Privacy Policy

1. Introduction

KrossBridge, Inc. (“KrossBridge,” “we,” “us,” or “our”) is a company incorporated under the laws of the State of Delaware, United States, with its registered office at 131 Continental Dr, Suite 305, Newark, DE 19713, United States.

KrossBridge is an authorised reseller of goods and services and provides corresponding ancillary services such as payment operations, billing, tax handling, fraud prevention, compliance support, checkout, subscription management through our websites, applications, APIs, hosted payment pages, software, and related systems (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, retain, and protect Personal Data in connection with:

• our Services;
• our websites and applications;
• seller onboarding and account administration;
• payment transactions and related operations;
• communications and support interactions; and
• other business operations.

This Privacy Policy also explains certain rights and choices available to individuals under applicable privacy laws.

By using the Services or interacting with KrossBridge, you acknowledge the practices described in this Privacy Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to Personal Data processed by KrossBridge in connection with:

• seller, businesses, creators, and organizations using our Services (“Business Users”);
• customers making purchases or transactions using the Services (“End-Customers”);
• prospective Business Users;
• visitors to our websites and applications;
• support contacts and communications participants; and
• job applicants and recruiting candidates.

This Privacy Policy does not apply to:

• third-party websites, applications, or services not controlled by KrossBridge;
• the independent privacy practices of Business Users;
• financial institutions, payment processors, or payment networks operating independently of KrossBridge; or
• information processed solely on behalf of third parties where KrossBridge acts strictly as a service provider or processor under applicable law.

Business Users are independently responsible for providing privacy notices to their own customers where required under applicable law.

3. Reseller of Products/Services

KrossBridge operates as a reseller of products and services and provides payment operations for digital products, software, subscriptions, online services, and related commerce transactions.

As part of providing these Services, KrossBridge may:

• facilitate payment transactions;
• manage billing and subscription operations;
• support fraud detection and transaction monitoring;
• conduct sanctions screening and compliance checks;
• manage tax calculation and reporting functions;
• support refunds, disputes, and chargeback handling;
• maintain transaction records;
• verify merchants and beneficial owners; and
• support compliance with legal, regulatory, payment network, and financial partner requirements.

KrossBridge may work with financial institutions, acquiring banks, payment processors, payment networks, fraud prevention providers, identity verification providers, cloud infrastructure providers, analytics providers, communications providers, and other operational service providers in connection with the Services.

4. Categories of Personal Data We Collect

The categories of Personal Data we collect depend on the nature of your interaction with KrossBridge.

A. Information Collected from Business Users

We may collect:

• name, business name, job title, and contact information;
• email address and phone number;
• business formation and registration information;
• tax identification numbers and related tax documentation;
• beneficial ownership and control information;
• government-issued identification information;
• sanctions screening and identity verification information;
• billing and payout information;
• bank account and settlement information;
• transaction and sales information;
• account credentials and authentication information;
• customer support communications;
• device, browser, and usage information;
• fraud, risk, and compliance assessment information; and
• records relating to disputes, refunds, investigations, or compliance reviews.

B. Information Collected from End-Customers

We may collect:

• name and contact information;
• billing and transaction information;
• payment-related information;
• purchase history and subscription information;
• IP address and device information;
• fraud prevention and transaction authentication data;
• customer support communications;
• refund and dispute information; and
• information necessary to comply with legal or payment network requirements.

Payment card information may be processed by PCI DSS-compliant payment partners and service providers. KrossBridge does not necessarily store full payment card numbers directly on its systems.

C. Information Collected Automatically

When individuals interact with our websites or Services, we may automatically collect:

• IP address;
• browser type and device identifiers;
• operating system information;
• language and regional settings;
• pages viewed and interactions;
• referral URLs;
• timestamps and session information; and
• security, diagnostic, and analytics information.

D. Cookies and Similar Technologies

We and our service providers may use cookies, pixels, local storage, SDKs, and similar technologies to:

• operate and secure the Services;
• authenticate users;
• remember preferences;
• analyze traffic and usage;
• detect fraud and abuse;
• improve performance and functionality; and
• support communications and marketing activities where permitted by law.

Users may manage certain browser cookie preferences through browser settings or device controls. Some website features may not function properly if cookies are disabled.

5. Sources of Personal Data

We may collect Personal Data from:

• individuals directly;
• Business Users;
• payment processors and financial institutions;
• fraud prevention and identity verification providers;
• publicly available databases and sanctions lists;
• analytics and infrastructure providers;
• communications providers;
• business partners and integrations; and
• automated technologies associated with use of the Services.

6. How We Use Personal Data

We may use Personal Data for the following purposes:

Providing and Operating the Services

Including:

• processing transactions;
• supporting subscriptions and billing;
• facilitating refunds and chargebacks;
• providing customer support;
• authenticating accounts;
• maintaining platform functionality; and
• operating business and financial systems.

Compliance and Risk Management

Including:

• Know Your Customer (KYC) and Know Your Business (KYB) reviews;
• beneficial ownership verification;
• sanctions screening;
• anti-money laundering compliance;
• fraud prevention and detection;
• transaction monitoring;
• dispute handling;
• cybersecurity monitoring; and
• responding to lawful requests from regulators, courts, law enforcement agencies, or government authorities.

Security and Platform Integrity

Including:

• protecting against unauthorized access or misuse;
• monitoring service reliability and performance;
• investigating incidents and suspicious activity; and
• enforcing contractual terms and policies.

Communications

Including:

• responding to inquiries;
• providing operational notices;
• delivering service-related communications;
• sending onboarding information; and
• sending marketing communications where permitted by law.

Analytics and Improvements

Including:

• analyzing usage trends;
• improving user experience;
• developing new features;
• maintaining operational efficiency; and
• evaluating platform performance.

7. Legal Bases for Processing

Depending on applicable law and the nature of processing, KrossBridge may process Personal Data on the basis of:

• performance of a contract;
• compliance with legal obligations;
• fraud prevention and security purposes;
• legitimate business interests;
• consent, where required; and
• other lawful bases recognized under applicable law.

8. Our Role in Processing Personal Data

KrossBridge’s role may vary depending on the context.

Business Users

KrossBridge generally acts as a controller with respect to Business User Personal Data because we determine the purposes and means of processing associated with merchant onboarding, compliance, risk management, settlement, account administration, and related business operations.

End-Customers

For End-Customer data, KrossBridge may:

• act as a processor or service provider on behalf of a Business User for certain transaction-related activities; and
• independently act as a controller where processing is necessary for fraud prevention, security, compliance, dispute handling, legal obligations, transaction monitoring, sanctions screening, anti-money laundering compliance, or maintaining the integrity of the Services.

9. How We Share Personal Data

We may disclose Personal Data to:

Financial and Payment Partners

Including:

• acquiring banks;
• issuing banks;
• payment processors;
• payment networks; and
• settlement and financial service providers.

Service Providers

Including providers supporting:

• cloud hosting;
• infrastructure;
• analytics;
• communications;
• customer support;
• fraud prevention;
• identity verification;
• cybersecurity;
• logging and monitoring; and
• business operations.

Business Users

We may share transaction and customer information with the relevant Business User associated with a transaction.

Legal and Regulatory Authorities

Where required to:

• comply with law;
• respond to lawful requests;
• enforce agreements;
• protect rights and safety; or
• investigate fraud, abuse, or security incidents.

Corporate Transactions

Personal Data may be disclosed in connection with mergers, acquisitions, financing transactions, asset sales, restructurings, bankruptcy proceedings, or similar corporate events.

KrossBridge does not sell Personal Data for monetary consideration.