announcement on our blog or in our newsletter. Material changes are those that significantly affect your rights or how we collect, use, or share your personal information. For material changes, we will provide notice at least 30 days before the changes take effect, giving you an opportunity to review the updated Privacy Policy and to discontinue use of the Services if you do not agree with the changes. For non-material changes, such as clarifications, updates to contact information, or changes required by law, we may provide notice with shorter notice periods or post the updated Privacy Policy without advance notice. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop using the Services and may terminate your account in accordance with our Terms of Service. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and to understand your privacy rights. We will maintain prior versions of this Privacy Policy in an archive for your review. You can request previous versions by contacting us at privacy@trustsfer.com.

13. CALIFORNIA-SPECIFIC DISCLOSURES

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) and other California privacy laws.

13.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information as defined by California law: identifiers such as name, email address, IP address, and account identifiers; commercial information including transaction history, purchasing behavior, and subscription details; internet or other electronic network activity information including browsing history, search history, and interactions with the Services; geolocation data derived from IP addresses; professional or employment-related information including job title, company name, and business contact information; inferences drawn from the above categories to create profiles reflecting preferences, characteristics, and behavior; and sensitive personal information including financial account information for payment processing and the content of communications through the Services.

13.2 Sources of Personal Information

We collect personal information from the following sources: directly from you when you register, use the Services, or communicate with us; automatically through cookies and similar technologies when you use the Services; from third parties including business partners, service providers, data brokers, and publicly available sources; from other users when they interact with you through collaboration features; and from your device when you access the Services through mobile applications or browsers.

13.3 Purposes for Collection and Use

We collect and use personal information for the business and commercial purposes described in Section 3 of this Privacy Policy, including to provide and improve the Services, for security and fraud prevention, for legal compliance, for communications and customer support, for analytics and research, and for marketing where permitted. We do not collect additional categories of personal information or use personal information for materially different purposes without providing you with notice and, where required by law, obtaining your consent.

13.4 Disclosure of Personal Information

In the preceding 12 months, we have disclosed personal information to the following categories of third parties for business purposes: service providers including cloud hosting, payment processing, analytics, and customer support providers; professional advisors including attorneys, accountants, and auditors; business partners and affiliates; government agencies and law enforcement when required by law; and parties to corporate transactions such as mergers or acquisitions. We do not sell personal information in exchange for monetary consideration and have not done so in the preceding 12 months. We do not share personal information for cross-context behavioral advertising purposes.

13.5 Retention Periods

We retain different categories of personal information for different periods based on the purposes for which they were collected and legal requirements. Account and contact information is retained for the subscription term plus 12 months. Transaction and project data is retained for up to 7 years. Support communications are retained for 3 years. Usage data and analytics are retained for 18 months at the individual level and indefinitely in aggregated form. Specific retention periods are described in Section 8 of this Privacy Policy.

13.6 Rights and How to Exercise Them

California residents have the rights described in Section 9.1 of this Privacy Policy, including rights to know, delete, correct, opt out, limit use of sensitive personal information, and non-discrimination. To exercise these rights, contact us using the methods described in Section 9.3. We will respond to verified requests within the timeframes required by California law and will not discriminate against you for exercising your rights.

13.7 Authorized Agents

California residents may designate an authorized agent to make requests on their behalf by providing written authorization or power of attorney. We will require proof of authorization and may require you to verify your identity directly with us. For more information, see Section 9.3.

13.8 Financial Incentives

We do not currently offer financial incentives or price or service differences related to the collection, retention, or sale of personal information. If we implement such programs in the future, we will provide separate terms describing the material aspects of the program and will obtain your opt-in consent before enrolling you.

13.9 Shine the Light

Under California Civil Code Section 1798.83 (Shine the Light law), California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes without your consent. If you have questions about this, please contact privacy@trustsfer.com.

14. NEVADA RESIDENTS

If you are a Nevada resident, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. While we do not currently sell personal information as defined by Nevada law, Nevada residents may submit an opt-out request by emailing privacy@trustsfer.com with "Nevada Do Not Sell Request" in the subject line and providing their name and the email address associated with their account. We will respond to such requests in accordance with applicable Nevada law.

15. ACCESSIBILITY

We are committed to ensuring that this Privacy Policy is accessible to individuals with disabilities. If you have difficulty accessing or understanding any part of this Privacy Policy due to a disability, please contact us at privacy@trustsfer.com and we will work with you to provide the information in an alternative format that meets your needs. This may include providing the Privacy Policy in large print, audio format, or through other accessible means.

16. CONTACT INFORMATION

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, if you wish to exercise your privacy rights, or if you need to report a security incident, please contact us through one of the following methods. For privacy-related inquiries, data subject requests, and general privacy questions, email privacy@trustsfer.com. For security incidents, vulnerability disclosures, and unauthorized access reports, email security@trustsfer.com. For California-specific privacy requests and CCPA-related matters, email ccpa@trustsfer.com. For European privacy matters and GDPR-related requests, email gdpr@trustsfer.com. You may also contact us by postal mail at: SYNCSFER CORP., Attention: Privacy Officer, [Insert Physical Address], [City], California [Zip Code], United States of America. We will respond to your inquiries within a reasonable timeframe and in accordance with applicable law. For data subject requests, we will acknowledge receipt within 10 business days and will respond substantively within the timeframes specified in Section 9.3. If you have a complaint about our privacy practices, we encourage you to contact us first so that we can attempt to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the appropriate supervisory authority or regulatory agency. For California residents, you may contact the California Privacy Protection Agency at www.cppa.ca.gov or by calling 916-710-5000. For European residents, you may contact your local data protection authority.

17. DEFINITIONS

For ease of reference, the following defined terms are used throughout this Privacy Policy. "CCPA" means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 and related regulations. "CPRA" means the California Privacy Rights Act of 2020. "Customer Data" means electronic data, information, and content provided by customers through use of the Services. "GDPR" means the General Data Protection Regulation (EU) 2016/679 and related implementing legislation. "Personal Information" or "Personal Data" means information that identifies, relates to, describes, or could reasonably be linked with a particular individual or household, as defined under applicable law. "Processing" means any operation performed on personal information, including collection, recording, organization, storage, use, disclosure, and deletion. "Service Provider" or "Processor" means an entity that processes personal information on behalf of a business or controller. "Services" means the TrustSfer platform and related services provided by SYNCSFER CORP. "Sensitive Personal Information" means personal information that reveals specific categories of sensitive data as defined under applicable law, including financial account information, precise geolocation, and contents of communications. "Third Party" means any entity other than SYNCSFER, the customer, and their respective service providers. "You" or "Your" means the individual accessing the Services or about whom we collect personal information.

ACKNOWLEDGMENT

BY USING THE SERVICES, CREATING AN ACCOUNT, OR PROVIDING INFORMATION TO US, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, DISCLOSURE, AND RETENTION OF YOUR INFORMATION AS DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MUST NOT USE THE SERVICES OR PROVIDE ANY INFORMATION TO US.