Privacy Policy

4Pay Finance, trade name of B4U Soluções de Cobrança e Pagamentos Ltda, registered with CNPJ/MF under number 46.977.494/0001-60, hereinafter simply referred to as '4Pay Finance', recognizes the importance of privacy and the protection of its users' personal data, in accordance with the highest standards of ethics and transparency.

This document establishes the Privacy Policy of 4Pay Finance, drafted in strict compliance with the provisions of Law 13.709, of August 14, 2018 (Lei Geral de Proteção de Dados - LGPD), the Brazilian Civil Code (CC), and Law 12.965, of April 23, 2014 (Marco Civil da Internet), aiming to ensure the protection of the fundamental rights of freedom and privacy and the free development of the personality of the natural person.

The purpose of this Privacy Policy is to establish the conditions under which any personal information we may collect from you, or that you provide to us, will be processed and protected by 4Pay Finance. We understand that your privacy is of paramount importance, and we are committed to using it responsibly, keeping it secure, and respecting your choices and rights.

By defining this policy, 4Pay Finance also seeks to highlight its commitment to complying with the applicable laws, protecting not only the personal data processed through its features but also reinforcing its commitment to security, respect, and transparency towards its users.

This document applies to all users of 4Pay Finance, clearly and accessibly establishing the practices adopted, evidencing our commitment to Art. 1 and the Sole Paragraph of Law 13.709/2018, which highlights the objective of protecting the fundamental rights of freedom and privacy, and Art. 21 of the Brazilian Civil Code, which ensures the inviolability of the private life of the natural person, aiming at a relationship of trust with the user through the ethical and lawful processing of their personal data.

1. Purpose of the Privacy Policy

This Privacy Policy primarily aims to ensure 4Pay Finance's commitment to the security, privacy, and protection of users' personal data, clearly establishing the guidelines under which the personal information collected is processed.

In accordance with the principles of Law 13.709, of August 14, 2018 (Lei Geral de Proteção de Dados - LGPD), the Brazilian Civil Code, and the Marco Civil da Internet (Law 12.965, of April 23, 2014), 4Pay Finance undertakes to respect the privacy and confidentiality of users' data and information, guaranteeing the right to clear information about the collection, use, storage, processing, and protection of such data. This document has the following purposes:

• Establish the conditions under which personal data is collected, used, stored, shared, and protected by 4Pay Finance, ensuring transparency in the processing of such information and respect for users' privacy.
• Ensure that users understand what data is collected, the reasons for the collection, and how such data can be updated, managed, exported, or deleted.
• Inform about the security practices implemented to protect personal data against unauthorized access, improper or unlawful alterations, as well as against loss, misuse, alteration, or disclosure.
• Spell out users' rights in relation to their data, including the right of access, correction, deletion, and portability of data, and how they can exercise such rights.

The adoption of these guidelines reaffirms 4Pay Finance's commitment to strictly complying with all legal regulations applicable to the processing of personal data, in addition to reflecting the organization's values with respect to privacy, integrity, and trust, building a solid and transparent relationship with users.

2. Applicability of the Privacy Policy

This Privacy Policy applies to all users of 4Pay Finance for the intermediation of payments with crypto assets, hereinafter simply referred to as '4Pay Finance'. This scope includes, without limitation, users who engage with 4Pay Finance as end consumers, merchants, advertisers, and any other parties that interact with the services offered.

The Policy extends to all modes of access to and use of 4Pay Finance, including but not limited to access via websites, mobile applications, APIs, or any other form of access to the systems provided by 4Pay Finance, regardless of the device used (computers, mobile phones, tablets, etc.).

It is imperative that all users carefully read this Privacy Policy before starting to use 4Pay Finance, since by accessing, browsing, or otherwise using the services offered by 4Pay Finance, users agree to the terms presented herein. If the user does not agree with any of the terms established in this Policy, it is recommended that they do not use the services offered by 4Pay Finance.

The applicability of this Privacy Policy also holds regardless of the user's physical location or the geographical origin where personal data is collected, processed, or stored, as established by Art. 3, III, of Law 13.709, of August 14, 2018. In this way, this Privacy Policy and 4Pay Finance's data processing practices are aligned with the principles established in relevant national legislation, thereby ensuring the protection of privacy and the fundamental rights of freedom and privacy.

This Policy does not apply to third-party websites, services, or products, even if accessible through links or advertisements on 4Pay Finance. It is recommended to read the privacy policies of such third-party services before providing any personal information.

4Pay Finance reserves the right to update or modify this Privacy Policy at any time, with or without prior notice. It is up to users to review the Policy regularly to stay informed about any changes. Continued use of 4Pay Finance after such changes will constitute acceptance of them by the user.

3. User Acceptance

The use of 4Pay Finance for the intermediation of payments with crypto assets ('4Pay Finance') presupposes the user's unequivocal reading, understanding, and acceptance of this Privacy Policy. By proceeding with access to or use of the services offered by 4Pay Finance, the user expresses their free, express, and informed consent, agreeing to be bound by the terms set forth herein, including with respect to the collection, storage, processing, handling, and protection of their personal data, as established by the applicable regulations, in particular Law 13.709, of August 14, 2018.

The user's acceptance is deemed granted at the time they perform affirmative actions that indicate a clear acceptance of the terms of this Privacy Policy, such as ticking a selection box in a digital interface (when available), registering or creating an account on 4Pay Finance, the continued use of the services offered by 4Pay Finance after having been informed about updates to the Privacy Policy, among other actions that may reasonably be interpreted as express consent.

It is important to note that non-acceptance of this Privacy Policy prevents the use of the services provided by 4Pay Finance, since the processing of the personal data collected is essential for the operation of the features offered, ensuring the effectiveness and security of the transactions carried out.

The user has the right to withdraw their consent at any time and should, to this end, contact us through the communication channels made available by 4Pay Finance on its website. However, it is worth noting that the withdrawal of consent may imply the impossibility of using some or all of the services offered by 4Pay Finance, without this constituting any form of indemnification, since such withdrawal affects the legal basis for processing the personal data necessary for the provision of the services.

4Pay Finance undertakes to comply with all legislation relevant to the processing of personal data and to ensure the privacy and security of its users' information, adopting the best practices and appropriate technical and organizational measures to protect personal data.

4. Data Collected and Processing Purposes

4Pay Finance, in the intermediation of payments with crypto assets, collects and processes personal data necessary for the provision of its services, improvement of features, user security, and compliance with legal obligations. The personal data collected may vary according to the user's interaction with 4Pay Finance and the services used, and may include, but not be limited to:

1. Identification Data: Full name, personal documents (CPF, RG, etc.), date of birth, nationality.
2. Contact Data: Email address, phone number, mailing address.
3. Financial and Transaction Data: Credit/debit card information, crypto asset transaction data, operation history.
4. Technological Data: IP address, information about the browser and device used, cookie data, information about interaction with 4Pay Finance.
5. Personal photo holding the official document (for identity verification – KYC) or selfie.

Processing Purposes:

The personal data collected are used specifically for the following purposes:

1. Service Execution: Enable the intermediation of payments with crypto assets, including executing transactions, verifying the user's identity, and facilitating communication between the parties involved.
2. Security: Fraud prevention, identity verification, ensuring the security of transactions, improvements to security mechanisms.
3. Service Improvement: Development and enhancement of new features, analysis of the use of the services offered, adaptation of 4Pay Finance to users' needs.
4. Communication and Marketing: Send personalized communications and offers based on the use of the services by 4Pay Finance, provided there is the user's express consent for this purpose.
5. Legal Compliance: Compliance with regulatory and legal obligations, response to requests or orders from competent authorities.

It is important to emphasize that the collection and processing of personal data by 4Pay Finance are carried out in strict compliance with Law 13.709, of August 14, 2018 (Lei Geral de Proteção de Dados - LGPD), ensuring the protection of users' fundamental rights of freedom and privacy.

Personal data will be processed only for the period necessary to achieve the purposes for which they were collected, respecting the principles of purpose, adequacy, necessity, among others provided for by the applicable legislation on the protection of personal data. At the end of this period and if there is no legal need for their retention, the data will be duly deleted or anonymized.

5. How Personal Data Is Protected by 4Pay Finance

4Pay Finance, in the intermediation of payments with crypto assets, undertakes to adopt the best practices and standards of information security, aiming to protect the confidentiality, integrity, and availability of users' personal data. To this end, 4Pay Finance implements a series of technical and organizational measures designed to ensure the security of personal data, including:

1. Access Controls: Restrict access to personal data only to authorized employees who need this information to perform their professional duties. All employees are subject to strict confidentiality obligations.
2. Encryption: Use of advanced encryption technologies to protect personal data during the transmission and storage of sensitive information.
3. Monitoring and Intrusion Detection: Implementation of security solutions to monitor, detect, and prevent unauthorized or abnormal access to 4Pay Finance's network.
4. Security Audits: Regular performance of audits and penetration tests to identify and correct possible vulnerabilities in information systems.
5. Employee Training: Ongoing training of our employees in information security practices, making them aware of the importance of protecting personal data.
6. Security Policies: Adoption and maintenance of internal information security policies that establish expected standards of behavior for employees and third parties regarding the use and processing of personal data.
7. Backup and Recovery: Implementation of backup routines and data recovery procedures to ensure the restoration of systems and data in case of security incidents or technical failures.
8. Privacy by Design and by Default: Incorporation of privacy considerations into system development and maintenance processes, ensuring that the processing of personal data is carried out with the highest security from the outset and that only the data necessary for each specific purpose are collected.

These measures are constantly reviewed and updated in order to respond appropriately to technological changes and to new challenges and risks to data security. It is important to note that, despite adopting high security standards, no method of data transmission or storage is completely secure. Therefore, while we strive to the utmost to protect users' personal data, we cannot guarantee their absolute security. In the unlikely event of a security breach that may generate a high risk to users' rights and freedoms, we undertake to notify those affected and the competent authority in accordance with the applicable legislation, within a reasonable timeframe.

6. SMS Sending

1. Authorization for SMS Sending: By accepting this Privacy Policy, the user expressly authorizes the sending of SMS messages by our application to the provided mobile number. These messages are used exclusively for operational purposes, such as two-factor authentication (2FA) and the sending of one-time passwords (OTP).
2. Cancellation of SMS Sending: The user may, at any time, cancel the receipt of SMS messages by sending one of the following words: 'CANCEL', 'QUIT', 'END', 'UNSUBSCRIBE', 'STOP' or 'STOPALL' to the corresponding number. After cancellation, no SMS messages will be sent, except when necessary to restore account access, upon new authorization from the user.
3. Prohibition of Marketing Campaigns and Spam: We do not use SMS messages for marketing, advertising, or any promotional campaigns. We are completely against the sending of spam and guarantee that SMS sending will be carried out only for the purposes described in this Privacy Policy.
4. Purpose of Collecting the Mobile Number: The mobile number provided by the user is collected exclusively for the sending of SMS messages necessary for two-factor authentication (2FA) and the sending of one-time passwords (OTP). We do not use the mobile number for other purposes.
5. Data Security and Protection: The mobile number and all information provided by the user are stored in encrypted form and with the best available security practices. In addition, we guarantee that no personal information of the user, including the mobile number, will be shared with third parties under any circumstances.
6. Help and Information: If the user needs assistance or additional information about the SMS sending service, they may send the word 'HELP' or 'INFO' to the corresponding number. We will respond with instructions or detailed information to meet the request.

7. Cookies

4Pay Finance, in the intermediation of payments with crypto assets, uses cookies and similar technologies to improve the user experience when browsing our website, facilitate the use of 4Pay Finance's features, as well as to monitor and analyze the performance, operation, and effectiveness of 4Pay Finance. This clause aims to explain the use of cookies by 4Pay Finance, covering the following aspects:

Definition of Cookies

Cookies are small text files that are stored on the user's device (computer, phone, tablet, or any other internet-access device) by the browser, containing information about browsing. Such files allow 4Pay Finance to recognize the user's device on subsequent visits.

Types of Cookies Used

1. Essential Cookies: These are strictly necessary for the operation of 4Pay Finance, enabling navigation and use of its features. Without these cookies, requested services such as transactions and secure payments cannot be provided.
2. Performance and Analytics Cookies: They collect information about how users interact with 4Pay Finance, identifying the most visited areas, time spent, and any issues encountered, such as error messages. These cookies help improve website performance.
3. Functionality Cookies: They allow 4Pay Finance to remember choices made by the user (such as username, language, or the region they are in) to provide a more personalized experience.
4. Advertising and Social Media Cookies: Used to deliver ads that are more relevant to the user and aligned with their interests. They are also used to limit the number of times an ad is seen and help measure the effectiveness of advertising campaigns.

Cookie Management

The user is free to block or remove cookies through browser settings. However, it is worth noting that disabling cookies may limit the overall browsing experience and prevent the use of some features of 4Pay Finance.

Consent

By using 4Pay Finance, the user agrees to the use of cookies under the terms of this Policy, unless they choose to block them. Detailed information on how to manage cookie preferences can be found in the help settings of the respective browser.

This Cookies clause will be updated periodically to reflect changes in the cookies used or due to legal requirements. We recommend that users revisit this section frequently to stay informed about the use of cookies by 4Pay Finance.

8. Legal Bases for Data Processing

In line with the provisions of the Lei Geral de Proteção de Dados (Law No. 13.709/2018), 4Pay Finance, in the intermediation of payments with crypto assets, recognizes and emphasizes the importance of privacy and the protection of personal data. The processing of personal data conducted by 4Pay Finance is strictly based on the following legal bases, ensuring the legitimacy of its operations in processing such information:

• Consent: 4Pay Finance obtains the user's express and informed consent for the processing of their personal data for specific purposes, presented clearly and unequivocally. Consent may be revoked by the user at any time, without affecting the lawfulness of the processing carried out based on the prior consent.
• Compliance with Legal or Regulatory Obligation: Processing may be necessary for 4Pay Finance to fulfill its legal or regulatory obligations to which it is subject.
• Performance of a Contract or Preliminary Procedures Related to a Contract: The collection and processing of personal data may be carried out when necessary for the performance of a contract to which the data subject is a party, or for preliminary procedures related to a contract, at the request of the data subject.
• Protection of Life or Physical Safety: The processing of personal data may be essential to protect the life or physical safety of the data subject or third parties.
• Health Protection: In the context of procedures conducted by health professionals, health services, or a health authority, the processing of personal data relating to health may occur under the terms of the relevant legislation.
• Legitimate Interest: 4Pay Finance may process personal data based on its legitimate interest, whenever such interest does not prevail over the data subject's fundamental rights and freedoms. Such activities include, but are not limited to: improvements to 4Pay Finance, fraud detection, and ensuring information security.

In all personal data processing operations, 4Pay Finance ensures transparency with data subjects, providing clear information about the purpose, the nature of the data processed, and the rights available to data subjects, as provided in the applicable legislation.

4Pay Finance therefore undertakes to adopt all necessary measures to ensure compliance with the fundamental principles of data protection, including purpose limitation, necessity, transparency, security, prevention, and non-discrimination, aiming at the full protection of users' fundamental rights of freedom and privacy.

9. Data Transfers

4Pay Finance, in the intermediation of payments with crypto assets, safeguarding the privacy and security of its users' personal data, sets specific conditions for the transfer of such data, both domestically and internationally, ensuring the maintenance of the protection and the rights of the data subjects, as stipulated by the Lei Geral de Proteção de Dados (Law No. 13.709/2018) and other applicable legislation.

• Domestic Data Transfer: In the case of data sharing with other entities or units located within the national territory, 4Pay Finance ensures that such operations will only occur with entities that demonstrate compliance with the prevailing regulations on data protection and that commit to processing the data under the same security and privacy standards.
• International Data Transfer: Personal data may be transferred to countries or territories outside Brazil, provided that the destination country or the receiving international organization proves to have adequate levels of protection of personal data compatible with Brazilian legislation, or when 4Pay Finance ensures and proves compliance with the security and personal data protection requirements demanded by the legislation through specific contractual clauses or global corporate rules.
• Specific Consent: For both domestic and international transfers that go beyond the regular expectations of data subjects in relation to the provision of services by 4Pay Finance, specific and highlighted consent will be requested from the data subject, respecting their freedom of choice and ensuring the possibility of consent being revoked at any time.
• Security Measures in Data Transfer: In every data transfer, 4Pay Finance undertakes to adopt appropriate technical and organizational measures to ensure the security and protection of personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, ensuring a level of security proportionate to the risk.
• Transparency with Data Subjects: 4Pay Finance undertakes to maintain full transparency with data subjects, offering clear and accessible information about any transfers of their personal data, the legal bases for such transfers, as well as the measures implemented to ensure continued data protection.

This clause reflects 4Pay Finance's commitment to ensuring that every transfer of personal data is aligned with the best practices and regulations for the protection of privacy and personal data, thereby guaranteeing the integrity and security of users' information in the process of intermediation of payments with crypto assets.

10. Users' Rights

4Pay Finance, in the intermediation of payments with crypto assets, ensures users, in full compliance with the Lei Geral de Proteção de Dados (Law No. 13.709/2018), the following rights regarding their personal data:

• Right to Information: Data subjects have the right to obtain clear, precise, and easily accessible information about the collection, use, access, sharing, and processing of their personal data, as well as about the specific purposes of these activities.
• Right of Access: Users may request, at any time, confirmation of the existence of processing of their personal data, as well as access to them.
• Right of Rectification: The right to request the correction of incomplete, inaccurate, or outdated data is ensured.
• Right of Deletion: Data subjects may request the deletion of personal data processed with the data subject's consent, except in cases where the applicable law or regulation determines its retention.
• Right to Object: Users have the right to object at any time to the processing of their personal data, especially in cases where processing is not based on consent but on legitimate interests or contract performance.
• Right to Data Portability: The right to the portability of personal data to another service or product provider is guaranteed, subject to the regulation of the national authority and trade and industrial secrets.
• Right to Petition: Users have the right to file a petition regarding their personal data against 4Pay Finance before the competent national authority.
• Right Not to Be Subject to Automated Decisions: Data subjects have the right to request the review of decisions made solely on the basis of automated processing of personal data that affect their interests, including the definition of personal, professional, consumer, and credit profiles.
• Right to Withdraw Consent: Users may, at any time, withdraw consent for the processing of their personal data, without affecting the lawfulness of the processing carried out based on consent prior to its withdrawal.

4Pay Finance undertakes to provide all necessary and appropriate means for data subjects to exercise their rights. Requests relating to users' rights will be handled at no additional cost, within the timeframes established by applicable legislation. Furthermore, 4Pay Finance strives to keep its users informed about any changes in the policy for processing personal data, ensuring full transparency and respect for the privacy of data subjects.

11. Retention and Deletion of Personal Data

Whenever necessary, even after the cancellation of your account with 4P Finance or other services and products, we may retain your personal data for an additional period. Such retention may occur to meet legal or regulatory requirements, for audit purposes, to ensure the regular exercise of rights by 4P Finance, or for as long as the applicable legal basis allows. For example, we may retain your data to comply with determinations from the Banco Central do Brasil (BCB), the Comissão de Valores Mobiliários (CVM), BSM Supervisão de Mercados, ANBIMA, SUSEP, and other regulatory bodies, as well as to safeguard our rights in any legal proceedings. Rest assured: your data will be kept in a secure and controlled environment and will be deleted or anonymized as soon as there is no further need or legal justification for its retention, as provided for in the LGPD.

12. Information Security Frameworks and Standards

4Pay Finance recognizes the critical importance of information security for the protection of users' personal data. In this regard, it adopts security practices aligned with the most recognized international frameworks and standards, incorporating the strategies of 'Privacy by Design' and 'Privacy by Default' into its activities and systems.

Privacy by Design: This principle ensures that privacy and the protection of personal data are considered from the outset and at all stages of the development, implementation, and delivery of 4Pay Finance's products, services, and processes. Privacy is an integrated premise, not an afterthought.

Privacy by Default: 4Pay Finance ensures that the default settings of systems and services are as privacy-protective as possible. This means that, without any specific user intervention, personal data will be processed with the highest degree of privacy.

To ensure the effectiveness of these principles, 4Pay Finance employs a combination of technical and organizational measures, including but not limited to:

• End-to-end encryption to protect data in transit and at rest;
• Information security management systems based on recognized standards, such as ISO/IEC 27001;
• Regular risk assessments and penetration testing processes to identify and remediate vulnerabilities;
• Information security training and awareness for all employees and collaborators.

4Pay Finance is committed to continuously assessing and updating its information security practices, aiming not only at compliance with applicable laws and regulations but also at the robust and effective protection of users' personal data.

This commitment to information security reflects 4Pay Finance's dedication to maintaining users' trust, ensuring a secure and private digital environment for conducting their transactions.

12. Auditing

4Pay Finance is committed to maintaining the highest standard of protection of its users' personal data. To ensure ongoing compliance with this commitment, as well as with the applicable legal requirements, 4Pay Finance implements a rigorous audit program for data protection procedures. This program is intended to:

• Assess the Effectiveness of Security Measures: 4Pay Finance will regularly subject its policies, practices, and security measures to a thorough evaluation to verify their effectiveness in protecting personal data against unauthorized access, alterations, disclosures, or improper destruction.
• Identify and Mitigate Risks: The audit will facilitate the identification of any gaps or vulnerabilities in information security procedures that may pose a risk to the confidentiality, integrity, and availability of personal data. Once identified, 4Pay Finance undertakes to implement the necessary corrections in a timely manner.
• Update Compliance Practices: The audit results will be used to continuously update and improve data protection practices, ensuring that they are always aligned with industry best practices and evolving legal requirements.
• Promote Transparency: Conducting audits regularly demonstrates 4Pay Finance's commitment to transparency and accountability in the processing of personal data, reinforcing users' trust in its ability to protect their sensitive information.

The audit procedures will be carried out by specialized internal teams or, as necessary, with the assistance of independent and qualified third parties, to ensure an impartial and objective assessment of 4Pay Finance's data protection procedures.

All relevant findings will be recorded, and an action plan will be developed to effectively resolve any issues identified within an appropriate timeframe.

This audit program represents a fundamental component of 4Pay Finance's strategy to ensure the integrity, privacy, and protection of the personal data entrusted by its users.

13. General Provisions

This Privacy Policy, which establishes 4Pay Finance's commitment to the privacy and protection of its users' personal data, is governed by the principles of lawfulness, good faith, transparency, purpose, adequacy, necessity, free access, data quality, security, prevention, non-discrimination, accountability, and rendering of accounts, in accordance with Law 13.709 of August 14, 2018 (Lei Geral de Proteção de Dados - LGPD), and other legislation applicable to data protection and privacy.

This Policy may be updated at any time by 4Pay Finance, ensuring its effectiveness and alignment with the prevailing legal standards and market best practices. It is the user's responsibility to periodically review the document to be aware of any changes. Continued use of 4Pay Finance's services after such changes will constitute acknowledgment and acceptance of them.

Questions, comments, and requests related to this Privacy Policy are welcome and should be directed to 4Pay Finance's customer service channel, whose contact details will be made available on the official website or another communication channel associated with 4Pay Finance.

In case of disagreements over the interpretation or application of this Policy, the parties will seek an amicable solution. If this is not possible, the court of the district of 4Pay Finance's headquarters is elected to settle any disputes arising from this Policy, with express waiver of any other, however privileged it may be.

This Privacy Policy comes into force on the date of its publication on 4Pay Finance's official website or another official means of communication.

Adherence to and compliance with this Policy by all users and collaborators are essential to ensure the effective protection and privacy of the personal data processed by 4Pay Finance.

In accordance with the LGPD, 4P Finance is considered the 'Controller' of your personal data. If, after reading this Privacy Notice, you have any questions, need to address matters related to your personal data, or request the closure of your account, contact us through the channels below: Contact email: contato@4p.finance, or via WhatsApp: +55 11 5128-9991. We are always available to clarify your doubts, handle your requests, and ensure that you remain in control of your personal data.