GIRAFFE GOLD

Privacy Policy

Effective Date: March 29, 2026 | Last Updated: April 8, 2026

Your privacy matters. This policy explains what data we collect, why we collect it, and how we protect it. We never sell your personal information.

Introduction
Information We Collect
How We Use Your Information
How We Share Your Information
Data Security
Data Retention
Your Rights and Choices
Third-Party Services
Children's Privacy
California Privacy Rights (CCPA)
Changes to This Policy
Contact Us

1. Introduction

Giraffe Gold Holdings LLC ("Giraffe Gold," "we," "us," or "our") operates the Giraffe Gold mobile application and website at www.giraffegoldbar.com (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Name, email address, phone number, date of birth, and physical address when you create an account.
Identity Verification: Government-issued ID, Social Security Number (last 4 digits or full, as required for compliance), and other information necessary to verify your identity under applicable law.
Shipping Information: Physical address where you want your precious metals delivered.
Communications: Any messages, feedback, or support requests you send us.

2.2 Financial Information (via Plaid)

When you link your bank account through Plaid, we access the following information to provide our Service. We only request what we need—nothing more.

Data Type	What We Receive	Why We Need It
Account Details	Account and routing numbers	To process ACH transfers for your contributions
Transaction History	Recent transactions (typically 30-90 days): merchant name, amount, date, and category	To calculate your round-ups on eligible purchases
Account Balance	Current and available balance	To help prevent failed payments and protect you from overdraft fees
Account Holder Identity	Name, address, phone number, and email associated with your bank account	To verify your identity, prevent fraud, and comply with federal KYC requirements

What we DON'T access: Your bank login credentials (Plaid handles authentication securely), investment accounts, loan details, credit card numbers, or any accounts you don't explicitly link.

2.3 Payment Processing (via Stripe)

Payment Information: ACH transfer details processed through Stripe. We do not store your full bank credentials on our servers—Stripe handles this securely.
Transaction Records: Records of your contributions, round-ups, purchases, and precious metals deliveries.

2.4 Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers, and mobile network information.
Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns.
Location Data: General location based on IP address (we do not collect precise GPS location).
Log Data: IP address, browser type, access times, and referring URLs.

2.5 Information from Third Parties

Plaid: Bank account details, transaction data, and account verification information.
Identity Verification Services: Results of identity and fraud checks.
Stripe: Payment processing status and transaction confirmations.

3. How We Use Your Information

We use your information only for purposes directly related to providing and improving our Service:

Purpose	Data Used
Calculate and process your round-ups	Transaction history (merchant, amount, date)
Process ACH contributions	Account and routing numbers
Prevent failed payments and overdrafts	Account balance
Verify your identity (KYC/AML compliance)	Bank-verified identity data, government ID, SSN
Prevent fraud and unauthorized access	Identity data, device info, usage patterns
Purchase and ship your precious metals	Shipping address, transaction history
Communicate with you	Email, phone number
Improve our Service	Aggregated, anonymized usage data
Comply with legal obligations	As required by law

We do NOT use your data to: Sell to third parties, target you with ads, build a profile for marketing purposes, or share with anyone outside of what's needed to deliver your gold.

We never sell your personal information to third parties. Period.

We may share your information with:

4.1 Service Providers

Plaid Inc.: Bank account linking and transaction data aggregation
Stripe, Inc.: Payment processing for ACH transfers
Upstate Coin & Gold: Precious metals procurement and fulfillment
ShipSecure: Insured shipping and delivery tracking
Cloud hosting providers: Secure data storage and infrastructure

4.2 Legal and Compliance

We may disclose your information when required to:

Comply with applicable laws, regulations, or legal process
Respond to lawful requests from government authorities
Enforce our Terms of Service
Protect the rights, privacy, safety, or property of Giraffe Gold, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

4.3 Business Transfers

If Giraffe Gold is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
Bank-Level Security: Plaid provides bank-level 256-bit encryption for financial data
Read-Only Access: We use read-only permissions for bank account linking—we cannot move money without your authorization
Access Controls: Strict internal access controls limit who can access personal data
Monitoring: Continuous security monitoring and regular security assessments

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. After account closure, we may retain certain information as required by law or for legitimate business purposes:

Transaction records: 7 years (tax and regulatory compliance)
Identity verification records: 5 years after account closure (AML compliance)
Communications: 3 years
Usage data: 2 years

7. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Portability: Request your data in a portable, machine-readable format
Opt-Out: Unsubscribe from marketing communications at any time
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at privacy@giraffegoldbar.com.

8. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

Plaid: plaid.com/legal
Stripe: stripe.com/privacy

We encourage you to review these policies. We are not responsible for the privacy practices of third-party services.

9. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, please contact us at privacy@giraffegoldbar.com.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
Right to Delete: Request deletion of personal information we have collected
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply

To submit a CCPA request, email privacy@giraffegoldbar.com with "CCPA Request" in the subject line.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Updating the "Last Updated" date at the top
Sending you an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Giraffe Gold Holdings LLC
Email: privacy@giraffegoldbar.com
General: info@giraffegoldbar.com
Website: www.giraffegoldbar.com