Privacy Policy for SwiftXchange

Last Updated: May 10, 2025

Welcome to SwiftXchange (the "App"), a fintech mobile application operated by Source Technologies (hereinafter "SwiftXchange", "we", "us", or "our"). SwiftXchange is registered in the United States of America. This Privacy Policy outlines how we collect, use, protect, and disclose your personal and financial information when you use our App and services. Your privacy is of utmost importance to us, and we are committed to safeguarding your data in compliance with applicable U.S. data protection laws, including the Gramm-Leach-Bliley Act (GLBA) and the Children's Online Privacy Protection Act (COPPA), as well as striving to comply with other applicable data protection laws in jurisdictions where our services are offered. Please read this Privacy Policy carefully. By downloading, accessing, or using our App, you agree to the terms of this Privacy Policy and acknowledge receipt of our privacy notices as required by law.

1. Information We Collect (Nonpublic Personal Information - NPI)

We collect various types of "nonpublic personal information" (NPI) and other information to provide and improve our services, to process your transactions securely, to communicate with you, and as required by law. The information we may collect includes:

Personal Identification Information:

• Full name
• Contact information (email address, phone address)
• Date of birth
• Social Security Number (in limited circumstances and as required by law)
• National identification details (e.g., passport, driver's license, as required by law for financial transactions and identity verification)

Financial Information:

• Bank account details (account name, account number, bank name, routing number)
• Mobile money wallet details (account name, mobile money number, network provider)
• Transaction history within the App (including parties to transactions, amounts, and timestamps)
• Information related to the source of your funds

Transactional Information:

• Details of the currency exchange you initiate (e.g., source currency, target currency, amount)
• Information about the recipient wallet for disbursement
• Timestamp and status of your transactions

Device and Usage Information:

• Device type, operating system, and version
• IP address
• Mobile network information
• App usage data (e.g., features used, screens viewed, actions taken)
• Device identifiers for push notification purposes and security

Communications:

• Records of your communications with our customer support team.

2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Manage Our Services (Our Everyday Business Purposes):

• To create and manage your user account.
• To process your currency exchange transactions, including verifying your identity (a crucial step for Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance), facilitating the transfer of your funds to the designated bank account, holding the equivalent funds in an escrow account, and disbursing the funds to your selected wallet upon confirmation of your transfer.
• To display bank information for you to send your funds.
• To calculate and apply our commission fee (1.2% capped at $100 or its equivalent).
• To maintain your account and transaction history.

To Communicate With You:

• To send you transaction confirmations, updates, security alerts, and support messages via push notifications and other communication channels you have consented to.
• To respond to your inquiries and provide customer support.
• To provide you with notices about our privacy practices and changes to our services, terms, or policies.

For Security and Fraud Prevention:

• To verify your identity and comply with KYC, AML, Counter-Terrorist Financing (CTF), and other legal and regulatory requirements.
• To detect and prevent fraud, unauthorized access, and other illegal activities.
• To protect the security and integrity of our App, services, and customer information, as mandated by our information security program (see Section 8).

To Improve Our Services:

• To analyze usage trends and user behavior to improve the App's functionality, user experience, and features.
• For internal research and development purposes.

To Comply with Legal Obligations:

• To comply with applicable U.S. federal and state laws, regulations, court orders, and requests from regulatory authorities (e.g., Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), FinCEN).
• To enforce our terms and conditions.

3. Data Sharing and Disclosure

We are committed to protecting your NPI. We do not sell your NPI to third parties. We will only share your NPI as permitted or required by law. Circumstances under which we may share your information include:

For Our Everyday Business Purposes:

• With Financial Institutions and Payment Processors: We share necessary NPI with banks, mobile money providers, and other financial institutions to process your currency exchange transactions, facilitate payments, and manage your accounts. This is essential for the provision of our services.
• With Escrow Service Providers: The target currency equivalent of your transaction is disbursed into an escrow account pending confirmation of your transfer. NPI related to your transaction will be shared with the escrow service provider as necessary to perform this function.
• With Service Providers: We may engage third-party service providers to perform functions on our behalf, such as data hosting, analytics, identity verification, customer support, and push notification delivery. These service providers are contractually obligated to maintain the confidentiality and security of your NPI and are restricted from using it for any purpose other than providing services to us or as otherwise permitted by law. We ensure these providers have appropriate safeguards in place.

For Legal Reasons and Law Enforcement:

• We may disclose your NPI if we believe in good faith that such disclosure is necessary to:
  • Comply with a legal obligation, subpoena, regulation, or governmental/regulatory request (e.g., from the FTC, CFPB, law enforcement agencies).
  • Enforce our Privacy Policy or Terms of Service.
  • Protect the rights, property, or safety of SwiftXchange, our users, or the public.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.

Business Transfers:

• In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your NPI may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our App of any change in ownership or material changes in uses of your NPI, as well as any choices you may have regarding your NPI.

With Your Consent:

• We may share your NPI for other purposes not listed above if we provide you with notice and obtain your explicit consent.

Your Right to Limit Sharing (Opt-Out):

The GLBA gives you the right to limit some, but not all, sharing of your NPI. For example, you typically cannot limit sharing for our everyday business purposes, such as processing your transactions or maintaining your account, or when we share information with service providers who assist us in these activities, or as required by law. We do not currently share your NPI in ways that would trigger a right to opt-out (e.g., sharing with non-affiliates for them to market to you, or sharing certain credit information with affiliates). If our practices change, we will update this notice and provide you with any applicable opt-out rights.

4. Escrow Account

To ensure the security of your transaction, the target currency equivalent of the funds you are exchanging will be disbursed into a secure escrow account. Once you confirm that you have made the transfer to the provided bank details, and this is verified, the funds held in escrow will be released to your designated recipient wallet (bank account or mobile money). We take all necessary steps to ensure the escrow process is transparent and secure.

5. Push Notifications

We use push notifications to keep you informed about the status of your transactions (e.g., when funds are received, when funds are disbursed) and to send you important updates, security alerts, or information related to our services.

You will be asked to provide your consent to receive push notifications when you first use the App or through your device settings. You can manage your push notification preferences or opt-out at any time through the settings on your mobile device or within the App. Please note that opting out of certain notifications may impact your ability to receive timely updates about your transactions or important security alerts.

6. Commission Fee

We charge a commission fee of 1.2% for each currency exchange transaction processed through the App. This fee is capped at a maximum of $100 (or its equivalent in other currencies). The applicable fee will be clearly displayed to you before you confirm a transaction.

7. Data Security

We are committed to protecting the security of your NPI. We have implemented a comprehensive written information security program with administrative, technical, and physical safeguards designed to protect your NPI against unauthorized access, use, alteration, disclosure, or destruction, in compliance with the GLBA Safeguards Rule. These measures include:

• Encryption of sensitive data both in transit (e.g., using TLS/SSL) and at rest.
• Secure servers and access controls, including multi-factor authentication for access to systems storing NPI.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Internal policies, procedures, and training for employees on data protection and information security.
• Measures to detect and respond to security incidents.

While we strive to protect your information, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You are also responsible for keeping your account credentials (like passwords and PINs) confidential and for ensuring the security of your own devices.

8. Data Retention

We will retain your NPI only for as long as is necessary for the purposes set out in this Privacy Policy, including to provide our services, comply with our U.S. legal and regulatory obligations (such as those under the Bank Secrecy Act, which may require retention for five years or longer for certain transaction records, and other financial record-keeping rules), resolve disputes, and enforce our agreements. The retention period may vary depending on the type of information and the applicable legal requirements.

9. Your Data Protection Rights

As a user of our services, you have certain rights regarding your NPI under U.S. law. These include:

• Right to Receive a Privacy Notice: You have the right to receive clear and conspicuous notice of our information collection, use, and sharing practices, which this Privacy Policy is intended to provide.
• Right to Access Information: You may have the right to request access to certain NPI we hold about you.
• Right to Correct Inaccurate Information: You may request that we correct inaccurate NPI we maintain about you.
• Right to Limit Certain Sharing (Opt-Out): As described in Section 3, you have the right to opt-out of certain types of NPI sharing with non-affiliated third parties. We will notify you if such opt-out rights apply.
• State-Specific Rights: Depending on your state of residence (e.g., California under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)), you may have additional rights, such as the right to know what specific pieces of personal information are collected, the right to delete personal information (subject to certain exceptions, especially for financial data covered by GLBA), the right to opt-out of the "sale" or "sharing" of personal information (we do not sell your NPI), the right to limit the use of sensitive personal information, and the right to non-discrimination for exercising your privacy rights. Financial information subject to GLBA is often exempt from certain provisions of state privacy laws like CCPA/CPRA, but other data may be covered.

To exercise any applicable rights, or if you have questions about your NPI, please contact us using the details in Section 14 ("Contact Us"). We will respond to your requests in accordance with applicable law and may need to verify your identity before processing your request.

10. International Data Transfers

SwiftXchange is operated from the United States. Your NPI will be processed and stored in the United States. If you are using the App from outside the United States, including Ghana, your information will be transferred to, stored, and processed in the United States, where our servers and central database are located. U.S. data protection laws may differ from those in your country of residence.

When we transfer your information to third-party service providers or financial institutions in other countries (e.g., to facilitate a currency exchange to Ghana Cedis through a local partner in Ghana), we will take steps to ensure that your NPI receives an adequate level of protection in the jurisdictions in which we process it, in accordance with applicable law. By using our services, you consent to the transfer of your NPI to the U.S. and to other countries as necessary for the provision of the services and as described in this Privacy Policy.

11. Children's Privacy (Compliance with COPPA)

Our App and services are not directed to children under the age of 13, and we do not knowingly collect personal information online from children under 13 without prior verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA). If you are under 13, please do not use our App or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take commercially reasonable steps to delete such information from our records as soon as practicable. If you are a parent or guardian and believe that your child under 13 has provided personal information to us without your consent, please contact us immediately at info@sourcestechnologies.com. We will take steps to remove that information from our servers.

Our privacy policy includes:

• The name, address, telephone number, and email address of all operators collecting or maintaining personal information through the site or service. (See Section 14: Contact Us)
• A description of what information we collect from children, including whether we enable children to make their personal information publicly available, how we use such information, and our disclosure practices for such information. (Currently, we do not knowingly collect from children under 13).
• A description of parental rights regarding their children's personal information. (Parents have the right to review the personal information collected from their child, refuse to permit its further collection or use, and direct its deletion).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements (including changes to GLBA or other applicable laws). We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We may also provide notice to you through the App, via email, or other means as required by law for material changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the App after any changes to this Privacy Policy will constitute your acceptance of such changes.

13. Governing Law

This Privacy Policy and our privacy practices will be subject exclusively to the laws of the United States of America.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, or if you wish to exercise your data protection rights, please contact us at:

SwiftXchange / Source Technologies

Email: info@sourcestechnologies.com