Privacy

This Privacy Policy describes how Mo Technologies Inc. ("Mo," "we," "us," or "our") collects, uses, and discloses personal information in connection with our websites, mobile applications, and related offerings that link to this Privacy Policy (collectively, the "Services"). In this policy, "personal information" includes "personal data" as defined under applicable data protection laws.

The Services include, among others, a non-custodial, unhosted digital asset wallet experience (the "Mo Application").

Disclosure Regarding Customer Data. For most individual users of Mo, this Privacy Policy applies directly to personal information processed in connection with the Services. In some cases, Mo may provide Services to organizations under a written agreement, and Mo may process certain information on that organization's behalf ("Customer Data"). In those cases, the organization's privacy policy governs its relationship with you, and requests regarding Customer Data should be directed to that organization.

Important Note on Data Minimization. Mo practices data minimization. We directly store only minimal personal information, primarily your email address. Identity verification (KYC/KYB), payment processing, and other sensitive data handling are performed by licensed third-party compliance providers. Mo does not store identity documents, government IDs, or detailed personal verification data.

1. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. If we do, we will post the updated version and revise the "Last updated" date above. In some cases, we may provide additional notice.

2. Personal Information We Collect

2.1 Information You Provide

• Account Information. Such as name (if provided), email, phone number, and other information you submit to create or manage an account.
• Business Information (KYB). If you use the Services on behalf of a Business User, we may collect information about the entity and its beneficial owners or controllers as required for verification.
• Transaction and Blockchain Information. Such as wallet addresses, transaction hashes, token balances, and activity logs related to your use of supported networks.
• Communications. Such as emails, support requests, and messages you send to us.

2.2 Identity and Business Verification (KYC/KYB)

KYC is not mandatory for use of the Mo App. You may use basic wallet features, interact with protocols, and manage your digital assets without identity verification. Only fiat-related features (such as onramp and offramp services) require proper verification. In such cases, identity or business verification is performed and directly handled by Bridge Ventures LLC and its associates. Mo may receive verification status, risk signals, and compliance-related outcomes from them, but Mo does not itself perform identity verification or store sensitive verification documents.

2.3 Information Collected Automatically

• Device and Usage Information. Such as IP address, browser and device identifiers, app version, crash logs, and usage analytics.
• Analytics Technologies. We use cookies, SDKs, and similar technologies to understand how users interact with our Services. Current tools include:
  • Google Analytics 4 (GA4) on the website and mobile app for aggregated usage data. See Google's Privacy Policy.
  • Firebase Analytics on the website and mobile app for aggregated engagement data. See Firebase Privacy Information.
  • Cloudflare Analytics Engine for aggregated network and performance metrics related to Mo Box. See Cloudflare's Privacy Policy.
• Event Categories Collected. Analytics tools capture, in aggregate and without linking to your identity:
  • Screen and page views to understand journey flow.
  • Funnel progression across onboarding, transaction, and other key flows.
  • Feature interactions such as taps, clicks, and engagement patterns.
  • Quality and error events including crash reports, failed operations, and performance signals.
  • Store review prompt events when a native app-store review prompt is displayed after a positive milestone.

What we do not do in the current version of the Services: We do not display a cookie consent banner or prompt for analytics opt-in. We do not request Apple's App Tracking Transparency permission, collect the IDFA, or create persistent user-level analytics IDs that link events to an identified individual. All analytics data collected is aggregated and anonymized at the point of collection.

App Store Review Prompts. Our mobile application may display a native app-store review prompt after you reach a positive milestone within the app. These prompts are handled entirely by the operating system. Mo does not transmit personally identifiable information in connection with the prompt, and your choice to leave a review, or not, is not shared with us.

Sentry

We use Sentry (Functional Software, Inc.) to monitor app stability and performance. Sentry collects technical data such as device information, stack traces, and interaction events ("breadcrumbs") leading up to a crash. This data is used solely to identify and fix software bugs. IP addresses are captured for diagnostic purposes but are not used to cross-reference your identity.

Google Firebase Analytics

We use Google Firebase Analytics to understand how users interact with Mo. We have configured Firebase to NOT collect advertising identifiers (IDFA/AAID). The data collected includes app engagement metrics and general device properties (e.g., OS version, device model).

Geo-Detection & Consent

We use Cloudflare to identify your general jurisdiction (region/country) based on your IP address. This is used solely to determine if we must show you specific privacy consent options (e.g., for GDPR or CCPA compliance). We do not store your precise GPS location.

2.4 Information from Third Parties

We may receive information from third parties you connect with, such as OAuth providers, and from service providers that help us operate the Services, such as fraud prevention or compliance providers, consistent with your settings and applicable law.

3. How We Use Personal Information

We use personal information to:

• Provide, operate, maintain, and improve the Services.
• Create and administer accounts and provide customer support.
• Facilitate transactions and display relevant transaction history.
• Conduct security, fraud prevention, sanctions screening, and risk management.
• Comply with legal obligations and enforce our Terms.
• Conduct analytics and research to improve product performance.
• Send service communications and, where permitted, marketing communications with opt-out options.

4. How We Disclose Personal Information

We may disclose personal information to:

• Service Providers. Vendors who help us operate the Services, such as hosting, analytics, customer support, and security.
• Compliance and Payments Partners. Third-party compliance, payments, and banking partners where necessary to provide Services, comply with law, prevent fraud, and satisfy regulatory requirements.
• Third-Party Services You Use. When you choose to interact with Third-Party Services, disclosures may occur as needed to fulfill your request.
• Legal and Safety. Where disclosure is required by law, regulation, legal process, or to protect rights, safety, and security.
• Corporate Transactions. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

Public Blockchain Disclosures. Transactions on public blockchains may be publicly visible and searchable. We do not control and cannot delete public blockchain records.

5. Your Privacy Choices and Rights

• Marketing. You may opt out of marketing emails by using the unsubscribe link or adjusting account preferences. We may still send essential service messages.
• Device Controls. You can control push notifications and certain permissions through your device settings.
• Access and Deletion. Depending on your location, you may have rights to access, correct, delete, or port your information. Contact legal@mo.xyz to exercise those rights.
• Account Deletion. You may request account deletion through the app settings, if available, or by emailing legal@mo.xyz. We will delete or anonymize personal information under our control except where retention is required by law, regulation, or legitimate compliance obligations.

6. International Transfers

We may process and store information in the United States and other countries where we or our service providers operate. If you are located outside the U.S., your information may be transferred internationally. Where required, we use appropriate safeguards, such as standard contractual clauses.

7. Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and protect the Services. Standard retention periods are listed below.

Longer retention may apply where required by law, regulation, ongoing litigation, or audit requirements.

8. Supplemental Notice for EU and UK GDPR

If you are located in the European Economic Area or the United Kingdom, the following additional information applies to you.

8.1 Data Controller

Mo Technologies Inc. is the data controller for personal information processed under this Privacy Policy.

8.2 Legal Bases for Processing

We process personal information under the following legal bases under GDPR Article 6:

• Contract Performance: Processing necessary to provide the Services you request.
• Legal Obligation: Processing required to comply with applicable laws, including AML, KYC, and tax requirements.
• Legitimate Interests: Processing for fraud prevention, security, service improvement, and analytics where not overridden by your rights.
• Consent: Where you have provided consent for specific processing activities, such as marketing communications.

8.3 Your Rights

Subject to applicable law, you may have the right to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete personal data.
• Request erasure of your personal data.
• Restrict processing of your personal data.
• Object to processing based on legitimate interests or direct marketing.
• Receive your data in a structured, machine-readable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise your rights, contact legal@mo.xyz.

8.4 Required Information

Providing certain personal information may be required to perform a contract or comply with legal obligations. If you choose not to provide required information, some features may be unavailable.

9. Supplemental Notice for California Residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, provides you with specific rights regarding your personal information.

9.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Email address, wallet addresses, IP address, and device identifiers.
• Commercial Information: Transaction history and records of digital assets held or transferred.
• Internet or Network Activity: Browsing history on our site, app usage data, and interactions with our Services.
• Geolocation Data: Approximate location derived from IP address.
• Professional or Employment Information: For Business Users, company name and role if provided.

9.2 Sources of Personal Information

We collect personal information from you directly, automatically through your use of the Services, from third-party Compliance Providers, and from analytics providers.

9.3 Use of Personal Information

We use personal information for the business purposes described in Section 3 of this Privacy Policy.

9.4 Disclosure and Sale of Personal Information

We do not sell your personal information as defined under CCPA and CPRA. We do not share personal information for cross-context behavioral advertising.

9.5 Your California Privacy Rights

As a California resident, you have the right to:

• Know: Request information about categories and specific pieces of personal information collected, sources, business purposes, and categories of third parties with whom it is shared.
• Delete: Request deletion of personal information, subject to legal exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt Out of Sale or Sharing: We do not sell or share personal information for targeted advertising.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

9.6 How to Exercise Your Rights

To exercise your California privacy rights, contact legal@mo.xyz or submit a request through the app settings, if available. We will verify your identity before processing your request.

10. Children's Privacy

The Services are intended for users who are at least 18 years old, or the age of majority in their jurisdiction, whichever is higher. We do not knowingly collect personal information from children under 18.

11. Third-Party Websites and Applications

The Services may link to third-party websites or applications. We are not responsible for their privacy practices. Your interactions with third parties are governed by their policies.

12. Contact Us

Mo Technologies Inc. is the controller of your personal information under this Privacy Policy. If you have questions, want to exercise your rights, or have concerns about our privacy practices, contact us at: