Privacy Policy

1. Scope

1.1 This Privacy Policy explains how [LEGAL ENTITY NAME — the controller that contracts with users; confirm exact legal name, entity type, and jurisdiction] ("Escrow Bunny," "we," "us") collects, uses, discloses, retains, and protects personal data when you use the Escrow Bunny platform, websites, applications, and APIs (the "Service").

1.2 This Policy applies to Buyers, Sellers, Organization representatives, beneficial owners, and visitors. It is incorporated by reference into the Terms of Service.

1.3 Controller/processor roles. Escrow Bunny acts as [data controller / business — confirm] for the personal data described here. Escrow Bunny acts as a [processor / service provider] only where expressly stated. [Counsel to confirm controller/processor characterization per jurisdiction and per data category, including for Organization-supplied data.]

1.4 This Policy does not govern third parties' own processing under their own privacy notices (see Section 7).

2. Definitions

• "Personal data" / "personal information" — information relating to an identified or identifiable individual, as defined under applicable law.
• "Processing" — any operation performed on personal data (collection, use, storage, disclosure, deletion, etc.).
• "Controller" / "Business" — the entity that determines the purposes and means of processing.
• "Processor" / "Service Provider" — an entity that processes personal data on behalf of a controller.
• "Sub-processor" — a third party engaged by a processor to process personal data.
• "Verified by Toni" — the third-party identity (KYC) and business (KYB) verification provider.
• "Sensitive data" — categories treated as sensitive/special under applicable law (e.g., biometric data, government identifiers), where applicable.
• Other capitalized terms have the meaning given in the Terms of Service.

3. Categories of Personal Data We Collect

Note: Exact fields must be reconciled against the actual product, database, and API specifications, which were not available for this draft. Categories below are derived from stated product facts.

3.1 Account and identity data: name, email address, phone number, account credentials, and profile information.

3.2 Identity verification data (via Verified by Toni): information submitted for KYC/KYB. [PLACEHOLDER — confirm with Verified by Toni provider documentation and counsel which of the following are processed: government-issued ID document images; selfie/photo; biometric data; liveness/facial-geometry data; date of birth; nationality; residential address; tax identifiers; business registration and formation data; beneficial-owner identity and ownership-percentage data; sanctions/watchlist match data; politically-exposed-person (PEP) status; adverse-media findings. Mark each as collected/not collected once confirmed; classify any sensitive/biometric categories and add the legally required consent and notices.]

3.3 Organization data: organization name, registration details, roles, and authorized representatives.

3.4 Transaction and escrow data: Escrow parameters, Milestones, approvals, party roles, amounts, status, refunds, cancellations, and releases.

3.5 Documents and messages: files, transaction documents, and messages exchanged through the Platform.

3.6 Dispute data: dispute submissions and supporting evidence.

3.7 Consent and acknowledgement records: records of consents and acceptances captured by document type and exact version, including associated User, timestamp, IP address, and user agent.

3.8 Ledger and audit data: double-entry Ledger records and immutable, hash-chained Audit Logs containing event metadata that may include identifiers, IP address, and user agent.

3.9 Technical and usage data: IP address, device and browser information, user agent, log data, and diagnostic/error data (including via Sentry).

3.10 Communications data: support and notice communications (including email delivered via Brevo).

3.11 Payment data: [NOT COLLECTED AT LAUNCH unless a funding mechanism is active — confirm. If/when a payment processor such as Stripe is activated, describe the limited payment-related data and the processor's role; Escrow Bunny [does/does not] store full payment-instrument numbers — confirm.]

3.12 We do not process cryptocurrency wallet data, blockchain data, or investment-account data, as the Platform does not offer such functionality.

4. Sources of Personal Data

We collect personal data: (a) directly from you; (b) from the Organization on whose behalf you act; (c) from Verified by Toni and the screening sources it uses; (d) automatically through your use of the Service; and (e) from other Parties to an Escrow as necessary to operate the transaction.

5. Purposes and Legal Bases for Processing

5.1 We process personal data to:

• create and administer Accounts and Organizations;
• verify identity and business status and conduct sanctions/watchlist screening and ongoing monitoring;
• operate Escrow workflows (Milestones, approvals, disputes, refunds, cancellations, releases);
• maintain the Ledger and immutable Audit Logs;
• capture and evidence consents and agreement acceptance;
• provide support and handle complaints, notices, and legal requests;
• detect, prevent, and investigate fraud, abuse, and security incidents;
• comply with legal, regulatory, anti-money-laundering, sanctions, tax, and recordkeeping obligations;
• communicate service and transactional messages; and
• improve and secure the Service.

5.2 Legal bases (where applicable, e.g., under GDPR/UK GDPR-style regimes): performance of a contract; compliance with a legal obligation; legitimate interests (fraud prevention, security, service operation); and consent where required (e.g., certain identity/biometric processing and non-essential communications). [Counsel to confirm the applicable bases per jurisdiction and per data category, and to map lawful bases for any sensitive/biometric data.]

5.3 We do not use personal data for [automated decision-making producing legal/similarly significant effects — confirm whether verification rejection or screening involves solely automated decisions and add the legally required disclosures, human-review rights, and safeguards if so].

6. Disclosure of Personal Data

We disclose personal data to:

6.1 Other Parties to an Escrow — to the extent necessary to operate the transaction (e.g., counterparties and Organization members see role-appropriate transaction information).

6.2 Service providers / sub-processors (Section 7).

6.3 Verified by Toni — for identity and business verification and screening (Section 8).

6.4 Legal and regulatory recipients — courts, regulators, law enforcement, or other authorities where required by law or legal process, or to protect rights, safety, and the integrity of the Service. [Counsel to confirm disclosure standards, any anti-tipping-off constraints, and notice obligations.]

6.5 Corporate transactions — in connection with a merger, acquisition, financing, or asset sale, subject to appropriate safeguards.

6.6 We do not sell personal data. [Confirm "sale"/"share" status under US state privacy laws; if targeted advertising or "sharing" occurs, add opt-out mechanisms — counsel decision.]

7. Third-Party Service Providers and Sub-Processors

The Service relies on the following providers, which may process personal data on our behalf or as independent controllers for their own operational purposes:

7.1 Sub-processor list and changes. [PLACEHOLDER — maintain a current sub-processor list and a change-notification mechanism; confirm hosting regions and data-center locations for each DigitalOcean service.]

7.2 Providers are bound by [data processing agreements / contractual safeguards — confirm executed DPAs are in place for each].

8. Verified by Toni — Identity and Business Verification Disclosures

8.1 What is sent. To verify identity and business status, we transmit to Verified by Toni the user and organization data necessary for verification and screening. [PLACEHOLDER — confirm against Verified by Toni provider documentation exactly which categories are transmitted, including whether: biometric data; liveness data; document image data; residential address; tax data; business registration data; beneficial-owner data; sanctions screening data; PEP data; and adverse-media data are processed. State each category's status (sent / not sent) once confirmed.]

8.2 Purpose. Identity (KYC) verification, business (KYB) verification, beneficial-owner verification, sanctions/watchlist screening, PEP screening, and adverse-media screening, and ongoing monitoring, to the extent provided. [Confirm which checks are performed at launch.]

8.3 Provider as controller/processor. [PLACEHOLDER — confirm whether Verified by Toni acts as an independent controller for certain processing (e.g., maintaining its own verification/fraud records) or solely as our processor; disclose accordingly.]

8.4 Provider retention and deletion. [PLACEHOLDER — state Verified by Toni's retention and deletion periods for submitted data and verification results, per provider documentation. Do not assert periods until confirmed.]

8.5 User consent. Where required, you consent to the transmission and processing of your information (including any sensitive/biometric categories, if applicable) by Verified by Toni for the purposes above. Consent language and the specific categories will be presented at the point of verification and captured by document type and exact version. [Counsel to finalize consent text, especially for any biometric/liveness processing, including jurisdiction-specific biometric-privacy requirements.]

8.6 Verification outcomes. Verification may result in approved, rejected, expired, needs-review/manual-review, or appeal states. We process the outcome and related metadata to gate Account capabilities and Escrow funding. See the KYC/KYB and Sanctions Screening Policy for the operational flows, including how you may seek manual review or appeal an adverse determination.

9. International Data Transfers

9.1 Personal data may be processed in countries other than your own, including where our providers operate. [PLACEHOLDER — identify processing locations/regions for DigitalOcean (PostgreSQL, Valkey/Redis, Spaces), Brevo, Sentry, and Verified by Toni, and the transfer mechanisms relied upon (e.g., standard contractual clauses or equivalent). Counsel to confirm adequacy and safeguards per jurisdiction.]

10. Data Retention

10.1 We retain personal data for as long as necessary for the purposes described, and as required by law and our legal/recordkeeping obligations.

10.2 Retention periods for escrow records, Ledger records, identity records, Audit Logs, consents, documents, messages, and dispute evidence are set out in the Data Retention and Deletion Policy, which is incorporated by reference. [Specific periods are PLACEHOLDERS pending counsel determination per jurisdiction and recordkeeping law.]

10.3 Immutable records. Ledger entries and Audit Logs are immutable and hash-chained and cannot be altered or selectively erased; this constrains certain deletion requests as described in Section 11 and the Data Retention and Deletion Policy. [Counsel to confirm how erasure rights are reconciled with immutable financial/audit records and legal-retention obligations.]

11. Your Privacy Rights

11.1 Subject to applicable law and verification of your identity, you may have rights to: access; rectification; erasure/deletion; restriction; objection; portability; withdrawal of consent (without affecting prior lawful processing); and to lodge a complaint with a supervisory authority. [Counsel to tailor the rights list and conditions per applicable regimes, including US state privacy laws and GDPR/UK-style regimes.]

11.2 Limits. Certain rights are limited where data must be retained for legal, regulatory, anti-money-laundering, audit, dispute, or recordkeeping purposes, or where data resides in immutable Ledger/Audit records. We will explain applicable limitations when responding.

11.3 How to exercise rights. Submit requests to [PRIVACY REQUEST CHANNEL / EMAIL / FORM — PLACEHOLDER]. We will respond within [statutory/required timeframe — PLACEHOLDER]. We may need to verify your identity before acting.

11.4 Authorized agents / Organization data. Requests concerning Organization-supplied data or made by authorized agents are handled per [PLACEHOLDER — process and verification standard, counsel decision].

12. Cookies and Similar Technologies

12.1 The Service may use cookies and similar technologies for authentication, security, and functionality. [PLACEHOLDER — provide a cookie inventory and, where required, a consent banner/preference mechanism; confirm whether any analytics/non-essential cookies are used. Counsel decision.]

13. Security

13.1 We implement administrative, technical, and organizational measures designed to protect personal data, including measures around access control, encryption [confirm encryption in transit/at rest specifics against security spec], and audit logging.

13.2 No system is perfectly secure. We cannot guarantee absolute security, and security also depends on third-party providers (Section 7) and on your safeguarding of credentials. Security limitations and third-party provider risk are addressed further in the Terms of Service and the Support, Complaints, and Legal Notices Policy. [Reconcile this section against the actual security specification, which was not available for this draft.]

13.3 Breach notification. In the event of a personal-data breach, we will notify affected individuals and authorities where required by law and within required timeframes. [Counsel to confirm thresholds, timelines, and content per jurisdiction.]

14. Children's Data

14.1 The Service is not directed to children and is intended for users who meet the eligibility requirements in the Terms of Service. We do not knowingly collect personal data from children below the applicable age. [Confirm minimum age and any children's-privacy obligations with counsel.]

15. Changes to This Policy

15.1 We may update this Policy. Material changes will be notified by [notice method — PLACEHOLDER] with a stated effective date. The version and effective date are recorded, and where consent is required it is captured by document type and exact version.

16. User Acknowledgements

By using the Service, you acknowledge that:

• You have read this Privacy Policy and understand the categories of data processed and the purposes.
• You understand identity and organization data may be transmitted to Verified by Toni for verification and screening, and you consent where consent is required (including for any sensitive/biometric categories, subject to the final consent text).
• You understand certain data resides in immutable Ledger and Audit Log records and that this constrains some deletion requests.
• You understand third-party providers (DigitalOcean, DigitalOcean Spaces, Brevo, Sentry, Verified by Toni, and any future payment processor) are involved in processing.
• You understand how to exercise your privacy rights and the limits that may apply.

Acceptance/consent capture: Where consent is required, it is recorded by document type and exact version, with associated User, timestamp, IP address, and user agent.

17. Contact / Legal Notice

• Controller / operating entity: [LEGAL ENTITY NAME — PLACEHOLDER]
• Registered address: [ADDRESS — PLACEHOLDER]
• Privacy / data protection contact: [DPO OR PRIVACY CONTACT NAME & EMAIL — PLACEHOLDER]
• EU/UK representative (if applicable): [PLACEHOLDER — confirm whether an Article 27-type representative is required]
• Privacy request channel: [EMAIL / PORTAL / FORM — PLACEHOLDER]
• Supervisory authority info: [PLACEHOLDER — relevant authority/authorities per jurisdiction]

18. Change History