Privacy Policy

This Privacy Policy describes how Mo Technologies Inc. ("Mo," "we," "us," or "our") collects, uses, and discloses personal information in connection with our websites, mobile applications, and related offerings that link to this Privacy Policy (collectively, the "Services"). In this policy, "personal information" includes "personal data" as defined under applicable data protection laws.

The Services include, among others, a non-custodial, unhosted digital asset wallet experience (the "Mo Application").

Disclosure Regarding Customer Data. For most individual users of Mo, this Privacy Policy applies directly to personal information processed in connection with the Services. In some cases, Mo may provide Services to organizations (for example, an employer or business) under a written agreement, and Mo may process certain information on that organization's behalf ("Customer Data"). In those cases, the organization's privacy policy governs its relationship with you, and requests regarding Customer Data should be directed to that organization.

Important Note on Data Minimization. Mo practices data minimization. We directly store only minimal personal information (primarily your email address). Identity verification (KYC/KYB), payment processing, and other sensitive data handling are performed by licensed third-party compliance providers. Mo does not store identity documents, government IDs, or detailed personal verification data.

1. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. If we do, we will post the updated version and revise the "Last updated" date above. In some cases, we may provide additional notice.

2. Personal Information We Collect

2.1 Information You Provide

• Account Information. Such as name (if provided), email, phone number, and other information you submit to create or manage an account.
• Business Information (KYB). If you use the Services on behalf of a Business User, we may collect information about the entity and its beneficial owners or controllers as required for verification.
• Transaction and Blockchain Information. Such as wallet addresses, transaction hashes, token balances, and activity logs related to your use of supported networks.
• Communications. Such as emails, support requests, and messages you send to us.

2.2 Identity/Business Verification (KYC/KYB)

Where required to provide certain Services (including fiat on-ramp/off-ramp, virtual accounts, or certain limits), identity or business verification is performed by third-party compliance providers. In connection with these services, Mo may collect and transmit required information to such providers, and may receive verification status, risk signals, sanctions screening results, and compliance-related outcomes from them. Mo does not itself perform identity verification.

2.3 Information Collected Automatically

• Device and Usage Information. Such as IP address, browser/device identifiers, app version, crash logs, and usage analytics.
• Cookies and Similar Technologies. We may use cookies, pixels, SDKs, and similar technologies to operate the Services, remember preferences, and understand usage. For more information and to manage your cookie preferences, please see our cookie consent banner displayed when you first visit our Site.

2.4 Information from Third Parties

We may receive information from third parties you connect with (for example, OAuth providers), and from service providers that help us operate the Services (for example, fraud prevention or compliance providers), consistent with your settings and applicable law.

3. How We Use Personal Information

We use personal information to:

• Provide, operate, maintain, and improve the Services;
• Create and administer accounts and provide customer support;
• Facilitate transactions and display relevant transaction history;
• Conduct security, fraud prevention, sanctions screening, and risk management;
• Comply with legal obligations and enforce our Terms;
• Conduct analytics and research to improve product performance;
• Send service communications (and marketing where permitted, with opt-out options).

4. How We Disclose Personal Information

We may disclose personal information to:

• Service Providers. Vendors who help us operate the Services (e.g., hosting, analytics, customer support, security).
• Compliance and Payments Partners. Third-party compliance, payments, and banking partners (including providers of KYC/KYB, virtual accounts, and fiat on-ramp/off-ramp services) where necessary to provide the Services, comply with legal obligations, prevent fraud, and satisfy regulatory requirements.
• Third-Party Services You Use. When you choose to interact with Third-Party Services, disclosures may occur as needed to fulfill your request.
• Legal and Safety. Where we believe disclosure is required by law, regulation, legal process, or to protect rights, safety, and security.
• Corporate Transactions. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

Public Blockchain Disclosures. Transactions on public blockchains may be publicly visible and searchable. We do not control and cannot delete public blockchain records.

5. Your Privacy Choices and Rights

• Marketing. You may opt out of marketing emails by clicking the "unsubscribe" link at the bottom of any marketing email, or by adjusting your notification preferences in your account settings. We may still send essential service messages (such as security alerts and transaction confirmations).
• Device Controls. You can control push notifications and certain permissions through your device settings.
• Access/Deletion. Depending on your location, you may have rights to access, correct, delete, or port your information. To exercise these rights, contact us at legal@mo.xyz.
• Account Deletion. You may request account deletion through the Settings section of the App (if available) or by emailing legal@mo.xyz. Upon receiving your request, we will delete or anonymize personal information under our control, except where retention is required by law, regulation, or legitimate compliance obligations (including AML, sanctions, tax, or audit requirements). Certain information may be retained and/or shared with Compliance Providers as required to comply with legal obligations.

6. International Transfers

We may process and store information in the United States and other countries where we or our service providers operate. If you are located outside the U.S., your information may be transferred internationally. Where required, we use appropriate safeguards (such as standard contractual clauses).

7. Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and protect the Services. Below are our standard retention periods:

Longer retention may apply where required by law, regulation, ongoing litigation, or audit requirements.

8. Supplemental Notice for EU/UK GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the following additional information applies to you:

8.1 Data Controller

Mo Technologies Inc. is the data controller for personal information processed under this Privacy Policy.

8.2 Legal Bases for Processing

We process your personal information based on the following legal bases under GDPR Article 6:

• Contract Performance: Processing necessary to provide the Services you have requested (e.g., account creation, transaction processing).
• Legal Obligation: Processing required to comply with applicable laws (e.g., AML/KYC requirements, tax reporting, responding to lawful requests from authorities).
• Legitimate Interests: Processing for our legitimate business interests where not overridden by your rights (e.g., fraud prevention, security, service improvement, analytics).
• Consent: Where you have provided consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time.

8.3 Your Rights

Subject to applicable law, you have the right to:

• Access your personal data and receive a copy;
• Rectify inaccurate or incomplete personal data;
• Request erasure of your personal data ("right to be forgotten");
• Restrict processing of your personal data;
• Object to processing based on legitimate interests or for direct marketing;
• Data portability (receive your data in a structured, machine-readable format);
• Withdraw consent at any time (where processing is based on consent);
• Lodge a complaint with a supervisory authority in your jurisdiction (e.g., the Information Commissioner's Office in the UK, or relevant Data Protection Authority in your EU member state).

To exercise your rights, contact us at legal@mo.xyz.

8.4 Required Information

Providing certain personal information may be required to perform a contract or comply with legal obligations. If you choose not to provide required information, some features may be unavailable.

9. Supplemental Notice for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

9.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Email address, wallet addresses, IP address, device identifiers.
• Commercial Information: Transaction history, records of digital assets held or transferred.
• Internet/Network Activity: Browsing history on our Site, app usage data, interactions with our Services.
• Geolocation Data: Approximate location derived from IP address.
• Professional/Employment Information: For Business Users, company name and role (if provided).

9.2 Sources of Personal Information

We collect personal information from: (a) you directly; (b) automatically through your use of the Services; (c) third-party Compliance Providers (verification status and risk signals only); and (d) third-party analytics providers.

9.3 Use of Personal Information

We use personal information for the business purposes described in Section 3 of this Privacy Policy.

9.4 Disclosure and Sale of Personal Information

We do not sell your personal information as defined under CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising. We may disclose personal information to service providers and Compliance Providers for business purposes as described in Section 4.

9.5 Your California Privacy Rights

As a California resident, you have the right to:

• Know: Request information about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
• Delete: Request deletion of your personal information, subject to legal exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt-Out of Sale/Sharing: We do not sell or share personal information for targeted advertising.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

9.6 How to Exercise Your Rights

To exercise your California privacy rights, contact us at legal@mo.xyz or submit a request through the Settings section of the App. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

10. Children's Privacy

The Services are intended for users who are at least 18 years old (or the age of majority in their jurisdiction, whichever is higher). We do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a user under 18 without verified parental consent, we will delete it. If you believe a child under 18 has provided us with personal information, please contact us at legal@mo.xyz.

11. Third-Party Websites/Applications

The Services may link to third-party websites or applications. We are not responsible for their privacy practices. Your interactions with third parties are governed by their policies.

12. Contact Us

Mo Technologies Inc. is the controller of your personal information under this Privacy Policy. If you have questions, want to exercise your rights, or have concerns about our privacy practices, contact us at: