PRIVACY POLICY

of Involute Inc. d.b.a. Xuno (“Company”)

Effective Date: Nov 1, 2022

With relation to the product and services provided under its brands and subsidiaries.

This privacy policy (“Policy”) describes how the Company (interchangeably used as “we”, “our”, “us”) may collect, use, process your Customer Data and with who and for what purposes we may share your Customer Data. There may be supplemental regulations and standards that may apply with regards to your Customer Data depending on the country/region you are in or belong to or any Applicable Laws.

DEFINITION OF TERMS

  1. Applicable Law
  2. means any laws, rules, bylaws, regulations, decrees, enactments, orders, mandates, resolutions promulgated by legislative or other authorized entities of government relating to data, data security, data protection, data privacy, data processing that applies to us and our services.

  3. Customer Data
  4. The Customer Data are personal data and other data relating to you as defined in the Applicable Law. Usually, it means any information relating to you including details and information relating to you and your transactions described in this Policy.

  5. Company
  6. means Involute Inc. d.b.a. Xuno and mentions “we”, “our”, “us”.

  7. You or Your
  8. means visitor to one of our websites, mobile apps; a user of one or more of our services; or a direct or indirect user or recipient of our services.

TYPE OF CUSTOMER DATA WE MAY COLLECT

We collect Customer Data of our users. In this regard, we may collect your Customer Data if you use our services to make payment or you receive payment through our services. This section contains some common non-exhaustive examples of Customer Data we collect subject to the country/region you are in or the Applicable Laws. Some of these data may be sensitive under the laws of some jurisdictions and may not be collected.

  1. Name, email address and phone number date of birth when you create your account.
  2. Address, date of birth, and demographic information (such as gender, marital status) when you complete your profile.
  3. Your photo or image if you opt for biometric identification (optional).
  4. Username, password, social media profile create your account.
  5. GPS location automatically when you initiate a transaction.
  6. Financial information (such as account holder name, account number, credit/debit card information) when you link your bank and/or card account.
  7. Transaction information (such as payment amount, date, details of recipient, relation to beneficiary, purpose of transaction) when you initiate a transaction.
  8. Language preference when you complete your profile.
  9. Device identifier for any device used to access our online services (such as model, serial number, usage tracking) automatically when log-in to your account.
  10. Cookies and other tracking technologies automatically when visiting our website or app.
  11. Usage data such as time and duration of use of the online services, error reports, and performance data. Information and data collected include your internet protocol (IP) address and information related to the IP address automatically when log-in to your account.
  12. Type and version of your device's operating system or web browser automatically when you visit our website/app.
  13. Hardware model and other unique device identifiers sometimes when log-in to your account.

OUR USE, PROCESSING AND SHARING OF CUSTOMER DATA

We use, process or share (with affiliated payment processors as well as banks and financial institutions) Customer Data once we fulfill the legal basis to use the Customer Data. We use, process or share Customer Data to carry out and complete the transaction service we provide to our customers as agreed in the contract setting out terms of use, to comply with our regulatory requirements, to improve our services, and to pursue our legitimate business interests. Some of them are described below:

Contract setting out terms of use:

One of the legal grounds that gives us the basis to use, process and share (with affiliated payment processors as well as banks and financial institutions) Customer Data is the contract entered into between you and us, and to perform our obligation under the contract. The activities we carry out pursuant to this contract setting out terms of use include:

  1. Creation of account
  2. Origination of payment instruction
  3. Processing of the payment transaction
  4. Provide payment service as set out in the contract;
  5. Maintaining your access to related services and sending you communications regarding the services, maintenance activities, functionality or other matters relating to the services.
  6. Any other purpose for which we will obtain your prior consent before using the Customer Data for such purpose.

Regulatory Compliance:

We use, process or share (with affiliated payment processors as well as banks and financial institutions) Customer Data to comply with our regulatory requirements including the following:

  1. Monitoring, detection, and prevention of fraud;
  2. Identification, reporting and prevention of illegal activities such as AML (anti-money laundering), CTF (counter terrorist financing), and KYC (know your customer) obligation

Legitimate Business Interest and Improvement of Service:

Subject to the Applicable Law, we are allowed to collect, use, share (with affiliated payment processors as well as banks and financial institutions) and process Customer Data to pursue our legitimate business interests. Our legitimate interests are as follows:

  1. Monitoring, detection, and prevention of fraud;
  2. Identification ,reporting and prevention of illegal financial activities;
  3. Improve our services and systems;
  4. Update our systems, tools, services;
  5. Collaborate with our affiliates and third-parties to and to share data including Customer Data to our affiliates and third-parties to operate our business and to achieve the above listed legitimate business interest
  6. Carry out analysis and studies relating to our business and systems, and to generate resources to achieve the above listed legitimate business interest;

Additionally, the Company may share Customer Data with other third-parties not mentioned in this document for the following purposes:

  1. Share Customer Data with third-party entities who perform specialized services for the Company whereby the third-party’s use of the Customer Data will be limited by their contract with us;
  2. Share Customer Data with third-party entities who assist Company in providing the Company’s service to you whereby the third-party’s use of the Customer Data will be limited by their contract with us;
  3. Share Customer Data with regulators and courts and to comply with Applicable laws, court orders and lawful requests from law enforcement, regulatory and other governmental agencies;
  4. If, in the future, the Company is sold or transferred or some or all of its business or assets is sold or transferred to a third party (or similar transactions that alters the structure of our business including reorganization and assignment), we may share Customer Data to potential or actual such third-party purchasers. The third-party purchaser will have the right to continue to use Customer Data in compliance with the terms of this Policy.

INTERNATIONAL TRANSFERS OF CUSTOMER DATA

We operate in multiple jurisdictions. So, your Customer Data may be stored and processed in any country where we operate. We may transfer your Customer Data to another country different from the country of your residence or nationality. While carrying out the cross-border transfers of data, we comply with all Applicable Law that applies to such Customer Data. Prior consent and disclosure will be provided

DATA SECURITY AND RETENTION

We may retain the Customer Data for as long as it is necessary to carry out the objectives pursuant to this Policy. In some instances, we may retain the Customer Data to comply with our legal obligation. We may also retain the data longer to comply with our reporting obligations and to carry out investigations towards improving our service and towards strengthening our system’s security.

We will make all reasonable efforts to keep the Customer Data secure from any risk that is associated with our storage, sharing and processing of Customer Data. We have set out all administrative and technological measures in place to keep the Customer Data secure against unauthorized access, loss or misuse. However, it must be noted that nothing can guarantee a 100% security so if you believe that your Customer Data or your interaction is no longer secure, please contact us through the means described in the paragraph titled ‘contact us’ below.

UPDATE TO THIS POLICY

We may update this Policy from time to time for various reasons including to comply with Applicable Law, to reflect the changes in our practice of using, processing and sharing Customer Data, to incorporate needs of our new services that we may add. The date at the top of this document reflects when this Policy was last updated.

We will provide all of our customers (who use our service) an alert stating that this Policy has been updated via email address or physical address you have listed with us. We may also post alerts on our websites and mobile apps to communicate to the visitors that we have updated this Policy.

In case the Applicable Law or the authorities in the country/region require, we will obtain your consent or provide notice in the specified manner prior to making any changes to this Policy that is applicable to your Customer Data.

COOKIE POLICY

We may use cookies to collect the Customer Data described in this Policy.

THIRD PARTY LINKS

There may be third-party links and services that are embedded in our services. This privacy policy only applies to our services. If you click any third-party links, please read their privacy policy to understand how they collect, use, process and share your data.

DATA OF CHILDREN

Our services are not offered to children and we request them not to use our services or provide any personal data through our Services. We do not sell data of children under the age of 16.

YOUR RIGHTS AND CONTROL OVER YOUR CUSTOMER DATA

You have rights and control over your Customer Data that differs from country/region and Applicable Law. In the European Union, these rights are: right to request a copy of Customer Data we have, right to request correction of Customer Data, to right to request details about the processing of Customer Data and what data we have submitted to data processors. Additionally, in the European Union and some other regions, you may have the right to object to processing of your Customer Data. If the country/region provides these rights and if you wish to exercise these rights, you may do so by contacting us by using the details set out below in the paragraph titled Contact Us.

Additionally, in case of usage, collections or processing that we do based on your consent given to us, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, you may do so by contacting us by using the details set out below in the paragraph titled Contact Us. We will comply with your request as soon as reasonably practicable.

However, we may not be able to comply with your requests if we no longer hold your Customer Data.

In any case, if you are not satisfied with our handling of your requests, you may have the right to reach out to data protection authorities of your jurisdiction subject to the Applicable Laws.

SPECIFIC PROVISIONS FOR SPECIFIC JURISDICTIONS

Some of the jurisdictions we operate in confer some specific provision available to the residents or citizens of the jurisdictions as described below.

Nepal

Nepal law requires that we disclose to you the purpose for which we collect your Customer Data and not use the Customer Data for any purpose other than what is disclosed to you. Nepal law further requires, for certain types of Customer Data, that we disclose the time, subject, nature of data being collected; the purpose of collection and the provisions relating to security of the data. If you are a customer in Nepal, we will collect and process your Customer Data in compliance with this requirement.

California

In addition to your rights described in this Policy, California law provides additional rights to California customers regarding their Customer Data. The rights are as follows:

  1. You may request a description of categories and specific details of Customer Information about you that we have collected;
  2. You may request a description of the categories of Customer Information about you that we may disclose to third parties for business purpose along with the description of such third-parties;
  3. You may request that we delete Customer Data relating to you that we have collected (however Customer Data that we need to retain pursuant to Applicable Law may not be deleted).

Contact Us

If you have any questions or complaints, or you wish to exercise any of the rights described in this document, please contact us [here] or send email [here] or call [1-866-356-1201]. You can also contact our data processor [here]or send email [here] or call [1-866-356-1201]. Please note that we might require you to verify your identity before complying with your request. If you wish to use an authorized agent to submit a request, we will also need to verify the authorized agent by verifying that the original requestor has given a written valid permission. We may deny a request if the identity cannot be verified, or if the grant of permission to the agent cannot be verified.

ELECTRONIC FUND TRANSFERS (ETs) AND ACCOUNT BALANCES

Involute, Inc. d.b.a. Xuno partners with financial services software company Sila Inc. (Sila) and banking services provider Evolve Bank & Trust (Evolve), member FDIC, to offer you electronic fund transfers and provide you with an Account. By registering for our platform, linking your external bank account, and authorizing any electronic payment, you authorize us to share your identity and banking information with Sila and Evolve to support your Account. You also agree to the terms and conditions of Sila’s privacy policy, , and Evolve's privacy policy,(the “Partner Privacy Terms”). It is your responsibility to ensure the data you provide to us is accurate and complete, which is necessary for our partners to process electronic fund transfers on your behalf and provide you with continued access to the Account. The Partner Privacy Terms may be modified from time to time, and the governing versions are incorporated by reference as part of this Privacy Policy. IT IS YOUR RESPONSIBILITY TO READ AND UNDERSTAND THE PARTNER PRIVACY TERMS BECAUSE THEY CONTAIN TERMS AND CONDITIONS CONCERNING YOUR ACCOUNT WITH US, INCLUDING BUT NOT LIMITED TO USE OF OUR PERSONAL INFORMATION.

California Privacy Rights. If you are a resident of the State of California, under the California Consumer Privacy Act (CCPA), you have the right to request information on how to exercise your disclosure choice options from companies conducting business in California. Specifically,

  • Exercising the Right to Know.You may request, up to twice in a 12-month period, the following about the personal information collected on you in the past 12 months: (a) the categories and specific pieces of personal information we have collected; (b) the categories of sources from which we collected the personal information; (c) the business or commercial purpose for which we collected it; (d) the categories of third parties with whom we shared the personal information; and (e) the categories of personal information about you that we disclosed for a business purpose.
  • Exercising the Right to Delete.You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
  • Exercising the Right to Opt-Out from Sale.You may request to opt out of any “sale” of your personal information that may take place.
  • Non-Discrimination.The CCPA provides that you may not be discriminated against for exercising these rights.

  • To submit a request to exercise any of the rights described above, you may contact Involute, Inc. d.b.a. Xuno either by email to info@xuno.co or contact us via postal mail, proper postage prepaid, at:

    • Involute, Inc.
    • Attn: Your California Privacy Rights
    • 2108 W CLEARVIEW DR
    • Ellensburg, WA 98926

    Please indicate your preference as to how you would like us to respond to your request (i.e., email or postal mail). All requests sent via postal mail must be labeled “Your California Privacy Rights” on the envelope or postcard and clearly stated on the actual request. For all requests, please include your name, street address (if you would like a response via postal mail), city, state, and zip code. We may need to verify your identity before responding to your request, such as verifying that the email address or contact information from which you send the request matches your email address or contact information that we have on file. Authentication based on a government-issued and valid identification document may be required. We will not accept requests via telephone or fax. Weare not responsible for notices that are not labeled or sent properly, or do not have complete information.