Last Updated January 4, 2022
Version 2

Thanks for visiting Conduit Financial Technologies Corp. (“Conduit” along with its affiliates and subsidiaries). By visiting, accessing, or using Conduit, you agree to the policies and practices of our privacy policy (the “Privacy Policy”) so please read them carefully. If any policies or practices of this Privacy Policy are unacceptable to you, please do not visit, access, or use Conduit. Use of the words “we” or “our” in this Privacy Policy refers to Conduit.

1. About This Privacy Policy

This Privacy Policy explains what information we collect, why we collect it, and how we treat your personal information.

By visiting, accessing, or using Conduit, you confirm that you are at least eighteen (18) years old and agree to be bound by the policies and practices of this Privacy Policy in their entirety. Your privacy matters to us, so whether you are new to Conduit or a long-time user of our website or services, please do take the time to get to know and familiarize yourself with our policies and practices. If you do not want to be bound by this Privacy Policy, you should not visit, access or use our website or services.

As used herein, “Digital Currency” means a digital asset (also called a “cryptocurrency,” “virtual currency”), such as, but not limited to, bitcoin or ether, which is based on a cryptographic protocol(s) of an electronic system that may be (i) centralized or decentralized, (ii) proprietary or open-source, and (iii) used as a medium of exchange and/or store of value.

2. Information We Collect

We will collect and process the following information about you:

  • Information required by Section 326 of the USA PATRIOT ACT. This Act requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. This federal requirement applies to all Conduit counter parties. This information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. When you complete an application with us, we ask you for your:
  • Name, address, date of birth, and other identifying information. For more details, please see below.
  • Verification Information we collect about individual customers. (“Individual Verification Information”) We collect information that you provide during a completed, incomplete, or abandoned application. This may include the following information: 
  • Full legal name;
  • Social Security Number (“SSN”) or any comparable identification number issued by a government;
  • Date of birth (“DOB”);
  • Proof of identity (e.g., driver’s license, passport or government-issued ID);
  • Home address (not a mailing address or P.O. Box); 
  • Bank, statements, tax documents, or other proof of income or net worth; and
  • Additional information or documentation at the discretion of our Compliance Team as may be required for compliance with law, regulations or internal policies. This may include information relating to health, relationship status and criminal convictions.
  • Verification Information we collect about Institutional customers. (“Institutional Verification Information”) We collect information that representatives of an entity provide during a completed, incomplete, or abandoned application. This may include following information:
  • Full legal names;
  • Government-issued identification numbers;
  • Addresses;
  • Contact information; and
  • Proof of identity.    
  • Device Information. Information that is automatically collected about your device (including hardware, operating system, browser, device type, IP address, message authentication code (“MAC”), the hard drive and location services).      
  • Location Information. Information that is automatically collected via analytics systems providers to determine your location, including your IP address and/or domain name and any external page that referred you to us.          
  • Log Information. Information that is generated by your use of Conduit that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to Conduit pages that you visit.         
  • Financial Information. Information that is generated by your financial activity including, but not limited to transaction amounts, asset types, rate of return, and wallet addresses.    
  • Correspondence. Information that you provide to us in correspondence, including opening an application, and with respect to ongoing customer support.            
  • Cookies. When you access the Conduit website, we may collect technical information using the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools on your computer or other devices used to visit Conduit.  

3. How We Use Information We Collect

The information collected and the practices described above are done in an effort to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve Conduit.

In particular, we may use your information to:

  • comply with, and in order to assess, applicable laws, rules and regulations and internal policies and procedures, including carrying out conduct anti-fraud and identity verification and authentication checks (you authorize us to share your information with our third-party service providers, who may also conduct their own searches of publicly available information about you);
  • set up / on-board and allow you to use Conduit products and services;     
  • keep our records up to date and for the administration and maintenance of databases storing your personal information;    
  • communicate with you in order to respond to queries, provide Conduit products and services or information about Conduit products and services;  
  • manage and administer our business;     
  • monitor the usage of Conduit, and conduct automated and manual security checks of our service; and      
  • create aggregated and anonymized reporting data about Conduit. 

4. Direct Marketing

Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you.

5. How We Share Personal Information with Other Parties

We may share your personal information with our affiliates in the circumstances described below:

  • Certain services that you request from us, or that may be required by law or regulation, may be performed by an affiliate. In these circumstances we may share Individual Verification Information, Institutional Verification Information, or details of transactions you have requested or completed, including but not limited to transaction amounts and wallet addresses.

We will take steps to ensure that personal information is accessed only by employees of such affiliates that have a need to do so for the purposes described in this Privacy Policy. 

We may also share your personal information with: 

  • Third party identity verification services in order to prevent fraud. This allows Conduit to confirm your identity by comparing the information you provide us to public records and other third-party databases;       
  • Third party service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else;
  • Financial institutions with which we partner;     
  • Companies or other entities that we plan to merge with or be acquired by. Should such a combination occur, we will require that the new combined entity follow this Privacy Policy with respect to your personal information;      
  • Companies or other entities that purchase Conduit assets pursuant to a court-approved sale under U.S. Bankruptcy law;    
  • Law enforcement, and officials, or other third parties when:
  • we are compelled to do so by a subpoena, court order, or similar legal procedure; or   
  • we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement; and
  • Other third parties with your consent or direction or any third party that might be required by law.

We do not sell customer information to third parties for the purposes of marketing.

6. Digital Currencies

Be aware that bitcoin, ether, and other Digital Currencies are not anonymous.  Anyone can see the balance and transaction history of any Digital Currency address (public key). We, and any others who can match your Digital Currency address (public key) to other information about you, may be able to identify you from a blockchain transaction. This is because information published on a blockchain can be correlated with information that we and others may have. This may be the case even if we, or they, we're not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such information about you. You acknowledge and agree to allow us to perform such practices.

7. Information for Individuals Who Are Resident in the European Economic Area (“EEA”)

This section of our Privacy Policy only applies where you are a resident in the EEA. If you are a resident in the EEA, please read this section carefully. 

Legal Basis for Using Your Personal Data

We are entitled to use your personal data in the ways set out in this Privacy Policy because:

  • we are performing our contractual obligations with you; 
  • we have legal and regulatory obligations that we have to discharge;        
  • we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;       
  • we have obtained your consent; or
  • the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
  • allowing us to effectively and efficiently manage and administer the operation of our business;
  • in order to operate your account properly and provide you with the services;
  • to manage your account and communicate with you in relation to your account and the services we provide; and
  • maintaining compliance with internal policies and procedures.           

Transfers of Your Personal Data Outside the EEA

The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA. In particular your information will be transferred to us in the United States.  It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers. 

Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:

  • the country that we send the data to might be approved by the European Commission; or 
  • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data (this is the basis on which personal data is sent from the EEA to our operations in the United States).

In other circumstances we may be required to transfer personal data to any country in which Conduit or a Conduit affiliate conducts business or has a service provider or to other countries for law enforcement purposes.

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with this Privacy Policy.

Retention of Your Personal Data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

  • the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and        

  • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

Your Rights

If you are an EEA resident, you have a number of legal rights in relation to the personal data that we hold about you. These rights include:

  • the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;     
  • the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;       
  • in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;       
  • the right to request that we rectify your personal data if it is inaccurate or incomplete;      
  • the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled or required to retain it; 
  • the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and 
  • the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using any of the methods provided under this Privacy Policy.

8. Submissions

We cannot agree to obligations of confidentiality or nondisclosure with regard to any unsolicited information you submit to us, regardless of the method or medium chosen. By submitting unsolicited information or materials to Conduit, you or anyone acting on your behalf, agree that any such information or materials will not be considered confidential or proprietary.

Transmission of information via regular email is inherently insecure – so please DO NOT do so.  Contact us if you need to submit sensitive personal information and we can arrange for a method of secure transmission.  The definition of sensitive personal information varies from jurisdiction to jurisdiction.  For your own protection, assume all of your information to be sensitive and act accordingly.

9. Cookies

Cookies are small bits of information that are automatically stored on the web browser of your device that can be retrieved by us. 

How Do We Use Cookies?

The type of information we collect includes, but is not limited to, uniquely identifying visitor information and information related to your usage preferences. We use these technologies to help us recognize you as a user, collect information about your use of Conduit to better customize our services and content for you, and collect information about your computer or other access devices to (i) ensure compliance with our BSA/AML Program and (ii) ensure that your account security has not been compromised by detecting irregular or suspicious account activities. 

Third Party Cookies and Technology Partners

Some of the cookies described above are provided on our behalf by third party service providers to aid in the reporting of user behavior on our website. This behavior is analyzed to provide an improved user experience.

By using Conduit, you acknowledge and agree that we may collect and/or transmit any data collected to our third-party service providers, such as analytics providers, which may also make use of such technologies described above.

10. Information for Individuals Residing in California

As of January 1, 2020, California law permits residents of California to request certain details about how their personal information is shared with third-parties or affiliated companies for direct marketing purposes. California consumers have the following rights under the California Consumer Privacy Act (CCPA) with respect to their personal information. 

You have the right to know what personal information is being collected. You may submit a request, that Conduit disclose:

  • the categories of personal information about you that we collected;         
  • any categories of personal information about you that we sold;   
  • the business or commercial purpose for collecting your personal information;      
  • the categories of third parties with whom we have shared your personal information; and 
  • the business or commercial purpose for selling your personal information in the past 12 months.

Under the CCPA, you, as a California resident, may submit a request that Conduit:

  • deletes your personal information, provided that the information to not required to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, or to comply with a legal obligation; and         
  • honors your request to opt out of the sale of your personal information. Conduit does not sell your personal information.

You can submit a request to access or delete personal information by emailing Conduit at Conduit will be legally obligated to verify the identity of the consumer who submitted the request. Therefore, Conduit may request additional information from you to verify your identity. We will respond to your request within 45 days of receipt of your request, after proper verification, unless we need additional time, in which case we will let you know. You have the right to not be discriminated against. You have the right to exercise the privacy rights conferred by the CCPA without discriminatory treatment.

You may designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from a purported authorized agent who does not provide proof of authorization to act on your behalf pursuant to Probate Code sections 4000 to 4465.

11. Changes

We reserve the right to change this Privacy Policy from time to time to meet our changing needs. Any changes we make to our Privacy Policy in the future will be posted on our website and, where appropriate, notified to you. Your use of our website or our services following any change to this Privacy Policy will constitute your acceptance of the updated Privacy Policy.

12. How to Contact us

If you have any questions or concerns about our handling of your information, or about this Privacy Policy, please contact us using the following contact information: