Legal

Privacy Policy

Last updated: 2026-05-27

Draft. This Privacy Policy is a working draft published for transparency. Final disclosures are subject to legal-counsel review.

1. Scope

This Policy describes how AgencyGeo handles personal and business data when you use our dashboards, virtual cards, and USDT wallet. By using the Service you also accept the Terms of Service.

2. What we collect

Identity & KYC: name, business name, email, government-issued ID, and similar documents you provide for verification.
Transaction data: card authorizations, settlements, refunds, chargebacks, FX, cashback, USDT deposits and on-chain references.
Account & usage: workspace membership, sign-in history, 2FA state, IP address, device and browser fingerprint, audit log entries.
Support & communications: messages you send us and the records of any review or appeal you submit.

3. How we use it

To issue cards, settle transactions, and pay cashback.
To comply with applicable law: KYC, sanctions screening, anti-money-laundering, tax reporting.
To detect and prevent fraud and abuse — including the automated refund / chargeback ban described in the Terms.
To secure the Service, debug failures, and improve features.

4. Who we share it with

Card-issuing bank and card networks to authorize and settle card transactions.
KYC and sanctions vendors to verify identity and screen against sanctions / PEP lists.
Infrastructure providers (database, edge compute, email, observability) under data-processing agreements.
Regulators and law enforcement where required by law or valid legal process.

We do not sell personal data. We do not use it for cross-context behavioural advertising.

5. Retention

We retain identity, transaction, and audit data for the period required by financial-services recordkeeping rules (typically five years after the account closes, longer where law requires). Audit-log and ban-decision records are retained for forensic and regulatory purposes even after termination.

6. Security

We use 2FA, role-based access, encryption in transit and at rest, and a PCI-aligned vault architecture for card data. No system is perfectly secure; if we discover a breach affecting you we will notify you as required by law.

7. Your choices

Depending on where you live, you may have rights to access, correct, or delete your data, or to lodge a complaint with a privacy regulator. To exercise these rights, contact us via the contact page. Some data we are required by financial-services rules to retain even on request.

8. Changes to this Policy

We may update this Policy. Material changes will be announced in-app or by email. The “Last updated” date above always reflects the current version.

9. Contact

Privacy questions? Reach us via the contact page.

2. What we collect

Identity & KYC: name, business name, email, government-issued ID, and similar documents you provide for verification.

Transaction data: card authorizations, settlements, refunds, chargebacks, FX, cashback, USDT deposits and on-chain references.

Account & usage: workspace membership, sign-in history, 2FA state, IP address, device and browser fingerprint, audit log entries.

Support & communications: messages you send us and the records of any review or appeal you submit.

3. How we use it

To issue cards, settle transactions, and pay cashback.

To comply with applicable law: KYC, sanctions screening, anti-money-laundering, tax reporting.

To detect and prevent fraud and abuse — including the automated refund / chargeback ban described in the Terms.

To secure the Service, debug failures, and improve features.

4. Who we share it with

Card-issuing bank and card networks to authorize and settle card transactions.

KYC and sanctions vendors to verify identity and screen against sanctions / PEP lists.

Infrastructure providers (database, edge compute, email, observability) under data-processing agreements.

Regulators and law enforcement where required by law or valid legal process.

We do not sell personal data. We do not use it for cross-context behavioural advertising.