PRIVACY POLICY

This Privacy Policy explains how TreasuryPath Inc. ("TreasuryPath," "we," "us," or "our") collects, uses, shares, and protects information when you use our treasury management platform and related services (the "Services"). This Policy applies to our website, platform, API, and all related services.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Business Account Information:

• Company name, legal entity type, and formation details
• Business address, phone number, and email address
• Employer Identification Number (EIN) and tax information
• Industry classification and business description
• Banking information and account details

Authorized User Information:

• Names, titles, and contact information of authorized users
• Government-issued identification for verification
• Digital signatures and authentication credentials
• User preferences and account settings

Transaction Information:

• Payment instructions and recipient details
• Transaction amounts, currencies, and timing
• Payment methods and routing information
• Transaction history and status updates

1.2 Information We Collect Automatically

Platform Usage Data:

• Login times, session duration, and feature usage
• API calls, request/response data, and system interactions
• Device information (IP address, browser type, operating system)
• Performance metrics and error logs

Technical Information:

• Cookies and similar tracking technologies
• Website analytics and user journey data
• Security monitoring and fraud prevention data
• System logs and diagnostic information

1.3 Information from Third Parties

Licensed Provider Data:

• Compliance and verification information from payment partners
• Banking and payment network data
• Credit and risk assessment information
• Regulatory reporting and monitoring data

Publicly Available Information:

• Business registration and licensing records
• Sanctions lists and watch list screening results
• News articles and public filings
• Industry databases and directories

2. HOW WE USE YOUR INFORMATION

2.1 Primary Service Purposes

Platform Operations:

• Provide access to treasury management tools and features
• Process payment instructions and transaction requests
• Maintain account security and user authentication
• Deliver customer support and technical assistance

2.2 Business Operations

Service Improvement:

• Analyze platform usage and performance
• Develop new features and functionality
• Conduct research and analytics
• Optimize user experience and system performance

Communication:

• Send service-related notifications and updates
• Provide account statements and transaction confirmations
• Share important policy or regulatory changes
• Deliver marketing communications (with consent)

3. HOW WE SHARE YOUR INFORMATION

3.1 Licensed Providers and Service Partners

Payment and Banking Partners:

• We share necessary information with our licensed payment and banking partners to provide payment services
• This includes business verification data, transaction instructions, and compliance information
• These partners have their own privacy policies and data protection practices

Payment Networks:

• Transaction information is shared with Fedwire, ACH, SWIFT, and other payment networks as necessary to process payments
• Network operators may have access to routing, amount, and timing information

3.2 Professional Service Providers

Technology and Support Services:

• Cloud hosting providers and data centers
• Software vendors and technical consultants
• Customer support and help desk services
• Security monitoring and fraud prevention services

Professional Advisors:

• Legal counsel for regulatory and compliance matters
• Accountants and auditors for financial reporting
• Consultants for business operations and strategy
• Insurance providers for coverage and claims

3.3 Legal and Regulatory Sharing

Government Authorities:

• Law enforcement agencies pursuant to valid legal process
• Financial regulators for examination and oversight
• Tax authorities for reporting and compliance
• National security agencies as required by law

Legal Proceedings:

• Court orders, subpoenas, and discovery requests
• Regulatory investigations and enforcement actions
• Litigation support and evidence production
• Asset recovery and collection proceedings

3.4 Business Transactions

Corporate Events:

• Potential buyers in merger, acquisition, or sale transactions
• Investors and financial partners for due diligence
• Successor entities in corporate reorganizations
• Creditors and stakeholders in bankruptcy proceedings

4. DATA SECURITY AND PROTECTION

4.1 Technical Safeguards

Encryption:

• Data encrypted in transit using TLS/SSL protocols
• Sensitive data encrypted at rest using industry standards
• API communications protected with secure authentication
• Database encryption for stored personal information

Access Controls:

• Multi-factor authentication for user accounts
• Role-based access permissions for employees
• Regular access reviews and privilege management
• Secure API key management and rotation

4.2 Operational Security

Monitoring and Detection:

• 24/7 security monitoring and incident response
• Automated threat detection and prevention systems
• Regular security assessments and penetration testing
• Vulnerability management and patch deployment

Employee Training:

• Regular privacy and security awareness training
• Background checks for personnel with data access
• Confidentiality agreements and privacy obligations
• Incident response procedures and protocols

4.3 Data Retention

Retention Periods:

• Account information: Retained for 7 years after account closure
• Communications: Retained for 3 years for customer service purposes
• Marketing data: Retained until consent is withdrawn

Secure Disposal:

• Secure deletion of electronic data using certified methods
• Physical destruction of paper documents and storage media
• Certificate of destruction for sensitive materials
• Regular purging of expired data and backups

5. YOUR PRIVACY RIGHTS AND CHOICES

5.1 Access and Correction

Information Access:

• Request copies of your personal information we maintain
• Review transaction history and account details
• Access privacy settings and communication preferences
• Download your data in portable formats where feasible

Information Updates:

• Correct inaccurate or incomplete information
• Update business details and authorized user information
• Modify banking and payment preferences
• Change communication and notification settings

5.2 Communication Preferences

Marketing Communications:

• Opt out of promotional emails and newsletters
• Unsubscribe from marketing phone calls and texts
• Adjust frequency and type of communications
• Note: Service-related communications cannot be disabled

Notification Settings:

• Customize transaction alerts and confirmations
• Set preferences for security and account notifications
• Configure API and system status updates
• Manage emergency and compliance communications

5.3 Account Management

Data Portability:

• Request export of your transaction data
• Download account statements and reports
• Transfer data to other service providers (where technically feasible)

Account Deletion:

• Request closure of your TreasuryPath account
• Note: Some data must be retained for regulatory compliance
• Anonymization of data where deletion is not required
• Confirmation of account closure and data handling

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 Types of Cookies We Use

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Platform functionality and feature access
• Load balancing and performance optimization

Analytics Cookies:

• Website usage statistics and user behavior
• Platform performance monitoring
• Feature adoption and usage patterns
• Error tracking and system diagnostics

Preference Cookies:

• User interface customizations
• Language and regional settings
• Dashboard layout and display preferences
• Communication and notification preferences

6.2 Third-Party Cookies

Service Providers:

• Google Analytics for website usage analysis
• Customer support platforms for help desk functionality
• Security services for fraud prevention and monitoring
• Performance monitoring tools for system optimization

Managing Cookies:

• Browser settings to control cookie acceptance
• Opt-out tools for third-party analytics
• Platform settings for functional cookies
• Note: Disabling essential cookies may affect functionality

7. INTERNATIONAL DATA TRANSFERS

7.1 Cross-Border Processing

Data Location:

• Primary data processing occurs in the United States
• Cloud services may involve international data transfers
• Payment processing may require data sharing with foreign banks
• Compliance with applicable data localization requirements

Transfer Safeguards:

• Adequate jurisdiction determinations where applicable
• Standard contractual clauses for international transfers
• Vendor agreements with appropriate data protection terms
• Regular review of international data handling practices

8. CHILDREN'S PRIVACY

TreasuryPath provides business services only and does not knowingly collect personal information from individuals under 18 years of age. Our Services are not intended for use by minors. If we become aware that we have collected information from a minor, we will take steps to delete such information promptly.

9. CALIFORNIA PRIVACY RIGHTS

9.1 CCPA Rights (California Residents)

Information Rights:

• Right to know what personal information we collect and how it's used
• Right to request deletion of personal information (subject to legal exceptions)
• Right to correct inaccurate personal information
• Right to opt out of sale or sharing of personal information
• Right to limit use of sensitive personal information

Non-Discrimination:

• We will not discriminate against you for exercising your privacy rights
• We may offer financial incentives for data collection with your consent
• You may decline incentive programs without penalty

Note: TreasuryPath does not "sell" personal information as defined by CCPA, but we do share information with service providers as described in this Policy.

9.2 Exercising Your Rights

How to Submit Requests:

• Email: privacy@treasurypath.com

Verification Process:

• We will verify your identity before processing requests
• Business account requests may require additional authorization
• Response timeframe: 45 days (may be extended by 45 days if complex)

10. CHANGES TO THIS PRIVACY POLICY

10.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our business practices or services
• New legal or regulatory requirements
• Enhanced privacy protections or user controls
• Feedback from users or privacy authorities

10.2 Notice of Changes

Notification Methods:

• Email notice to account holders for material changes
• Prominent notice on our website and platform
• In-platform notifications for significant updates
• Updated effective date at the top of the policy

Acceptance:

• Continued use of our Services constitutes acceptance of updated terms
• Material changes may require affirmative consent
• Right to discontinue services if you disagree with changes

This Privacy Policy is effective as of the date listed above and governs our collection and use of information from that date forward. Please review this Policy periodically for updates and changes.