Ecosystem Privacy Policy

1. Introduction

This Privacy Policy explains how the Buburuza™ group of companies collects, uses, shares, protects, and manages your personal information across our global AI-powered ecosystem, including digital banking, crypto services, lending, wealth management, and real-world asset tokenization. "Buburuza™," "we," "us," or "our" refers to our entities collectively. By using our Services, you consent to these practices and acknowledge our compliance with applicable laws. We prioritize privacy as a core value, ensuring data is handled responsibly to support innovation while respecting your rights.

2. Who We Are & The Role of Each Entity

‍

Our structure ensures specialized, compliant data handling:

• Buburuza Corp. (USA): Oversees group-wide data governance.
• Buburuza Bank Ltd. (Comoros): Primary controller for crypto, lending, trusts, and investments.
• Buburuza AI Inc. (Canada): Controls fiat transfers and related compliance data.
• Buburuza Limited (Hong Kong): Manages credit card data.
  ‍

Data is shared internally only as necessary for Services, under strict controls.

3. Information We Collect

‍

We collect data to deliver and secure Services:

• Identifiers: Name, email, phone, address, IP, government IDs.
• Account Data: Username, password hashes, preferences, biometric templates (for KYC/authentication).
• Financial Data: Bank details, transaction history, source of funds/wealth, asset holdings (fiat/crypto/tokenized).
• Business Data: For corporates, registration docs, beneficial owners.
• Usage/Device Data: Interactions, device info, cookies for analytics/security.
• Communications: Support queries, feedback.
  We minimize collection and anonymize where possible.

4. How and Why We Use Your Information

Uses are limited to legitimate purposes:

• Service Delivery: Account creation, transactions, lending underwriting, wealth optimization via AI.
• Security/Compliance: Biometric KYC, AI fraud detection, sanctions screening.
• Communications: Service updates, alerts (with opt-out for marketing).
• Improvements: AI analytics for platform enhancements (anonymized data).
• Legal Obligations: Tax reporting (CRS/FATCA), audits.
  Processing is based on consent, contract necessity, legal requirements, or legitimate interests (e.g., security).

5. How We Share Your Information

Sharing is minimized and protected:

• Internally: Across entities for integrated Services (e.g., fiat to crypto conversion).
• Service Providers: Trusted partners under data processing agreements.
• Authorities: For legal compliance (e.g., subpoenas).
• Business Transfers: In mergers/acquisitions, with protections.
• With Consent: For specific purposes you approve.
  No sales of personal data.

6. International Data Transfers

Data may transfer across borders (e.g., USA, Canada, Comoros, Hong Kong) with safeguards like standard contractual clauses, adequacy decisions, or binding corporate rules, ensuring equivalent protection.

7. Data Security

We implement comprehensive measures: AES-256 encryption, MFA, AI monitoring, regular audits, and incident response plans. For self-sovereign wallets, you control security via seed phrases—we provide guidance but no recovery.

‍

8. Data Retention

Retained as needed for Services/legal obligations (e.g., 5-10 years), then securely deleted.

9. Your Rights

You may: access, correct, delete, or port data; object/restrict processing; withdraw consent (where applicable). Requests to support@buburuza.com; responses within 30 days.

10. Children's Privacy

Services are for users 18+; we do not knowingly collect data from minors.

11. Changes to This Policy

Updates notified via email/platform; continued use implies acceptance. Material changes require affirmative consent.

12. Contact Us

Email: support@buburuza.com.