Privacy Policy

1. Overview; Acceptance

By accessing or using the Service, you agree to this Privacy Policy and consent to our collection, processing, and use of personal information as described herein. This Policy is designed to provide comprehensive disclosure of Bitveste's data handling practices across all platform functions, including user registration, transaction processing, fund custody, merchant verification, payment settlement, and customer support.

2. Controller, Principal Entity, and Contact

Principal Operating Entity & Fund Custodian: Bitvest Capital LLC

Function: Bitvest Capital LLC serves as the primary fund custodian and settlement agent for all user allocations, merchant payments, and related financial transactions. All user funds transferred to Bitveste are deposited into Bitvest Capital LLC's primary operating account before verification, allocation, and merchant disbursement.

Registered Address: 13313 Bellacosa Ave, Baton Rouge, LA 70817, United States

Registered Agent: Alfonso Arechiga

Privacy Contact / Data Protection Officer: privacy@bitveste.com

Legal Notices & Compliance: legal@bitveste.com

Fund Administration & Merchant Services: operations@bitveste.com

3. Scope and Applicability

This Policy applies to personal information collected through our websites (bitveste.com and related domains), mobile applications, APIs, SDKs, settlement portals, merchant verification systems, and any offline or electronic interactions related to the Service. It applies to U.S. persons and residents using the Service; where local law provides additional rights (e.g., California CCPA/CPRA, Virginia VCDPA, Colorado CPA), we describe those rights below. Non-U.S. persons should contact us before using the Service.

4. Definitions

• Personal Information: Information that identifies, relates to, or could reasonably be linked with an individual, as understood under applicable U.S. laws.
• Processed / Processing: Any operation performed on Personal Information, including collection, use, disclosure, retention, and deletion.
• Service Providers / Processors: Third parties that process data on our behalf under written contract and our documented instructions.
• Allocation: A user's structured participation opportunity in a specific merchant or inventory offering, documented in our platform and subject to the participation terms.
• Fund Custody: Bitvest Capital LLC's safeguarding of user funds in segregated accounts pending allocation, settlement, or return to the user.
• Verified Merchant: A third-party provider that has completed Bitveste's KYC/AML vetting, business verification, and ongoing compliance screening.

5. Categories of Information Collected

We collect the following categories of personal information, as applicable:

• A. Identity & Account Data: Name, username, email, phone number, date of birth, government-issued ID (driver's license, passport), state of residency, citizenship status, emergency contact information.
• B. Contact Data: Primary and secondary email addresses, phone numbers (mobile, business, home), mailing address, shipping address, contact preferences.
• C. Credential Data: Password hashes (bcrypt/scrypt or similar), two-factor authentication secrets, API keys, OAuth tokens, session identifiers (never plain-text passwords).
• D. Financial & Payment Data: Bank account numbers, routing numbers, ACH authorization records, payment card details (tokenized and never stored in plaintext by us), wire transfer instructions, ACH return and reversal records, transaction histories, allocation records, settlement statements, disbursement records, credit line applications, credit decisions, payment history.
• E. Verification & Compliance Data: Government-issued photo ID scans, passport information, Social Security Number (or ITIN) for tax and AML purposes, address verification documents, source-of-funds documentation, beneficial ownership information, OFAC and sanctions screening results, PEP (politically exposed person) screening results, background check results, credit bureau inquiries and reports.
• F. Transaction & Usage Data: Allocation requests, allocation approvals and denials, merchant selections, payment authorization records, reversal and chargeback records, settlement confirmations, merchant-to-user correspondence, transaction amounts and timestamps, activity history within the platform.
• G. Technical & Device Data: IP addresses, device identifiers (IMEI, IDFA), operating system type and version, browser type and version, application version, cookie IDs, local storage data, crash logs, error reports, access logs, login timestamps, feature usage analytics, page load times, scroll depth, button clicks.
• H. Communications Content: Messages sent to/from customer support (email, chat, phone), support ticket contents, call recordings (made only where permitted by applicable law), feedback and complaint details, dispute documentation.
• I. Risk & Suitability Data: Investor accreditation status (if applicable), net worth and asset information, annual income, investment objectives, risk tolerance assessment, years of investment experience, prior experience with similar offerings, understanding of market risks.
• J. Merchant & Partner Data: Merchant business name, business registration documents, merchant tax ID, merchant bank details, merchant representative names and contact information, merchant compliance certifications, merchant performance metrics (aggregated and anonymized where possible).
• K. Publicly-Available & Third-Party Data: Data obtained from credit bureaus, identity verification providers (e.g., Jumio, Socure), banking partners, payment processors, OFAC/sanctions databases, public business registries, and publicly available online sources.

6. Sources of Information

• Directly from you: Registration, profile completion, account setup, allocation requests, support communications, credit applications, merchant onboarding, feedback submissions.
• Automatically from your device and usage: Cookies, web beacons, pixels, local storage, browser fingerprinting, analytics SDKs, error reporting tools.
• From third parties: Payment processors (Stripe, PayPal, Square), banks and ACH operators, identity verification vendors (Jumio, Socure, IDology), credit reporting agencies (Equifax, Experian, TransUnion), OFAC/sanctions screening providers, fraud detection services, analytics providers (Google Analytics, Mixpanel), customer support vendors, cloud infrastructure providers.
• From partners and merchants: Information shared by verified merchants regarding transaction status, settlement details, and allocation performance.

7. Purposes and Legal Bases for Processing

We process personal information for legitimate business purposes, performance of contract, legal compliance, and where applicable, your consent. Primary purposes include:

• Providing, Operating, and Improving the Service: Account creation, allocation management, fund custody and transfer, settlement processing, allocation tracking, feature development, bug fixes, infrastructure optimization.
• Fund Custody and Financial Management: Receiving and safeguarding user funds in Bitvest Capital LLC's primary operating account, verifying fund receipt, processing allocations, disbursing funds to verified merchants, reconciling transactions, generating settlement statements.
• Merchant Verification and Vetting: Conducting KYC/AML screening on merchants, verifying business legitimacy, ongoing compliance monitoring, performance tracking, payment authorization and settlement.
• Processing Payments and Credit Products: Authorization and processing of user-initiated transactions, issuing credits, managing partial refunds, administering the Bitveste credit line (where applicable), dispute resolution.
• KYC/AML/Compliance: Know-Your-Customer verification, Anti-Money Laundering screening, OFAC sanctions list checks, PEP screening, beneficial ownership identification, source-of-funds verification, enhanced due diligence where required.
• Fraud Prevention and Risk Management: Detecting suspicious activity, preventing unauthorized access, mitigating payment fraud, managing chargeback and reversal risks, internal risk assessments.
• Responding to Support Requests, Disputes, and Investigations: Customer service inquiries, dispute resolution, investigation of user complaints, regulatory inquiries, law enforcement requests.
• Legal and Regulatory Compliance: Tax reporting (1099-MISC, 1098-K, other forms), subpoena responses, court order compliance, regulatory examination preparation, maintaining compliance with federal and state laws.
• Security and Platform Integrity: Access control, threat detection, vulnerability assessments, incident response, audit logging, data integrity checks.
• Aggregated Analytics and Product Development: De-identified usage patterns, feature adoption analysis, user research, product roadmap planning (all de-identified where practical).
• Marketing and Communications (where opted-in): Email newsletters, platform updates, new feature announcements, promotional offers (user may unsubscribe at any time).

8. Fund Custody, Transfer, and Settlement Process

How Funds Move Through Bitveste:

1. User Deposit: When you initiate a fund transfer to Bitveste, your funds are directed to Bitvest Capital LLC's primary operating and custodial account via ACH, wire transfer, or linked bank account.
2. Receipt and Reconciliation: Bitvest Capital LLC confirms receipt of funds, reconciles the deposit against your account records, and updates your Bitveste account balance in real-time or near-real-time.
3. Allocation Processing: Once funds are received and your account is verified (KYC/AML), you may request allocation into available merchant opportunities. Your allocated funds are held in Bitvest Capital LLC's custodial account pending settlement.
4. Merchant Verification and Settlement: Before disbursement, Bitveste verifies that the merchant (recipient) has completed all required compliance checks (KYC, business validation, OFAC screening). Once verified, Bitvest Capital LLC initiates a transfer of allocated funds to the merchant's designated account via ACH, wire transfer, or other means.
5. Settlement Confirmation: Upon successful transfer to the merchant, you receive a settlement confirmation detailing the merchant name, allocation amount, settlement date, and expected participation terms.
6. Returns and Reversals: If an allocation is cancelled, reversed, or a merchant refund is processed, funds are returned to Bitvest Capital LLC's account and then returned to your linked bank account via ACH or wire.

Important: All user funds held by Bitveste are in the name of Bitvest Capital LLC until settlement. Funds are not segregated by individual user in separate trust accounts, but are tracked and recorded in our accounting and platform systems.

9. Credit Decisions & Credit Line

If you apply for a Bitveste credit line or other credit product, we may perform credit checks and verify information with consumer reporting agencies. Information used in underwriting may affect credit eligibility and will be used consistent with the Fair Credit Reporting Act (FCRA) and applicable U.S. consumer protection laws.

Our credit products are subject to credit approval, underwriting standards, terms, and conditions documented in the credit agreement. We may share credit application information with credit partners and lending networks. A hard inquiry on your credit report may impact your credit score.

You have the right to know whether a credit decision was made based on your credit report. Contact us if you wish to dispute a credit decision or request information about the basis for denial.

10. Investment Disclaimers & Regulatory Status

Bitveste is NOT a Registered Investment Adviser (RIA). We do not provide personalized investment advice, make recommendations regarding investment strategy, or offer wealth management services. All allocations and opportunities are provided on a standardized, non-personalized basis. Users are solely responsible for evaluating allocations and making their own investment decisions.

No Securities Guarantees: Bitveste makes no representations that allocations constitute or do not constitute securities. Users should understand that participation in certain allocations may carry regulatory and financial risks. Some allocations may be subject to securities law limitations or restrictions. Users should consult their own legal and financial advisors regarding the nature and risks of allocations.

No Fiduciary Duty: Bitveste does not act as a fiduciary for users. We do not have fiduciary obligations to manage allocations in your best interest. Users bear full responsibility for understanding and accepting the risks associated with any allocation.

Risk Disclosure: Participation in allocations involves substantial risk, including potential loss of principal. Outcomes depend on merchant performance, market conditions, and other factors outside Bitveste's control. See our full Risk Disclosure and Terms of Service for additional details.

11. Sharing and Disclosure

We share personal information with:

• Service Providers & Data Processors: Payment processors (Stripe, PayPal, Square), ACH operators, card networks (Visa, Mastercard), cloud hosting providers (AWS, Google Cloud), identity verification vendors (Jumio, Socure, IDology), KYC/AML screening services, OFAC/sanctions screening providers, analytics providers (Google Analytics, Mixpanel, Segment), customer support and ticketing platforms, email service providers, SMS vendors, fraud detection services, tax reporting software.
• Financial Institutions and Settlement Partners: Banks (for ACH, wires, account verification), merchant acquiring banks, settlement clearinghouses, credit bureaus, credit decision partners, lending network partners.
• Verified Merchants: Settlement confirmations, limited transaction details (only as necessary to process allocations), user contact information for settlement and support purposes.
• Regulators and Law Enforcement: Where legally required by subpoena, court order, regulatory examination, or to comply with AML/OFAC/sanctions screening rules. We may disclose information in response to valid legal process.
• Professional Advisors: Auditors, legal counsel, accountants, and compliance consultants, all under confidentiality agreements.
• Acquirers & Successors: In connection with corporate transactions (merger, acquisition, bankruptcy, insolvency), information may be transferred, subject to confidentiality obligations and this Privacy Policy.

We do NOT sell personal information for monetary consideration. We may share aggregated and de-identified data with partners for analytics and product development without restriction.

12. International Transfers and Cross-Border Data

Data may be transferred to third parties or systems located outside the U.S. (e.g., cloud providers with international infrastructure, global payment networks) where necessary to provide the Service. When transfers occur, we apply reasonable safeguards including encrypted communications, contractual data protection clauses, and vendor security assessments.

If you are in a jurisdiction with specific cross-border transfer requirements or restrictions, please contact us at privacy@bitveste.com for details on our transfer mechanisms and safeguards.

13. Data Retention

We retain personal information as long as necessary to fulfill the purposes described and to comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods:

• Transaction and AML records: at least five (5) years per FinCEN and banking regulations.
• Account records: retained while account is active and for at least two (2) years after account closure.
• Tax and financial records: retained for at least seven (7) years per IRS requirements.
• Support communications: retained for at least two (2) years for dispute resolution.
• Fraud and security incident data: retained for at least two (2) years.
• Specific retention may vary by information type, legal requirement, and contractual obligation.

Upon account deletion or data deletion requests (subject to legal holds), we will securely delete or anonymize personal data within the timeframe specified by applicable law (typically 30-45 days).

14. Data Security & Encryption

We maintain comprehensive administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, alteration, disclosure, and destruction. Safeguards include:

• Access Controls: Role-based access control (RBAC), principle of least privilege, multi-factor authentication (MFA) for admin and sensitive functions, session timeouts.
• Encryption: TLS 1.2+ for data in transit, AES-256 encryption for sensitive data at rest, encrypted backup storage, encrypted mobile app communications.
• Password Security: Bcrypt or scrypt hashing with salt, no plain-text password storage, password complexity requirements, breach monitoring.
• Vendor Management: Regular security assessments, SOC 2 or ISO 27001 certifications required where practical, vendor contracts with data protection clauses, sub-processor disclosure.
• Monitoring & Logging: Audit logging of data access, intrusion detection systems, security event monitoring, anomaly detection.
• Incident Response: Documented incident response procedures, breach notification protocols, post-incident reviews, cyber liability insurance.
• Regular Testing: Penetration testing, vulnerability assessments, security code reviews, disaster recovery drills.

Important Limitation: No security system is completely impenetrable. While we use industry-standard protections, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and notifying us of any unauthorized access.

15. Cookies, Pixels, and Tracking Technologies

We and our partners use cookies, web beacons, pixels, local storage, and similar tracking technologies for the following purposes:

• Essential: Authentication, session management, CSRF protection, security.
• Functional: Language preferences, theme selection, form field persistence.
• Analytics: Page views, user journeys, feature usage (Google Analytics, Mixpanel).
• Advertising: Retargeting, conversion tracking, audience segmentation (Google Ads, Facebook Pixel).

You can manage cookie preferences through our Cookie Preference Center at the bottom of this page, or through your browser's cookie settings. Note that disabling certain cookies may impact platform functionality.

16. Your Rights — U.S. and State Residents

All U.S. Users:

• Access to your account information and transaction history.
• Ability to correct, update, or amend account information.
• Control over marketing and promotional communications (opt-out via email unsubscribe link).
• Request for a copy of your data in a portable format (data portability).
• Ability to request deletion of your account and associated data (subject to legal holds and regulatory retention requirements).

California Residents (CCPA/CPRA):

• Right to Know: Request disclosure of categories of personal information collected, purposes of use, and categories of third parties with whom we share data.
• Right to Delete: Request deletion of personal information (subject to exceptions for legal compliance, fraud prevention, and contract performance).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the sale or sharing of personal information for cross-context behavioral advertising (if applicable).
• Right to Limit Use and Disclosure: Limit use of sensitive personal information to purposes necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Authorized Agent: You may designate an authorized agent to submit requests on your behalf (with proper documentation).

Virginia Residents (VCDPA):

• Right to access, correct, delete, and obtain a copy of personal information.
• Right to opt-out of targeted advertising, sale, and profiling.

Colorado Residents (CPA):

• Right to access, correct, delete, and port personal information.
• Right to opt-out of targeted advertising and profiling.
• Right to request a deletion list.

How to Submit Requests:

Submit privacy rights requests to privacy@bitveste.com with the subject line "Privacy Rights Request" and include:

• Your full name and email address associated with your account.
• Description of the request (access, delete, correct, port, opt-out).
• Verification information (state of residency, copy of ID, recent transaction if needed).

Response Timeline: We will verify your identity before fulfilling any request. We will respond to verified requests within the timelines specified by applicable law (typically 30-45 days for CCPA/CPRA, up to 60 days for other laws). If we need additional information, we will contact you.

17. Children

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from minors or individuals under 18. If you believe we have collected such information, contact us immediately at privacy@bitveste.com and we will remove it promptly.

18. Third-Party Sites and Services

Our Service may link to third-party websites, mobile applications, and external services (e.g., merchant sites, payment processors, social media platforms). These third parties have separate and independent privacy policies. We are not responsible for their privacy practices, security, content, or policies. We encourage you to review the privacy policies of any third-party services before providing information.

19. Changes to This Privacy Policy

We may update this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be posted on this page with an updated effective date. Where required by law, we will provide notice prior to the changes taking effect. Your continued use of the Service following the posting of changes constitutes your acceptance of the updated Privacy Policy.

20. How to Contact Us; Complaints

Submit privacy requests, complaints, concerns, or questions to:

Privacy Inquiries & Data Subject Requests: privacy@bitveste.com

Legal Notices & Compliance: legal@bitveste.com

Fund & Settlement Issues: operations@bitveste.com

Mailing Address: Bitvest Capital LLC, 13313 Bellacosa Ave, Baton Rouge, LA 70817, United States

If you have an unresolved privacy concern or complaint, you may have the right to lodge a complaint with your state attorney general or other regulatory authority.

Privacy Policy — Quick Summary