Privacy Policy

Digipae is a mobile payments and digital identity application operated by Ceivis LLC, a Missouri limited liability company ("Ceivis," "we," "us," or "our"). Our registered address is 11628 Old Ballas Rd Ste 345, St. Louis, MO 63141.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Digipae mobile application and related services (collectively, the "Service").

By using Digipae, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2.1 Information You Provide Directly

• Account information: Mobile phone number, full name, email address, date of birth, and home address
• Identity verification documents: Government-issued ID (driver's license, passport, state ID), Social Security Number (last 4 digits), and selfie/biometric data submitted for KYC verification
• Financial information: Bank account details, debit/credit card numbers (tokenized via Stripe), payment history, wallet balance, and transaction records
• Communications: Support tickets, messages, and feedback you send to us
• Profile information: Username, payment link preferences, and notification settings

2.2 Information Collected Automatically

• Device information: Device type, operating system, unique device identifiers, push notification tokens
• Usage data: App screens visited, features used, transaction timestamps, session duration
• Location data: Approximate location (city/region level) for fraud detection — we do not collect precise GPS location
• Log data: IP address, app crashes, performance data collected via Sentry (error monitoring)

2.3 Information from Third Parties

• Identity verification: Identity verification results and watchlist screening data from Socure Inc.
• Payment processing: Payment status, card verification, and fraud signals from Stripe Inc.
• Authentication: Phone number verification via Firebase (Google LLC)

2.4 Sensitive Personal Information

Digipae collects certain categories of sensitive personal information including government ID numbers, financial account details, and biometric data used for identity verification. This data is collected only as necessary to provide the Service and comply with legal obligations. We do not use sensitive personal information for advertising or marketing purposes.

We do not sell your personal information to third parties. We do not use your personal data for targeted advertising. We do not share your financial data for marketing purposes.

We share your personal information only in the following circumstances:

4.1 Service Providers (Sub-Processors)

We engage trusted third-party companies to operate the Service. All service providers are bound by data processing agreements and must protect your data to the same standard as required by this policy.

4.2 Legal Requirements

We may disclose your information when required by law, including:

• Compliance with Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations
• Suspicious Activity Reports (SARs) filed with FinCEN when legally required
• Currency Transaction Reports (CTRs) for transactions over $10,000
• Responses to valid court orders, subpoenas, or government requests
• OFAC sanctions screening obligations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or prominent in-app notice before your data is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, which you may withdraw at any time.

We implement industry-standard security measures to protect your personal information:

• Encryption at rest: All data stored in Convex is encrypted using AES-256
• Encryption in transit: All communications use TLS 1.2 or higher
• Authentication: Multi-factor authentication via SMS OTP for all accounts
• Payment security: Card data is handled by Stripe (PCI DSS Level 1 certified) — we never store raw card numbers
• Device binding: New device logins trigger security alerts
• PIN authorization: Payments require PIN or biometric confirmation
• Access controls: Role-based access limits employee access to your data
• Audit logs: All sensitive operations are logged for security review
• Rate limiting: Payment endpoints are rate-limited to prevent abuse

5.1 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law, including within 72 hours where required by applicable regulation. Notification will be provided via email to your registered address and/or in-app notice.

6.1 Retention Periods

6.2 Account Deletion

You may request deletion of your account at any time through:

• In-app: Profile → Settings → Delete Account
• Email: privacy@digipae.com with subject "Account Deletion Request"
• Web: digipae.com/support

Upon deletion, we will remove your personal data from active systems within 30 days. However, certain transaction records and identity verification data must be retained as required by federal financial regulations (BSA, AML). This retained data is isolated from active systems and is only accessible for regulatory compliance purposes.

7.1 Access and Correction

You have the right to access the personal information we hold about you and to correct inaccurate data. You can update most information directly in the app under Profile → Personal Info. For other corrections, contact privacy@digipae.com.

7.2 Data Portability

You may request a copy of your personal data in a machine-readable format by contacting privacy@digipae.com. We will respond within 30 days.

7.3 Opt-Out Rights

• Push notifications: Disable in app settings or device notification settings
• Email receipts: Contact support@digipae.com to opt out of non-essential emails. Transaction receipts required by law cannot be disabled.
• Marketing communications: We do not currently send marketing emails. If we do in the future, every email will include an unsubscribe link.

7.4 Withdrawal of Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time. Note that withdrawing consent for required processing (such as KYC) may result in account suspension.

7.5 Complaints

If you believe your privacy rights have been violated, you may contact us at privacy@digipae.com. You also have the right to file a complaint with the Federal Trade Commission (FTC) at ftc.gov/complaint or with your state's consumer protection office.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights regarding your personal information.

8.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, phone, IP address, device ID)
• Financial information (bank account, card data via Stripe)
• Sensitive personal information (government ID, SSN last 4, biometric data)
• Commercial information (transaction history, payment records)
• Internet activity (app usage, crash logs)
• Geolocation data (approximate location for fraud detection)

8.2 Your California Rights

• Right to Know: Request disclosure of personal information we collect, use, disclose, or sell
• Right to Delete: Request deletion of your personal information (subject to legal exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information (we do not sell personal information)
• Right to Limit Use of Sensitive Information: Limit use of sensitive personal information beyond necessary service purposes
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

8.3 Do Not Sell or Share

Digipae does not sell personal information to third parties and does not share personal information for cross-context behavioral advertising purposes.

8.4 Submitting a California Rights Request

To submit a verifiable consumer request, contact us at privacy@digipae.com or through our support portal at digipae.com/support. We will respond within 45 days. We may ask you to verify your identity before processing your request.

Authorized Agents: California residents may designate an authorized agent to submit requests on their behalf. We may require written proof of authorization.

Digipae is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@digipae.com and we will delete such information promptly.

Age verification is performed during the KYC onboarding process. Users who cannot verify they are 18 or older will not be permitted to use the Service.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send an in-app notification to active users
• Send an email notification to your registered address for significant changes
• Where required by law, obtain your renewed consent

We encourage you to review this policy periodically. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

For privacy-related questions, requests, or concerns, please contact us:

We aim to respond to all privacy requests within 30 days. For urgent security concerns, please email security@digipae.com directly.