Privacy Policy

1. Introduction

XPEND Technologies Inc. ("XPEND," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our virtual credit card platform, mobile applications, and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect

2.1 Personal Information

We may collect the following categories of personal information:

• Wallet addresses and blockchain transaction data
• Email address (if provided for notifications)
• Device information and IP addresses
• Transaction history and spending patterns
• Virtual card usage data and merchant information
• Communication preferences and support interactions

2.2 Financial Information

To provide our virtual card services, we collect and process:

• Solana wallet public addresses
• SOL deposit and conversion amounts
• USD balance and transaction records
• Virtual card numbers, expiration dates, and CVV codes
• Merchant transaction data including purchase amounts and dates

2.3 Automatically Collected Information

When you access our Services, we automatically collect device information, browser type, operating system, access times, pages viewed, and referring URLs. We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns.

3. How We Use Your Information

We use the information we collect to:

• Process SOL to USD conversions and manage your account balance
• Generate and manage virtual credit cards
• Process transactions with merchants via x402 payment infrastructure
• Detect and prevent fraud, unauthorized transactions, and abuse
• Comply with legal obligations, including AML and KYC requirements
• Provide customer support and respond to inquiries
• Improve and optimize our Services
• Send transactional notifications and security alerts
• Conduct analytics and research to enhance user experience

4. How We Share Your Information

We may share your information with:

4.1 Service Providers

Third-party vendors who perform services on our behalf, including payment processors, card network providers (Mastercard), fraud detection services, cloud hosting providers, and analytics platforms.

4.2 Payment Networks

Transaction data is shared with payment networks and merchants to process your virtual card purchases. This includes card details, transaction amounts, and merchant identifiers.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement industry-standard security measures to protect your information:

• PCI-DSS compliant infrastructure for card data handling
• End-to-end encryption for all data transmissions
• Hardware security modules (HSM) for cryptographic operations
• Regular security audits and penetration testing
• Multi-factor authentication for account access
• Real-time fraud monitoring and anomaly detection

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Transaction records are retained for a minimum of seven (7) years as required by financial regulations. You may request deletion of your account data, subject to our legal retention requirements.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information, subject to legal requirements
• Portability: Request transfer of your data in a machine-readable format
• Opt-out: Opt out of marketing communications at any time
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us at privacy@xpend.io.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and compliance with applicable data protection frameworks.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Detect and prevent fraud

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: