Privacy Policy

Last Updated: Apr 13, 2026

Last updated 2 days ago

Reah Inc. and its affiliates (collectively, “Reah,” “we,” or “us”) value your privacy. This Privacy Policy (this “Policy”) should be read together with the Reah Terms of Use (the “Terms”), and explains how we collect, use, disclose, and otherwise process personal information in connection with the Reah Platform (as defined in the Terms) and all related Services (as defined in the Terms). Reah is a financial technology company that offers an Interface (as defined in the Terms) to facilitate access to banking, digital asset, and credit card services provided by third-party service providers. Capitalized terms used but not otherwise defined herein shall have the meanings ascribed to such terms in the Terms.

Scope and Updates

This Policy only covers information provided to Reah in connection with your access to and use of the Reah Platform. This Policy does not cover personal information practices of our third-party service providers, partners, or other companies whose services are accessible through the Reah Platform. We encourage you to review the privacy policies of all third-party service providers directly, as they are responsible for their own data collection and processing practices, and we shall have no liability to you regarding their processing and/or handling of your data.

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this Policy and, where required by law, by providing you with additional notice (such as adding a notice on our homepage or sending you an email notification). Your continued use of the Reah Platform following the posting of changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically to remain informed about how we protect your personal information.

Personal Information We Collect

We collect personal information in various ways, including information you provide directly to us, information collected automatically through your use of our services, and information we receive from third parties.

A. Information You Provide Directly

Account and Registration Information. When you create a Reah Account (as defined in the Terms) or register for our Services, we collect information such as: (i) in the case of Business Customers, your business name, legal entity type, jurisdiction of incorporation, business address, Employer Identification Number (EIN) or other tax identification number, and names and contact information of beneficial owners; (ii) in the case of Consumer Customers, your full legal name, date of birth, residential address, email address, telephone number, and other personal contact information; and (iii) in each case, other account setup information as we deem necessary or appropriate.

Know Your Customer (KYC) and Identity Verification Information. To comply with regulatory requirements and verify your identity, we collect personal identification information, including your full legal name, government-issued identification numbers (such as passport numbers, driver's license numbers, or national ID numbers), date of birth, Social Security Number (SSN) or equivalent tax identification, and biometric data (such as facial scans or fingerprints) collected through third-party identity verification services.

Transaction Information. We collect information about your transactions on the Reah Platform, including wallet addresses, transaction amounts, transaction dates, payment methods used, currencies involved (both fiat and digital assets), transaction status, and transaction history.

Communications and Customer Support. We collect information when you communicate with us, including support requests, feedback, complaints, inquiries, survey responses, and any other correspondence you provide through email, telephone, chat, or other communication channels.

B. Information Collected Automatically

Device and Technical Data. When you access the Reah Platform, we automatically collect information about your device and technical activity, including your Internet Protocol (IP) address, browser type and version, operating system, device type, unique device identifiers, Mobile Advertising ID (MAID), Media Access Control (MAC) address, and other device identifiers.

Usage and Interaction Data. We collect information about how you interact with the Reah Platform, including pages or features you view, the time and duration of your visits, links you click, search queries you enter, features you use, and actions you take on the platform. This information helps us understand user behavior, improve our services, and provide a better user experience.

Location Data. We may collect approximate location information based on your IP address to verify your location for compliance purposes, prevent fraud, and comply with applicable laws and regulations.

Cookies and Similar Technologies. We use cookies, pixel tags, web beacons, local storage, and similar tracking technologies to collect information about your browsing activities, preferences, and device. These technologies help us remember your preferences, understand how you use our services, prevent fraud, and improve our platform.

C. Information from Third Parties

KYC/AML Service Providers. We receive personal information from third-party identity verification and anti-money laundering (AML) service providers that we engage to verify your identity and conduct compliance screening.

Blockchain Analytics Providers. We receive information from blockchain analytics providers (such as TRM Labs, Chainalysis, and other similar services) that analyze blockchain transactions and wallet addresses to detect suspicious activity, identify sanctioned entities, and assess compliance risk.

Financial and Blockchain Information. We receive information from our third-party service providers about your financial accounts and digital assets, including Bank Account information (when you enroll for banking services through a Banking Partner (as defined in the Terms)), digital asset balances and holdings, on-chain transaction data, and information about your use of our service providers' platforms.

Credit Bureaus and Fraud Detection Services. We may receive information from credit reporting agencies and fraud detection services to assess creditworthiness, prevent fraud, and verify identity.

Marketing and Analytics Partners. We may receive information from marketing partners, analytics providers, and data brokers that we engage to help us understand market trends, improve our marketing effectiveness, and enhance our services.

Public Records and Government Sources. We may receive information from public records, government agencies, and regulatory bodies in connection with sanctions screening and regulatory compliance.

D. Blockchain Information

Information on Distributed Ledgers. When you use the Reah Platform to interact with blockchain networks, certain information becomes part of the public blockchain ledger. This includes wallet addresses you create or use, transaction amounts, transaction dates, and other on-chain transaction details. This information is publicly visible and permanently recorded on the immutable blockchain. We cannot modify, delete, or control information that has been recorded on a public blockchain, as the blockchain ledger is maintained by a decentralized network of validators rather than by Reah.

Blockchain Analytics and Linking. Blockchain analytics providers and other third parties may use publicly available blockchain data to link wallet addresses to identities, identify transaction patterns, and conduct compliance screening. This analysis may happen independently of Reah's systems and beyond our control.

How We Use Your Personal Information

We use personal information we collect for the following purposes:

A. Providing the Reah Platform and Services

Creating and maintaining your Reah Account
Processing transactions and payments
Facilitating your access to our service providers' financial services
Delivering customer support and responding to your inquiries
Sending transactional and administrative communications
Customizing your experience on the Reah Platform

B. Administrative and Operational Purposes

Detecting, investigating, and preventing fraud and security incidents
Protecting against malicious, deceptive, or illegal activity
Enforcing our Terms and other agreements
Conducting audits, quality assurance, and compliance reviews
Resolving disputes and handling complaints

C. Legal Compliance and Regulatory Obligations

Conducting anti-money laundering (AML) and counter-terrorism financing (CTF) screening
Performing Know Your Customer (KYC) verification
Screening against sanctions lists and Politically Exposed Persons (PEPs)
Complying with tax reporting requirements
Responding to lawful government requests and legal process
Maintaining records required by applicable financial services regulations

D. Analytics, Research, and Service Improvement

Analyzing usage patterns and user behavior
Developing new products, features, and services
Improving existing services and user experience
Conducting market research and user surveys
Measuring marketing campaign effectiveness

E. Marketing and Communications

Sending marketing and promotional communications (with your consent where required by law)
Providing information about new features, services, and special offers
Conducting marketing analytics

F. De-Identified and Aggregated Data

We may use personal information to create de-identified or aggregated datasets that cannot be linked back to you. We may use such de-identified data for statistical analysis, research, business analysis, marketing, analytics, and any other lawful purpose, and may share such data with third parties without restriction.

How We Disclose Your Personal Information

We share personal information as necessary to provide our services and as required or permitted by law. We do not sell personal information, but we do disclose it to service providers and other parties as described below.

A. Service Providers and Business Partners

We disclose personal information to service providers and partners who assist us in operating the Reah Platform and providing services to you. These include:

Banking Partners
Wallet infrastructure providers
DeFi Protocol (as defined in the Terms) partners
Credit card issuers and service providers
Identity verification and KYC service providers
Blockchain analytics providers (including TRM Labs, Chainalysis, and similar services)
Cloud hosting, infrastructure, and software-as-a-service (SaaS) providers
Payment processors and financial institutions
AML/CTF monitoring and compliance services
Tax reporting and accounting services
Professional advisors including legal counsel, accountants, and consultants

These service providers are contractually obligated to use your personal information only to the extent necessary to provide services to us or you, and to maintain appropriate safeguards to protect your information.

B. Legal Requirements and Law Enforcement

We may disclose personal information when required by law or when we believe, in good faith, that disclosure is necessary to:

Comply with applicable laws, regulations, and legal processes
Respond to lawful requests from governmental authorities, courts, or law enforcement
Enforce our Terms of Service and other agreements
Protect the security or integrity of the Reah Platform
Protect the rights, safety, and property of Reah, our users, or the public

C. Business Transfers

If Reah is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your personal information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy, if permitted by law.

D. Blockchain and Public Ledger Disclosure

When you use the Reah Platform to transact on blockchain networks, your wallet addresses, transaction amounts, and transaction details become permanently recorded on public blockchain ledgers. This information is:

Publicly visible to anyone with access to the blockchain network
Immutable and cannot be deleted, modified, or recalled
Subject to analysis by blockchain analytics providers and other third parties
Potentially linkable to your identity through blockchain analysis tools

Reah does not control the public blockchain ledgers and cannot retrieve, modify, or delete information recorded on them. You understand and acknowledge that information disclosed to the blockchain is no longer under Reah's control.

Your Privacy Choices and Rights

A. Communication Preferences

You may opt out of receiving promotional and marketing emails from us by clicking the unsubscribe link in our marketing emails or by contacting us at privacy@reah.com. Please note that even if you opt out of marketing communications, we will continue to send you transactional and administrative emails related to your account and our services.

B. Browser and Device Controls

Most browsers allow you to refuse cookies and similar tracking technologies. You may also set your browser to alert you when cookies are being sent. Additionally, many browsers support "Do Not Track" signals. If your browser is set to send Do Not Track signals or if you enable Global Privacy Control (GPC), we will respect those preferences to the extent permitted by law, though our services may not function optimally if you disable certain tracking technologies.

You may manage cookie preferences through your browser settings or, where available, through our cookie preference center on the Reah Platform.

C. Your Privacy Rights

Depending on your jurisdiction, you may have one or more of the following rights regarding your personal information:

Right to Know and Access

You have the right to request that we disclose what personal information we have collected about you, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it.

Right to Data Portability

You may have the right to request that we provide your personal information in a structured, commonly used, and machine-readable format so that you can transmit it to another organization.

Right to Correction and Rectification

You have the right to request that we correct or update inaccurate or incomplete personal information we maintain about you.

Right to Deletion and Erasure

You may have the right to request that we delete or erase personal information we have collected about you, subject to certain exceptions (such as information we are required to retain for legal or regulatory purposes, or information necessary to provide services to you). Please note that deletion requests cannot apply to information that has been recorded on a public blockchain, as such information is immutable and not under Reah's control.

Right to Restrict and Object to Processing

You may have the right to request that we restrict how we use or process your personal information or to object to certain processing activities.

Right to Withdraw Consent

Where our processing of your information is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred before your withdrawal.

D. How to Exercise Your Rights

To exercise any of the rights described in this section, please submit a request to us by emailing privacy@reah.com. In your request, please:

Clearly state which right(s) you are exercising
Provide sufficient information to allow us to verify your identity
Describe the personal information at issue
Include any supporting documentation

We will make reasonable efforts to verify your identity before processing your request. We may request additional information from you to confirm your identity or clarify the scope of your request. If we cannot fulfill your request, we will explain the reason.

You may also authorize an agent to submit a request on your behalf, provided that the agent submits appropriate proof of authorization.

E. Non-Discrimination

We will not deny you goods or services, charge you a different price, or provide you with a different quality of service based on your exercise of privacy rights, except to the extent permitted by applicable law. However, we may offer you incentives for the collection of personal information, and you may opt out of such incentives.

International Data Transfers

Reah is based in the United States, and your personal information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate. These countries may have data protection laws that differ from your home country.

When we transfer personal information internationally, we implement appropriate safeguards, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the European Union and European Economic Area
International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom
Other lawful mechanisms recognized by applicable data protection authorities

In cases where the above safeguards are not applicable or feasible, we may still transfer your personal information to a third country under the following conditions:

You consent to the proposed transfer
The transfer is necessary for the performance of a contract between you and the Company or a third-party service provider you elect to use through the Reah Platform
The transfer is necessary for the establishment, exercise or defense of legal claims
The transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent.

By using the Reah Platform, you consent to the transfer of your personal information to countries outside your country of residence, which may have different data protection rules than your home country.

Data Retention

We retain personal information for as long as necessary to:

Provide the Reah Platform and services to you
Comply with applicable laws and regulations
Resolve disputes and enforce our agreements
Comply with anti-money laundering, know-your-customer, and other financial regulatory requirements

Financial services regulations typically require us to retain transaction records, KYC information, and AML screening documentation for a minimum of five to seven years from the date of the transaction or account closure.

Information recorded on public blockchains is permanent and immutable. Once your transaction information has been recorded on a blockchain, it cannot be deleted or retrieved, even if you request deletion or if your account is closed.

De-identified and aggregated data may be retained indefinitely as it cannot be linked back to you.

After the retention period expires, we will securely delete or de-identify personal information, except to the extent we are required by law to retain it.

Children’s Privacy

The Reah Platform is not directed to, and we do not knowingly collect personal information from, individuals under the age of 18 (“children”). If we become aware that we have collected personal information from a child without verifiable parental consent, we will delete such information from our systems.

If you are a parent or guardian and believe we have collected personal information from your child, please contact us immediately at privacy@reah.com. We will investigate and take appropriate action.

Supplemental Notice for California Residents (CCPA/CPRA)

This section applies to California residents and supplements the privacy rights described in Section 5 above. This notice is required by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

A. Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers (name, address, email address, phone number, account ID, IP address, device identifiers, and government-issued identification numbers)
Commercial information (transaction history, payment information, product/service preferences)
Biometric information (facial scan, fingerprints from identity verification)
Internet or similar network activity (browsing history, search history, interaction with our website/app)
Geolocation data (approximate location from IP address)
Sensory information (recordings of customer service calls, if applicable)
Professional or employment information (business name, EIN, job title)
Education information (educational history if relevant to account verification)
Financial information (bank account information, transaction amounts, payment methods)
Inferences drawn from the above categories

B. Sources of Personal Information

We collect personal information from:

You (directly provided through forms, account creation, communications)
Automatic collection through cookies and tracking technologies
Third-party service providers (identity verification, blockchain analytics, credit bureaus)
Business partners and affiliates
Government agencies and public records

C. Purposes for Collection

We collect personal information for the business and commercial purposes described in Section 3, including:

Providing services and processing transactions
Compliance with legal and regulatory obligations
Fraud prevention and security
Service improvement and analytics
Marketing and advertising

D. California Consumer Rights

California residents have the following rights under the CCPA/CPRA:

Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected, the sources of that information, our business purposes for collection, and the categories of third parties with whom we share it.

Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to exceptions for information we must retain to provide services, comply with legal obligations, or exercise legal rights.

Right to Correct

You have the right to request that we correct inaccurate personal information.

Right to Opt-Out

You have the right to opt out of the "sale" or "sharing" of your personal information as defined under the CPRA. While we do not sell personal information for monetary consideration, we may share information with service providers and partners for targeted advertising purposes. You can exercise this right by:

Clicking the "Do Not Sell or Share My Personal Information" link on our website
Using the Global Privacy Control (GPC) signal in your browser
Emailing privacy@reah.com

Right to Limit Use and Disclosure of Sensitive Personal Information

You have the right to request that we limit our use and disclosure of sensitive personal information (including social security number, financial account information, and precise geolocation) to what is necessary to provide the services you requested or to comply with law.

E. No Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not:

Deny you goods or services
Charge you a different price or rate for goods or services
Provide you a different level or quality of service
Threaten, intimidate, or retaliate against you

However, we may offer financial incentives for the collection, retention, use, or sharing of personal information that are reasonably related to the value of the data.

F. California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents may request information about the categories of personal information we share with third parties for their direct marketing purposes. To make such a request, please contact us at privacy@reah.com with "Shine the Light" in the subject line.

G. How to Exercise Your Rights

To exercise any California privacy right, submit a verifiable consumer request by:

Emailing privacy@reah.com
Calling us at the telephone number provided on our website
Using our online request form on the Reah Platform

We will verify your identity and respond to your request within 45 days. You may authorize an agent to submit a request on your behalf.

Supplemental Notice for Other US State Residents

We recognize that additional US states have enacted privacy laws with similar rights (including Virginia, Colorado, Connecticut, Utah, Texas, Montana, Delaware, Oregon, and others), including the right to access, correct, and delete personal information, the right to data portability, and the right to opt out of targeted advertising and profiling. To exercise these rights, please contact us at privacy@reah.com.

Financial Privacy Notice (Gramm-Leach-Bliley Act)

Although Reah is a financial technology company and not a bank, we handle financial and sensitive information and therefore provide the following disclosure regarding the use and sharing of your nonpublic personal information as required by the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations.

A. What Personal Financial Information Do We Collect?

We collect the following categories of nonpublic personal information about you:

Information you provide: name, address, phone number, email, Social Security Number, government-issued ID information, bank account and routing numbers, payment information
Information about your transactions: transaction amounts, dates, frequency, types of transactions, account balances, payment history
Information we receive from other companies: credit history, credit worthiness, transaction history with other financial institutions
Information about your creditworthiness: credit reports, credit scores, payment history

B. How Do We Share Your Nonpublic Personal Information?

We share nonpublic personal information about you with service providers and partners as necessary to provide our services. The following table describes our information sharing practices:

Reasons we can share your personal information	Does Reah Share?	Can you limit sharing?
For our everyday business purposes – such as to process transactions, maintain your account, respond to court orders and legal investigations, and report to credit bureaus	Yes	No
For our marketing purposes – to offer our products and services to you	Yes	No
For joint marketing with other financial companies	Yes	No
For our affiliates' everyday business purposes – information about your creditworthiness and your transactions and experiences	Yes	No

C. How Do We Protect Your Nonpublic Personal Information?

We protect the security, confidentiality, and integrity of your nonpublic personal information by maintaining physical, electronic, and procedural safeguards that comply with federal standards. These safeguards include:

Encryption of sensitive information
Restricted access to nonpublic personal information
Ongoing evaluation of new security technologies
Employee training on privacy and security
Procedures to ensure the accuracy of your information

D. How Can You Limit the Sharing of Your Nonpublic Personal Information?

Federal law gives you the right to limit some but not all sharing of your nonpublic personal information. You may limit our sharing of your information for our marketing purposes by contacting us at:

Email: privacy@reah.com

Please include your name, address, and account number in your request. We will implement your opt-out choice within 30 days.

E. Information for Former Customers

If you are no longer a customer of Reah, we will continue to protect the nonpublic personal information about you according to this notice and all applicable privacy laws.

Supplemental Notice for European Users (GDPR)

This section applies to individuals in the European Union, European Economic Area, and Switzerland. Reah complies with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

A. Legal Basis for Processing

We process personal information based on one or more of the following legal bases:

Consent: Where you have explicitly consented to processing (such as for direct marketing communications to Consumer Customers, certain cookies or other optional processing)
Contractual Necessity: Where processing is necessary to provide our services and fulfill our obligations to you
Legal Obligation: Where we are required to process information to comply with applicable laws and regulations (such as KYC, AML, and tax requirements)
Legitimate Interests: Where processing is necessary to protect our legitimate interests (such as fraud prevention, security, service improvement) and does not override your rights

B. Your Rights Under the GDPR

In addition to the rights described in Section 5, you have the following rights under the GDPR:

Right of Access: You have the right to obtain a copy of your personal information and information about how we process it
Right to Rectification: You have the right to correct incomplete or inaccurate personal information
Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal information, subject to exceptions for legally required retention
Right to Restrict Processing: You have the right to request that we restrict how we process your information
Right to Data Portability: You have the right to receive your personal information in a structured, commonly-used format and transmit it to another organization
Right to Object: You have the right to object to processing for direct marketing, legitimate interests, or other purposes
Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time
Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection authority

C. Data Protection Officer and Supervisory Authorities

We have appointed a Data Protection Officer (DPO) who can be contacted at dpo@reah.com regarding our GDPR compliance. If you have concerns about how we process your personal information, you may also contact your national data protection authority.

D. EU and UK Representatives

We have appointed representatives in the EU and UK as required by the GDPR. You may contact these representatives for privacy inquiries at privacy@reah.com.

Blockchain and Digital Asset Specific Disclosures

Given Reah's focus on facilitating access to financial services at the intersection of fiat and cryptocurrency, we provide the following specific disclosures regarding blockchain and digital asset data:

A. Public Blockchain Data

When you transact on public blockchains through the Reah Platform, your transactions become part of the permanent, immutable public ledger. This means:

Your wallet addresses are publicly visible to anyone with access to the blockchain
Transaction amounts and dates are recorded permanently on the blockchain
All transaction information is accessible to blockchain analytics firms and law enforcement
This information cannot be deleted, modified, or recalled once recorded

Reah does not control the blockchain network and cannot delete, modify, or restrict access to information recorded on public blockchains.

B. Blockchain Analytics and De-Anonymization

Blockchain analytics providers, law enforcement, and other third parties may use publicly available blockchain data to:

Identify the individuals or entities behind wallet addresses
Trace transaction flows and identify transaction patterns
Conduct compliance screening and sanctions screening
Investigate suspected criminal activity

We engage blockchain analytics providers (such as TRM Labs and Chainalysis) to help us conduct transaction monitoring and compliance screening. These providers analyze blockchain data independently and may maintain their own records beyond our control.

C. Immutability and Irreversibility

Information recorded on blockchain networks is immutable, meaning it cannot be changed, deleted, or recovered. Your data subject rights regarding deletion, rectification, or data portability are limited with respect to blockchain-recorded information:

We cannot delete information you have recorded on a public blockchain
We cannot modify transaction data or wallet addresses once recorded
We cannot guarantee that blockchain analysis tools will not identify you

D. Travel Rule Compliance

As a financial technology platform, we comply with the Financial Action Task Force (FATF) Travel Rule, which requires that certain transaction information (originator and beneficiary information) be transmitted along with virtual asset transfers. This may result in sharing of personal and transactional information with other virtual asset service providers and financial institutions.

E. Third-Party Protocol Interactions

When you use the Reah Platform to interact with DeFi protocols (such as through Spark), smart contracts, and other decentralized applications, your transactions and personal information may be transmitted to and processed by third-party protocols that are not controlled by Reah. These third parties may have their own privacy policies and may process your information independently.

F. Digital Asset Holdings and Balances

Your digital asset holdings and balances may be visible on public blockchains. If you use blockchain-addressable wallet addresses that you disclose to us, the amount of digital assets in those addresses may be publicly visible and traceable.

Third-Party Services and Websites

Reah is only responsible for providing access to the Interface. All Services are provided by third-party service providers, each of which is responsible for its own privacy practices and compliance. We encourage you to review the privacy policies of any third-party services before providing your personal information to them. We are not responsible for the privacy practices of third-party providers, and your use of their services is subject to their terms and privacy policies.

If you access the Reah Platform through a third-party service or if you authorize a third-party service provider to access your Reah Account, that third party may receive personal information about you. You are responsible for managing your permissions and account settings with third-party services.

Contact Us

If you have questions about this Privacy Policy, our privacy practices, or your personal information, or if you wish to exercise any of your privacy rights, please contact us at:

Reah Inc.

Email: privacy@reah.com

We will respond to all privacy inquiries and requests within the timeframes required by applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with your data protection authority.