PRIVACY POLICY

RootsFi Inc. ("RootsFi," "we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our non-custodial mobile application (the "App") and related interface services (collectively, the "Services").

IMPORTANT NOTICE: ROOTSFI IS A NON-CUSTODIAL INTERFACE.

We do not have custody of your private keys or assets. Transactions are executed directly by you on public blockchains. While we protect the data on our servers, we cannot control or delete data that is written to the immutable public ledger (blockchain).

1. Information We Collect

We collect information to provide our software interface and improve your experience.

1.1 Information You Provide Directly

Registration Data:

General Users: We generally rely on Web3 authentication (wallet connection via Privy). We do not store passwords.

Merchants & Agents: If you register as a Cash Agent or Merchant, we collect your email address and business profile details.

User Content: Content you voluntarily upload, such as profile avatars, usernames, bios, and support ticket correspondence.

Verification Data (KYC): To access fiat on-ramps/off-ramps, you may be required to provide identity documents. RootsFi does not store your sensitive ID documents (e.g., passport scans) on our servers. This data is collected directly by our compliance partner (Sumsub), and we receive only a status signal (e.g., "Verified" or "Rejected") and basic metadata (e.g., Name, Date of Birth) required for account recovery.

1.2 Information Collected Automatically

Blockchain Data (Public Ledger): When you use the App, we index your public wallet address and transaction history to display your balance and activity. This information is publicly available on the blockchain and is not proprietary to RootsFi.

Device & Usage Data: We collect information about your mobile device (Hardware model, OS version, Unique Device Identifiers) and app performance logs (crash reports, API latency) to maintain the stability of our Beta software.

Ephemeral Location Data (Cash Agents):

Scope: If you opt-in to "Cash Agent" discovery or Bluetooth Low Energy (BLE) payments, we access your precise location.

Ephemeral Processing: To protect your physical safety, location data for agent discovery is processed ephemerally. We calculate proximity to other users in real-time but do not store a historical log of your movements in our persistent databases.

1.3 Information From Third Parties

We integrate with third-party infrastructure providers. You should review their privacy policies as you establish a direct relationship with them for regulated services:

Privy: Wallet generation and authentication.

Bridge & Circle: Stablecoin issuance and banking rails.

Sumsub: Identity verification.

2. How We Use Your Information

We do not "process" financial transactions in the traditional custodial sense. We use your data to facilitate your interaction with decentralized protocols.

2.1 Interface Functionality & Message Broadcasting

We use your data to format and broadcast cryptographically signed messages to the blockchain. RootsFi does not clear or settle transactions. We act solely as a software interface that allows you to self-custody assets and interact with smart contracts.

2.2 Legal Basis for Processing (GDPR/Global Compliance)

We process your personal data based on the following legal grounds:

Data Type

Legal Basis

Purpose

Wallet Address & Tx Data

Contractual Necessity

Required to display your balance and execute the software commands you initiate.

Email / Device ID

Legitimate Interest

Fraud prevention, security, app improvement, and Beta testing feedback.

KYC Status / AML Data

Legal Obligation

Compliance with anti-money laundering laws applicable to our financial partners.

Location / BLE

Explicit Consent

You must opt-in via your device settings to enable proximity features.

2.3 Feature Enablement

Peer-to-Peer Discovery: Using BLE or location to find nearby Cash Agents.

Notifications: Sending technical notices, security alerts (e.g., "Suspicious Contract Interaction"), and transaction confirmations.

2.4 Cookies and Local Storage

We and our third-party partners may use local storage mechanisms (e.g., localStorage on your device) to recognize you and protect your account.

Essential Storage: We use local storage to persist your session tokens (via Privy) so you remain logged in securely. You cannot disable these without breaking the App's functionality.

Analytics: We use identifiers to understand how you interact with the App (e.g., screens visited). You may opt-out of non-essential analytics in the App settings.

Do Not Track: Our systems do not currently recognize "Do Not Track" signals from web browsers, as no uniform standard exists.

3. How We Share Your Information

We do not sell your personal information. We share data only as follows:

3.1 Third-Party Infrastructure (Independent Controllers)

When you utilize banking rails (e.g., Bridge, Circle) or complete KYC (Sumsub), you are establishing a direct contractual relationship with those entities. For the purposes of financial compliance, those partners operate as independent Data Controllers, not merely as our processors.

Example: If you redeem stablecoins for USD, your bank account details are processed by Bridge, not RootsFi.

3.2 Service Providers

We share anonymized or necessary data with vendors who help us operate the App:

Cloud Infrastructure: Neon, Cloudflare.

Analytics: PostHog or Google Analytics (for app performance, not ad tracking).

3.3 Legal Requirements

We may disclose information if required by a subpoena, court order, or search warrant. As a non-custodial wallet, we cannot freeze your on-chain assets, but we may be compelled to share off-chain data (e.g., IP addresses, email) with law enforcement.

4. Data Retention

General: We retain personal data only as long as necessary to provide the Services.

Regulatory Retention: Our financial partners (and RootsFi, where applicable) are required by law (e.g., Bank Secrecy Act) to retain certain transaction and identity records for a minimum period (typically 5 years), even if you close your account. This data is securely archived and isolated from active use.

5. Your Rights & The Blockchain Exception

Depending on your jurisdiction (GDPR, CCPA), you have rights to access, correct, or delete your data.

5.1 The Immutable Ledger Exception (Right to Erasure)

You may request the deletion of your account and associated off-chain data (email, device ID) by contacting [email protected].

However, you acknowledge that:

On-Chain Data: Your wallet address and transaction history are permanently recorded on public blockchains.

No Deletion Possible: RootsFi technically cannot modify, delete, or obscure data written to the blockchain.

Scope of Deletion: Your "Right to Deletion" applies only to data held on our centralized servers.

6. Security

We use enterprise-grade security for our servers. However:

User Responsibility: You are solely responsible for securing your private keys, seed phrases, or authentication methods (e.g., Passkeys).

No Recovery: If you lose access to your wallet credentials, RootsFi cannot recover your funds. We do not have a "backdoor" to your assets.

7. Children's Privacy

Our Services are restricted to users 18 years of age or older. We do not knowingly collect data from children. If we discover a user is under 18, we will immediately lock the account interface and delete off-chain data, though on-chain history remains immutable.

8. International Transfers

RootsFi operates globally. Your data may be transferred to servers in the United States or other jurisdictions. By using the App, you consent to this transfer, acknowledging that data protection laws in the US may differ from your country of residence.

9. Updates to Policy

We may update this policy to reflect changes in regulatory law or our product. Material changes will be notified via the App or email. Continued use of the Services constitutes acceptance of the updated policy.

10. Contact Us

RootsFi Inc.

16192 Coastal Hwy

Lewes, Delaware 19958

Email: [email protected]