Privacy Policy

4Pay Finance, trade name of 4Pay Finance Prestadora de Serviços de Ativos Virtuais LTDA, registered with CNPJ/MF under number 46.977.494/0001-60, hereinafter referred to simply as "4Pay Finance", recognizes the importance of privacy and the protection of its users' personal data, in accordance with the highest standards of ethics and transparency.

This document establishes the Privacy Policy of 4Pay Finance, prepared in strict compliance with the provisions of Law No. 13,709, of August 14, 2018 — the General Data Protection Law ("LGPD"), the Brazilian Civil Code, and Law No. 12,965, of April 23, 2014 — the Brazilian Internet Civil Framework, aiming to ensure the protection of the fundamental rights of freedom and privacy and the free development of the personality of natural persons.

The purpose of this Privacy Policy is to establish the conditions under which any personal information that we may collect from you, or that you provide to us, will be processed and protected by 4Pay Finance. We understand that your privacy is of utmost importance and we are committed to using it responsibly, keeping it secure, respecting your choices and rights.

By defining this Policy, 4Pay Finance also seeks to demonstrate its commitment to complying with applicable legislation, protecting not only the personal data processed through its functionalities, but also reinforcing its commitment to security, respect, and transparency toward its users.

This document applies to all users of 4Pay Finance, clearly and accessibly establishing the practices adopted, evidencing our commitment to Article 1 and the sole paragraph of the LGPD, which highlight the objective of protecting the fundamental rights of freedom and privacy, and to Article 21 of the Brazilian Civil Code, which ensures the inviolability of the private life of natural persons, aiming for a relationship of trust with the user through the ethical and lawful processing of their personal data.

1. Purpose of the Privacy Policy

This Privacy Policy has as its primary purpose to ensure 4Pay Finance's commitment to the security, privacy, and protection of users' personal data, clearly establishing the guidelines under which collected personal information is processed.

In compliance with the principles of the LGPD, the Brazilian Civil Code, and the Brazilian Internet Civil Framework, 4Pay Finance is committed to respecting the privacy and confidentiality of users' data and information, guaranteeing the right to clear information about the collection, use, storage, processing, and protection of such data.

This document aims to:

1. establish the conditions under which personal data is collected, used, stored, shared, and protected by 4Pay Finance, ensuring transparency in the processing of such information and respect for users' privacy;
2. ensure that users understand what data is collected, the reasons for collection, and how it may be updated, managed, exported, or deleted;
3. inform about the security practices implemented to protect personal data against unauthorized access, improper or unlawful alterations, as well as against loss, use, alteration, or disclosure;
4. clarify users' rights in relation to their data, including the right of access, correction, deletion, and data portability, and how they may exercise such rights.

The adoption of these guidelines reaffirms 4Pay Finance's commitment to rigorously comply with all legal regulations applicable to the processing of personal data, in addition to reflecting the organization's values regarding privacy, integrity, and trust, building a solid and transparent relationship with users.

2. Applicability of the Privacy Policy

This Privacy Policy applies to all users of 4Pay Finance, including, without limitation, users who interact with its products, services, websites, mobile applications, APIs, payment functionalities, solutions involving crypto assets, registration mechanisms, authentication, identity verification, customer service, support, or any other systems made available by 4Pay Finance.

The Policy extends to all forms of access to and use of 4Pay Finance, including, but not limited to, access via websites, mobile applications, APIs, or any other form of access to the systems provided by 4Pay Finance, regardless of the device used, including computers, mobile phones, tablets, or any other compatible equipment.

It is imperative that all users carefully read this Privacy Policy before beginning to use the products, services, platforms, or functionalities of 4Pay Finance, since by accessing, browsing, or otherwise using the services offered by 4Pay Finance, users agree to the terms presented herein. If the user does not agree with any of the terms established in this Policy, it is recommended that they do not use the services offered by 4Pay Finance.

This Privacy Policy applies to the processing of personal data carried out by 4Pay Finance regardless of the physical location of the data subject or the geographic origin where personal data is collected, processed, stored, or processed, provided that the applicability of this Policy does not imply eligibility to use 4Pay Finance's Products and Services, which remain subject to acceptance criteria, geographic restrictions, internal policies, regulatory requirements, and applicable contractual obligations.

This Policy does not apply to third-party websites, services, or products, even if accessible through links, integrations, advertisements, or references made available in 4Pay Finance environments. We recommend reading the privacy policies of such third-party services before providing any personal information.

4Pay Finance reserves the right to update or modify this Privacy Policy at any time, with or without prior notice, subject to applicable legislation. Users are responsible for reviewing the Policy regularly to be informed of any changes. Continued use of 4Pay Finance's products, services, or platforms after such changes will constitute acceptance of the modifications made.

2.1. Eligibility and Jurisdiction Restrictions

The use of 4Pay Finance's Products and Services is subject to the eligibility criteria provided for in the Terms of Use, Internal Policies, Compliance Policy, AML/KYC Policy, and other applicable contractual documents.

Due to regulatory, contractual, commercial, operational, and Compliance requirements, certain Products and Services may not be made available to persons located in, resident in, domiciled in, incorporated in, or registered in certain jurisdictions, including Restricted Jurisdictions as defined by 4Pay Finance, as well as to persons classified as U.S. Persons or Canadian Persons, when applicable.

This Privacy Policy does not constitute authorization for access to, use of, or contracting of 4Pay Finance's Products and Services by any person, with eligibility remaining subject to internal acceptance, monitoring, and relationship maintenance criteria adopted by 4Pay Finance.

3. User Acceptance

The use of 4Pay Finance's products, services, platforms, or functionalities presupposes the reading, understanding, and unequivocal acceptance of this Privacy Policy by the user. By proceeding with access to or use of the services offered by 4Pay Finance, the user expresses their free, express, and informed consent, agreeing to be bound by the terms stipulated herein, including with respect to the collection, storage, processing, handling, and protection of their personal data, as established by applicable regulations, especially the LGPD.

User acceptance is considered granted at the moment when the user performs affirmative actions indicating clear acceptance of the terms of this Privacy Policy, such as checking a selection field in a digital interface, when available, registering or creating an account with 4Pay Finance, continued use of the services offered by 4Pay Finance after having been informed of Privacy Policy updates, among other actions that may reasonably be interpreted as express consent.

It is important to note that non-acceptance of this Privacy Policy prevents the use of the services made available by 4Pay Finance, since the processing of collected personal data is essential for the operationalization of the functionalities offered, ensuring the effectiveness and security of transactions performed.

The user has the right to withdraw their consent at any time, and to do so must contact 4Pay Finance through the communication channels made available on its website or official channels. However, it is worth noting that withdrawal of consent may result in the inability to use some or all of the services offered by 4Pay Finance, without this constituting any form of compensation, since such withdrawal may affect the legal basis for processing personal data necessary for the provision of services.

4Pay Finance is committed to respecting all legislation relevant to the processing of personal data and to guaranteeing the privacy and security of its users' information, adopting the best practices and appropriate technical and organizational measures for the protection of personal data.

4. Data Collected and Processing Purposes

4Pay Finance collects and processes personal data necessary for the provision of its services, improvement of functionalities, user security, fraud prevention, compliance with legal and regulatory obligations, execution of KYC, AML, Compliance procedures, and fulfillment of the other purposes provided for in this Privacy Policy.

Personal data collected may vary according to the user's interaction with 4Pay Finance and the services used, and may include, but is not limited to:

1. Identification Data: full name, personal documents such as CPF, RG, CNH, passport or equivalent documents, date of birth, nationality, parentage, signature, image of official document, and other information necessary to identify the data subject;
2. Contact Data: email address, phone number, residential address, business address, mailing address, and other information necessary for communication with the user;
3. Financial and Transaction Data: information related to financial operations, payments, crypto asset transactions, transaction history, transaction amounts, banking information, receipts, movement records, and other data necessary for the execution of services;
4. Technological Data: IP address, browser information, operating system, device identifiers, access logs, cookie data, approximate geolocation, information about interaction with websites, applications, APIs, systems, and other digital environments of 4Pay Finance;
5. Identity Verification Data: personal photo holding official document, selfie, short video, facial image, liveness validation, biometric data when applicable, as well as other information necessary for KYC, AML, fraud prevention, and account security procedures;
6. Registration and Compliance Data: information provided during registration, responses to forms, politically exposed person declarations, ultimate beneficial owner information, source of funds, economic activity, corporate documents, information about legal representatives, attorneys, administrators, controllers, and other data necessary for risk assessment and compliance.

4.1. Processing Purposes

Personal data collected is used specifically for the following purposes:

1. Service Execution: enable the provision of 4Pay Finance's products and services, including registration, authentication, crypto asset payment intermediation, transaction execution, billing generation, use of functionalities, customer service, and other activities necessary for the operationalization of services;
2. Identity Verification, KYC, and AML: perform identification procedures, registration verification, document validation, proof of life, risk analysis, anti-money laundering, counter-terrorism financing, fraud prevention, transaction monitoring, and compliance with internal Compliance policies;
3. Security: protect accounts, systems, transactions, users, and third parties against unauthorized access, fraud, misuse, security incidents, cyberattacks, suspicious or unlawful activities;
4. Service Improvement: develop, test, improve, and personalize functionalities, analyze the use of services offered, fix failures, enhance user experience, and adapt 4Pay Finance to the operational and commercial needs of its users;
5. Communication and Marketing: send operational communications, security alerts, contractual updates, service information, institutional communications and, when there is an adequate legal basis or specific consent, offers, campaigns, or promotional communications;
6. Legal, Regulatory, and Contractual Compliance: meet legal, regulatory, judicial, administrative, tax, accounting, contractual obligations, requests from competent authorities, requirements of commercial partners, financial institutions, Compliance providers, KYC, AML, blockchain analytics, fraud prevention, and other applicable obligations;
7. Regular Exercise of Rights: safeguard the rights of 4Pay Finance, its users, partners, and third parties, including in administrative, judicial, arbitral proceedings, audit procedures, internal investigations, or incident inquiries.

The collection and processing of personal data by 4Pay Finance is carried out in compliance with the LGPD and other applicable rules, respecting the principles of purpose, adequacy, necessity, transparency, security, prevention, accountability, and reporting.

Personal data will be processed only for the period necessary to fulfill the purposes for which it was collected, or for the period necessary to comply with legal, regulatory, contractual obligations, regular exercise of rights, fraud prevention, audit, Compliance, KYC, AML, and other hypotheses authorized by applicable legislation. At the end of such period, and in the absence of a legal need or legitimate justification for its retention, data will be securely deleted or anonymized.

4.2. Collection and Processing of Facial and Biometric Data

4.2.1. Facial and Biometric Data

4Pay Finance may collect facial image data, such as selfie, short video, photo holding official document, proof of life, liveness validation, or other biometric elements, exclusively for identity verification, fraud prevention, security, KYC, AML, Compliance, and compliance with applicable legal, regulatory, or contractual obligations.

Such data is treated as sensitive personal data, under applicable legislation, and is not used for continuous facial recognition, permanent tracking, marketing, behavioral advertising, or profiling incompatible with the purposes provided for in this Policy.

4.2.2. Legal Bases by Jurisdiction

The processing of facial and biometric data occurs based on applicable legal bases, including, but not limited to:

• Brazil: Article 11, II, "a" and "g", of the LGPD, as well as other applicable legal bases for compliance with legal or regulatory obligations, fraud prevention, and security of the data subject;
• European Union: Articles 6(1)(c), 6(1)(f), and 9(2)(g) of the General Data Protection Regulation — GDPR, when applicable;
• United States: when applicable for technological processing, fraud prevention, information security, compliance with legal obligations, or interaction with providers, technology partners, or international service providers, Bank Secrecy Act, FinCEN CIP Rule, and applicable state legislation;
• Argentina: Anti-Money Laundering Law, Law No. 25,246 — Ley de Encubrimiento y Lavado de Activos, resolutions of the Unidad de Información Financiera — UIF, including, by way of example, UIF Resolution No. 30/2017, updated and consolidated by UIF Resolution No. 55/2024, Law No. 25,326 — Ley de Protección de los Datos Personales, and other applicable rules.

Reference to foreign legal bases or rules does not imply offer, availability, or authorization for use of 4Pay Finance's Products and Services in a given jurisdiction, with eligibility criteria, geographic restrictions, internal policies, contractual obligations, and regulatory requirements defined by 4Pay Finance remaining applicable.

4.2.3. Retention of Facial and Biometric Data

Facial and biometric data is retained only for the period necessary to fulfill the purposes provided for in this Policy and applicable legal, regulatory, contractual, KYC, AML, Compliance, fraud prevention, audit, and regular exercise of rights obligations.

When applicable, the following minimum reference periods may be observed:

• Brazil: 5 years;
• European Union: 5 years, which may reach 10 years depending on the applicable obligation;
• United States: 5 years, when applicable;
• Argentina: 10 years, when applicable.

After the end of the applicable legal, regulatory, or contractual period, and in the absence of another legal basis justifying its retention, data will be securely deleted or anonymized.

4.2.4. International Sharing of Facial and Biometric Data

Facial and biometric data may be transferred internationally for processing by identity verification providers, fraud prevention, biometrics, KYC, AML, Compliance, information security, hosting, storage, data processing, or other service providers necessary for the operationalization of 4Pay Finance's services.

The transfer will be carried out through adequate safeguards, including contractual clauses, confidentiality commitments, technical and organizational security measures, data protection requirements, and other mechanisms compatible with the LGPD, GDPR, and applicable legislation.

International transfer of facial and biometric data does not imply offer, availability, authorization, or eligibility for use of 4Pay Finance's Products and Services in a given jurisdiction, with all geographic, regulatory, contractual, and Compliance restrictions provided for in the Terms of Use, Internal Policies, and other 4Pay Finance documents remaining applicable.

5. How Personal Data Is Protected by 4Pay Finance

4Pay Finance is committed to adopting technical and organizational measures compatible with best practices and information security standards, aiming to protect the confidentiality, integrity, and availability of users' personal data.

Accordingly, 4Pay Finance implements measures intended to ensure the security of personal data, including, but not limited to:

1. Access Controls: restriction of access to personal data only to employees, service providers, partners, or authorized third parties who need such information for the performance of their duties or for the provision of contracted services, all subject to confidentiality and security obligations;
2. Encryption: use of encryption technologies and protection mechanisms applicable to the transmission, storage, and processing of sensitive information, according to the nature of the data processed and the risks involved;
3. Monitoring and Intrusion Detection: implementation of solutions and procedures aimed at monitoring, detecting, and preventing unauthorized, abnormal, or potentially unlawful access to 4Pay Finance's systems, networks, and technological environments;
4. Security Audits: periodic performance of audits, reviews, security tests, vulnerability assessments and, when applicable, penetration tests, with the aim of identifying and correcting possible weaknesses in information systems;
5. Employee Training: continuous training of employees and professionals involved in the processing of personal data, focusing on information security practices, privacy, data protection, and incident prevention;
6. Security Policies: adoption and maintenance of internal information security, privacy, access control, confidentiality, and acceptable use policies for systems, establishing expected standards of behavior regarding the use and processing of personal data;
7. Backup and Recovery: implementation of backup, contingency, and data recovery routines, aiming to restore systems and information in case of security incidents, technical failures, unavailability, or similar events;
8. Privacy by Design and by Default: incorporation of privacy and personal data protection considerations in the development, implementation, maintenance, and updating processes of systems, seeking to ensure that only the data necessary for each specific purpose is collected and processed.

These measures are reviewed and updated periodically, in order to adequately respond to technological, operational, regulatory changes and new challenges and risks to data security.

It is important to note that, although 4Pay Finance adopts high security standards, no method of data transmission, storage, or processing is absolutely secure. Therefore, although reasonable and proportional efforts are employed to protect users' personal data, it is not possible to guarantee absolute security against all existing risks.

In the event of a security incident that may result in relevant risk or harm to personal data subjects, 4Pay Finance will adopt appropriate measures, including, when applicable, communication to affected data subjects and the competent authority, under applicable legislation.

6. SMS Sending

6.1. Authorization for SMS Sending

By accepting this Privacy Policy, the user expressly authorizes the sending of SMS messages by the 4Pay Finance application to the mobile phone number provided.

These messages are used exclusively for operational purposes, including two-factor authentication (2FA), sending one-time passwords (OTP), identity validation, access recovery, security alerts, operation confirmation, and other communications necessary for the security and operationalization of services.

6.2. Cancellation of SMS Sending

The user may, at any time, cancel receipt of SMS messages by sending one of the following keywords: "CANCEL", "QUIT", "END", "UNSUBSCRIBE", "STOP", or "STOPALL" to the corresponding number, when such functionality is available.

After cancellation, no SMS messages will be sent for non-essential purposes, except when necessary to restore account access, perform authentication, protect user security, comply with a legal or regulatory obligation, or upon new authorization by the user.

6.3. Prohibition of Marketing Campaigns and Spam

4Pay Finance does not use SMS messages for spam or unauthorized promotional campaigns.

SMS sending will be performed only for the purposes described in this Privacy Policy, especially authentication, security, identity validation, access recovery, operation confirmation, and necessary operational communications.

6.4. Purpose of Mobile Number Collection

The mobile number provided by the user is collected for operational, security, authentication, identity verification, fraud prevention purposes, sending SMS messages necessary for two-factor authentication (2FA), sending one-time passwords (OTP), access recovery, operation validation, and communications essential to the provision of services.

The mobile number will not be used for marketing or advertising campaigns without an adequate legal basis or specific user consent, when required by applicable legislation.

6.5. Security and Data Protection

The mobile number and other information provided by the user are stored using technical and organizational measures compatible with the best available and applicable information security practices for the nature of the data processed.

4Pay Finance adopts mechanisms intended to protect personal data against unauthorized access, loss, alteration, improper disclosure, destruction, or any form of inadequate or unlawful processing.

Personal data may be shared with service providers, technology partners, infrastructure suppliers, authentication platforms, SMS sending providers, Compliance, KYC, AML, fraud prevention, blockchain analytics service providers, cloud storage, data processing, or competent authorities, exclusively when necessary for the provision of services, compliance with legal or regulatory obligations, regular exercise of rights, or fulfillment of legitimate purposes provided for in this Privacy Policy.

In any case, 4Pay Finance will require adequate standards of confidentiality, security, and data protection from its partners and suppliers compatible with applicable legislation and the organization's internal policies.

6.6. Help and Information

If the user needs assistance or additional information about the SMS sending service, they may use the official customer service channels made available by 4Pay Finance.

When applicable, the user may also send the keyword "HELP" or "INFO" to the corresponding number in order to receive instructions or additional information about the SMS service.

7. Cookies

4Pay Finance uses cookies and similar technologies to improve the user experience when browsing its websites, applications, platforms, and digital environments, facilitate the use of its functionalities, as well as monitor and analyze the performance, operation, security, and effectiveness of the services provided.

This clause aims to explain the use of cookies by 4Pay Finance, covering the following aspects:

7.1. Definition of Cookies

Cookies are small text files stored on the user's device, such as computer, mobile phone, tablet, or any other internet access device, by the browser or application used, containing information about browsing, preferences, sessions, interactions, and other technical data necessary for the operation of services.

Such files allow 4Pay Finance to recognize the user's device on subsequent visits, maintain active sessions, improve functionalities, reinforce security mechanisms, and enhance the browsing experience.

7.2. Types of Cookies Used

4Pay Finance may use the following types of cookies and similar technologies:

1. Essential Cookies: are strictly necessary for the operation of 4Pay Finance's websites, applications, platforms, and services, enabling browsing, authentication, security, fraud prevention, and use of essential functionalities. Without these cookies, certain requested services, such as transactions, secure payments, login, and authentication, may not be adequately provided;
2. Performance and Analytics Cookies: collect information about how users interact with 4Pay Finance's digital environments, identifying most visited areas, visit duration, functionalities used, errors, instabilities, and overall performance. These cookies assist in service improvement and failure correction;
3. Functionality Cookies: allow 4Pay Finance to remember choices made by the user, such as username, language, region, browsing preferences, or settings, providing a more personalized experience;
4. Advertising and Social Media Cookies: may be used to offer more relevant advertisements to the user according to their interests, limit the number of times a given advertisement is displayed, measure the effectiveness of advertising campaigns, and enable interactions with social networks, always subject to applicable legal bases and user choices.

7.3. Cookie Management

The user is free to block, remove, or manage cookies through the settings of the browser, device, or application used.

However, disabling certain cookies, especially essential cookies, may limit the overall browsing experience, prevent the use of some 4Pay Finance functionalities, or compromise the security and operationalization of services.

7.4. Consent

By using 4Pay Finance's websites, applications, platforms, or digital environments, the user agrees to the use of cookies under the terms of this Policy, except when opting to block or manage them differently, according to available options.

When required by applicable legislation, 4Pay Finance may request specific consent for the use of certain non-essential cookies.

Detailed information on how to manage cookie preferences can be found in the help settings of the respective browser, device, or application.

7.5. Cookie Policy Update

This Cookies clause may be updated periodically to reflect changes in cookies used, technologies employed, functionalities made available, or legal, regulatory, technical, or operational requirements.

Users are advised to revisit this section frequently to stay informed about 4Pay Finance's use of cookies.

8. Legal Bases for Data Processing

In accordance with the provisions of the General Data Protection Law — LGPD, 4Pay Finance recognizes and upholds the importance of privacy and personal data protection.

Personal data processing conducted by 4Pay Finance is based on applicable legal grounds, ensuring the legitimacy of its operations in processing such information.

4Pay Finance may process personal data based on the following legal bases, as applicable:

1. Consent: 4Pay Finance may obtain the free, informed, and unequivocal consent of the user for the processing of their personal data for specific purposes, presented in a clear and prominent manner. Consent may be revoked by the user at any time, without affecting the lawfulness of processing carried out based on previously granted consent;
2. Compliance with Legal or Regulatory Obligation: data processing may be necessary for 4Pay Finance to comply with legal or regulatory obligations to which it is subject, including obligations related to KYC, AML, fraud prevention, anti-money laundering, counter-terrorism financing, record retention, response to competent authorities, and compliance with applicable rules;
3. Performance of Contract or Preliminary Procedures Related to a Contract: collection and processing of personal data may be carried out when necessary for the performance of a contract to which the data subject is a party, or for preliminary procedures related to a contract, at the request of the data subject;
4. Regular Exercise of Rights: 4Pay Finance may process personal data to regularly exercise its rights in judicial, administrative, arbitral proceedings, collection procedures, audits, internal investigations, incident inquiries, defenses, or other measures necessary to protect its legitimate interests;
5. Protection of Life or Physical Integrity: personal data processing may occur when necessary to protect the life or physical integrity of the data subject or third parties;
6. Protection of Health: in the context of procedures conducted by health professionals, health services, or health authorities, processing of personal data relating to health may occur under relevant legislation, when applicable;
7. Legitimate Interest: 4Pay Finance may process personal data based on its legitimate interest, whenever the fundamental rights and freedoms of the data subject do not prevail. Such activities include, but are not limited to, service improvement, fraud prevention, information security assurance, system protection, risk analysis, audit, support, operational communication, and functionality development;
8. Credit Protection: when applicable, 4Pay Finance may process personal data for credit protection, risk analysis, default prevention, and registration information verification purposes, subject to applicable legislation.

In all personal data processing operations, 4Pay Finance ensures transparency with data subjects, providing them with clear information about the purpose, nature of data processed, applicable legal bases, and the rights afforded to data subjects, as provided for in applicable legislation.

4Pay Finance is committed to adopting all necessary measures to ensure compliance with the fundamental principles of data protection, including purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability, and reporting.

9. Data Transfer and Sharing

4Pay Finance, safeguarding the privacy and security of its users' personal data, establishes specific conditions for the transfer and sharing of such data, both nationally and internationally, ensuring the maintenance of protection and the rights of data subjects, as stipulated by the LGPD and other applicable legislation.

9.1. National Data Transfer

In the case of data sharing with other entities, service providers, suppliers, partners, financial institutions, payment institutions, technology providers, Compliance, KYC, AML, fraud prevention, blockchain analytics, authentication, messaging, storage, data processing, audit companies, or other third parties located within the national territory, 4Pay Finance will adopt reasonable measures so that such operations occur with entities that demonstrate commitment to personal data protection and adequate security and privacy standards.

9.2. International Data Transfer

Personal data may be transferred to countries or territories outside Brazil when necessary for the execution of services, technological processing, hosting, storage, support, authentication, identity verification, fraud prevention, Compliance, KYC, AML, blockchain analytics, compliance with legal or regulatory obligations, regular exercise of rights, or other purposes provided for in this Policy.

International transfer of personal data will be carried out in accordance with applicable legal hypotheses, including, when appropriate, the adoption of specific contractual clauses, standard clauses, global corporate rules, certifications, security mechanisms, contractual guarantees, adequacy decisions, specific consent, or other mechanisms recognized by applicable legislation.

9.3. International Transfer and Service Eligibility

International transfer of personal data to technology providers, identity verification service providers, biometrics, fraud prevention, Compliance, AML, KYC, blockchain analytics, hosting, storage, data processing, authentication, messaging, support, audit, or any other operational partners of 4Pay Finance does not imply offer, availability, authorization, or eligibility for use of 4Pay Finance's Products and Services in a given jurisdiction.

All geographic, regulatory, contractual, commercial, and Compliance restrictions provided for in the Terms of Use, Internal Policies, AML/KYC Policy, and other 4Pay Finance documents remain applicable, including restrictions relating to U.S. Persons, Canadian Persons, and Restricted Jurisdictions, when applicable.

9.4. Sharing with Competent Authorities

4Pay Finance may share personal data with judicial, administrative, regulatory, police, tax, control, supervisory, financial intelligence, or other competent authorities, whenever necessary for compliance with legal or regulatory obligations, response to valid orders, cooperation with investigations, prevention of unlawful acts, protection of rights, or compliance with Compliance policies.

9.5. Specific Consent

For transfers or sharing that exceed the regular expectations of data subjects regarding the execution of services provided by 4Pay Finance, and when required by applicable legislation, specific and prominent consent from the personal data subject may be requested, respecting their freedom of choice and ensuring the possibility of consent revocation at any time.

9.6. Security Measures in Data Transfer

In every data transfer or sharing, 4Pay Finance will adopt adequate technical and organizational measures to protect personal data against unauthorized or unlawful processing, loss, alteration, destruction, accidental damage, or improper disclosure, ensuring a level of security proportional to the risk involved.

9.7. Transparency with Data Subjects

4Pay Finance is committed to maintaining transparency with data subjects, offering clear and accessible information about transfers and sharing of their personal data, applicable legal grounds, and measures implemented to ensure continuity of data protection, under applicable legislation.

This clause reflects 4Pay Finance's commitment to ensuring that every transfer and sharing of personal data is aligned with best practices and privacy and personal data protection regulations, guaranteeing the integrity and security of users' information.

10. User Rights

4Pay Finance ensures users, in full compliance with the LGPD and other applicable rules, the following rights in relation to their personal data:

1. Right to Information: data subjects have the right to obtain clear, accurate, and easily accessible information about the collection, use, access, sharing, and processing of their personal data, as well as about the specific objectives of such activities;
2. Right of Access: users may request confirmation of the existence of processing of their personal data, as well as access to it, subject to applicable legal limits;
3. Right to Rectification: data subjects are assured the right to request correction of incomplete, inaccurate, or outdated data;
4. Right to Anonymization, Blocking, or Deletion: data subjects may request anonymization, blocking, or deletion of unnecessary, excessive personal data, or data processed in non-compliance with applicable legislation;
5. Right to Deletion of Data Processed with Consent: data subjects may request deletion of personal data processed based on consent, except in cases where law, applicable regulation, contractual obligation, regular exercise of rights, or another legal basis authorizes or requires its retention;
6. Right to Object: users have the right to object to the processing of their personal data, especially in cases where processing is not based on consent but on legitimate interest or another legal basis, subject to limits provided for in applicable legislation;
7. Right to Data Portability: the right to portability of personal data to another service or product provider is guaranteed, subject to national authority regulation and commercial and industrial secrets;
8. Right to Petition: users have the right to petition regarding their personal data against 4Pay Finance before the competent national authority;
9. Right Not to Be Subject to Automated Decisions Without Review: data subjects have the right to request review of decisions made solely based on automated processing of personal data that affect their interests, including decisions intended to define personal, professional, consumer, credit profiles, or aspects of their personality;
10. Right to Revoke Consent: users may, at any time, revoke consent for the processing of their personal data, without affecting the lawfulness of processing carried out based on previously granted consent.

Exercise of the rights provided for in this clause may be requested through 4Pay Finance's official customer service channels, with service subject to validation of the requester's identity and limits provided for in applicable legislation.

4Pay Finance may retain certain personal data even after a request for deletion, objection, or consent revocation, when retention is necessary for compliance with legal or regulatory obligations, contract performance, regular exercise of rights, fraud prevention, security, audit, Compliance, KYC, AML, or other hypotheses authorized by applicable legislation.

4Pay Finance is committed to providing adequate means for data subjects to exercise their rights. Requests relating to user rights will be addressed within the deadlines established by applicable legislation.

Furthermore, 4Pay Finance strives to keep its users informed about any relevant changes to the personal data processing policy, ensuring transparency and respect for data subjects' privacy.

11. Retention and Deletion of Personal Data

Whenever necessary, even after cancellation of the user's account with 4Pay Finance, or after termination of other services, products, registrations, or functionalities, 4Pay Finance may retain certain personal data for an additional period.

Such retention may occur to meet legal or regulatory requirements, comply with contractual obligations, enable audits, prevent fraud, fulfill KYC, AML, and Compliance procedures, ensure the regular exercise of rights of 4Pay Finance or third parties, or for the period permitted by the applicable legal basis.

4Pay Finance may retain personal data, for example, to comply with determinations or obligations related to the Central Bank of Brazil (BCB), Securities and Exchange Commission (CVM), BSM Supervisão de Mercados, ANBIMA, SUSEP, Council for Financial Activities Control (COAF), judicial, administrative, tax, regulatory authorities, financial intelligence units, control bodies, and other competent authorities, when applicable.

Personal data may also be retained to safeguard 4Pay Finance's rights in eventual judicial, administrative, arbitral proceedings, audit procedures, internal investigations, incident inquiries, fraud prevention, transaction monitoring, compliance with contractual or regulatory obligations, including after termination of the relationship with the user.

Personal data will be maintained in a secure and controlled environment, subject to adequate technical and organizational measures, and will be deleted or anonymized as soon as there is no longer a need, legal, regulatory, contractual obligation, or legitimate justification for its retention, as provided for in applicable legislation.

12. Information Security Frameworks and Standards

4Pay Finance recognizes the critical importance of information security for the protection of users' personal data. In this regard, it adopts security practices aligned with recognized market frameworks, standards, and best practices, incorporating Privacy by Design and Privacy by Default strategies in its activities, systems, products, and services.

12.1. Privacy by Design

The Privacy by Design principle ensures that privacy and personal data protection are considered from the outset and in all phases of development, implementation, updating, maintenance, and offering of 4Pay Finance's products, services, systems, functionalities, and processes.

Privacy is treated as a premise integrated into the architecture of services, and not as a subsequent add-on.

12.2. Privacy by Default

The Privacy by Default principle guides the adoption of settings and procedures that seek to protect user privacy by default, limiting the processing of personal data to what is necessary for each specific purpose.

This means that, whenever applicable, without specific user intervention, their personal data will be processed with an adequate degree of protection, subject to legitimate purposes, legal bases, and applicable technical and operational limitations.

12.3. Security Measures and Standards

To ensure the effectiveness of these principles, 4Pay Finance employs a combination of technical and organizational measures, including, but not limited to:

1. encryption and protection mechanisms for data in transit and at rest, according to the nature of the data and risks involved;
2. access controls, authentication, and permission segregation;
3. information security systems, processes, and policies aligned with recognized market standards, such as ISO/IEC 27001, when applicable;
4. periodic risk assessment processes, security review, vulnerability testing and, when applicable, penetration testing;
5. information security, privacy, and data protection training and awareness for employees, service providers, and other persons involved in the processing of personal data;
6. monitoring, detection, response, and handling of security incidents;
7. periodic review of policies, procedures, internal controls, and protection mechanisms.

4Pay Finance is committed to continuously evaluating and updating its information security practices, aiming not only at compliance with applicable laws and regulations, but also at proportional, robust, and effective protection of users' personal data.

This commitment to information security reflects 4Pay Finance's dedication to maintaining user trust, ensuring a secure and private digital environment for conducting transactions and using its services.

13. Audit

4Pay Finance is committed to maintaining a high standard of protection of its users' personal data. To ensure continuous compliance with this commitment, as well as with applicable legal, regulatory, contractual, and operational requirements, 4Pay Finance may implement audit programs, routines, and procedures related to privacy, data protection, and information security.

This program is intended to:

1. Assess the effectiveness of security measures: 4Pay Finance may subject its policies, practices, controls, and security measures to periodic assessments to verify their effectiveness in protecting personal data against unauthorized access, alterations, disclosures, losses, improper destruction, or inadequate processing;
2. Identify and mitigate risks: audit procedures may assist in identifying gaps, vulnerabilities, or weaknesses in information security and data protection processes that may represent a risk to the confidentiality, integrity, and availability of personal data;
3. Update compliance practices: audit results may be used to continuously update and improve data protection practices, ensuring alignment with market best practices, legal, regulatory, contractual requirements, and partner requirements;
4. Promote transparency and accountability: conducting audits demonstrates 4Pay Finance's commitment to transparency, responsibility, and accountability in the processing of personal data.

Audit procedures may be executed by specialized internal teams or, as necessary, with the assistance of independent and qualified third parties, subject to applicable confidentiality, security, and data protection obligations.

Relevant findings may be recorded, and action plans may be developed to address identified issues appropriately and within a timeline proportional to the criticality of the risks involved.

This audit program represents a relevant piece of 4Pay Finance's strategy to ensure the integrity, privacy, and protection of personal data entrusted by its users.

14. General Provisions

This Privacy Policy, which establishes 4Pay Finance's commitment to the privacy and protection of its users' personal data, is governed by the principles of legality, good faith, transparency, purpose, adequacy, necessity, free access, data quality, security, prevention, non-discrimination, accountability, and reporting, in compliance with the LGPD and other applicable legislation on data protection and privacy.

This Policy may be updated at any time by 4Pay Finance, ensuring its effectiveness and adequacy to current legal standards, regulatory requirements, market best practices, operational needs, and the organization's internal policies.

It is the user's responsibility to periodically review this document to be aware of any changes. Continued use of 4Pay Finance's products, services, platforms, applications, or functionalities after such changes will constitute acknowledgment and acceptance of the current version of the Privacy Policy.

14.1. Relationship with Terms of Use, Compliance, and Eligibility Restrictions

This Privacy Policy does not alter, limit, or replace the eligibility criteria, geographic restrictions, Compliance policies, AML/KYC, economic sanctions, fraud prevention, or regulatory requirements applicable to 4Pay Finance's Products and Services, which remain governed by the Terms of Use, AML/KYC Policy, Internal Policies, and other applicable contractual documents.

The collection, processing, sharing, or international transfer of personal data does not imply authorization, offer, availability, or eligibility for use of 4Pay Finance's Products and Services by persons located in, resident in, domiciled in, incorporated in, registered in, or subject to restrictions in certain jurisdictions, including Restricted Jurisdictions, U.S. Persons, and Canadian Persons, when applicable.

14.2. Customer Service Channels

Questions, comments, and requests related to this Privacy Policy should be sent to 4Pay Finance's official customer service channels, made available on the official website or through another official means of communication.

Under the LGPD, 4Pay Finance is considered the Controller of personal data processed in the context of this Policy, except when expressly indicated otherwise.

If, after reading this Privacy Policy, the user has questions, needs to address matters related to their personal data, or requests closure of their account, they may contact us through the channels below:

Contact email: contato@4p.finance
WhatsApp: +55 11 5128-9991

14.3. Jurisdiction

In case of disputes regarding the interpretation or application of this Policy, the parties will seek an amicable solution.

If an amicable solution is not possible, the courts of the district of 4Pay Finance's headquarters are elected to resolve any conflicts arising from this Policy, with express waiver of any other, however privileged, except for mandatory legal provision to the contrary.

14.4. Effective Date

This Privacy Policy enters into force on the date of its publication on 4Pay Finance's official website or through another official means of communication.

Adherence and compliance with this Policy by all users, employees, service providers, and partners is essential to ensure effective protection and privacy of personal data processed by 4Pay Finance.

We are always available to clarify questions, address requests, and ensure that the user remains in control of their personal data.