X-Margin Inc. d/b/a Credora (“Company” “We” “Us” or “Credora”) respects your privacy and personal information and is committed to protecting it through our compliance with this privacy policy (“Privacy Policy”). This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit and use the websites https://credora.io and https://platform.credora.io (together, the “Site”), Credora software application(s), application program interface(s) and related services (referred to collectively hereinafter as “Services“) and our practices for collecting, using, maintaining, protecting, and disclosing that information. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our User Agreement, available here.

This Privacy Policy also applies to information we collect:

• In email, text, and other electronic messages you send through the Services.
• When you interact with our Services on third party websites and services.

Please read this Privacy Policy carefully. If you have any questions about this Policy, please submit your request via to support@credora.io. 

ACCEPTANCE OF THIS PRIVACY POLICY

By accessing and using our Services, you signify acceptance to the terms of this Privacy Policy. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our Services.

CHANGES TO THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time, which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by email (sent to the email address specified in your account), through a notice on our Site or Services, or as otherwise required by law. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting the Site and this Privacy Policy to check for any changes.

It is your responsibility to review the Privacy Policy and any changes thereto, as your continued use of the Services after we make changes is deemed to be acceptance of those changes.

THE INFORMATION WE COLLECT

We collect several types of information from and about users of our Services, including information:

• by which you may be personally identified that you have submitted to us, such as your name, date of birth, nationality, address, e-mail address, telephone number, signature or some other identifier and identity documents that satisfy the definition applicable in your jurisdiction for what constitutes personal information (“personal information“);
• that is about you but individually does not identify you; and/or
• about your internet connection, the device or equipment you use to access our Services and usage details.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through and use the Services. 
• From third parties, for example, our business partners.

Information you provide to us voluntarily

To establish an account and access our Services, we’ll ask you to submit certain identifying information about yourself. As we add new features and Services, you may be asked to provide additional information. Please note that we may not be able to serve you as effectively or offer you our Services if you choose not to share certain information with us. Any information you provide to us is provided voluntarily.

We may collect the following types of information from you:

• Personal Identification Information: Full name, date of birth, nationality, signature, phone number, home address, and/or email.
• Company Client Information: Company name, entity type, address, telephone number, and e-mail address.  We may also request certain identifying information about your directors, beneficial owners, authorized signatories, users, or like individuals.
• Financial Information: Bank account information or other payment method information.
• Transaction Information: Information about the transactions you enter into with other users of the Services when using the Services.
• Correspondence: Survey responses, feedback and similar information provided to our support team or user research team, including through email and chat.
• Search: Your search queries on the Site or Services.

Please note that when you voluntarily input your financial account information, such as digital asset wallet information, in order to calculate Risk Metrics, such input data is not seen or stored by us. Our calculators operate through a privacy-preserving system, and we only have access to the Risk Metrics displayed on the platform. 

Information we collect from you automatically

As you navigate through and interact with our Site and use the Services, we may use automatic data collection technologies to collect certain information. This information helps us address customer support issues, improve the performance of our Site and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

• Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
• Usage Data: Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information. 

For example, we may automatically receive and record the following information on our server logs:

• How you came to and use the Services;
• Device type and unique device identification numbers;
• Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
• How your device interacts with our Site and Services, including pages accessed and links clicked;
• Broad geographic location (e.g. country or city-level location); and
• Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.

We may also use identifiers to recognize you when you access our Site via an external link, such as a link appearing on a third party site.

Information collected from third parties

From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include analytics providers that provide us with de-identified information about how you found our Site and how you interact with the Site and Services. We do not combine the information collected through the use of analytics providers with personally identifiable information.  

ANONYMIZED AND AGGREGATED DATA

Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated customer data (i.e. information about our customers that we combine into an aggregate group so that it no longer identifies or references an individual customer).

The Risk Metric calculation outputs Credora produces from the financial data you provide fall under this category. The types of data we may anonymize or collect in the aggregate include account balance, directional exposure metrics, aggregate position metrics, and other financial data made available to the system from API keys provided by you. We may use anonymized or aggregate customer data for any business purpose, including for risk analysis and to perform and improve our products and services.

HOW YOUR PERSONAL INFORMATION IS USED

Our primary purpose in collecting personal information is to provide the Services. We generally use personal information for risk analysis and to perform our Services.

We may use this information in the following ways:

• To satisfy legal and regulatory compliance obligations
• With your permission, to enable faster onboarding with lending or borrowing counterparties as a supplement to the Services
• To enforce our terms in our User Agreement and other agreements
• To detect and prevent fraud and/or funds loss
• To provide the Services
• To provide Service communications
• To provide customer service
• To ensure quality control
• To ensure network and information security
• For research and development purposes
• To enhance your experience

Credora will not use your personal information for purposes other than those purposes we have disclosed to you without your permission. We may request your permission to authorize us to share your personal information with third parties. You may opt out of having your personal information shared with third parties, or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or the entirety of our Services may not be available to you.

Legal Bases for Processing your Information

We rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”), regardless of your location, as the GDPR currently implements the most stringent global privacy regulations. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect Credora’s or your property, rights, or safety, or where we have obtained your consent to do so. Below is a list of the purposes described in our policy with the corresponding legal bases for processing.

Marketing

Direct Marketing: Direct marketing includes any communications to you that are only based on promoting our products and services. We will only contact you by electronic means (email or other authorized channel) based on our legitimate interests, as permitted by applicable law, or your consent. To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to opt-out or contact us at support@credora.io. You may raise such objection concerning initial or further processing for purposes of direct marketing, at any time and free of charge.

Third Party Marketing: We will obtain your express consent before we share your personal information with any third parties for marketing purposes.

WHY WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES

We take care to ensure your personal information is  accessed only by those who require access to perform their tasks and duties, and to share only with third parties who have a legitimate purpose for accessing it, as authorized by you. We will never sell or rent your personal information to third parties without your explicit consent. We will only share your information in the following circumstances:

• With third-party lending or borrowing counterparties for due diligence purposes, with your permission.
• With financial institutions with which we partner to process payments you have authorized.
• With service providers under contract who help with our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with (other than those mentioned above) include:
  • Know-your-customer and anti-money laundering compliance vendors
  • Network infrastructure
  • Cloud storage
  • Payment processing
  • Transaction monitoring
  • Security
  • Document repository services
  • Customer support
  • Internet (e.g. ISPs)
  • Data analytics
  • Information Technology
  • Marketing
• With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
• With law enforcement, governmental officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our User Agreement or any other applicable policies.
• With companies or other entities that we plan to merge with or be acquired by. 
• With companies or other entities that purchase our assets under a court-approved sale or where we are required to share your information under insolvency law in any applicable jurisdiction.

THIRD PARTY SITES AND SERVICES

The Site and Services may enable you to interact with or contain links to third party websites, mobile software applications and services that are not owned or controlled by us. We are not responsible for the privacy practices or the content of such third party services. Please be aware that third party services may collect personal information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party service that you choose to use or interact with. We encourage you to learn about the privacy practices of those third parties. A connection you authorize or enable between your Credora account and a non-Credora account, payment instrument, or platform is considered an “account connection.”

Examples of account connections include:

• Your Financial Services Providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account to complete the transaction.

Information that we share with a third party based on an account connection will be used and disclosed under the third party’s privacy practices. Any account connection is given voluntarily by you.

HOW WE PROTECT AND STORE PERSONAL INFORMATION

We maintain appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

For example, we use computer safeguards such as firewalls and data encryption,  enforce physical access controls to our buildings and files, and authorize access to personal information only for those employees who require it to fulfill their job responsibilities. 

However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or other channel, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in this Privacy Policy.

RETENTION OF PERSONAL INFORMATION

We store your personal information securely throughout the life of your Account. We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.

• Personal information collected to comply with our legal obligations may be retained after account closure for as long as required under such laws.
• Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
• Content that you post on our Site such as support desk comments and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).
• Information collected via technical means such as cookies, webpage counters, and other analytics tools are kept for a period of up to one year from expiry of the cookie.
• Information about the transactions you enter into with other users of the Services when using the Services may be held even after account closure.

As a reminder, when you input your financial account information, such as digital asset wallet information, in order to calculate Risk Metrics, such data inputs are not seen or stored by us. Our calculators operate through a privacy-preserving system. 

MINORS’ PERSONAL INFORMATION

Our Services are not intended for minors. No minors may provide any personal information to or on the Site. We do not knowingly collect personal information from any minor. If you are a minor, do not use or provide any information on this Site. If we learn we have collected or received personal information from a minor without parental consent, we will delete that information. If you believe we might have any information from or about a minor, please contact us at support@credora.io 

CROSS BORDER TRANSFERS

Credora may transfer, store, and process your information in data centers around the world, where Credora facilities or service providers are located or in other countries. Appropriate safeguards will be implemented, such as standard data protection clauses, with data recipients or processors approved by competent authorities. By communicating electronically with Credora, you acknowledge and agree to your personal information being processed in this way. 

YOUR PRIVACY RIGHTS

Your rights to personal information are not absolute. Depending upon the applicable law, access may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

• Access and portability. You may request that we provide you a copy of your personal information held by us by emailing support@credora.io. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller.
• Rectification of incomplete or inaccurate personal information. You may request us to rectify or update any of your personal information held by us that is inaccurate. You may do this at any time by logging in to your account or emailing us at support@credora.io. 
• Erasure. You may request to erase your personal information, subject to applicable law. If you close your account, we will mark your account in our database as “Closed,” but will keep certain account information, including your request to erase, in our database for a period of time as described above. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account, and to comply with our legal obligations. However, if you close your account, your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or under this Privacy Policy.
• Withdraw consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
• Restriction of processing. In some jurisdictions, applicable law may give you the right to restrict or object to us processing your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
• Automated individual decision-making, including profiling. We may rely on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

How to make a privacy request or lodge a complaint:

You can make privacy rights requests or lodge complaints relating to your personal information by logging into your account or contacting us at support@credora.io. When we receive an individual rights request via other intake methods, we may take steps to verify your identity before complying with the request to protect your privacy and security.

If you reside in the EU, you can file a complaint with the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website http://info.adr.org/safeharbor, or your relevant data protection authority.

In the UK, the relevant data protection authority is Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, casework@ico.org.uk.

In Ireland, the relevant data protection authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois; phone: +353 (0761) 104 800; LoCall: 1890 25 22 31; Fax: +353 57 868 4757; email: info@dataprotection.ie

HOW TO CONTACT US

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at: 

support@credora.io