Privacy Policy

Welcome to Arbor (“Arbor,” “we,” “our,” or “us”). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at arbormoney.co, mobile experiences, and associated applications (collectively, the “Services”). Please read this policy carefully to understand our views and practices regarding your personal data.

Arbor Financial, Inc. is a financial technology company, not a bank. Some services are provided by licensed partners, and certain activity may be recorded on public blockchains.

We may collect and process the following data about you:

• Personal identification information: Such as your name, email address, phone number, and profile information you choose to provide.
• Account and authentication information: Login credentials, verification codes, session data, and wallet or account identifiers associated with your Arbor account.
• Device information: Including device type, operating system, browser type, IP address, and unique device identifiers.
• Usage data: Details about your use of the Services, including pages viewed, features used, referral sources, and interaction data.
• Financial and transaction information: Information related to deposits, withdrawals, sends, receives, balances, supported asset activity, and on-chain transaction metadata connected to your account.
• Compliance information: Information we or our partners may collect to verify identity, prevent fraud, and meet legal or regulatory obligations.

We collect information in the following ways:

• Directly from you: When you create an account, verify your identity, contact support, or otherwise provide information through the Services.
• Automatically: As you navigate through the Services, certain information may be collected automatically, such as usage details, device information, and diagnostic logs.
• From third parties: We may receive information about you from service providers and partners that help us operate the Services, including authentication providers, payment and on-ramp partners, blockchain infrastructure providers, analytics vendors, and compliance service providers.
• From public blockchains: When you use supported on-chain features, transaction data may be publicly visible on networks such as Base.

We use the information we collect to:

• Provide, operate, maintain, and secure our Services.
• Improve, personalize, and expand our Services.
• Understand and analyze how you use our Services.
• Develop new products, services, features, and functionality.
• Process your transactions and manage your accounts.
• Communicate with you, either directly or through one of our partners, including for customer service, account updates, security notices, and service-related messages.
• Send you email, text messages, or push notifications where permitted.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal, regulatory, and contractual obligations.

We may share your information with:

• Service providers: Third-party companies and individuals that facilitate our Services, provide services on our behalf, perform related services, or assist us in analyzing how our Services are used. Examples may include Privy, payment and on-ramp partners, cloud hosting providers, analytics vendors, email providers, and customer support tools.
• Financial and blockchain partners: Providers that help us offer deposits, withdrawals, wallet access, custody, or on-chain functionality, including partners involved in USDC flows, Base network activity, and supported lending or vault protocols such as Morpho and Aave.
• Affiliates: We may share your information with our affiliates, in which case we will require them to honor this Privacy Policy.
• Business partners: We may share your information with business partners to offer certain products, services, or promotions where permitted by law.
• Legal authorities: We may disclose your information if required to do so by law or in response to valid requests by public authorities, regulators, or law enforcement.

When we share information with third-party partners, they may handle your data according to their own privacy policies and terms of service in addition to this Privacy Policy.

We implement appropriate technical and organizational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, please be aware that no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and maintain appropriate business records.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• The right to access: You may have the right to request copies of your personal data.
• The right to rectification: You may have the right to request that we correct information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure: You may have the right to request that we delete certain personal data, subject to legal and operational retention requirements.
• The right to restrict processing: You may have the right to request that we restrict how we use your personal data in certain circumstances.
• The right to object: You may have the right to object to certain processing of your personal data.
• The right to data portability: You may have the right to request transfer of certain personal data to another service provider.

To exercise these rights, contact us at support@arbormoney.co. We may need to verify your identity before responding to your request.

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your jurisdiction. Where required, we take steps designed to ensure appropriate safeguards are in place for such transfers.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us and we will take steps to delete it.

Our Services may contain links to third-party websites, applications, or services that are not operated by Arbor. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with Arbor.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date below. Your continued use of the Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at support@arbormoney.co.