PHOCIS Capital® – Comprehensive Privacy Policy

Updated: APRIL 2025

1. INTRODUCTION

PHOCIS Capital® (“Company,” “we,” “our,” or “us”) is committed to safeguarding the privacy and security of your non-public personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services or access our platform. It applies to current and former customers, users accessing the Service on behalf of a business, and visitors of www.phociscapital.com.

By accessing the Service, you consent to the practices described herein. This policy is constructed in accordance with U.S. federal and state privacy regulations, including but not limited to: GDPR, CCPA, GLBA, FIPA, and the California Shine the Light law. The Company maintains the right to alter this policy and update compliance language at any time in order to maintain alignment with rapidly evolving technological frameworks, regulatory obligations, or operational standards. We reserve the right to notify users electronically, via the website, or through registered communications.

2. DEFINITIONS

• Account: A unique record allowing access to PHOCIS services, which may include user-specific credentials, access levels, transaction logs, and system interaction data.
• Consumer: As defined under CCPA, a natural person residing in California who interacts with the Platform for personal or household purposes.
• Data Controller: PHOCIS Capital®, for GDPR purposes, determines the purpose and means of the processing of personal data.
• Device: Any hardware or software medium—such as a mobile phone, tablet, desktop computer, kiosk interface, or IoT system—used to access the Service.
• Personal Data: Any information relating to an identified or identifiable individual, which includes identifiers such as full name, contact data, account numbers, and biometric data.
• Service: The PHOCIS website, mobile applications, APIs, hosted dashboards, customer portal, and other proprietary access points.
• Usage Data: Automatically collected data that may include log files, device type, browser type, time zone settings, interaction timestamps, and diagnostic event trails.

3. PERSONAL INFORMATION COLLECTED

PHOCIS Capital® collects personal data directly from users, affiliated institutions, third-party providers, and automated systems. Data may be collected during account registration, profile updates, service interactions, or through integrations with partner technologies.

Examples of Data We Collect:

• Identifiers: Name, date of birth, driver’s license, passport number, and government-issued identification.
• Contact Information: Physical address, email, telephone number(s), and emergency contact details.
• Transactional Data: Bank account details, wire transfer logs, ACH data, balance sheets, and cash flow metrics.
• Employment & Income Information: Employer identity, job title, pay schedules, and tax filing data.
• Sensitive Information: Social security number, biometric data (if used for security), and authentication tokens.
• Behavioral Analytics: Heatmaps, clickstream data, error tracking, and behavioral trends that inform UI adjustments and security response calibrations.

4. DATA COLLECTION METHODS

Information may be collected through various interfaces, including:

• Online forms and applications
• Uploaded documentation
• Financial institution integrations
• Support ticket systems
• Cookies and tracking scripts
• Session monitoring and screen capture for service integrity

Third-party integrations may collect and transmit data according to their respective policies. PHOCIS Capital® requires these third parties to comply with equivalent or greater privacy standards.

5. COOKIES & TRACKING TECHNOLOGIES

PHOCIS Capital® uses cookies, pixels, and tracking scripts to:

• Maintain session stability and session recall
• Authenticate users
• Detect fraud or bot behavior
• Optimize navigation flow and service architecture
• Conduct time-on-page and bounce-rate analytics

Tracking data is anonymized unless paired with a logged-in session. Users may opt out via browser settings, though doing so may impact functionality.

6. USE OF INFORMATION

Personal information collected by PHOCIS Capital® is used to:

• Facilitate onboarding and AML/KYC verification
• Provide account access, transaction processing, and feature availability
• Comply with legal, regulatory, and financial reporting requirements
• Detect, investigate, and prevent fraud or financial abuse
• Conduct usage analytics to improve platform design and scalability
• Respond to inquiries, troubleshoot problems, and deliver customer support
• Issue product updates, compliance notices, and promotional material (with consent)
• Inform the development of new services or features
• Create statistical models to enhance service reliability and user experience

PHOCIS Capital® uses artificial intelligence and machine learning technologies to detect anomalous patterns within data streams, flagging potential threats or misuse. These insights inform account alerts and escalation protocols.

7. DISCLOSURE OF INFORMATION

PHOCIS Capital® does not engage in the sale or leasing of personal information. However, your information may be disclosed as necessary to:

• Regulatory entities such as the SEC, FINRA, CFPB, OFAC, or FDIC
• Legal agencies via subpoena, court order, or investigatory mandate
• Service providers under strict contractual safeguards, including data encryption, breach notification responsibilities, and access restrictions
• Data analytics vendors under anonymized and aggregated formats
• Auditors, insurance underwriters, and compliance consultants conducting required annual reviews

8. INTERNATIONAL DATA TRANSFER

Though PHOCIS Capital® operates primarily within the United States, personal data may occasionally be stored or processed outside U.S. jurisdiction in compliance with international regulations, including:

• Standard Contractual Clauses (SCCs)
• S.-EU Privacy Shield Framework (legacy adherence for compliance continuity)
• Cross-border transfer agreements and data protection certifications

9. DATA SECURITY MEASURES

PHOCIS Capital® utilizes a layered approach to data protection:

• AES-256 bit encryption during transmission and storage
• SOC 2 Type II compliant architecture
• Continuous internal access validation (Zero Trust policy)
• Periodic third-party penetration testing
• Multi-factor authentication for all portals
• Endpoint detection and response (EDR)
• Logging and audit trails with tamper detection protocols
• Incident Response Plan (IRP) with defined escalation timelines

10. DATA RETENTION & STORAGE

PHOCIS Capital® retains personal data in accordance with applicable financial industry regulations, including SEC Rule 17a-4, the Bank Secrecy Act, and the USA PATRIOT Act.

• Customer Identifying Data: Retained for no fewer than 7 years post-closure
• Communications: Stored indefinitely unless otherwise mandated
• Transaction Records: Retained in immutable format for 7+ years
• Archived backups: Encrypted and rotated regularly in accordance with internal retention lifecycle policies

After the expiration of required retention windows, PHOCIS implements irreversible data destruction or anonymization using NIST 800-88 guidelines.

11. CUSTOMER RIGHTS

Depending on jurisdiction and applicable law, customers may:

• Request disclosure of stored data (Right to Access)
• Request correction or deletion of inaccuracies (Right to Rectification)
• Limit or refuse data sharing (Right to Restrict Processing)
• Object to automated decision-making (AI risk controls)
• Transfer their data to another provider (Data Portability)
• Lodge complaints with regulatory authorities or the PHOCIS Data Protection Officer (DPO)

These rights can be exercised by submitting requests via our website’s privacy section or emailing support@phociscapital.com.

12. GDPR-SPECIFIC DISCLOSURES

PHOCIS Capital® relies on several lawful bases for processing EU/EEA customer data:

• Consent: Explicit permission provided at onboarding
• Contractual Necessity: Data required to fulfill obligations under customer agreements
• Legal Obligation: Compliance with tax, AML, or regulatory mandates
• Legitimate Interest: Internal analytics, fraud detection, and service improvement

Data subjects may withdraw consent at any time, and PHOCIS will evaluate the request in line with its compliance requirements.

13. CCPA-SPECIFIC DISCLOSURES

California residents may request:

• Disclosure of personal information collected in the preceding 12 months
• Deletion of personal data not retained for lawful or regulatory compliance
• Non-discrimination in access or pricing based on opt-out preferences

To submit a request under CCPA, visit our Data Access Portal or call our support line at (310) 331-0234.

14. MINORS & CHILDREN’S PRIVACY

PHOCIS Capital® does not knowingly collect information from individuals under the age of 13. If we become aware of any such data, it will be immediately and permanently removed.

15. POLICY UPDATES

This Privacy Policy may be updated periodically to reflect changes in our legal obligations, business practices, or technology environment. Users are encouraged to review the policy regularly.

Changes will be communicated via:

• Website updates
• Direct email notifications (for registered users)
• Legal notices within account dashboards

16. CONTACT INFORMATION

For all privacy-related questions, rights requests, or concerns:

PHOCIS Capital® Compliance Department
Email: support@phociscapital.com
Phone: (310) 331-0234
Website: www.phociscapital.com

Effective Date: APRIL 2025