Privacy Policy

Last Updated: December 17, 2025

1. Introduction

This Privacy Policy describes how GoldenBasis, Inc. ("ZeGid," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the ZeGid app and related services (the "Services").

ZeGid is a financial technology company that helps users manage self-custody cryptocurrency wallets and connects them with third-party partners for financial services like onramping/offramping, investing, and US virtual bank accounts. We are not a bank, money services business (MSB), or money transmitter. All regulated financial services are provided through our licensed and regulated partners.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Age Requirement: Our Services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from someone under 18, we will delete that information promptly.

2. Information We Collect

2.1 Personal Information You Provide

Account Registration and KYC Information:

• Full legal name
• Date of birth
• Gender/sex
• Physical address and proof of address documentation
• Email address and phone number
• Employment status and occupation
• Estimated monthly deposits
• Primary source of funds
• Government-issued identification documents (passport, driver's license, national ID)
• Tax identification numbers (SSN, TIN, or foreign equivalent)
• Bank account information for linked external accounts

Communication Data:

• Messages sent through our customer support channels, including Intercom chat, WhatsApp, and email
• Any documents, images, or other content you share with us

2.2 Automatically Collected Information

Device and Technical Data:

• Device information (model, operating system, unique device identifiers)
• IP address and approximate geographic location
• App usage data and interaction patterns
• Network information

Crash Reporting:

We use Sentry to collect crash reports and error logs to maintain app stability. This includes technical information about your device and app state at the time of an error.

App Analytics:

We use PostHog to analyze app usage, including how you navigate and interact with the app. For users in the European Economic Area or United Kingdom, this processing occurs only with your consent. You may withdraw consent by contacting support@zegid.com.

2.3 Information from Third Parties

We may receive information about you from our service providers and partners, including for identity verification, compliance, and regulatory purposes.

2.4 Blockchain Transaction Data

When you use our Services to interact with the Base blockchain network, transaction information is permanently recorded on the blockchain and becomes publicly viewable. This includes wallet addresses, transaction amounts, timestamps, and any other data included in blockchain transactions. Due to the nature of blockchain technology, this information cannot be modified or deleted once recorded.

2.5 Derived Information

We may derive additional information or draw inferences based on the data we collect, such as risk assessments, usage patterns, and eligibility determinations for our Services.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Core Service Delivery

• Connect you with financial institutions to provide US virtual bank account services
• Facilitate deposits and withdrawals through our partner network
• Enable you to earn yield on your funds
• Allow you to invest in certain assets
• Provide self-custody cryptocurrency wallet management tools

3.2 Legal and Regulatory Compliance

• Verify your identity and comply with KYC (Know Your Customer) requirements
• Monitor transactions for anti-money laundering (AML) compliance
• Respond to requests from law enforcement and regulatory authorities
• Maintain records as required by applicable financial regulations

3.3 Security and Fraud Prevention

• Authenticate your identity and secure your account
• Monitor for suspicious or fraudulent activity
• Protect against unauthorized access to your account

3.4 Customer Support and Communication

• Respond to your inquiries and provide customer support
• Send you important service-related notifications
• Communicate updates about our Services

3.5 Product Improvement and Analytics

• Analyze app usage patterns to improve our Services
• Develop new features and functionality
• Conduct research and analytics to enhance user experience

3.6 Automated Decision-Making

• Detect and prevent fraud and suspicious activity
• Verify your identity through our partners' automated systems
• Assess your eligibility for certain Services

4. Legal Basis for Processing (EU/EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:

• Account and KYC Data: Legal obligation (financial regulations require identity verification)
• Transaction Processing: Performance of contract (necessary to provide our Services)
• Fraud Detection and Security: Legitimate interest (protecting our Services and users)
• Customer Support Communications: Performance of contract
• Crash Reporting: Legitimate interest (maintaining service stability)
• App Analytics (PostHog session recording): Consent (opt-in required; see Section 2.2)
• Sharing with Advertising Partners: Consent (opt-in required)

5. How We Share Your Information

5.1 Service Providers and Partners

Financial Services Partners:

• We share your KYC and transaction data with our licensed financial services partners who facilitate money transmission and banking services
• Your information may be shared with banks and other financial institutions in our partner network to process transactions

Service Infrastructure:

• Database hosting and management providers
• Analytics and app performance monitoring services
• Customer support platforms
• User authentication services
• Cryptocurrency wallet infrastructure providers

5.2 Advertising Partners

We may share hashed identifiers (such as email address or phone number) with Meta Platforms, Inc. to measure and improve ad campaign effectiveness. For users in the European Economic Area or United Kingdom, this sharing occurs only with your consent. You may withdraw consent by contacting support@zegid.com.

5.3 Legal and Regulatory Disclosures

• To comply with applicable laws, regulations, or legal processes
• To respond to requests from government authorities or law enforcement
• To protect our rights, privacy, safety, or property, or that of our users
• In connection with any merger, acquisition, or sale of assets

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. International Data Transfers

Primary Data Processing: All personal data is processed and stored in the United States on cloud infrastructure.

Cross-Border Considerations: If you are accessing our Services from outside the United States, your information will be transferred to, stored, and processed in the United States.

Future International Expansion: As we expand our services internationally, we may process data in additional jurisdictions and will update this Privacy Policy accordingly.

Safeguards for International Transfers: For users in the European Economic Area or United Kingdom, your data is transferred to the United States. We protect these transfers using Standard Contractual Clauses approved by the European Commission. You may request a copy of these clauses by contacting support@zegid.com.

7. Data Retention

We retain your account data for as long as your account remains active. After account closure:

• Transaction records and KYC documents are retained as required by applicable financial regulations
• Customer support communications are retained as needed to resolve disputes and improve our services
• Analytics data is retained for product improvement purposes
• Consent records are retained to demonstrate compliance with applicable law

8. Your Privacy Rights

8.1 Corrections

You may request corrections to inaccurate personal information by contacting us.

The availability of these rights may vary based on your location and applicable law.

8.2 Additional Rights for European Users (EEA/UK)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have the following rights under GDPR:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Restriction: Request we limit processing of your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for optional processing at any time

To exercise these rights, contact support@zegid.com. We will respond within 30 days. Note: We may be unable to delete certain data required for regulatory compliance (transaction records, KYC documents) but will inform you of any such limitations. You also have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

8.3 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it's used, and the right to request deletion of your information.

9. Automated Decision-Making

We may use automated systems to make decisions about your account, including fraud detection, identity verification, and eligibility assessments. These decisions are made through our partners' systems to protect you and comply with legal requirements. If you believe an automated decision has negatively affected you, you may contact us to request a review.

10. Security Measures

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Limited access to personal information on a need-to-know basis
• Secure authentication protocols

11. Third-Party Links and Services

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to such third-party services, and we encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy in our app and updating the "Last Updated" date above.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at:

ZeGidPay LLC.
Email: legal@zegid.com