PRIVACY POLICY

TRUSTODI PAYMENT SERVICES

Effective Date: January 1, 2025

Last Updated: January 2025

1. INTRODUCTION

1.1 Our Commitment

TRUSTODI (“we,” “us,” or the “Company”), doing business on behalf of Tru Stodi (Registration No. 247233), is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment services, website, mobile applications, Telegram bot, and other digital interfaces (collectively, our “Services”).

1.2 Scope

This Privacy Policy applies to all users of TRUSTODI Services, including: – Website visitors – Registered users – Customers – Telegram bot users – Mobile app users – API users

1.3 Consent

By accessing or using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

1.4 Service Model

TRUSTODI operates as an API aggregator and technology provider. We facilitate connections between users and licensed financial service providers. The collection and processing of your information may involve both TRUSTODI and our licensed partners in accordance with applicable regulations.

TRUSTODI – Confidential Page 1 of 14

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration Information

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Residential address
  • Nationality
  • Username and password

Identity Verification (KYC) Information

  • Government-issued identification documents (passport, driver’s license, national ID)
  • Proof of address (utility bills, bank statements)
  • Selfie photographs for biometric verification
  • Source of funds documentation
  • Employment information
  • Tax identification numbers

Transaction Information

  • Bank account details
  • Credit/debit card information
  • Cryptocurrency wallet addresses
  • Transaction history
  • Payment amounts and currencies
  • Recipient information

Communication Information

  • Customer support inquiries
  • Feedback and complaints
  • Survey responses
  • Telegram messages

TRUSTODI – Confidential Page 2 of 14

  • Email correspondence

2.2 Information We Collect Automatically

Device and Technical Information

  • IP address
  • Device type and identifiers
  • Operating system
  • Browser type and version
  • Mobile network information
  • Screen resolution
  • Language preferences
  • Time zone settings

Usage Information

  • Pages visited
  • Features used
  • Click patterns
  • Session duration
  • Referral sources
  • Search queries
  • Transaction patterns

Location Information

  • GPS data (with permission)
  • IP-based location
  • Country and region

Cookies and Tracking Technologies

  • Session cookies
  • Persistent cookies
  • Web beacons
  • Pixel tags
  • Local storage
  • Analytics identifiers

TRUSTODI – Confidential Page 3 of 14

2.3 Information from Third Parties

Verification Services

  • Identity verification results
  • AML/KYC screening reports
  • Credit information
  • Sanctions list checks
  • PEP (Politically Exposed Person) status

Payment Processors

  • Transaction confirmations
  • Payment status updates
  • Chargeback information
  • Fraud indicators

Business Partners

  • Referral information
  • Affiliate tracking data
  • Integration partner data

3. HOW WE USE YOUR INFORMATION

3.1 Service Provision

  • Process your registration and create your account
  • Verify your identity and comply with KYC requirements
  • Share your information with relevant licensed partners who provide the actual financial services
  • Process transactions and payments through our licensed partners
  • Provide customer support
  • Send transaction confirmations and receipts
  • Manage your wallet and account balance
  • Facilitate connections between you and appropriate service providers

TRUSTODI – Confidential Page 4 of 14

3.2 Partner Selection and Routing

  • Determine which licensed partner can best serve your transaction needs
  • Route your request to the appropriate licensed financial service provider
  • Ensure compliance with jurisdictional requirements
  • Match your transaction requirements with available service corridors

3.3 Legal and Compliance

  • Comply with anti-money laundering (AML) regulations
  • Conduct sanctions screening
  • Report suspicious activities to authorities
  • Respond to legal requests and court orders
  • Prevent fraud and financial crimes
  • Maintain transaction records as required by law

3.4 Security and Risk Management

  • Detect and prevent fraudulent activities
  • Monitor for suspicious transactions
  • Implement security measures
  • Conduct risk assessments
  • Investigate security incidents
  • Protect against unauthorized access

3.5 Communication

  • Send important service updates
  • Provide security alerts
  • Respond to your inquiries
  • Send marketing communications (with consent)
  • Conduct customer surveys
  • Share product updates and new features

3.6 Service Improvement

  • Analyze usage patterns

TRUSTODI – Confidential Page 5 of 14

  • Improve user experience
  • Develop new features
  • Optimize performance
  • Conduct A/B testing
  • Personalize services

3.7 Business Operations

  • Maintain business records
  • Conduct audits
  • Manage partnerships
  • Process employment applications
  • Enforce our Terms and Conditions

4. INFORMATION SHARING AND DISCLOSURE

4.1 Licensed Financial Partners

We necessarily share your information with our licensed financial partners who provide the actual financial services.

This sharing is essential for service delivery and includes: – Personal identification information for KYC compliance – Transaction details for payment processing – Contact information for service communications – Financial information for transaction execution – Verification documents as required by regulations

Our licensed partners are: – Fully regulated in their respective jurisdictions – Bound by strict confidentiality agreements – Required to protect your data according to applicable laws – Only permitted to use your data for service provision

4.2 Other Service Providers

We share information with trusted third-party service providers who assist us in: – Payment processing through licensed partners – Identity verification – Cloud hosting and data storage – Customer support – Email and SMS services – Analytics and monitoring – Security and fraud prevention

All third-party service providers are: – Contractually obligated to protect your information – Licensed in their respective jurisdictions where required – Subject to strict confidentiality agreements – Permitted to use your information only as necessary to provide services

TRUSTODI – Confidential Page 6 of 14

4.3 Legal and Regulatory Disclosure

We may disclose your information to: – Law enforcement agencies – Regulatory authorities – Courts and tribunals – Government agencies – Tax authorities

When required by: – Applicable laws – Court orders – Subpoenas – Regulatory requirements – National security obligations

4.4 Business Transfers

Your information may be transferred in connection with: – Mergers or acquisitions – Sale of company assets – Bankruptcy proceedings – Corporate restructuring

4.5 Consent-Based Sharing

We may share your information when you: – Explicitly consent to sharing – Direct us to share information – Use third-party integrations – Participate in referral programs

4.6 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you for: – Industry research – Statistical analysis – Marketing purposes – Partnership opportunities

5. DATA RETENTION

5.1 Retention Periods

We retain your information for: – Active accounts: Duration of account plus 5 years – Transaction records: 7 years (or as required by law) – KYC documents: 5 years after account closure – Communication records: 3 years – Marketing data: Until consent withdrawal – Technical logs: 12 months

5.2 Deletion and Disposal

When retention periods expire, we: – Securely delete electronic records – Shred physical documents – Anonymize data where possible – Maintain deletion logs

TRUSTODI – Confidential Page 7 of 14

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures including: – 256-bit SSL/TLS encryption for data transmission – AES encryption for data at rest – Multi-factor authentication – Regular security audits – Intrusion detection systems – Firewalls and access controls – Employee security training – Incident response procedures

6.2 Data Breach Response

In the event of a data breach, we will: – Investigate immediately – Contain and remediate the breach – Notify affected users within 72 hours – Report to relevant authorities – Provide guidance on protective measures – Review and improve security measures

7. INTERNATIONAL DATA TRANSFERS

7.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your residence, including: – Countries where our servers are located – Countries where our service providers operate – Countries required for transaction processing

7.2 Transfer Safeguards

We ensure appropriate safeguards through: – Standard contractual clauses – Adequacy decisions – Binding corporate rules – Consent where required

8. YOUR RIGHTS AND CHOICES

8.1 Access and Portability

You have the right to: – Access your personal information – Receive a copy of your data – Export data in machine-readable format

8.2 Correction and Update

You can: – Update account information – Correct inaccurate data – Complete incomplete information

TRUSTODI – Confidential Page 8 of 14

8.3 Deletion and Erasure

You may request: – Account deletion – Removal of specific information – Right to be forgotten (where applicable)

8.4 Restriction and Objection

You can: – Restrict processing of your data – Object to certain uses – Opt-out of marketing communications

8.5 Consent Withdrawal

You may withdraw consent for: – Marketing communications – Non-essential cookies – Optional data collection

8.6 Exercising Your Rights

To exercise your rights, contact us at: – Email: privacy@trustodi.com – Support channels listed in our Terms

9. COOKIES AND TRACKING

9.1 Types of Cookies

Essential Cookies

  • Session management
  • Security features
  • Load balancing
  • User preferences

Analytics Cookies

  • Usage statistics
  • Performance monitoring
  • Error tracking
  • Feature adoption

TRUSTODI – Confidential Page 9 of 14

Marketing Cookies

  • Advertising effectiveness
  • Retargeting
  • Conversion tracking
  • Campaign attribution

9.2 Cookie Management

You can manage cookies through: – Browser settings – Cookie consent banner – Account preferences – Third-party opt-out tools

9.3 Do Not Track

We currently do not respond to Do Not Track signals, but provide cookie controls as described above.

10. CHILDREN’S PRIVACY

10.1 Age Restrictions

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect information from minors.

10.2 Parental Rights

If we discover we have collected information from a minor, we will: – Delete the information immediately – Terminate the account – Notify the parent or guardian if possible

11. THIRD-PARTY SERVICES

11.1 External Links

Our Services may contain links to third-party websites. We are not responsible for their privacy practices.

TRUSTODI – Confidential Page 10 of 14

11.2 Third-Party Integration

When you use third-party services integrated with ours: – Their privacy policies apply – We are not responsible for their practices – Review their policies before use

12. TELEGRAM BOT PRIVACY

12.1 Bot-Specific Collection

Our Telegram bot collects: – Telegram user ID – Username – Messages sent to the bot – Commands used – Transaction requests

12.2 Bot Security

  • End-to-end encryption for sensitive operations
  • Session timeouts
  • Command validation
  • Rate limiting

13. MARKETING AND COMMUNICATIONS

13.1 Marketing Preferences

You can manage marketing communications through: – Email unsubscribe links – Account settings – Customer support requests

13.2 Transactional Communications

We will always send essential communications about: – Security alerts – Account changes – Transaction confirmations – Legal updates

14. DATA PROTECTION OFFICER

14.1 Contact Information

For privacy-related inquiries, contact our Data Protection Officer: – Email: dpo@trustodi.com – Address: TRUSTODI, Republic of Seychelles

TRUSTODI – Confidential Page 11 of 14

14.2 Complaints

If you have privacy concerns: 1. Contact our DPO first 2. File a complaint with your local data protection authority 3. Seek judicial remedy

15. EUROPEAN PRIVACY RIGHTS

15.1 GDPR Compliance

For European Economic Area residents, we comply with the General Data Protection Regulation (GDPR): – Lawful basis for processing – Data minimization – Purpose limitation – Storage limitation – Integrity and confidentiality

15.2 Legal Basis

We process your data based on: – Contract performance – Legal obligations – Legitimate interests – Vital interests – Consent

16. CHANGES TO THIS POLICY

16.1 Policy Updates

We may update this Privacy Policy to reflect: – Changes in our practices – New features or services – Legal requirements – Industry standards

16.2 Notification

We will notify you of material changes through: – Email notification – Platform announcements – Website banners

16.3 Version History

  • Version 1.0 – January 2025 (Initial release)

TRUSTODI – Confidential Page 12 of 14

17. CONTACT US

17.1 General Inquiries

For questions about this Privacy Policy or our privacy practices:

Email: privacy@trustodi.com Support: support@trustodi.com WhatsApp: +971 58 269 7381 Telegram: @Trustodi

17.2 Mailing Address

TRUSTODI Doing Business on behalf of Tru Stodi (247233) Republic of Seychelles

17.3 Response Time

We aim to respond to privacy inquiries within: – General inquiries: 5 business days – Rights requests: 30 days – Data breach notifications: 72 hours

18. DEFINITIONS

Personal Information: Information that identifies or can identify you as an individual Processing: Any operation performed on personal information Controller: Entity that determines purposes and means of processing Processor: Entity that processes information on behalf of the controller Data Subject: Individual whose personal information is processed Consent: Freely given, specific, informed, and unambiguous agreement Anonymization: Irreversibly removing identifying information Pseudonymization: Replacing identifying information with artificial identifiers

19. ACKNOWLEDGMENT

By using TRUSTODI’s Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

TRUSTODI – Confidential Page 13 of 14

TRUSTODI Doing Business on behalf of Tru Stodi (247233) Republic of Seychelles

Effective Date: January 1, 2025 Last Updated: January 2025 Version: 1.0

TRUSTODI – Confidential