This Privacy Policy ("Policy") governs the processing of personal data by SUPRASTACK LLC, a New Mexico limited liability company ("SupraPay," "Company," "we," "us," or "our"), acting as a data controller. This Policy applies to all users, visitors, and customers ("User," "you," or "your") of the financial infrastructure platform available at https://www.suprapay.io and all associated services (collectively, the "Services").

SupraPay provides a specialized financial ecosystem enabling talents in African markets to receive international payments (USD/EUR) and access liquidity locally. Our commitment to privacy is absolute, adhering to global standards of data protection while complying with the financial regulations of the United States and the jurisdictions in which we operate.

We process your personal data under the following legal frameworks:

• Contractual Necessity: To perform our obligations under our Terms and Conditions.
• Legal Obligation: To comply with Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and Know Your Customer (KYC) requirements.
• Legitimate Interests: To prevent fraud, ensure network security, and improve our Services.
• Consent: Where you have provided explicit authorization (e.g., biometric processing).

2.1 Information Provided by You

• Account Enrollment Data: Full legal name, residential address, primary email, and mobile telephone number.
• Regulatory Identity Documentation: High-resolution images of government-issued identification (National ID card, Passport), tax identification numbers, and proof of residency (utility bills, bank statements).
• Biometric Verification Data: Facial recognition scans and "liveness" checks performed during the KYC process to prevent identity theft and "deepfake" fraud.
• Professional & Financial Profile: Employment status, job title, industry, source of funds, source of wealth, and intended use of the SupraPay account.

2.2 Automated Technical Data

• Network Identifiers: IP addresses, browser fingerprint, device type, operating system, and MAC address.
• Usage Analytics: Interaction logs, session duration, referral URLs, and heatmaps of platform engagement.
• Geolocation Data: Precise or approximate location data derived from IP addresses to ensure compliance with regional sanctions and "Geo-fencing" requirements.

2.3 Information from Third-Party Sources

• Compliance Partners: Data from Bridge (our primary KYC/VA partner) regarding verification status and risk scoring.
• Public Records: Sanctions lists (OFAC, UN, EU), Politically Exposed Persons (PEP) databases, and adverse media screenings.

SupraPay utilizes collected data for the following mission-critical purposes:

• Transaction Lifecycle Management: Provisioning virtual accounts (VA), receiving international wire transfers (ACH/SEPA), and executing payouts to Mobile Money operators.
• Regulatory Gatekeeping: Mitigating financial crime risks through ongoing monitoring and identity re-verification.
• Service Optimization: Debugging technical architecture, enhancing user experience (UX) based on behavioral data, and capacity planning.
• Corporate Communication: Delivery of transactional alerts, security notices, and critical platform updates.

We do not "sell" personal data in the traditional sense. Disclosure is strictly limited to necessity:

• Financial & KYC Sub-processors: We share data with Bridge and associated banking institutions to generate IBANs and Routing Numbers.
• Payout Intermediaries: Information required by Mobile Money operators (Orange Money, MTN, Wave, Airtel Money) to ensure funds reach the intended recipient.
• Infrastructure Providers: Vercel (Hosting), Directus (Content Management), and AWS/Google Cloud (Data Storage).
• Legal Mandates: Disclosure to federal or state authorities in the US or local regulators in Africa when presented with a valid subpoena or where mandatory reporting is required (e.g., SAR filings).

SupraPay is a US-based entity. Your data is primarily processed and stored within the United States. For Users located in the European Economic Area (EEA) or African jurisdictions with specific data localization laws, your use of the Services constitutes explicit consent to the transfer of data across international borders. We employ Standard Contractual Clauses (SCCs) and robust encryption to safeguard these transfers.

In accordance with 31 CFR § 1020.220 (US Bank Secrecy Act) and global AML standards, SupraPay retains User data for a period of five (5) to ten (10) years following the closure of an account. This retention is mandatory for audit trails and regulatory investigations. Upon the expiration of the legal retention period, data is securely deleted or anonymized.

We implement a multi-layered security framework:

• Encryption: AES-256 for data at rest and TLS 1.3 for data in transit.
• Access Control: Principle of Least Privilege (PoLP) and mandatory Multi-Factor Authentication (MFA).
• Monitoring: Real-time intrusion detection and periodic vulnerability assessments.

Regardless of your geographic location, SupraPay grants you the following rights (subject to regulatory overrides):

• Right to Disclosure: Access your data and receive information about its processing.
• Right to Rectification: Correct inaccurate or incomplete records.
• Right to Erasure: Request deletion (subject to legal retention mandates).
• Right to Data Portability: Obtain your data in a structured, machine-readable format.

To exercise these rights, submit a formal request to privacy@suprapay.io.

If you are a California resident, you have specific rights regarding your personal information, including the right to opt-out of the "sharing" of information for cross-contextual behavioral advertising. SupraPay does not share your financial or identity data for such purposes.

SupraPay reserves the right to amend this Policy at any time. Material changes will be communicated via the registered email address or a prominent notice on the Dashboard. Continued use of the platform after such modifications constitutes acceptance of the revised Policy.

For inquiries regarding this Policy or our data practices:

SUPRASTACK LLC
Attn: Privacy / Legal Department
1209 MOUNTAIN ROAD PL NE STE R
Albuquerque, NM 87110, USA
Email: hello@suprapay.io
Legal Inquiry: privacy@suprapay.io