PRIVACY POLICY

 

Last Updated: [December, 3, 2025]

 

1. Introduction

This Privacy Policy (“Policy”) explains in detail how JAM Platform LLC, a company incorporated in the United States (“Jamcard”, “we”, “us”, “our”), collects, uses, stores, discloses, and protects Personal Data when you visit our website, use our mobile application, interact with our APIs, or access any of the online features, tools, or functionalities that we make available (collectively, the “Services”).

 

This Policy applies to all interactions you have with Jamcard and governs any Personal Data that is processed when you browse, register, authenticate, connect a digital wallet, participate in integrations, communicate with us, or otherwise use the Services.

Jamcard as a Technology Platform

 

Jamcard operates solely as a non-financial software platform.

We provide:

  • user interface components for account creation and login
  • integrations for identity verification routed to external third-party providers
  • tools for viewing or interacting with crypto-assets through partner APIs
  • informational market data (prices, metadata, analytics)
  • features for managing notifications, preferences, and service settings
  • infrastructure enabling communication and support
  • blockchain connectivity modules

 

We do not hold regulatory licenses for financial, banking, payment, custody, asset management, or exchange services.

 

Jamcard’s role is limited to making available a unified interface and a set of technical tools that allow users to interact with external regulated partners.

Jamcard Is Not a Financial Institution

 

For absolute clarity, Jamcard:

  • is not a bank, financial institution, money transmitter, investment firm, or payment services provider
  • does not issue credit or debit cards
  • does not provide card processing, payment acquiring, or settlement services
  • does not perform customer due diligence (KYC), enhanced due diligence (EDD), AML/CTF/PEP screening, or risk scoring
  • does not execute, broadcast, validate, or settle blockchain transactions
  • does not provide custody of digital assets, private keys, seed phrases, or wallet management
  • does not collect or store full card information, banking credentials, or sensitive payment data
  • does not offer regulated financial or investment products

 

Any financial or regulated activity that you access through the Services is delivered exclusively by licensed third-party service providers, who act as independent data controllers or regulated entities under applicable law.

External Partners Handle All Regulated Operations

 

Jamcard integrates with trusted third-party providers who perform regulated functions such as:

  • KYC/AML identity verification (e.g., SumSub)
  • card issuance and card program management (e.g., CipherBC, HyperCard, HyperPay)
  • transaction processing and settlement
  • crypto-asset swaps, exchanges, and liquidity routing (e.g., WalletConnect, 1Inch, Uniswap)

 

These partners operate under their own regulatory authorizations and maintain their own Privacy Policies and compliance frameworks.

Jamcard may provide certain technical data necessary to initiate or complete the onboarding process, but decisions related to identity verification, risk assessments, transaction approval, or compliance checks are not made by Jamcard.

Scope and Acceptance

 

By accessing or using the Services, you:

  • acknowledge that you have read and understood this Policy;
  • consent to the collection and processing of your Personal Data as described herein;
  • agree that Jamcard acts as a platform provider and not as a regulated financial service provider;
  • recognize that regulated services are performed separately by external licensed partners.

 

If you do not agree with any part of this Policy, you must discontinue use of the Services immediately.

 

What This Policy Covers

 

This Policy outlines:

  • what Personal Data we collect;
  • how and why we process it;
  • which partners receive it;
  • how long we store it;
  • your privacy rights;
  • how to exercise them;
  • the safeguards we apply to protect your data.

 

It applies to all users globally, regardless of jurisdiction, and is intended to meet the requirements of:

  • United States privacy laws
  • California Consumer Privacy Act (CCPA/CPRA)
  • international standards including GDPR-like transparency principles (even though Jamcard does not offer services in the EU)

 

2. Key Facts and Highlights

This section provides a high-level overview of the most important points of this Privacy Policy.

It is designed to help you quickly understand what data we collect, how we use it, and what your rights are, before reviewing the full Policy.

 

2.1 Your Privacy Rights

Depending on your place of residence and the applicable privacy laws, you may have certain rights regarding your Personal Data, including (but not limited to):

  • Right to access the Personal Data we hold about you
  • Right to request correction of inaccurate or incomplete Personal Data
  • Right to request deletion of your Personal Data (subject to exceptions)
  • Right to object to certain types of processing
  • Right to restrict how your Personal Data is processed
  • Right to data portability
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to opt out of certain data sharing practices (e.g., under CCPA/CPRA)
  • Right to lodge a complaint with a supervisory authority (for visitors subject to GDPR-like regimes)

 

These rights apply where recognized under US privacy laws (CCPA/CPRA) and, for international visitors, under GDPR-equivalent privacy frameworks.

 

2.2 No Sale or Monetization of Personal Data

Jamcard does not:

  • sell
  • rent
  • trade
  • broker
  • monetize

 

your Personal Data to third parties.

We do not use Personal Data for advertising targeting outside the boundaries permitted by law.

Any data sharing with partners is strictly limited to delivering the Services you request.

 

2.3 Limited and Purpose-Driven Data Sharing

We share Personal Data only with third-party service providers who enable core functionality of the platform, including:

  • Authentication and account management (Keycloak)
  • Infrastructure hosting and cloud environment (AWS, Hetzner, HostMarket)
  • Analytics and performance monitoring (Google Analytics, Mixpanel, Hotjar)
  • Email and notification delivery (Customer.io, Mailgun, Amazon SES)
  • Customer support (Intercom)
  • Blockchain and crypto integrations (WalletConnect, Uniswap, 1Inch)
  • Verification and regulated financial services (SumSub, CipherBC, HyperCard/HyperPay)

 

Regulated partners act as independent controllers and process data according to their own compliance obligations.

 

We do not allow third parties to use Personal Data for their independent commercial purposes.

 

2.4 No EU/UK Representation and No Marketing to the EU

Jamcard does not target, market, or offer Services to individuals located within:

  • the European Union (EU)
  • the European Economic Area (EEA)
  • the United Kingdom (UK)

 

For this reason:

  • Jamcard does not appoint an EU or UK Representative under GDPR Article 27
  • Jamcard does not maintain GDPR Article 27 representation infrastructure
  • Jamcard processes EU/UK visitor data only incidentally (e.g., website visits)

 

We still maintain GDPR-level transparency and data protection practices, but we do not operate as an EU-facing service provider.

 

2.5 No Processing of Sensitive Financial Credentials

Jamcard does not:

  • store cardholder full PAN numbers
  • store CVV/CVC codes
  • store bank account numbers
  • store or process payment credentials
  • execute or settle financial transactions
  • retain private keys or seed phrases
  • operate custodial wallets

 

All sensitive or regulated operations (KYC, AML, card issuance, transaction processing, compliance screening) are performed exclusively by licensed external partners under their own regulatory frameworks.

 

Jamcard only provides:

  • routing of user-submitted data
  • status updates from partners
  • user interface elements
  • non-financial metadata

 

3. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings described below. These definitions are intended to provide clarity and should be interpreted consistently with applicable privacy laws, including U.S. privacy frameworks (e.g., CCPA/CPRA) and international standards such as the GDPR, to the extent they may be relevant.

 

3.1 “Personal Data”

Personal Data” means any information relating to an identified or identifiable natural person.

A person is considered “identifiable” if they can be identified, directly or indirectly, by reference to:

  • name, surname, username, display name
  • email address or phone number
  • identification number or government-issued ID
  • device identifiers, IP address, cookies, session IDs
  • online identifiers or linked metadata
  • information associated with a specific account
  • blockchain wallet address (where it can be linked to a user profile)
  • any combination of data that allows identification

 

Personal Data includes information you provide voluntarily, information collected automatically, information derived from interactions with the Services, and information obtained from third-party providers or public sources.

 

Personal Data does not include:

  • aggregated data that cannot reasonably identify a natural person
  • anonymized or de-identified information
  • data pertaining exclusively to non-human entities (e.g., businesses)

 

3.2 “Sensitive Personal Data” (where applicable)

Depending on applicable law, certain categories of Personal Data may be considered sensitive, including but not limited to:

  • biometric data (e.g., biometric verification photos or liveness checks performed by external KYC partners)
  • identification documents
  • criminal convictions, sanctions, or politically exposed person (PEP) status (processed solely by licensed KYC/AML partners)
  • precise geolocation (not collected by Jamcard)
  • financial identifiers or government numbers (not stored by Jamcard)

 

Jamcard does not intentionally collect or process sensitive financial credentials or full payment card details.

 

3.3 “Processing”

Processing” means any operation or set of operations performed on Personal Data, whether automated or manual.

This includes:

  • collection
  • recording
  • organization
  • structuring
  • storage
  • adaptation or modification
  • retrieval
  • consultation
  • use
  • disclosure or transmission
  • alignment or combination
  • restriction
  • deletion or destruction

 

Processing may be carried out by Jamcard or by authorized external service providers acting under contractual agreements.

 

3.4 “Controller”

A “Controller” is an entity that determines:

  • the purposes (“why”)
  • and the means (“how”)

 

of processing Personal Data.

 

Jamcard acts as a Controller only for non-regulated platform-related data, including:

  • account and profile data
  • device and analytics data
  • communications and support interactions
  • platform usage logs
  • cookie and technical identifiers

 

Licensed third-party financial partners (e.g., SumSub, CipherBC/HyperCard, payment or KYC providers) act as independent Controllers for all regulated activities.

 

3.5 “Processor”

A “Processor” is an entity that processes Personal Data on behalf of a Controller, following documented instructions and contractual requirements.

 

Examples of Processors acting on behalf of Jamcard include:

  • Keycloak (authentication and identity management)
  • AWS, Hetzner, HostMarket (hosting and cloud infrastructure)
  • Customer.io, Mailgun, Amazon SES (email sending services)
  • Google Analytics, Mixpanel, Hotjar (analytics providers)
  • Intercom (customer support)

 

Processors must implement appropriate security measures and are prohibited from using Personal Data for their own independent purposes.

 

3.6 “Third-Party Partners”

Third-Party Partners” refers to external service providers who deliver services integrated into the Jamcard platform. They may act as Controllers or Processors depending on their function.

 

Examples include:

  • SumSub (KYC/AML verification)
  • CipherBC / HyperCard (card issuance and regulated financial services)
  • WalletConnect, 1Inch, Uniswap (crypto operations and blockchain connectivity)
  • CoinGecko (market data)

 

These partners are responsible for processing Personal Data under their own regulatory obligations.

 

3.7 “Services”

Services” refers collectively to:

  • the Jamcard mobile application
  • the Jamcard website
  • user accounts, profiles, dashboards
  • blockchain interaction tools
  • integrations with third-party regulated providers
  • market analytics modules
  • notifications, support, and communication features
  • any related digital service or platform operated by Jamcard

 

3.8 “User” or “You”

User” means any natural person who:

  • installs or accesses the Jamcard mobile app
  • visits the Jamcard website
  • interacts with the Services
  • communicates with Jamcard
  • creates or manages an account

 

 

4. Who We Are and Our Processing Role

This section explains how JAM Platform LLC fits into the data-processing chain, what functions we perform directly, and which activities are carried out exclusively by third-party partners.

Understanding these roles is essential for determining how your Personal Data is handled, who is responsible for it at each stage, and which entity acts as a Controller or Processor under applicable privacy laws.

 

4.1 JAM Platform LLC as a Platform Provider

JAM Platform LLC (“Jamcard”) operates as a non-financial technology platform.

We provide digital tools that allow users to access and interact with multiple third-party services in a unified interface. We do not provide regulated financial, banking, payment, or custody services; instead, we facilitate access to external licensed partners who independently perform such regulated activities.

 

Jamcard provides the following categories of non-regulated technological services:

 

a) User Interface and Experience

 

We develop and maintain:

  • the mobile application
  • the website and user dashboards
  • navigation flows and UI components
  • connection modules to external systems

 

b) Authentication and Identity Integration

 

We provide:

  • login, logout, and session management
  • social login connections (Google, Apple)
  • technical routing of identity verification to external KYC providers

 

Jamcard itself does not evaluate, approve, reject, or store full KYC/AML data.

 

c) Routing of Verification and Compliance Requests

 

We enable encrypted transmission of:

  • KYC documents
  • identity metadata
  • regulatory information

 

These are processed exclusively by licensed partners (e.g., SumSub).

 

d) Data and API Integrations

 

We connect users to:

  • blockchain networks
  • liquidity providers
  • card issuers
  • analytical systems
  • market data sources

 

Jamcard does not control external data sources or the results of regulated checks.

 

e) Blockchain Interaction Modules

 

We provide non-custodial blockchain interaction tools such as:

  • WalletConnect
  • transaction preview modules
  • informational metadata gathering
  • read-only blockchain queries

 

Jamcard does not submit, validate, sign, or settle blockchain transactions.

 

f) Market Analytics and Informational Tools

 

We aggregate and display:

  • token metadata
  • NFT metadata
  • price feeds
  • analytic summaries
  • AI-generated informational descriptions

 

These are informational only and do not constitute investment advice.

 

g) Communication and Customer Support

 

We maintain:

  • in-app notifications
  • email communication
  • customer support through Intercom

 

Jamcard may view support requests but does not access regulated financial data.

 

4.2 JAM Platform LLC as a Controller

Jamcard acts as a Data Controller for Personal Data it determines the purpose and means of processing for.

This includes only non-regulated and platform-related data categories, such as:

 

a) Account and Profile Data

  • email, username, avatar
  • basic registration information

 

b) Device and Technical Data

  • IP address, device metadata
  • cookies and identifiers
  • diagnostic and performance logs

 

c) Usage and Analytics Data

  • interaction logs
  • event data
  • aggregated behavior metrics

 

d) Communication and Support Information

  • support tickets
  • messages sent to customer support
  • communication preferences

 

e) Platform Security and Operational Logs

  • login history
  • API access logs
  • abuse prevention metadata

 

Jamcard does not control:

  • KYC outcomes
  • AML decisions
  • card issuance
  • PEP/sanctions checks
  • financial risk assessments
  • transaction approvals or denials

These functions are exclusively controlled by external regulated partners.

 

4.3 External Partners as Independent Controllers

Several third-party licensed or regulated partners act as independent Controllers, meaning they independently determine why and how they process Personal Data. Jamcard does not influence or override their decisions. These entities have their own legal obligations, compliance requirements, and Privacy Policies.

 

The following partners act as Independent Controllers:

 

a) Identity and Compliance Providers

  • SumSub — conducts KYC/AML/CTF/PEP screening

Processes identity documents, biometrics, proof of address, and risk scoring.

 

b) Card Issuance and Financial Operations

  • CipherBC / HyperCard / HyperPay

Handle card issuance, transaction processing, regulatory checks, and AML monitoring.

 

c) Social Authentication Providers

  • Google
  • Apple

Receive data directly when you use social login.

 

d) Blockchain and Liquidity Providers

  • WalletConnect
  • Uniswap
  • 1Inch
  • and similar blockchain gateways

These entities provide wallet connectivity and blockchain transaction routing (non-custodial).

 

Processing Characteristics

  • They may receive Personal Data directly from the user or via secure API.
  • They process Personal Data under their own legal basis and regulatory obligations.
  • Their decisions (e.g., KYC approval, transaction refusal) are not controlled or reviewable by Jamcard.

 

Users should review the privacy policies of these independent controllers separately.

 

4.4 External Processors (acting on behalf of Jamcard)

Jamcard engages carefully vetted third-party service providers that act as Processors, meaning they process Personal Data solely based on Jamcard’s documented instructions and for Jamcard’s defined purposes.

 

These Processors include:

 

a) Authentication & Access Infrastructure

  • Keycloak — account lifecycle management, authentication flows

 

b) Cloud Hosting & Infrastructure

  • Amazon Web Services (AWS)
  • Hetzner
  • HostMarket

Provide encrypted hosting, databases, and operational infrastructure.

 

c) Communication & Notification Services

  • Customer.io — transactional and service emails, push notifications
  • Mailgun, Amazon SES — technical email delivery

 

d) Analytics & Optimization

  • Mixpanel — event-based behavioral analytics
  • Hotjar — heatmaps, UX insights
  • Google Analytics — aggregated performance and traffic metrics

 

Analytics tools do not receive full KYC data or sensitive financial identifiers.

 

e) Customer Support

  • Intercom — support chat, ticket handling, automated responses

 

f) Market Data & Token Metadata Providers

  • CoinGecko — crypto market data, price feeds, token metadata

 

Processor Obligations

 

All Processors are contractually required to:

  • implement robust security safeguards
  • process only according to Jamcard’s instructions
  • not use Personal Data for their own purposes
  • maintain confidentiality
  • assist with deletion/rectification requests where applicable

 

Jamcard regularly reviews and audits such providers to ensure compliance with security, privacy, and data protection standards.

 

5. Personal Data We Collect

 

5.1 Identification and Contact Data

  • First and last name (for KYC submission or profile)
  • Email address
  • Username
  • Phone number (KYC)
  • Profile photo/avatar

 

5.2 Device and Technical Data

  • IP address
  • User agent
  • Browser type & version
  • Operating system
  • Time zone
  • ISP
  • Session identifiers
  • Network metadata
  • Device information (model, OS, SDK)

 

5.3 Geolocation Data

  • Approximate location from IP address

(No GPS-level tracking.)

 

5.4 Crypto & Wallet Data

  • Public blockchain address
  • Connected wallet type
  • Token balances, metadata, NFTs
  • Recipient address (for user-initiated transactions)
  • Blockchain explorer identifiers

Jamcard does not control or store private keys.

 

5.5 Transaction Metadata (Non-Financial)

  • Wallet interactions
  • Smart contract calls initiated by the user
  • Timestamp, network, gas fees (read-only via node providers)

Financial execution itself is external.

 

5.6 KYC/AML Data (via external regulated providers)

KYC and AML checks are conducted exclusively by our licensed partner, SumSub. Jamcard does not perform identity verification, does not evaluate user documentation, and does not store full KYC datasets.

Categories of Data Collected by SumSub (Not by Jamcard)

To comply with regulatory requirements applicable to SumSub and other licensed entities involved in KYC/AML operations, the following categories of Personal Data may be collected directly by SumSub

Collected data may include:

  • Passport / ID card
  • Selfie for biometric verification
  • Proof of address (utility bill)
  • Date of birth
  • Criminal records (where legally required)
  • PEP status

 

Jamcard only receives KYC status, e.g., “approved”, “pending”, “failed”.

 

5.7 Data from Third-Party APIs

  • Google Analytics (usage data)
  • Mixpanel (events, behavior flows)
  • Hotjar (heatmaps, session recordings)
  • Customer.io (delivery status, opens)
  • WalletConnect, 1Inch, Uniswap (transaction data)
  • CoinGecko (market metadata)
  • Metaplex (NFT metadata)

 

5.8 Cookies & Tracking Identifiers

  • Functional cookies
  • Security cookies (XSRF tokens)
  • Analytics cookies (Google, Mixpanel)
  • Marketing cookies (with consent)

 

6. How We Collect Personal Data

  • Through the app or website (registration, login, wallet connection, customer support)
  • Through external partner APIs (KYC, card operations)
  • Through automated tracking tools (analytics, logs, cookies)
  • Through social login integrations (Google, Apple)
  • Through blockchain networks (public ledger)

 

7. Purposes of Processing Personal Data

We process Personal Data only for clearly defined and legitimate purposes.

These purposes fall into the following categories:

 

7.1 Service Provision

We use Personal Data to deliver the core functionality of the platform, including:

  • Creating and managing your account: storing registration details, authentication identifiers, and user settings.
  • Enabling authentication: allowing you to log in securely using email, password, or social login providers.
  • Routing KYC/AML verification: securely transmitting your identity information to licensed external KYC providers; Jamcard does not perform the checks.
  • Integrating card services and wallet tools: enabling access to external card issuers, wallet providers, and blockchain interaction modules.
  • Displaying market analytics: showing token data, price feeds, and AI-generated insights.
  • Maintaining transaction history (non-financial metadata): storing public blockchain metadata and service-related activity logs for your convenience and auditability.

 

7.2 Security and Compliance

We process certain data to keep the platform safe and operational:

  • Fraud prevention: detecting suspicious patterns or abnormal activity.
  • Threat detection: identifying malicious behavior, potential attacks, or security risks.
  • Abuse monitoring: preventing platform misuse, spam, or automated exploitation.
  • Preventing unauthorized access: protecting accounts through device checks, IP monitoring, and authentication safeguards.
  • Compliance with contractual obligations: ensuring that integrations with partners function according to required standards and terms.

 

7.3 Communication

We use Personal Data to interact with you and ensure smooth service delivery:

  • Service-related notifications: updates about account status, verification steps, or feature availability.
  • Technical alerts: security warnings, maintenance notices, or service disruptions.
  • Customer support interactions: responding to your inquiries, troubleshooting issues, and resolving support requests.

 

7.4 Service Improvement

We analyze usage data to improve and optimize the platform:

  • Analytics: understanding how features are used to enhance performance and user experience.
  • UX optimization: improving navigation, workflows, and interface clarity.
  • Feature performance testing: testing new functionalities, A/B variations, and product configurations.
  • Crash diagnostics: identifying errors, bugs, or performance issues to maintain platform stability.

 

7.5 Legal Purposes

We process data when required to meet legal or regulatory obligations:

  • Compliance with AML/KYC laws (performed by partners): regulated providers may require certain data to verify identity or assess risk.
  • Responding to law enforcement requests: providing information when legally compelled by valid legal process.
  • Resolving disputes: supporting investigations, claims, or account-related issues.
  • Enforcing contractual rights: ensuring compliance with our Terms of Use and preventing violations.

 

8. Legal Bases for Processing

Depending on your location, we rely on:

 

8.1 Contractual Necessity

  • account creation
  • authentication
  • providing platform features
  • forwarding KYC requests

 

8.2 Legitimate Interests

  • service improvement
  • analytics
  • security and fraud monitoring
  • internal administration

 

8.3 Legal Obligation

(for partners who perform regulated activities)

  • AML/KYC
  • anti-fraud
  • transaction monitoring

 

8.4 Consent

  • marketing emails
  • non-essential cookies
  • analytics tools

You may withdraw consent anytime.

 

9. Automated Decision-Making and AI

Jamcard uses limited forms of automated processing and artificial intelligence (“AI”) to enhance the user experience and provide non-regulated informational features. These tools operate strictly within predefined boundaries and do not make decisions that have legal or similarly significant effects on users.

AI Tools Used by Jamcard

Jamcard integrates third-party AI models—including OpenAI GPT and Google Gemini—for non-sensitive, informational purposes such as:

  • Generating token descriptions: producing concise, readable explanations of digital assets, token utilities, and metadata.
  • Summarizing market data: creating condensed overviews of price movements, volume changes, and general market trends.
  • Automated insights: preparing high-level, informational summaries or highlights within the app.
  • Content personalization: tailoring non-critical informational content based on general usage patterns (not based on identity, financial profile, or personal preferences considered sensitive).

These outputs are meant solely to improve usability and do not constitute financial advice or automated financial decision-making.

 

What We Do NOT Use AI For

 

Jamcard does not use AI for any form of regulated, sensitive, or consequential decision-making, including:

  • Credit scoring or financial capacity assessment
  • Risk assessment, fraud scoring, sanctions checks, AML/CTF analysis
  • Approval, rejection, or review of KYC/AML submissions
  • Decision-making that affects access to financial services
  • Automated decisions that produce legal or similarly significant effects

 

All regulated decisions (including identity verification, AML screening, and card program approvals) are conducted exclusively by licensed external partners.

 

No Sensitive or Regulated Data Provided to AI

 

Jamcard does not transmit or expose the following to AI systems:

  • KYC documents (IDs, passports, selfies, proofs of address)
  • Biometric data
  • Financial identifiers or payment information
  • Compliance, AML, sanctions, or PEP results
  • Private keys, seed phrases, wallet secrets
  • Any sensitive regulatory or financial data

 

AI modules receive only non-identifiable, non-sensitive, and non-financial inputs necessary for generating informational content.

 

Human Oversight

 

Any decision related to:

  • onboarding eligibility
  • access to regulated financial services
  • KYC/AML approval
  • risk or fraud determinations

 

is made by human reviewers at licensed partner institutions—not by Jamcard and not by AI.

 

10. Sharing of Personal Data

We do not sell your Personal Data.

 

10.1 We share data with:

Technical providers (processors):

  • Keycloak
  • AWS
  • Hetzner
  • HostMarket
  • Customer.io
  • Mixpanel
  • Google Analytics
  • Hotjar
  • Mailgun
  • Intercom
  • CoinGecko

 

Regulated financial partners (independent controllers):

  • CipherBC / HyperCard / HyperPay
  • SumSub
  • Exchanges or swap providers (Uniswap, 1Inch)

 

Blockchain networks:

 

Any transaction you perform is public by design (on-chain).

 

Legal and Compliance Recipients:

  • law enforcement agencies
  • supervisory authorities
  • anti-fraud bodies

(only when required by law)

 

11. International Data Transfers

Data may be transferred to:

  • United States
  • European Union
  • United Kingdom
  • Other jurisdictions where partners operate

 

Transfers comply with:

  • Standard Contractual Clauses (SCC)
  • DPAs with processors
  • Encryption protocols
  • Zero-access or minimal access tooling

 

Jamcard does not use EU Art. 27 representative because the service is not offered to EU residents.

 

12. Data Retention

Unless a longer period is required by law or partner obligations, Jamcard retains:

  • Account data: 3 years after deletion
  • Technical logs: 3 years
  • Support tickets: 3 years from last communication
  • Marketing preferences: until you opt-out
  • KYC data: stored by SumSub according to AML regulations (5–10 years depending on jurisdiction)
  • Cookies: per the cookie policy (typically session to 2 years)

 

13. Security Measures

We implement a combination of technical, organizational, and physical safeguards designed to protect Personal Data against unauthorized access, loss, misuse, alteration, or disclosure. While no system can guarantee absolute security, Jamcard follows industry-standard best practices appropriate for a technology platform integrating sensitive partners.

 

13.1 Technical Measures

We use advanced security technologies to ensure secure transmission, storage, and system operations:

  • TLS/HTTPS encryption: all data exchanged between your device and our servers is encrypted in transit using modern TLS protocols.
  • End-to-end encrypted channels: sensitive communication between services and API partners is encrypted to prevent interception.
  • Firewall and DDoS protection: our infrastructure is protected by firewalls, rate-limiting systems, and automated DDoS mitigation tools.
  • Role-based access control (RBAC): internal system access is restricted based on job responsibilities and least-privilege principles.
  • Multi-factor authentication (MFA): administrative access to systems requires additional authentication factors.
  • Encrypted databases: stored data is encrypted at rest using industry-standard encryption algorithms.
  • Network segmentation: sensitive components are isolated within restricted network zones to minimize exposure.
  • Secure cloud infrastructure: we host the platform on reputable cloud providers (AWS, Hetzner, HostMarket) with strong built-in security and redundancy.

 

13.2 Organizational Measures

We apply internal policies and controls to ensure responsible data handling:

  • Employee training: staff receive ongoing training on security, privacy, and data-protection best practices.
  • Restricted access: only authorized personnel with a legitimate business need may access Personal Data.
  • Non-Disclosure Agreements (NDAs): employees and contractors are required to sign confidentiality agreements.
  • Vendor assessments: third-party providers undergo due-diligence reviews to ensure compliance with security and privacy standards.
  • Incident response plan: procedures are in place to detect, manage, and mitigate security incidents, including user notification where legally required.

 

13.3 Physical Measures

We rely on secure, professionally managed facilities that protect data at the physical layer:

  • Secure data centers: our hosting providers operate Tier III or higher facilities with robust physical protections.
  • Controlled access: access to server rooms and storage areas is restricted through authentication systems (keycards, biometrics, etc.).
  • Surveillance systems: data centers employ 24/7 monitoring, CCTV, intrusion detection, and environmental controls.

 

14. Your Rights

Depending on your jurisdiction and applicable privacy regulations (such as CCPA/CPRA, GDPR-like frameworks, or similar international laws), you may have the following rights regarding the Personal Data we process about you. These rights exist to give you transparency, control, and the ability to manage how your data is used.

 

14.1 Right of Access

You may request confirmation of whether we process your Personal Data and, if so, receive a copy of the data we hold along with supporting information about how it is used.

 

14.2 Right to Correction (Rectification)

If any Personal Data about you is inaccurate, incomplete, or outdated, you may request that we correct or update it.

 

14.3 Right to Deletion (“Right to Be Forgotten”)

You may request deletion of your Personal Data in circumstances permitted by law—for example, when the data is no longer needed for the purposes for which it was collected or when you withdraw consent.

Some data may be retained where required for legal or contractual obligations (e.g., security logs, compliance records handled by partners).

 

14.4 Right to Restrict Processing

You may request that we temporarily limit or suspend the processing of your Personal Data under certain conditions, such as when verifying its accuracy or when you object to specific processing activities.

 

14.5 Right to Data Portability

You may request to receive certain Personal Data in a structured, commonly used, machine-readable format, and/or request that we transfer it to another provider where technically feasible.

 

14.6 Right to Object

Where processing is based on legitimate interests or for analytics/optimization purposes, you may object to such processing.

We will honor your request unless we have compelling legitimate grounds or legal obligations to continue.

 

14.7 Right to Withdraw Consent

If we rely on your consent for any specific processing activity (e.g., marketing communications or non-essential cookies), you may withdraw that consent at any time.

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

 

14.8 Right to Lodge a Complaint

If you believe your privacy rights have been violated, you may submit a complaint to the relevant data protection authority in your jurisdiction.

(For example, a state privacy regulator under U.S. law or a supervisory authority for international visitors.)

 

14.9 Response Time

We aim to respond to all verified privacy requests within 30 days.

In certain cases, this period may be extended where allowed by law (e.g., for complex or multiple requests). If an extension is required, we will notify you.

 

15. Children’s Privacy

The Services are not intended for individuals under 16 years old.

We do not knowingly process children’s data.

If discovered, such accounts will be deleted.

 

16. Changes to This Policy

We may update this Policy periodically.

You will be notified of material changes.

The date of the last update appears at the top.

 

17. Contact Information

For privacy inquiries or requests:

 

privacy@jamcard.io

info@jamcard.io

 

Address:

JAM Platform LLC

8 The Green, Suite A

Dover, DE 19901

USA

 

 

 

 

Converted to HTML with WordToHTML.net | Document Converter for Windows