Privacy and Security

Effective Date: November 1, 2025

1. Overview

SPLIT LLC. is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy & Security Policy (“Policy”) describes how we collect, use, store, and protect information when you use our website, mobile application, or services (collectively, the “Platform”), including when you link a bank account or conduct payment transactions.

By using our Platform, you agree to this Policy and consent to the collection and use of your information as described below. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information when you create or use an account:

Full name, date of birth, and contact information (address, email, phone number).
Government-issued identification (e.g., driver’s license, passport, or SSN) for identity verification.
Linked bank account information, such as routing and account numbers (securely tokenized).
Payment and transaction details: sender, recipient, amount, date, time, and notes or memos.
Device information (model, operating system, IP address, browser type).
Location data when using certain features (if you enable it).
Communications and support interactions between you and us.

2.2 Financial Account Information

When you link a bank account, we use regulated third-party providers (such as Plaid, Finicity, or another authorized financial data network) to verify and maintain your connection. These providers access your banking information using secure, encrypted protocols and return a tokenized reference to our systems—meaning we never see or store your bank login credentials.

We only store the minimal data necessary to facilitate transactions (e.g., last four digits of your account number, account type, and routing number). Your actual login information and passwords are never accessible to us.

3. How We Use Your Information

We use your personal and financial information to:

Facilitate and complete payment transactions.
Verify your identity and comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) laws.
Detect and prevent fraud, unauthorized access, or illegal activity.
Provide customer support and respond to your inquiries.
Send notifications, updates, or alerts related to your account and activity.
Improve platform performance, security, and usability.
Fulfill our legal and regulatory obligations under U.S. federal and state law.

We do not sell or rent your personal or financial information to third-party advertisers or marketers.

4. How We Share Information

We may share your data only in the following limited cases:

Service providers: With trusted partners that help us operate our Platform, process transactions, verify identity, or provide customer support.
Financial institutions: With your linked bank or payment processor to facilitate transfers and settlements.
Regulatory and legal purposes: To comply with subpoenas, court orders, or lawful investigations.
Corporate transactions: If we merge, acquire, or sell part of our business, your data may transfer under the same protections.
Fraud prevention: With industry partners or government agencies if necessary to prevent financial crimes.

All third parties we work with are contractually obligated to maintain the confidentiality and security of your data in accordance with applicable U.S. privacy and banking laws.

5. Data Retention

We retain your personal and financial information for as long as necessary to:

Maintain your account,
Complete transactions,
Comply with applicable federal and state financial recordkeeping laws (e.g., Bank Secrecy Act, USA PATRIOT Act), and
Resolve disputes or enforce agreements.

After account closure, we securely store records for at least the minimum period required by law, after which they are permanently deleted or anonymized.

6. Security Measures

We employ a multi-layered security framework to safeguard your personal and financial information, including:

Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256).
Tokenization: Banking credentials are replaced with secure tokens that cannot be reverse-engineered.
Multi-Factor Authentication (MFA): For account logins and sensitive actions.
Continuous Monitoring: Fraud detection systems track suspicious transactions and login behavior.
Access Controls: Strict internal policies limit who can access your data.
Regular Audits: Routine third-party penetration tests and compliance reviews.

While we use best-in-class security practices, no system is entirely immune to risk. If we discover a data breach affecting your information, we will notify you promptly as required by U.S. federal and state data breach notification laws.

7. Your Responsibilities

To maintain security, you agree to:

Keep your account credentials confidential and never share them with anyone.
Use strong passwords and update them regularly.
Immediately report unauthorized transactions or account access.
Ensure your linked bank accounts are your own and remain active and in good standing.

You are responsible for all activities conducted under your account, except where prohibited by the Electronic Fund Transfer Act (EFTA).

8. U.S. Regulatory Compliance

We comply with all applicable U.S. laws and regulations, including:

Gramm-Leach-Bliley Act (GLBA) – protecting the confidentiality and security of your financial data.
Electronic Fund Transfer Act (EFTA) – governing consumer rights in electronic payments.
California Consumer Privacy Act (CCPA) and similar state privacy laws – providing access, deletion, and opt-out rights.
Bank Secrecy Act (BSA) and USA PATRIOT Act – requiring anti-money laundering and fraud prevention measures.

If you are a California resident, you may request to access, correct, or delete your personal information as permitted by CCPA by contacting us directly (see Contact Page).

9. Children’s Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a child has provided us with information, we will delete it immediately.

10. Changes to This Policy

We may update this Policy from time to time to reflect changes in technology, regulation, or business operations. The “Effective Date” above will always indicate the latest version. Continued use of the Platform after updates constitutes your acceptance of any revised terms.