Privacy Policy

Last updated: January 31, 2025

1. Introduction

Pediment (“we,” “our,” or “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our stablecoin infrastructure platform and services.

2. Information We Collect

Personal Information

We may collect the following types of personal information:

• Identity Information: Name, title, business contact details
• Account Information: Username, password, security credentials
• Professional Information: Company affiliation, role, authorization levels
• Communication Data: Email correspondence, support interactions
• Technical Information: IP addresses, device information, usage logs

Business Information

As a B2B platform, we also collect:

• Institutional Data: Company registration, licensing information
• Transaction Data: Service usage, processing volumes, compliance records
• Integration Data: System configurations, API usage patterns

3. How We Use Your Information

We use collected information to:

Service Delivery

• Provide and maintain our stablecoin infrastructure services
• Process transactions and manage your account
• Ensure platform security and prevent fraud
• Provide technical support and customer service

Compliance and Legal

• Comply with financial regulations (BSA/AML, KYC requirements)
• Maintain audit trails and regulatory reporting
• Respond to legal requests and investigations
• Enforce our Terms of Service

Business Operations

• Analyze usage patterns to improve our services
• Send important service updates and notifications
• Develop new features and capabilities
• Conduct risk assessments and due diligence

4. Information Sharing and Disclosure

We may share your information with:

Service Providers

• Cloud infrastructure providers (AWS, etc.)
• Security and compliance vendors
• Payment processors and banking partners
• Technical support and maintenance providers

Regulatory and Legal

• Financial regulators and government agencies
• Law enforcement when legally required
• Auditors and compliance consultants
• Legal counsel and professional advisors

Business Partners

• With your explicit consent only
• Aggregate, non-personal data for industry analysis
• Due diligence information during M&A activities

5. Data Security

We implement enterprise-grade security measures including:

Technical Safeguards

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication for all accounts
• Regular security audits and penetration testing
• Secure development practices and code reviews

Administrative Controls

• Role-based access controls and principle of least privilege
• Regular security training for all personnel
• Incident response procedures and breach notification protocols
• Third-party security assessments of vendors

Physical Security

• Secure data centers with restricted access
• Environmental controls and monitoring
• Redundant systems and disaster recovery procedures

6. Data Retention

We retain your information for:

• Active Accounts: Duration of our business relationship
• Inactive Accounts: Up to 7 years for compliance purposes
• Transaction Records: As required by financial regulations
• Security Logs: Up to 2 years for fraud prevention

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

Access and Control

• Request access to your personal information
• Correct inaccurate or incomplete data
• Delete your personal information (subject to legal requirements)
• Export your data in a portable format

Communication Preferences

• Opt out of marketing communications
• Choose communication methods and frequency
• Update your contact preferences

8. International Data Transfers

If you are located outside the United States, we may transfer your information to the US for processing. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Your explicit consent where required

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Authenticate users and maintain sessions
• Remember your preferences and settings
• Analyze website usage and performance
• Enhance security and prevent fraud

See our Cookie Policy for detailed information about our use of cookies.

10. California Privacy Rights

California residents may have additional rights under the CCPA, including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising privacy rights

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on our website
• Send notification for material changes
• Update the “Last updated” date at the top

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

Privacy Office: privacy@pediment.xyz
Mailing Address: Pediment Privacy Office, [Company Address]
Phone: [Privacy Hotline]

For urgent privacy matters, please mark your communication as “URGENT - PRIVACY MATTER.”

This Privacy Policy is part of our commitment to transparency and data protection.