Privacy Policy

1. Information We Collect

We collect the following categories of personal information:

• Identity information: Full legal name, date of birth, Tax identification number (Social Security Number or EIN) as required by federal securities law, government-issued photo ID.
• Contact information: Email address, phone number, mailing address.
• Financial information: Annual income, net worth, bank account details, investment history, accreditation status.
• Wallet information: Ethereum wallet addresses used to connect to the Platform.
• Usage data: IP address, browser type, pages visited, timestamps, and device identifiers.

Collection of identity and financial information is required by federal Regulation Crowdfunding (Reg CF) and anti-money laundering laws. This information is used solely for compliance and verification purposes.

2. How We Use Your Information

• To verify your identity and complete KYC/AML (Anti-Money Laundering) compliance.
• To process investment transactions and issue security tokens.
• To determine eligibility and enforce Reg CF investment limits.
• To communicate about your investments, account status, and Platform updates.
• To comply with federal and state securities regulations and reporting requirements.
• To improve the Platform, prevent fraud, and ensure security.

3. Third-Party Sharing

We share personal information only as necessary for the following purposes:

• FINRA-registered funding portal: Investment data is shared with our partner funding portal as required by Regulation Crowdfunding.
• KYC/AML provider (Persona): Identity information is transmitted to Persona, our identity verification partner, for compliance checks. Persona's privacy policy is available at withpersona.com.
• Cloud infrastructure (Supabase): Account data is stored on Supabase, which provides encrypted database hosting.
• Email provider (Resend): Email addresses are shared for transactional communications.
• Payment processing (Stripe): Payment and bank account information is processed by Stripe, a PCI-DSS compliant payment provider. Stripe's privacy policy is available at stripe.com/privacy.
• Law enforcement and regulators: We may disclose information when required by law, subpoena, or regulatory inquiry.

We do not sell personal information to third parties for marketing purposes.

4. Data Retention

We retain personal information for as long as your account is active and for a minimum of five (5) years after your last transaction, as required by federal securities record-keeping rules. KYC documentation is retained for a minimum of five years after the account is closed. You may request deletion of non-regulatory data by contacting us.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

Smart contract interactions and token transfers are recorded on the Arbitrum blockchain and are publicly visible by design. Wallet addresses associated with your account may be observable on-chain.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of data not required for regulatory compliance.
• Portability: Request your data in a machine-readable format.
• Opt-out: Unsubscribe from non-essential communications at any time.

7. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information is collected, request its deletion, and opt out of the sale of personal information. BaseLots does not sell personal information. To exercise your rights, contact us at the address below.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use analytics to understand Platform usage. You may disable non-essential cookies in your browser settings without affecting core functionality.

9. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

10. Contact