Privacy Policy

1. INTRODUCTION

Welcome to Plu ("Plu," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile applications, card services, and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1.1 Quick Summary

We collect information you provide, information from your use of our Services, and information from third parties. We use this information to:

• Provide and improve our Services
• Verify your identity and prevent fraud
• Comply with legal obligations
• Communicate with you about our Services

We do not sell your personal information to third parties for marketing purposes.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration Information:

• Full legal name
• Email address
• Phone number
• Date of birth
• Residential address
• Nationality and citizenship
• Username and password
• Occupation and employment information
• Annual income estimates
• Expected transaction volumes

Identity Verification (KYC) Information:

Through our identity verification partner, Persona, we collect:

• Government-issued identification documents (Passport, Driver's license, National ID card, State ID)
• Photograph or video selfie for biometric verification
• Document verification data
• Identity verification inquiry IDs
• Verification status and results
• Additional documents as required by regulations

Financial Information:

• Cryptocurrency wallet addresses (EVM, Solana, TRON, Stellar)
• Wallet balances and transaction history
• Bank account information (for withdrawals)
• Payment method information
• Card transaction data
• Credit application information
• Credit usage and repayment history

Communication Information:

• Support inquiries and correspondence
• Feedback and survey responses
• Chat messages with support team
• Email communications

User-Generated Content:

• Profile customization data
• Card display names
• Transaction notes and descriptions
• Preferences and settings

2.2 Information Collected Automatically

Device and Usage Information:

• Device type, model, and operating system
• Unique device identifiers
• IP address and geolocation data
• Browser type and version
• Screen resolution and device settings
• Referring/exit pages and URLs
• Date and time stamps of access
• Clickstream data and navigation patterns

Transaction Information:

• Transaction amounts, dates, and times
• Merchant names and categories
• Transaction locations
• Card usage patterns
• Spending analytics and behaviors
• Qualification progress metrics
• Engagement phase data

Application Data:

• Login timestamps and frequency
• Feature usage statistics
• App performance metrics
• Error logs and crash reports
• Session duration and activity
• In-app notifications and interactions

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar technologies to:

• Remember your preferences
• Authenticate your sessions
• Analyze usage patterns
• Provide personalized experiences
• Prevent fraud and enhance security

You can control cookies through your browser settings, but disabling them may limit functionality.

2.3 Information from Third Parties

2.4 Sensitive Personal Information

We collect certain sensitive categories of personal information:

• Precise geolocation data
• Financial account information
• Government-issued identification numbers
• Biometric data (facial recognition for identity verification)
• Citizenship and nationality

We collect this information only when necessary and implement additional safeguards for its protection.

3. HOW WE USE YOUR INFORMATION

3.1 Provide and Maintain Services

• Create and manage your account
• Issue virtual and physical cards
• Process deposits, withdrawals, and transfers
• Execute cryptocurrency transactions
• Track and display transaction history
• Calculate and apply spending limits
• Manage subscription tiers and billing
• Process credit applications and manage credit cycles
• Provide vault services and calculate interest
• Enable money transfers between users
• Display account balances and analytics

3.2 Verify Identity and Prevent Fraud

• Conduct Know Your Customer (KYC) verification
• Verify identity documents and biometric data
• Screen against sanctions lists and watchlists
• Detect and prevent fraudulent activities
• Monitor for suspicious transactions
• Implement anti-money laundering (AML) controls
• Assess credit risk and eligibility
• Protect against unauthorized access
• Investigate and resolve disputes

3.3 Legal and Regulatory Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and subpoenas
• Report suspicious activities to authorities
• Maintain records as required by law
• Enforce our Terms of Service
• Protect our legal rights and interests
• Comply with tax reporting obligations
• Meet licensing and regulatory requirements

3.4 Improve and Develop Services

• Analyze usage patterns and trends
• Develop new features and products
• Enhance user experience and interface
• Optimize performance and reliability
• Conduct research and analytics
• Test new features and functionality
• Debug and fix technical issues
• Improve security measures

3.5 Communication and Marketing

• Send transactional notifications (deposits, withdrawals, card activity)
• Provide account alerts and security notifications
• Send subscription and billing reminders
• Communicate service updates and changes
• Respond to support inquiries
• Conduct user surveys and research
• Send promotional offers and product announcements (with consent)
• Deliver personalized engagement prompts based on user phase
• Provide qualification progress updates
• Send credit cycle notifications and reminders

3.6 Personalization and Engagement

• Track qualification progress toward physical cards and credit
• Determine engagement phase (7-phase journey)
• Display contextual prompts and recommendations
• Track spending milestones and achievements
• Calculate streak tracking (consecutive months)
• Assign progress badges (Bronze, Silver, Gold, Platinum)
• Position users on leaderboards
• Recommend tier upgrades based on usage
• Identify at-risk users for retention campaigns
• Personalize win-back offers

3.7 Risk Management and Churn Prevention

• Assess churn risk scores (0-100)
• Detect inactivity patterns (30/60/90+ days)
• Trigger retention campaigns
• Offer personalized incentives to at-risk users
• Monitor payment failures and subscription status
• Conduct exit surveys for cancellations

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers and Partners

We share information with trusted third-party service providers who assist us in operating our Services:

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal and Regulatory Obligations

We may disclose your information:

• To comply with laws, regulations, or legal processes
• In response to subpoenas, court orders, or government requests
• To law enforcement or regulatory authorities
• To comply with KYC/AML requirements
• To report suspicious activities
• To enforce our Terms of Service
• To protect our rights, property, or safety
• To protect the rights, property, or safety of our users or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such transfer and any choices you may have.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction, such as:

• Sharing transaction details with recipients of money transfers
• Publishing user testimonials (with permission)
• Integrating with third-party apps you authorize

4.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Industry research and reports
• Usage statistics and trends
• Market analysis
• Public reporting

4.6 Blockchain Transparency

Certain information is publicly visible on blockchain networks:

• Wallet addresses
• Transaction amounts and timestamps
• Transaction hashes
• Smart contract interactions

This information is permanently recorded on public blockchains and cannot be deleted.

5. DATA RETENTION

5.1 Retention Periods

We retain your information for as long as necessary to:

• Provide our Services to you
• Comply with legal and regulatory obligations
• Resolve disputes and enforce agreements
• Prevent fraud and abuse

Specific Retention Periods:

5.2 Deletion and Anonymization

After the retention period:

• Personal information is securely deleted or anonymized
• Backups are purged according to our backup retention schedule
• Some information may be retained in anonymized form for analytics
• Blockchain records cannot be deleted due to their immutable nature

5.3 Account Closure

When you close your account:

• We stop collecting new information
• You may request deletion of non-regulated data
• Certain data must be retained for legal compliance
• You will receive confirmation of closure and data handling

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• End-to-end encryption for sensitive data
• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• Secure password hashing with bcrypt
• Multi-factor authentication options
• JWT token-based authentication (7-day expiry)
• Rate limiting and DDoS protection
• Regular security audits and penetration testing
• Intrusion detection and prevention systems

Organizational Safeguards:

• Access controls and authentication
• Employee training on data protection
• Confidentiality agreements with staff
• Background checks for employees with data access
• Incident response and breach notification procedures
• Regular security policy reviews

Physical Safeguards:

• Secure data center facilities
• Environmental controls and monitoring
• Physical access restrictions
• Redundant systems and backups

6.2 Your Security Responsibilities

You are responsible for:

• Keeping your password secure
• Not sharing your account access
• Using secure internet connections
• Keeping your device and software updated
• Reporting suspicious activity immediately
• Reviewing transactions regularly
• Protecting your card information

6.3 Security Incidents

In the event of a data breach:

• We will investigate promptly
• We will notify affected users as required by law
• We will notify regulatory authorities as required
• We will take remedial measures to prevent recurrence
• We will provide guidance on protective steps you can take

6.4 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee:

• Absolute security of information
• Prevention of all unauthorized access
• Protection against all cyber threats
• Security of information during transmission over the internet

You use our Services at your own risk.

7. YOUR PRIVACY RIGHTS

7.1 Access and Portability

You have the right to:

• Access your personal information
• Request a copy of your data
• Export your transaction history
• Receive data in a structured, commonly used format

7.2 Correction and Update

You have the right to:

• Correct inaccurate information
• Update your profile and contact details
• Modify your preferences and settings

7.3 Deletion

You have the right to request deletion of your personal information, subject to:

• Legal and regulatory retention requirements
• Ongoing transaction processing
• Dispute resolution needs
• Contract performance obligations
• Fraud prevention and security needs

Some information cannot be deleted (e.g., transaction records required by law).

7.4 Objection and Restriction

You have the right to:

• Object to certain processing of your information
• Restrict processing under certain circumstances
• Opt out of marketing communications
• Opt out of certain cookies and tracking

7.5 Withdraw Consent

Where processing is based on consent, you may:

• Withdraw consent at any time
• Change communication preferences
• Opt out of optional features

Withdrawal does not affect the lawfulness of processing before withdrawal.

7.6 Exercising Your Rights

To exercise your privacy rights:

• Email us at privacy@get.plu.com
• Access account settings in your Plu dashboard
• Contact our support team
• Submit a verified request with proof of identity

We will respond within 30 days (or as required by applicable law).

7.7 Regional Privacy Rights

We comply with privacy laws in all jurisdictions where we operate. Please contact us for jurisdiction-specific rights.

8. INTERNATIONAL DATA TRANSFERS

8.1 Global Operations

Plu operates globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States.

8.2 Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards:

• Standard contractual clauses
• Data processing agreements
• Adequacy decisions by regulatory authorities
• Binding corporate rules
• Your explicit consent where required

8.3 Cross-Border Transfers

Data may be transferred to:

• Service providers in different countries
• Cloud infrastructure providers
• Payment and card processing partners
• Identity verification services
• Analytics and support providers

We ensure that all recipients provide adequate data protection.

9. CHILDREN'S PRIVACY

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected information from a child under 18:

• We will delete the information promptly
• We will terminate the account
• We will notify the parent or guardian if possible

If you believe a child has provided us information, please contact us immediately at privacy@get.plu.com.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies We Use

10.2 Third-Party Cookies

Third parties may set cookies through our Services:

• Analytics providers
• Advertising networks
• Social media platforms
• Service providers

We do not control third-party cookies. Please review their privacy policies.

10.3 Cookie Management

You can control cookies through:

• Browser settings (block or delete cookies)
• Privacy preferences in your account
• Third-party opt-out tools
• "Do Not Track" signals (we honor DNT signals where legally required)

Note: Disabling essential cookies may prevent you from using certain features.

10.4 Other Tracking Technologies

We may use:

• Web beacons: Small graphic images to track email opens and clicks
• Pixels: Track page visits and conversions
• Local storage: Store data locally in your browser
• SDKs: Collect mobile app usage data
• Device fingerprinting: Identify devices for fraud prevention

11. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, apps, or services:

• We do not control third-party privacy practices
• We are not responsible for third-party content or policies
• Third-party terms and privacy policies apply
• We encourage you to review third-party policies

This Privacy Policy applies only to information we collect.

12. UPDATES TO THIS PRIVACY POLICY

12.1 Policy Changes

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• New features or services
• Legal or regulatory requirements
• Industry best practices

12.2 Notice of Changes

We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notification to your registered address
• Displaying an in-app notice
• Updating the "Last Updated" date

12.3 Your Continued Use

Continued use of our Services after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should discontinue use and close your account.

13. CONTACT INFORMATION

13.1 Privacy Inquiries

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

13.2 Regulatory Contacts

For California Residents: If you are not satisfied with our response to your privacy request, you may contact the California Attorney General at https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.

For EEA Residents: You have the right to lodge a complaint with your local data protection authority.

14. ADDITIONAL DISCLOSURES

14.1 California Shine the Light Law

California residents may request information about disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14.2 Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law.

14.3 Do Not Sell My Personal Information

We do not sell personal information to third parties for monetary consideration. We may share information with service providers for business purposes as described in this policy.

14.4 Financial Incentives

We may offer financial incentives or benefits programs (e.g., rewards, bonuses, promotions) in exchange for providing information or engaging with our Services. You may opt in or out of such programs at any time.

14.5 Automated Decision-Making

We may use automated systems to:

• Assess qualification for physical cards and credit
• Detect fraud and suspicious activity
• Calculate risk scores for churn prevention
• Determine engagement phases
• Recommend tier upgrades

You have the right to request human review of automated decisions that significantly affect you.

14.6 Biometric Information

We collect biometric data (facial recognition) through Persona for identity verification. This data is:

• Collected with your consent
• Used solely for identity verification
• Processed by Persona under strict security measures
• Retained according to regulatory requirements
• Not sold or disclosed except as required by law

15. SPECIFIC DATA PROCESSING ACTIVITIES

15.1 Qualification Tracking

We track your qualification progress including:

• Account age (days since creation)
• Cumulative spending amounts
• Subscription tier and payment status
• Qualification milestones achieved
• Eligibility for physical cards and credit

This data determines access to premium features.

15.2 Engagement System

We process engagement data to:

• Assign you to engagement phases (1-7)
• Display contextual prompts and guidance
• Track dismissed prompts to avoid repetition
• Measure spending streaks and milestones
• Award progress badges
• Calculate leaderboard positions

15.3 Credit Cycle Management

For users with credit access, we process:

• Credit limit and available credit
• Current cycle start and end dates
• Payment history and status
• Credit utilization metrics
• Eligibility for credit line increases

15.4 Churn Prevention

We analyze usage patterns to:

• Calculate churn risk scores (0-100)
• Identify inactivity periods
• Determine at-risk status
• Personalize win-back offers
• Track retention campaign effectiveness

15.5 Spending Limits

We enforce tier-based spending limits:

• Monthly aggregate limits
• Daily spending limits
• Per-transaction maximums
• Real-time limit tracking
• Contextual upgrade prompts when limits approached

16. DATA PROCESSING LEGAL BASIS (GDPR)

For EEA residents, we process your personal data based on:

You may withdraw consent or object to processing based on legitimate interests.