Obita-logo

Obita Privacy Policy

Effective Date: August 1, 2025

This Privacy Policy ("Policy") describes how Obita Inc. ("Obita," "we," "us," or "our") collects, uses, processes, and discloses your information when you use our business-to-business (B2B) payment services, including those that leverage stablecoin technology. We are committed to protecting your privacy and handling your information in a transparent and secure manner, in compliance with applicable data protection laws.

1. Introduction

Obita provides innovative B2B payment solutions designed to facilitate efficient and secure cross-border transactions. Our services are tailored for businesses and professional entities, and we understand the importance of safeguarding sensitive business and personal data. This Policy outlines our practices concerning the information we collect from you, how we use it, and your rights regarding your information.

2. Information We Collect

We collect various types of information to provide and improve our services. The categories of information we collect depend on your interactions with us and the services you use. This may include:

2.1. Information You Provide to Us

Account Registration Information:When you register for an Obita Client Account, we collect information such as your business name, legal entity type, registration number, tax identification number, business address, industry, contact person's name, email address, phone number, and other relevant business details.

Verification and KYC/AML Information: To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, we collect identification and verification documents. This may include copies of government-issued IDs (e.g., passports, national ID cards) for beneficial owners and authorized representatives, proof of address, business licenses, corporate resolutions, and other documentation required to verify your identity and the legitimacy of your business operations.

Financial and Transactional Information: We collect information related to your payment transactions, including transaction amounts, sender and recipient details, bank account information, payment methods used, and stablecoin wallet addresses (if applicable). We also collect information necessary for billing and fee processing.

Communications: When you communicate with us, such as through customer support, email, or other channels, we collect the content of your communications and any information you choose to provide.

2.2. Information Collected Automatically

Usage Data: We collect information about how you access and use our services, including your IP address, device information (e.g., device type, operating system, browser type), access times, pages viewed, and the features you use. This data helps us understand user behavior, improve service functionality, and ensure security.

Cookies and Tracking Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities on our website and within our services. This includes information about your preferences, session information, and other data that helps us personalize your experience and analyze service usage. You can manage your cookie preferences through your browser settings.

2.3. Information from Third Parties

We may obtain information about you from third-party sources, such as:

  • Public Databases and Sanctions Lists: To comply with legal and regulatory obligations, we may obtain information from public databases, sanctions lists, and other official sources for identity verification, fraud prevention, and AML/CTF checks.
  • Business Partners: We may receive information from our business partners, such as financial institutions, payment processors, and technology providers, to facilitate our services and enhance our compliance efforts.
  • Credit Bureaus and Reporting Agencies: For certain services, we may obtain information from credit bureaus or reporting agencies to assess creditworthiness and manage risk.

3. How We Use Your Information

We use the information we collect for various purposes, primarily to provide, maintain, and improve our B2B payment services, ensure compliance with legal obligations, and enhance security. Our uses include:

  • Providing and Managing Services: To process your transactions, manage your Client Account, provide customer support, and deliver the services you request.
  • Identity Verification and Compliance: To verify your identity, conduct KYC and AML checks, screen against sanctions lists, and comply with all applicable laws and regulations, including those related to financial services and stablecoins.
  • Security and Fraud Prevention: To detect, prevent, and investigate fraudulent or unauthorized activities, protect the security and integrity of our systems, and safeguard your funds and information.
  • Service Improvement and Personalization: To analyze usage patterns, troubleshoot issues, develop new features, and personalize your experience with our services.
  • Communication: To send you important notices, updates, security alerts, and administrative messages related to your account and our services. We may also send you marketing communications about our products and services, from which you can opt-out.
  • Risk Management: To assess and manage financial and operational risks, including credit risk, market risk, and liquidity risk.
  • Legal and Regulatory Compliance: To respond to lawful requests from government authorities, comply with court orders, and fulfill our legal and regulatory obligations.

4. How We Share Your Information

We may share your information with third parties in certain circumstances, as described below:

  • Service Providers: We engage third-party service providers to perform functions on our behalf, such as payment processing, data hosting, IT services, customer support, and compliance services. These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.
  • Financial Institutions and Payment Networks: We share information with banks, financial institutions, and payment networks involved in processing your transactions to facilitate the movement of funds.
  • Affiliates: We may share your information with our affiliated companies for business and operational purposes, consistent with this Privacy Policy.
  • Legal and Regulatory Authorities: We may disclose your information to government authorities, regulators, law enforcement agencies, or other third parties if required by law, subpoena, or court order, or if we believe such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. We will notify you via email or a prominent notice on our website of any such change in ownership or control of your information.
  • With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

We do not sell your personal information to third parties for their marketing purposes.

5. Stablecoin Data Handling and Compliance

Obita's use of stablecoins is designed to be fully compliant with evolving regulatory frameworks. When stablecoins are utilized in our services, we ensure that data related to these transactions is handled with the highest standards of privacy and security. This includes:

  • Transparency: We provide clear information about the stablecoins used, their underlying reserves, and the mechanisms by which they maintain their peg.
  • Regulatory Adherence: We adhere to all applicable regulations governing stablecoins, including those related to data reporting, transaction monitoring, and record-keeping, as required by financial authorities in relevant jurisdictions.
  • Data Minimization: We collect and process only the necessary data required for stablecoin transactions and compliance purposes.
  • Security Measures: We implement robust security measures, including encryption and access controls, to protect stablecoin-related data from unauthorized access, alteration, disclosure, or destruction.

6. Data Security

Obita implements comprehensive technical and organizational security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to:

  • Encryption: We use encryption technologies to protect data during transmission and at rest.
  • Access Controls: Access to your information is restricted to authorized personnel who have a legitimate business need to access it.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential weaknesses in our systems.
  • Employee Training: Our employees receive regular training on data privacy and security best practices.
  • Incident Response Plan: We have an incident response plan in place to address any potential data breaches or security incidents promptly and effectively.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide our services, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. The retention period may vary depending on the type of information and the purpose for which it was collected. When your information is no longer required, we will securely delete or anonymize it.

8. Your Data Protection Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. These rights may include:

  • Right to Access: You may have the right to request access to the personal information we hold about you.
  • Right to Rectification: You may have the right to request that we correct any inaccurate or incomplete personal information.
  • Right to Erasure (Right to be Forgotten): You may have the right to request the deletion of your personal information under certain circumstances.
  • Right to Restriction of Processing: You may have the right to request that we restrict the processing of your personal information under certain conditions.
  • Right to Data Portability: You may have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object: You may have the right to object to the processing of your personal information under certain circumstances, particularly for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the contact information provided in Section 10. We will respond to your request in accordance with applicable data protection laws.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological advancements. We will notify you of any material changes by posting the updated Policy on our website or by other appropriate means. Your continued use of our services after the effective date of the revised Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: business@obita.xyz