UTOPPIA, INC.
PRIVACY POLICY DISCLOSURE

Last Updated and effective as of October 5, 2024
If you are reading this Privacy Policy (“Policy”), that means you have created an account using Utoppia Inc.’s (“Utoppia”) platform application (“Platform App”) By using the Platform App (“Account”), you agree to Utoppia’s Policy. We may update this Policy from time to time and we will provide updates as required by law. We may update this Policy from time to time and the continued use of our services means acceptance of this Policy. If you do not agree to the Policy as last revised, do not use (or continue to use) the Services (as defined below).
Utoppia takes our customers’ privacy and security very seriously as provided herein. To demonstrate our commitment to privacy and security, we have developed this Policy to explain how we may collect, retain, process, share, and transfer your information.
1. Policy Overview
1.1 In this Policy, “Services” refers to any products, services, content, features, technologies, or functions made available to you by Utoppia via the Platform App.
1.2 The terms “Utoppia,” we”, “us” or “our” shall refer to Utoppia, Inc. The terms “you” or “your” shall refer to any individual or entity who accepts this Policy.

2. Applicability and Scope
2.1. This Policy applies to your information when you visit the Platform App or use the Checking Account Services and does not apply to online websites or services that we do not own or control.
2.2. Information provided to third parties, shall be controlled by their respective privacy policies. We encourage you to review the privacy policies or notices of other third parties for information about their practices.

3. Collection of Information
3.1 We collect public and non-public information (i) when you visit our Platform App; (ii) when you communicate with us via our customer support channels; (iii) when you apply or sign up to and/or use  Platform App Services; (iv) we collect through third-party service providers and other sources and; (v) through online research on social media and websites, which may not be publicly available.
3.2 We collect data to comply with applicable law and financial services regulation.
3.3 We also collect information in order to verify your identity when you apply or sign up to receive a service from us.

4. Information We Collect
4.1 The information we collect may vary according to the Platform App Services  we will be providing to you:
4.2 We may collect the following information about individuals or businesses (“Data”):
4.2.1 Individuals’ Information: name or aliases, physical address, work address, phone number, email address, IP address, date of birth, gender, local tax identification number, result of sanctions screenings, government ID, photo identification, selfie, or video authorization, images of your face on your identification document (e.g., government-issued identification card) and/or video, your biometric facial identifiers, and other additional information you may provide, or additional information we may additionally request you to provide (collectively the “Individual’s Information”);
4.2.2 Business’ Information: entity legal name or aliases, including “doing business as” names, physical address, phone number, legal entity type, industry, organizational documents (e.g. articles of incorporation and bylaws), employer identification number, or other information relating to your authorized signors or beneficial owners, which may include the Individuals’ Information as provided above, or additional information we may additionally request you to provide;
4.2.3 External Bank Account Information: external financial institution name, account name, account type, branch number, account number, routing number, international bank account number (“IBAN”), information, data, passwords, authentication questions, materials or other content, transaction and available balance information;
4.2.4 Financial Data of Your Account With Us: transactions and transaction history, including but not limited to ACH and Wire transactions, available account balance, debit amounts, linked bank accounts, salary and other income, sources of wealth, and other assets;
4.2.5 Background Check Data: background check information including credit and criminal checks, supporting research, and screenings, to the extent required or permitted by local law;
4.2.6 Recipients’ or Senders’ Data: when you send or request money through the Platform App Services, we may collect data such as name, postal address, telephone number, IP address, date of birth, and financial account information about the recipient or sender of the funds;
4.2.7 Third-Party Sources: we may obtain information from third-party sources, merchants, recipients and senders of funds, data providers, identity verification providers, and credit bureaus, where permitted by law.
4.2.8 Digital Identity Information:
4.2.8.1 Services Metadata: when you interact with the Utoppia Services, metadata is generated that provides additional context about the way you interact with the Checking Account Services.
4.2.8.2 Log Data: our servers may automatically collect information about your visit to the Platform App, including IP addresses and associated information, browser type and settings, the date and time the Checking Account Services were accessed and used, information about browser configuration and plugins, language preferences.
4.2.8.3 Device Information: your device “fingerprint” (e.g. hardware model, operating system and version, unique device identifiers and mobile network information) when you access our Platform App or use an Investment Account Service.
4.2.8.4 Location Information: we may receive information from you that helps approximate your location, such as using an IP address received from your browser to determine an approximate location. Further, we may also collect location information from devices in accordance with the consent process provided by your device.

5. Retention of Information
5.1 We retain your information to fulfill our legal or regulatory obligations and for our business purposes. We may retain your Data for longer periods than required by applicable law if it is in our legitimate business interests and not prohibited by law.
5.2 If you stop using the Utoppia Services, we reserve our ability to retain and access the Data as provided in this Policy. We will continue to use and disclose such Data in accordance with this Privacy Policy.
5.3 All Data are stored in encrypted format in Utoppia’s database

6. Purposes of Collection and Use of Information
6.1 We use the information we collect or receive to operate, improve, and protect the Platform App Services and to develop new services.  More specifically, we collect and use your information:
6.1.1 To provide the Services, perform obligations under our agreements with third-parties, and carry out related business functions, including performing data and transaction processing, analyzing transaction history to combat regulatory and other security concerns, assisting with the investigation of a dispute, conducting credit checks, handling user inquiries, and managing relationship;
6.1.2 To develop, improve, enhance, modify, add to, and further develop  Services;
6.1.3 To comply with legal obligations and regulations applicable to the Services , including but not limited to “know your customer” obligations based on applicable anti-money laundering and anti-terrorism requirements, economic and trade sanctions, customer due diligence, suspicious activity reporting, foreign exchange and international trade, tax reporting and other applicable laws, regulations, ordinances, and obligations or requirements;
6.1.4 For security and privacy management, to detect, prevent, and investigate privacy and security-related concerns that could impact you, the Platform App, the Services,  or third parties Utoppia has engaged for the purpose of providing its products and services;
6.1.5 To confirm a person’s authority as a representative or agent of a user;
6.1.6 To conduct record keeping and otherwise manage the business;
6.1.7 To verify you, your identity, that the data provided is credible, and prevent fraud;
6.1.8 To protect you, Utoppia, and third parties Utoppia is  engaged with for the purpose of providing products and services from fraud, malicious activity, and other privacy and security-related concerns;
6.1.9 To provide customer support to you, including to help respond to your inquiries related to the Services or  our Platform App;
6.1.10 To send you technical notices, updates, security alerts and support and administrative messages;
6.1.11 To investigate any misuse of  the Services or the Platform App, including criminal activity or other unauthorized access to the  Services;
6.1.12 To defend our legal rights and the rights of others; 
6.1.13 To conduct record keeping and otherwise manage our business;
6.1.14 To comply with applicable law or regulations; and/or
6.1.15 For any other purpose with your consent.

6.2 We may use raw data or aggregated and anonymized data for the purposes provided in this Policy.
6.3 We use machine learning and facial recognition to verify the legitimacy of your identification documents, verify the factualness and credibility of the information you provide to us, and avoid fraud, by, among other actions, comparing biometric data with data previously or separately obtained. Based on the submitted identification document, Utoppia programmatically creates a feature vector of the face displayed in such document and stores it in encrypted format in Utoppia’s database. The vector cannot be used to reconstruct the original image. When a new user creates an account, Utoppia programmatically compares that user’s vector against others in its database to help detect potential cases of identity theft. As with all Data, Utoppia does not sell or rent the image, likeness, or vector to anyone, including marketers or other third parties, and does not use your Data for commercial purposes other than identity verification, financial loss mitigation, and regulatory compliance.

7. Sharing Information
7.1 Utoppia takes your privacy seriously. We may disclose information to marketers or other third parties as permitted by law.
7.2 We do share your information with third parties as described in this Policy. We may share some of your information:
7.2.1 With the Regent Bank for the purposes of offering services to you and providing customer service to you. You understand that the Bank may have access to all Data and that the Bank’s privacy policy  also applies.
1.a.1 For our everyday business purposes, such as processing your transactions, maintaining your Account(s), or reporting to credit bureaus;
7.2.2 With other companies that provide services to us, such as identity verification service providers, fraud prevention service providers, credit bureaus, or collection agencies;
7.2.3 With other parties to transactions when you use the Services, such as other users, merchants, and their service providers. We may share your information with other parties involved in processing your transactions. This includes others that you are receiving funds from, and merchants and their service providers;
7.2.4 To information technology providers or other service providers around the world that act under our instructions regarding the processing of certain data ("Vendors"). Vendors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the information, and to process information only as instructed;
7.2.5 To independent external auditors or other service providers around the world. Such service providers will be subject to any necessary contractual obligations regarding the protection and processing of such Data;
7.2.6 In connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
7.2.7 To support our audit, compliance, and corporate governance functions;
7.2.8 To service providers to prepare, deploy and analyze advertising content;
7.2.9 For our everyday business purposes, such as processing your transactions and maintaining your Account(s);
7.2.10 To establish, exercise, or defend our legal rights, including providing information to others for the purposes of fraud prevention and risk management;
7.2.11 To any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition or in preparation for any of these events; and
7.2.12 With your consent or direction.

7.3 Subject to applicable law, we may disclose Data if required or permitted by applicable law or regulation, including laws and regulations of the United States and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever Utoppia may do business; (b) protect and defend the rights or property of Utoppia; (c) act in urgent circumstances to protect the personal safety of users, contractors/employees of Utoppia or others, or other third parties Utoppia has engaged to provide its products or services; or (d) protect against any legal liability. In addition, Utoppia may share your Data with U.S. regulators and with other self-regulatory bodies to which we are subject, wherever Utoppia may do business.

8. Protection of your Information
8.1 Utoppia takes commercially reasonable measures to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Additionally, we implement policies designed to protect the confidentiality and security of your nonpublic personal information.
8.2 Unless otherwise specified in this Policy, Utoppia limits access to your information to employees that have a business reason to know such information, and further implements security practices and procedures designed to protect the confidentiality and security of such information and prohibit unlawful disclosure of such information in accordance with its policies.

9. Your Personal Data and Your Rights –United States Only (Including California)

Notice to Nevada Residents

Nevada law allows Nevada residents to opt-out of the sale of certain types of personal information. Subject to a number of exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to our email address at support@utoppia.com.Haga clic aquí para escribir texto.

Notice to California Residents

‍The California Consumer Privacy Act (“CCPA”) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

The CCPA’s privacy rights described below do not apply to Personal Information that is collected, processed, sold, or disclosed pursuant to the Federal Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act. Generally, this will apply to any Personal Information obtained in connection with Utoppia enabling you access to the products and Services. The CCPA’s privacy-related rights also do not apply to certain types of Personal Information that is subject to the Federal Credit Reporting Act (FCRA).

In addition, some of the CCPA’s privacy rights explained below do not apply to personal information collected in a business-to-business context. That is information reflecting a written or verbal communication or a transaction between us and a consumer, where the consumer is acting as an employee, owner, director, officer, or contractor of another entity and when the communication or transaction occur solely within the context of us conducting due diligence regarding, or providing or receiving a product or service, to or from such entity.

If you would like to make any requests or queries regarding Personal Information that we process,  please contact us at our email address at support@utoppia.com. Your rights under the CCPA will depend on our relationship with you.

Right to Know About Personal Information Collected, Disclosed, or Sold

‍If you are a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request. This right includes the right to request any or all of the following:

1. Specific pieces of Personal Information that we have collected about you;
2. Categories of Personal Information that we have collected about you;
3. Categories of sources from which the Personal Information was collected;
4. Categories of Personal Information that we sold (if applicable) or disclosed for a business purpose about you;
5. Categories of third parties to whom the Personal Information was sold (if applicable) or disclosed for a business purpose; and
6. The business or commercial purpose for collecting or, if applicable, selling Personal Information.

The CCPA defines “sell” to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s Personal Information to another business or a third party for monetary or other valuable consideration.

Collection of Personal Information

For a list of the Personal Information that we currently collect and, in the 12 months prior to the Last Updated date of this Privacy Policy, have collected, please see the “Types of Personal Data Collected” section above. As described more fully above, we collect the Personal Information from California residents directly and from our Platform App, identity verification providers, recipients and senders of funds, data providers, and credits bureaus. Not all categories of Personal Information are collected from each source.

For a list of the purposes for which we have collected this Personal Information, please see the “Purposes of Collection and Use of Information” section above.

Disclosure of Personal Information

For a list of the Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated date of this Privacy Policy and the category of third parties to whom the Personal Information was disclosed, please see the “Purposes of Collection and Use of Information” and the “Sharing Information” sections above. We did not sell Personal Information to third parties in the 12 months preceding the Last Updated date of this Privacy Policy.

We do not knowingly collect or sell the Personal Information of minors under 16 years of age.

Right to Request Deletion of Personal Information

If you are a California resident, you have the right to request that we delete the Personal Information about you that we have collected. However, per the CCPA, we are not required to comply with a request to delete if it is necessary for us to maintain the Personal Information in order to, for example, complete a transaction, detect security incidents, comply with a legal obligation, or otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

How to Submit a Request to Know and/or Delete

You may submit a request to know or delete by emailing us at support@utoppia.com  or by calling +1 (650) 495-2468.

Our Process for Verifying a Request to Know or Delete

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request.

We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure or deletion as applicable.

For requests to access categories of Personal Information and for requests to delete Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.

For requests to access specific pieces of Personal Information or for requests to delete Personal Information that is sensitive and poses a risk of harm by unauthorized deletion, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you will be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

Right to Opt-Out of Sale of Personal Information

If you are a California resident, you have the right to direct businesses to stop selling your Personal Information. We do not sell Personal Information as it is defined in the CCPA.

Right to Non-Discrimination for the Exercise of a California Resident’s Privacy Rights

We will not discriminate against California residents if they exercise any of the rights provided in the CCPA as described in this section “Notice to California Residents.”

Authorized Agents

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

Shine the Light Law

We do not disclose personal information obtained through our Platform App or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

Right to Financial Privacy Act

The Right to Financial Privacy Act (“RFPA”) establishes specific procedures that federal government authorities must follow in order to obtain information from us about a customer’s financial records. Generally, these requirements include obtaining subpoenas, notifying the customer of the request, and providing the customer with an opportunity to object. The Act imposes related limitations and duties on financial institutions prior to the release of information requested by federal authorities.

Children’s Online Privacy Protection Act

The Children’s Online Privacy Protection Act (“COPPA”) was enacted to prohibit unfair and deceptive acts or practices in connection with the collection, use, or disclosure of personal information from children under the age of 13 in an online environment. Generally, the Act requires operators of Websites or online services directed to children, or that have actual knowledge that they are collecting or maintaining personal information from children online, to provide certain notices and obtain parental consent to collect, use, or disclose information about children. The FDIC is granted enforcement authority under the Act. Federal Trade Commission regulations (16 CFR 312) that implement COPPA became effective April 21, 2000.

10. Cookies and Other Tracking Technologies:
a. Like many other companies, we use cookies and other tracking technologies (such as pixels and web beacons).
b. Our Platform App uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with the Site and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The technologies used by Google Analytics do not gather information that personally identifies you. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google, click here.
c. Our Platform App uses Google reCAPTCHA, which is a free service that protects websites from spam and abuse using advanced risk analysis techniques to tell humans and bots apart. Google reCAPTCHA works differently depending on what version is deployed. For example, you may be asked to check a box indicating that you are not a robot or Google reCAPTCHA may detect abusive traffic without user interaction. Google reCAPTCHA works by transmitting certain types of information to Google, such as the referrer URL, IP address, visitor behavior, operating system information, browser and length of the visit, cookies, and mouse movements. Your use of Google reCAPTCHA is subject to Google’s Privacy Policy and Terms of Use. More information as to Google reCAPTCHA and how it works is available here.

11. International Data Transfers:
a. We operate internationally and may transfer information to the United States and other countries for the purposes described in this Privacy Policy. The United States and other countries may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. Your Data can be subject to access requests from governments, courts, or law enforcement according to the laws of those countries.
b. In addition, depending upon the jurisdiction in which you reside we may rely upon other bases such as consent or contract. To the extent that you agree to the Agreement and enter into a contract with us, you acknowledge that the transfer is necessary for performance of that contract. 

12. “Do Not Track” Signals: Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Platform App does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

13. Third Party Links: The Platform App and Services may contain links that will let you leave the Platform App and Services and access another website. Linked websites are not under our control. Except as stated herein, this Privacy Policy applies solely to Data that is acquired on the Platform App and Services. We accept no responsibility or liability for these other websites.

14. Security: We maintain commercially reasonable security measures to protect the Data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Data, we cannot guarantee absolute security.

15. Access of Services and Platform App by Children:  The Platform App and the Checking Account Services are not directed at children under 16 years of age. We do not knowingly collect Data from children under 16. If a parent or guardian becomes aware that his or her child has provided us with Data without the parent or guardian’s consent, he or she should contact us using the information below (“Contact”).

16. Contact: If you have any questions about this Policy, please contact us by email, telephone, or postal mail.

Email: support@utoppia.com
WhatsApp +1 (650) 495-2468
Hours: Customer Service agents are available to answer your calls:
Eastern Time (USA): Monday through Friday: 8:00 AM – 9:00 PM.
Central Time (USA): Monday through Friday: 8:00 AM – 8:00 PM.
Pacific Time (USA): Monday through Friday: 6:00 AM – 6:00 PM.

Postal mail: 2041 East St Unit 298, Concord, California, 94520, US.

4894-0807-1406, v. 1

Address
2041 East St Unit 298, Concord, California, 94520, US.
Founded in California, USA. Reaching the whole world.
Contact
+1 (650) 495-2468
(*)Utoppia is a financial technology company, not a bank. Banking services are provided by Regent Bank, Member FDIC. FDIC insurance only covers failure of insured depository institutions. Certain conditions must be satisfied for pass-through FDIC deposit insurance to apply.
Card issued by Payblr, Inc. pursuant to a license from Visa. Card is distributed and serviced by Utoppia.