PRIVACY POLICY

Effective date: May 14, 2024

CALIZA INSTITUIÇÃO DE PAGAMENTO LTDA. (“Caliza” "us", "we", or "our") is committed to respecting your privacy and has prepared this Privacy Policy (“Policy”) to explain what personal data is collected and how it is processed by Caliza.
‍

This Policy sets out the basis on which we will process any personal data related to you, that you provide to us via our applications, including the website available at https://www.caliza.co (“Platform”), through our business partners, or that we collect through other means and to the extent permitted by law.
‍

For the purposes of this Policy, “Users” are all individuals that use Caliza’s Platform in anyway or have their personal data collected through other means connected to the provision of Caliza’s services.
‍

For the proper use of the Platform and provision of our services, we need to have access to certain personal data about you (“Personal Data”).
‍

This Policy explains, in a simple, objective, and transparent manner, which Personal Dataare collected and processed by Caliza, its purposes, with whom it may be shared and whatresources are available for Users to manage the Personal Data.
‍

What this Policy covers:

General Information
Personal Data of minors under 18 years old
What Personal Data we collect and process
Why we collect and process these Personal Data
When we delete your Personal Data
Who else has access to the Personal Data and why
What are your rights with respect to these Personal Data
How we store and protect your Personal Data
International Transfer of Personal Data
Do you need to provide your consent for Caliza to use your Personal Data as described in this Policy?
Website of third parties
Changes to this Policy
Contact Us

According to Law No. 13,709 of 2018 (the Brazilian General Personal Data Protection Law, or the “LGPD”), Caliza is considered the “Controller” of your Personal Data when it makes decisions related to the processing of your personal data – for example, when you reach out to us by filling out the contact form in our Platform. In other instances, when processingyour Personal Data on behalf of a third-party, Caliza will be considered the “Processor” of your Personal Data – for example, in connection with the provision of Caliza’s services, as described in section 1 of this Policy.

After reading this Policy, if you still have any questions or, for any reason, need to contactus for matters involving your Personal Data, please, use the channel below:
‍

Data Protection Officer (“DPO”): [Gabriel Pires]
DPO’s email address: [privacidade@caliza.com]

1. General Information

Caliza is a technology company that has developed a solution focused on facilitating itsclients (“Integrators”) to provide their end users, amongst other services, access to financial services, including foreign exchange, and/or acquisition of certain crypto assets abroad(“Services”).

The Services provided by Caliza are offered through an application programming interface(“API”). By connecting with Caliza’s API, Integrators can offer their end users digital dollars accounts abroad, managed by Caliza’s partners. Please read our Terms and Conditions for more information regarding our Services.

Caliza needs to collect and process certain Personal Data related to you in order to provide it's Services. Your Personal Data can be used, among other purposes described in this Policy, to:

Perform the authentication of your identity;
Identify you when accessing and using the Services;
Communicate with you whenever necessary within the scope of the Services;
Share your Personal Data with our business partners, Integrators, and serviceproviders when necessary; and
Allow you to access the Services based on your registration, as described in ourTerms and Conditions.

2. Personal Data of minors under 18 years old

We do not collect or knowingly request Personal Data from individuals under the age of 18. Individuals under the age of 18 should not attempt to access the Platform or provide us withany Personal Data. If we become aware that we have collected Personal Data from an individual under the age of 18, we will delete the Personal Data, except for retaining someidentification of the minor to prevent further registration attempts.

3. What Personal Data we collect and process

Caliza receives or collects only the following types of information related to the Users: (1) navigation and device information; (2) data for registration purposes of consumers that useor wish to use Caliza’s Services or contact Caliza; and (3) financial data.

(1) Navigation and Device Information. These are pieces of information collected through technologies such as cookies, identifiers, among others, when Users interact withthe Platform, whether registered or not:

IP address;
Mobile device or computer information;
Website view paths; and
Geolocation.

(2) Registration Data. Information provided by the Users in order to use our Services (in this case, through our business partners and Integrators) and information provided by theUsers in order to contact Caliza (through the Platform or other means). Users can be either a natural person (individual) or a company (legal entity). Therefore, we can process the following categories of information:
‍

(i) Individual. We might collect and process the following Personal Data:

Full name;
CPF number;
ID (RG) number;
Email address;
Address
Password
Profession; and
Face data.
Phone number
‍

(ii) Legal Entity. We might collect and process the following information (which may be considered Personal Data if related to an individual within the legalentity, such as a representative or point of contact):

Corporate name;
Address;
CNPJ number;
Phone Number; and
E-mail address.

(3) Financial Data. To provide the Services, we need to process some financial information related to you. This information may include:

Bank account details;
Pix key;
Balance;
Transactional data (amount, counterparty, currency, date and time);
Cryptocurrency or asset purchase data

4. Why we collect and process these Personal Data

Caliza processes the Personal Data collected, for example, for the following purposes:

Register Users and provide our Services to the Users;
Respond to Users’ Service requests;
Comply with legal and/or regulatory requirements;
Fraud prevention and KYC (Know Your Client);
Respond to questions and concerns;
Contact Users (by email, mail, text messages and/or telephone) through partners or integrators about several matters, including the use of the Platform and/or to carryout customer satisfaction surveys;
Perform our agreements with Integrators and business partners;
Generate knowledge, innovate and/or develop new products;
Ensure the correct functioning of our services to support Users' analytical efforts;
Manage and improve our Platform, our web resources, as well as simplify theinteraction with User;
Help us understand your patterns of use of our Platform and improve it;
Collaboration and/or compliance with a judicial order or request from a competent administrative authority to the extent required by law; and
Verification of authenticity of documentation.

5. When we delete your Personal Data

We structure the Platform and our activities to avoid that your Personal Data be retained inan identified manner for longer than necessary, with the exception of face data. Face data is not stored or retained by Caliza. We keep other Personal Data only during the time necessary for the accomplishment of the purposes described above, for compliance withthe requirements set forth by law or for the regular exercise of our rights.

The data we collect about the IP address and logs of access of Users of the Platform isstored for at least six (6) months, as established by article 15 of Law No. 12,965 of 2014 (Brazilian Internet Law).

6. Who else has access to the Personal Data and why

We may occasionally share your Personal Data with the third parties identified below. Any sharing of Personal Data by Caliza will be done in accordance with legal provisions and, most importantly, in a manner that protects your privacy.

(a) Other companies of the same group
‍
We may share your Personal Data with other companies belonging to the same group asCaliza for the following purposes:
‍

Marketing, prospecting, market research, opinion surveys, and promotion of ourproducts and services;
Prevention and resolution of technical or security issues; and
Compliance with legal or regulatory obligations.

(b) Service Providers

We can share your Personal Data with our services providers for the following purposes:
‍

Authentication and identification of Users;
Verification of the authenticity of information and documents;
Fraud prevention and KYC (Know Your Client);
Preventing risks, fraud, and ensuring security in identification and authenticationprocesses;
Provision of Services;
Improvement of Services and operationalization of new products or services;
Prevention and resolution of technical or security issues; and
Support services, maintenance, and customer support.

(c) Business partners and Integrators
‍
In connection with the provision of our Services, we may share your data in connection with certain third-parties, such as our business partners (for example, the entity that will beresponsible for the foreign account of the User) and the Integrator, the entity with whom theUser has a direct relationship.

(d) Authorities and Regulatory Bodies

We may share your Personal Data with judicial, police, governmental authorities, regulatorybodies, or other third parties with whom we are obligated by law, regulatory requirements, or court orders to share Personal Data, to the extent permitted by law.

(e) Potential investors

We may also share information, possibly including Personal Data, in case of sale or transfer of part or the entire business, operation or Services provided by us to a third party, for purposes of due diligence or the carrying out of the transaction itself. In case of corporate restructuring, we reserve the right to disclose your Personal Data to the potential purchaser before or after the sale.

(f) Parties that share data with Caliza

We may receive data from vendors or third parties as part of the identification and KYC process. We do not share data with these parties, but nonetheless, the primary provider of this information is Jumio Corporation, that may collect, store and share your Personal Data (including Face data) with Caliza. Their data practices are here -https://www.jumio.com/privacy-center/privacy-notices/online-services-notice/

7. What are your rights with respect to these Personal Data

The LGPD allows the data subject to exercise certain rights before the Controller of Personal Data. Therefore, in relation to the activities in which we act as a Controller of your Personal Data, you have the right to:

Obtain confirmation that we process your Personal Data. In response to this request, we will inform you if we process your Personal Data or not. Note that, if you are our customer (User), we necessarily process your Data, as explained in this Policy.
Access your Personal Data. If you are interested, you can receive a report in which we present the Personal Data held by you that are processed by us.
Rectify incomplete, inaccurate or outdated Personal Data. If you consider that your Personal Data are incorrect, you can request the rectification, indicating what needs to be changed and why. It is possible that we request a proof to make this change.
Request the anonymization, blocking or erasure of Personal Data deemedunnecessary, excessive or processed in breach of the LGPD. If you consider that we are processing your Personal Data in an unnecessary and excessive manner or in breach of the LGPD, you can request that the Personal Data be anonymized, blocked or erased.
Request portability of your Personal Data to another service or product supplier, with due regard for our trade and industrial secrets, according to the regulation to be issued by the National Data Protection Authority (“ANPD”). You are the owner of your own Personal Data. Therefore, you can request that these Data be transferred to another service or product supplier, according to ANPD’s regulation, provided that the trade and industrial secrets are respected.
Request erasure of Personal Data processed on the basis of your consent, except in the events of retention of Personal Data prescribed by law. If your Personal Data are processed based on consent, you may request the erasure ofthese data. However, the LGPD authorizes the preservation of data for fulfillment of legal or regulatory obligations; studies conducted by research bodies, ensuring, if possible, the anonymization; transfer to a third party and exclusive use by the controller, to the extent that the data be anonymized.
Obtain information about the entities with whom we share your Personal Data. You can request that we inform with which entities we share your Personal Data.
Obtain information about the possibility of refusing consent and the respective consequences. When the consent is used as legal basis for the processing of personal data, you are entitled to be informed about the possibility ofrefusing consent and the consequence of such refusal.
Withdraw your consent to the processing of your Personal Data. If your Personal Data are processed based on consent, you can withdraw this consent. With that, any processing of your Personal Data that is made based on consent will be interrupted.
Object the processing that violates the LGPD. If you consider that we areprocessing your Personal Data in violation of the LGPD, you can object this processing. The request will be carefully reviewed and, if we agree, the processing of your Data that is in breach of the LGPD will be interrupted.
Request the revision of decisions taken solely based on the automated processing of your Personal Data. It is possible that decisions are taken based inthe automated processing of your Personal Data. If this happens, you can request the revision of these decisions.
File a petition regarding your Data with the National Data Protection Authority. If you consider necessary, you can file a petition regarding your Personal Data withthe ANPD.

You can exercise any rights above by sending an e-mail to privacidade@caliza.com.

8. How we store and protect your Personal Data

We store your Personal Data in a secure manner in third-party data centers located in theUnited States. We currently contract data center services provided by cloud computingservice operators. Before sending your Personal Data for storage in other countries, weadopt the measures required by law to ensure that they will be protected accordingly.

The security of your information is of utmost importance to us. We have in place the best technical and administrative practices to protect the Personal Data against unauthorizedaccess, destruction, loss, alteration, communication or any inadequate or unlawful processing.

Nevertheless, no platform is completely secure. If you have any concern or suspicion thatyour Personal Data are at risk, for example, if someone had access to your password, please contact us immediately.

9. International Transfer of Personal Data

Your Personal Data will be transferred to other countries, such as to the service providersthat store your Personal Data and the business partners in charge of your foreign account. The creation of Users’ foreign accounts will only be completed with the transfer of thePersonal Data to the foreign company.

In cases where your Personal Data is transferred outside of Brazil, we will take all appropriate measures, as well as those required by law, to ensure that your Personal Data remains properly protected and that this transfer is carried out in accordance with one ofthe mechanisms provided for in the LGPD and any other applicable regulations.

10. Do you need to provide your consent for Caliza to use your Personal Data asdescribed in this Policy?

LGPD establishes several situations in which processing of Personal Data is allowed regardless of the consent of the data subject. These are the so-called “legal bases” forprocessing of Personal Data.

This means that, if you choose to use our resources, in some cases we may collect and process your Personal Data without your consent (if there is a legal basis provided for in LGPD that allows us to do so), such as, for example, to perform measures prior to contracting or signing an agreement with you, to comply with legal and regulatory obligations, to exercise rights established in an agreement or required by judicial, administrative and arbitration proceedings, credit protection, to guarantee protection against fraud and security of the data subject, in the identification and authentication processes of registration in electronic systems, for the legitimate interests of Caliza or third parties, among others.

In other cases, we may ask for your consent to use your Personal Data. Please note thatthe withdrawal of your consent will obligate us to cease the processing of Personal Datadone exclusively based on your consent.

11. Websites of third parties

We may provide links to other websites on the Internet as a resource for our Users. Caliza is not responsible for these websites and content, and does not share, subscribe, monitor, validate or accept the way used for these websites or content storage tools to collect, process, and transfer your personal and private data. The data or content of such other websites are governed by the privacy statements of such other websites. We encourage you to check the privacy policies of said websites to be properly informed on how your personal data is used by other websites or other tools.

12. Changes to this Policy

We may change the provisions of this Policy at our discretion and at any time. Whenever this Policy is changed substantially, we will nform you through an alert after log-in or by email. We will also send you an annual email with a link to the Policy. Users are advised to check the updated version of this Policy every time they visit our Platform.

13. Contact Us

You can make a complaint or ask questions through the Customer Service Channels provided below. You can also send a message to the ANPD, but we kindly request that you try to resolve any issues directly with us, as our main concern is to keep our Users satisfied with our Services, and we will make every effort to fulfill this mission through easy and attentive communication with our Users.

E-mail: privacidade@caliza.com