Telcoin Digital Asset Bank
Privacy Policy

Effective Date: December 16, 2024

1. OVERVIEW

Telcoin, Inc., doing business as Telcoin Digital Asset Bank ("TDAB," "we," "us," or "our"), a digital asset depository institution chartered under the laws of the State of Nebraska, respects your privacy and is committed to protecting it through our compliance with this Privacy Policy (this "Policy").

This Policy describes the types of information we may collect from you or that you may provide when you:

  • Visit our website at https:/bank.telco.in/ (the "Website")

  • Download and use the Telcoin mobile application (the "App")

  • Use our digital asset banking services (the "Services")

  • Interact with our platforms (together with the Website and App, the "Platform")

Please read this Policy carefully as it is legally binding when you use our Services.

By continuing your interactions with us, such as by submitting information to us or using our Services, you confirm that you understand and consent to the collection, use, disclosure, and processing of your personal data in the manner set forth in this Privacy Policy.

This Privacy Policy is incorporated by reference into our Terms of Use. For customers who open accounts with TDAB, this Policy works together with the Telcoin Digital Asset Bank Customer Agreement.

1.1 Data Controller

For purposes of applicable data protection laws, including the Nebraska Data Privacy Act, TDAB is the controller of your personal information. Our contact information is:

Telcoin, Inc. d/b/a Telcoin Digital Asset Bank

2200 Taylor Avenue, Suite 200

Norfolk, Nebraska 68701

Email: privacy@telco.in

1.2 Regulatory Oversight

TDAB is regulated by the Nebraska Department of Banking and Finance. For regulatory complaints, you may contact:

Nebraska Department of Banking and Finance

1526 K Street, Suite 300

Lincoln, NE 68508

Phone: 402.471.2171

Website: ndbf.nebraska.gov

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

We collect information that you provide directly to us when you:

  • Register for an account

  • Complete our customer onboarding and KYC/AML verification

  • Use our Services

  • Contact customer support

  • Participate in surveys or promotions

  • Communicate with us via email, phone, or other channels

Categories of Personal Information We Collect:

Identity Information: Name, date of birth, social security number, government-issued identification documents (driver's license, passport), photographs, and biometric data (as necessary for identity verification).

Contact Information: Email address, phone number, physical address, and preferred communication methods.

Financial Information: Bank account information, payment card details, transaction history, account balances, credit history, source of funds, and employment information.

Technical Information: IP address, device identifiers, browser type and version, operating system, login information, and geolocation data.

Transaction Information: Details of transactions you carry out using our Services, including timestamps, amounts, recipients, and geographic locations.

Sensitive Data: We may collect sensitive personal data as defined under the Nebraska Data Privacy Act, including:

  • Biometric data for identity verification

  • Precise geolocation data (within 1,750 feet radius)

  • Government identification numbers (SSN, tax ID)

  • Financial account credentials

We will obtain your explicit consent before processing sensitive data as required by Nebraska law.

2.2 Information Collected Automatically

When you access or use our Platform, we automatically collect:

  • Device information (device type, operating system, unique device identifiers)

  • Usage information (pages viewed, features used, time spent, clickstream data)

  • Location information (IP-based location, GPS location with your permission)

  • Network information (internet service provider, connection type)

  • Log data (access times, error logs, referring URLs)

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Identity verification services and KYC/AML providers

  • Credit bureaus and financial institutions

  • Blockchain networks and transaction validators

  • Payment processors and correspondent banks

  • Fraud prevention and cybersecurity service providers

  • Marketing and analytics providers

  • Public databases and government registries

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to:

  • Recognize you when you return to our Platform

  • Remember your preferences and settings

  • Understand how you use our Services

  • Detect and prevent fraud

  • Improve our Platform's performance and security

  • Provide personalized content and advertising

Your Cookie Choices: You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Platform. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

3. HOW WE USE YOUR INFORMATION

3.1 Purposes of Processing

We use your personal information for the following purposes:

To Provide Services:

  • Process your account registration and onboarding

  • Verify your identity and conduct KYC/AML checks

  • Process transactions and maintain your account

  • Issue and manage digital assets (e.g. eUSD stablecoins)

  • Provide customer support and respond to inquiries

  • Send transaction confirmations and account notifications

For Legal and Regulatory Compliance:

  • Comply with international, Federal and state banking regulations

  • Meet anti-money laundering (AML) and counter-terrorist financing (CTF) obligations

  • Comply with economic sanctions and OFAC requirements

  • Respond to legal process, subpoenas, and government requests

  • File Suspicious Activity Reports (SARs) as required by law

  • Maintain required records and audit trails

  • Report to tax authorities as required

For Security and Fraud Prevention:

  • Detect, prevent, and investigate fraud and suspicious activity

  • Protect against security threats and cyberattacks

  • Monitor transactions for unusual patterns

  • Verify the legitimacy of transactions

  • Block transactions to sanctioned or prohibited addresses

To Improve Our Services:

  • Analyze usage patterns and trends

  • Conduct research and development

  • Test new features and functionality

  • Troubleshoot technical issues

  • Optimize Platform performance

For Marketing and Communications:

  • Send promotional materials about our Services (with your consent)

  • Provide information about new features and products

  • Send newsletters and updates

  • Conduct surveys and gather feedback

For Business Operations:

  • Manage risk and maintain operational integrity

  • Conduct internal audits and quality assurance

  • Train staff and develop policies

  • Protect our legal rights and interests

3.2 Legal Bases for Processing (Nebraska Data Privacy Act)

Under the Nebraska Data Privacy Act, we process your personal data based on the following legal grounds:

  • Consent: When you have provided explicit consent, particularly for processing sensitive data.

  • Contract Performance: To fulfill our obligations under our agreements with you, including the Terms of Use and Customer Agreement.

  • Legal Obligation: To comply with Federal and Nebraska banking laws, AML/CTF regulations, and other legal requirements.

  • Legitimate Interests: To pursue our legitimate business interests in providing secure digital asset banking services, preventing fraud, and improving our Platform, provided these interests are not overridden by your privacy rights.

4. HOW WE SHARE YOUR INFORMATION

4.1 Third Parties We Share With

We may share your personal information with the following categories of third parties:

Service Providers and Processors:

  • Identity verification and KYC/AML service providers

  • Cloud storage and hosting providers (e.g., Amazon Web Services, Microsoft Azure)

  • Payment processors and correspondent banks

  • Customer support platforms

  • Analytics and data processing services

  • Cybersecurity and fraud prevention services

  • Marketing and communications platforms

Financial Institutions:

  • FDIC-insured banks holding reserve funds

  • Payment networks and clearing houses

  • Cryptocurrency exchanges and trading platforms

Regulatory and Law Enforcement:

  • Nebraska Department of Banking and Finance

  • Federal regulators (FinCEN, OFAC, IRS)

  • Law enforcement agencies

  • Courts and legal authorities

Business Partners and Affiliates:

  • Telcoin Group affiliates for operational purposes

  • Business partners providing complementary services

Professional Advisors:

  • Legal counsel

  • Accountants and auditors

  • Compliance consultants

4.2 Circumstances of Disclosure

We disclose your personal information in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share your information.

  • For Service Delivery: To third-party service providers who assist us in operating our Platform and providing Services.

  • Legal Requirements: To comply with court orders, subpoenas, legal process, or regulatory demands.

  • Fraud Prevention: To investigate, prevent, or take action regarding suspected fraud or illegal activity.

  • Business Transactions: In connection with a merger, acquisition, sale of assets, or bankruptcy proceeding.

  • Protection of Rights: To protect TDAB's rights, property, or safety, or that of our customers or others.

4.3 No Sale of Personal Information

TDAB does not sell your personal information to third parties. We do not exchange your personal data for monetary or other valuable consideration. Any sharing of information is limited to the purposes described in this Privacy Policy.

4.4 Data Processing Agreements

When we engage processors to handle personal data on our behalf, we enter into written contracts that:

  • Specify clear instructions for data processing

  • Define the nature, purpose, and duration of processing

  • Require confidentiality obligations

  • Ensure appropriate security measures

  • Require deletion or return of data upon request

  • Permit reasonable audits and assessments

5. DATA SECURITY

5.1 Security Measures

We implement comprehensive technical, physical, and administrative security measures to protect your personal information, including:

Technical Safeguards:

  • Encryption of data in transit and at rest

  • Multi-factor authentication

  • Firewalls and intrusion detection systems

  • Regular security testing and vulnerability assessments

  • Secure software development practices

  • Access controls and authorization protocols

Physical Safeguards:

  • Secure data centers with restricted access

  • Environmental controls and monitoring

  • Backup and disaster recovery systems

Administrative Safeguards:

  • Employee background checks

  • Regular security training and awareness programs

  • Incident response and breach notification procedures

  • Access limited to employees with a business need to know

  • Confidentiality agreements with all personnel

5.2 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials

  • Using strong, unique passwords

  • Enabling multi-factor authentication when available

  • Not sharing your login information with others

  • Logging out after each session

  • Promptly notifying us of any unauthorized access

IMPORTANT: TDAB will never ask you to share your password via email, text message, or phone call. If you receive such a request, do not respond and contact us immediately at privacy@telco.in.

5.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Investigate the breach and assess its scope

  • Take immediate steps to contain and remediate the breach

  • Notify you within 72 hours or as required by applicable law

  • Notify the Nebraska Department of Banking and Finance

  • Provide information about the breach and steps you can take to protect yourself

  • Cooperate with law enforcement and regulatory authorities

6. YOUR PRIVACY RIGHTS

6.1 Rights Under the Nebraska Data Privacy Act

As a Nebraska resident, you have the following rights regarding your personal data:

Right to Know:

  • The categories and specific pieces of personal data we have collected about you

  • The categories of sources from which we collected your personal data

  • The business or commercial purposes for collecting your personal data

  • The categories of third parties with whom we share your personal data

Right to Access: You may request a copy of the personal data we maintain about you.

Right to Correction: You may request that we correct inaccurate personal data we have about you.

Right to Deletion: You may request that we delete your personal data, subject to certain exceptions.

Right to Data Portability: You may request that we provide your personal data in a portable, machine-readable format.

Right to Opt-Out: You have the right to opt-out of:

  • The sale of your personal data (though we do not sell personal data)

  • Targeted advertising

  • Certain automated profiling that produces legal or similarly significant effects

Right to Consent or Withdraw Consent: You have the right to consent to or withdraw consent for the processing of your sensitive data.

Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.

6.2 How to Exercise Your Rights

To exercise any of these rights, you may:

  • Email us at privacy@telco.in

  • Submit a request through your account settings

  • Mail a written request to our address listed in Section 1.1

Response Timeline: We will respond to your request within 45 days of receipt. If we need additional time (up to 90 days total), we will notify you of the extension and the reason.

Verification: To protect your privacy, we will verify your identity before processing your request. We may require additional information to confirm your identity.

6.3 Appeal Process

If we deny your request, you have the right to appeal our decision. To appeal:

  • Submit your appeal within 60 days of our decision

  • We will respond to your appeal within 60 days

  • If we deny your appeal, we will provide an online mechanism for you to submit a complaint to the Nebraska Attorney General

6.4 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The authorized agent must provide:

  • Proof of authorization (power of attorney or signed permission)

  • Verification of their own identity

  • Verification of your identity

7. DATA RETENTION

7.1 Retention Periods

We retain your personal information for as long as necessary to:

  • Provide you with Services

  • Comply with legal and regulatory obligations

  • Resolve disputes and enforce our agreements

  • Prevent fraud and ensure security

Specific Retention Requirements:

  • Transaction records: 7 years (as required by federal banking regulations)

  • KYC/AML documentation: 7 years after account closure

  • Tax records: 7 years (as required by IRS regulations)

  • Customer communications: 7 years

  • Audit logs and security records: 7 years

7.2 Dormant Accounts

If your account becomes dormant (no activity for 12 consecutive months):

  • We will attempt to contact you using the information on file

  • Your account may be subject to dormancy fees as disclosed in our fee schedule

  • If dormant for 3 years, funds may be transferred to the State of Nebraska under escheatment laws

7.3 Deletion of Data

Upon your request or when retention is no longer necessary, we will:

  • Securely delete or anonymize your personal data

  • Instruct our service providers to do the same

  • Maintain certain data as required by law or for legitimate business purposes

8. INTERNATIONAL DATA TRANSFERS

TDAB primarily operates within the United States and stores data on servers located in the United States. Your information may be processed by staff or service providers operating outside Nebraska but within the United States.

If we transfer data outside the United States, we will ensure appropriate safeguards are in place, including:

  • Standard contractual clauses

  • Adequacy decisions by relevant authorities

  • Other legally compliant transfer mechanisms

9. CHILDREN'S PRIVACY

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors under 18.

If we become aware that we have collected personal information from a person under 18, we will:

  • Delete the information immediately

  • Terminate the account

  • Notify the Nebraska Department of Banking and Finance if required

If you believe we have collected information from a minor, please contact us immediately at privacy@telco.in.

10. NEBRASKA-SPECIFIC PROVISIONS

10.1 Compliance with Nebraska Data Privacy Act

TDAB complies with all requirements of the Nebraska Data Privacy Act, which became effective January 1, 2025.

10.2 Consent for Sensitive Data

We obtain your explicit consent before processing sensitive data, including:

  • Biometric data used for identity verification

  • Precise geolocation data

  • Government identification numbers

  • Financial account access credentials

You may withdraw your consent at any time, but this may limit our ability to provide certain Services.

10.3 Data Protection Assessments

We conduct and document data protection assessments for processing activities that present heightened privacy risks, including:

  • Processing of sensitive data

  • Targeted advertising activities

  • Sale of personal data (though we do not sell data)

  • Profiling that produces legal or similarly significant effects

These assessments are available to the Nebraska Attorney General upon request.

10.4 Nebraska Residents' Complaints

Nebraska residents with unresolved privacy complaints may contact:

Nebraska Attorney General

Consumer Protection Division

2115 State Capitol

Lincoln, NE 68509

Phone: 402.471.2682

Email: ago.consumer@nebraska.gov

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies We Use

Essential Cookies: Required for the Platform to function. These cannot be disabled.

  • Authentication cookies

  • Security cookies

  • Load balancing cookies

Functional Cookies: Enhance functionality and personalization.

  • Language preferences

  • User settings

  • Remember-me functions

Analytics Cookies: Help us understand how you use our Platform.

  • Google Analytics

  • Usage statistics

  • Performance monitoring

Marketing Cookies: Used to deliver relevant advertising (with your consent).

  • Advertising networks

  • Social media pixels

  • Retargeting cookies

11.2 Managing Cookies

You can control cookies through:

  • Your browser settings (see your browser's help menu)

  • Our cookie consent manager (available on first visit)

  • Opt-out tools provided by third-party analytics and advertising services

Browser-specific cookie management:

  • Chrome: Settings > Privacy and Security > Cookies

  • Firefox: Options > Privacy & Security > Cookies and Site Data

  • Safari: Preferences > Privacy > Manage Website Data

  • Edge: Settings > Privacy, search, and services > Cookies

11.3 Third-Party Analytics and Advertising

We use third-party services for analytics and advertising, including:

These services may use cookies and similar technologies to collect information about your use of our Platform and other websites.

12. DO NOT TRACK SIGNALS

Some browsers support "Do Not Track" (DNT) signals. Because there is no common understanding of how to interpret DNT signals, we do not currently respond to DNT browser signals.

However, Nebraska residents can exercise their opt-out rights as described in Section 6.1.

13. THIRD-PARTY LINKS

Our Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third parties.

We encourage you to review the privacy policies of any third-party services before providing your personal information.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices

  • Changes in applicable laws or regulations

  • New features or services

  • Security improvements

When we make material changes, we will:

  • Post the updated Privacy Policy on our Website

  • Update the "Effective Date" at the top of this Policy

  • Notify you via email if you have an account with us

  • Provide notice through our mobile application

  • Obtain your consent if required by law

Your continued use of our Services after changes become effective constitutes your acceptance of the revised Privacy Policy.

15. CONTACT INFORMATION

15.1 Privacy Questions and Requests

For questions about this Privacy Policy or to exercise your privacy rights, contact:

Privacy Office

Telcoin, Inc. d/b/a Telcoin Digital Asset Bank

2200 Taylor Avenue, Suite 200

Norfolk, Nebraska 68701

Email: privacy@telco.in

15.2 Regulatory Contact

For regulatory matters or complaints:

Nebraska Department of Banking and Finance

1526 K Street, Suite 300

Lincoln, NE 68508

Phone: 402.471.2171

Website: ndbf.nebraska.gov

Email: dob.consumer@nebraska.gov

15.3 Customer Support

For general customer support questions:

Email: support@telco.in

16. ADDITIONAL STATE-SPECIFIC RIGHTS

16.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Please contact us at privacy@telco.in for information about your California privacy rights.

16.2 Other States

Residents of other states with comprehensive privacy laws may have additional rights. Please contact us to inquire about rights specific to your state.

17. ACCESSIBILITY

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you experience any difficulty accessing this Policy, please contact us at privacy@telco.in, and we will provide the information in an alternative format.

18. EFFECTIVE DATE AND VERSION

This Privacy Policy is effective as of December 16, 2024.

Version 2.0 - Updated for TDAB and Nebraska Data Privacy Act compliance

© 2025 Telcoin, Inc. All rights reserved.