getGFTD, LLC.

August, 2025

OUR COMMITMENT TO PRIVACY

GetGFTD, LLC (getGFTD) understands that you value the protection of your private information, and we take your privacy seriously. Our primary goal is to provide you with consistently excellent service. We understand that you may have questions or concerns regarding how your personal information is handled and how/if at all it will be used. To make this privacy policy easily accessible, we have made it available on the home page of the getGFTD website at getgftdapp.com (the "Website") and through our mobile application. You may also email us at contact@getgftd.io with any privacy-related questions you have.

APPLICABILITY OF PRIVACY POLICY

This privacy policy applies to all information we collect through our Services from current and former getGFTD users, including you. “Services” means any products, services, content, features, technologies, or functions, and all related websites, applications, and services offered to you in connection with your account. When you are no longer our customer, we continue to share your information as described in this policy.

Throughout this policy, we use the term "personal information" to describe information that can be associated with a specific person and can be used to identify that person. We do not consider personal information to include information that has been aggregated and/or anonymized so that it does not identify a specific user.

THE INFORMATION WE COLLECT

When you visit the website or use one of our mobile applications or other Services, we collect your IP address and standard web log information, such as your browser type and the pages you accessed on our website. We also may collect Geolocation Information (defined below). If you do not agree to our collection of this information, you may not be able to use our Service.

If you open a getGFTD account, we collect the following information from you:

Account Information - text-enabled cellular/wireless telephone number, machine or mobile device ID, and other similar information.
Identification Information - your name, street address, email address, date of birth, and SSN (or other governmental-issued verification numbers).
Device Information - information about you: (a) from your mobile device or computer such as your device type, machine or mobile device identification number, Geolocation Information, time zone, language preference, browser type, and IP address, and (b) from third parties for purposes of transaction processing, identity verification, fraud detection or prevention, and other similar purposes. For fraud prevention purposes, we may also link your machine ID with the machine IDs of others who use the same payment cards as you.
Geolocation Information - information that identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation. We will collect this data for the purpose of detecting fraud and assessing risk. Additionally, some of our Services may request permission to access your current location within your device settings to enhance our Services. If you do not agree to our collection of Geolocation Information, our Services may not function properly when you try to use them. For information on how to restrict the collection and use of Geolocation Information to enhance our Services, please refer to the settings available on your device.
Social Web Information - including but not limited to your Instagram and Facebook Connect credentials and email account information. If you authorize Instagram and Facebook Connect, the plug-in allows us access to your email address, Facebook friends list, and public profile (including profile picture). We also allow you to import data from other social web services, including but not limited to Twitter and email service providers. Social and email contact information helps you connect with friends and contacts for invitation and payment transmission purposes (as well as helping us improve the Services and combat fraud). Additionally, another getGFTD user may mention you in a transaction to which you are not a party by “tagging” your username in a transaction note or comment. When you are mentioned in a transaction note or comment into which you have visibility (e.g., a public transaction, a “friends only” transaction by one of your contact friends, or a comment on either such transaction), a link to getGFTD profile will appear in the transaction note or comment and, if your push notifications are turned on, you will receive a push notification about the mentions. You may manage certain contact preferences and notifications in your account settings.
Financial Information - bank account online login information, bank account, and routing numbers, and debit & credit cards linked to your account. Our company does not share financial information with third-party social networking services such as those listed in the prior bullet.

We are committed to providing a safe, secure, and all-around excellent service. Therefore, before permitting you to use the Services, we may require additional information from you that we can use to verify your identity, address, or other information or to manage risk and compliance throughout our relationship. We may also obtain information about you from third parties, such as identity verification, fraud prevention, and similar services.

When you use the Services, we collect information about your account transactions. We may also collect Geolocation Information and/or information about your computer or other access devices for fraud prevention and similar purposes.

Finally, we may collect additional information from or about you in other ways not specifically described in this policy. For example, we may collect information related to your contact with our customer support team or store results when you respond to a survey.

Electronic Fund Transfers (EFTs) and Account Balances. getGFTD, LLC partners with financial services software company Stripe and your preferred FDIC-insured financial institution to offer you electronic fund transfers (EFTs). When you create a getGFTD account, link a bank account, or initiate an EFT, you are authorizing us to share your identity and banking information with Stripe to support your account. You are also agreeing to the terms of Stripe’s Privacy Policy,

Stripe.com (the “Partner Terms”). It is your responsibility to ensure that the data you provide to us is accurate and complete, as this is necessary for our partners and yours to process EFTs on your behalf. The Partner Terms may be modified from time to time, and the governing versions are incorporated by reference into this Privacy Policy. Any term not defined in this section but defined in the Partner Terms assumes the meaning as defined in the Partner Terms. IT IS YOUR RESPONSIBILITY TO READ AND UNDERSTAND THE PARTNER TERMS BECAUSE THEY CONTAIN TERMS AND CONDITIONS CONCERNING YOUR getGFTD ACCOUNT, INCLUDING BUT NOT LIMITED TO USE OF YOUR PERSONAL INFORMATION.

INFORMATION FROM CHILDREN

The Services are not directed to children under the age of 13. Suppose we obtain actual knowledge that we have collected personal information from a child under the age of 13. In that case, we will promptly delete it, unless we are legally obligated to retain such data if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13.

INFORMATION PERTAINING TO CHILDREN

A feature that a user may activate is the privacy feature. This feature allows parents to create a Wishlist for their child and grants access to those contacts who have been granted permission. A parent must actively grant access to a child’s WishList, and the child’s WishList may not be accessed merely by viewing a parent's or adult’s WishList. Your privacy is important to us. A parent or adult may update, add to, or subtract from a child’s WishList, but a non-authorized adult may not.

HOW WE USE COOKIES

When you visit or use our Services, or visit a third-party website for which we provide online services, we, along with certain business partners and vendors, may use cookies and other tracking technologies (collectively, "Cookies"). We use cookies to recognize you as a customer; customize Services, other content, and advertising; measure the effectiveness of promotions; perform a wide range of analytics; mitigate risk and prevent potential fraud; and promote trust and safety across our Services.

Certain Services are only available through the use of cookies. Therefore, if you choose to disable or decline Cookies, your use of these services may be limited or not possible.

Do Not Track: Do Not Track ("DNT") is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals.

HOW WE PROTECT & STORE PERSONAL INFORMATION

We store and process your personal information using third-party servers located in data centers in the United States. Physical, electronic, and procedural safeguards in compliance with applicable federal and state regulations protect this information. We also utilize computer safeguards, such as firewalls and data encryption, and enforce access controls to our office and files. We authorize access to personal information only for those employees who are legally required to do so to fulfill their job responsibilities. All data is encrypted and stored on the Cloud provider or by Stripe. As such, any sensitive information you share with us is kept confidential by providers who have been thoroughly vetted for their security protocols. Please visit AWS.com or Stripe.com to access their respective privacy policies, which we fully abide by.

We strive to ensure security on our systems. Despite our efforts, we cannot guarantee that personal information will not be accessed, disclosed, altered, or destroyed by a breach of our administrative, managerial, and technical safeguards. Therefore, we urge you to take adequate precautions to protect your personal data as well, including never sharing your getGFTD password with anyone.

If the getGFTD tech team becomes aware of a system security breach, we may notify you electronically so that you can take appropriate protective measures. By using the Services, you agree that getGFTD may communicate with you electronically. GetGFTD may post a notice on its website or mobile application in the event of a security breach. We may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice of a security breach), please email us.

HOW WE USE THE PERSONAL INFORMATION WE COLLECT

Our primary purpose in collecting personal information is to provide you with a safe, smooth, efficient, fun, and customized experience. We may use your personal information to:

provide the services and customer support you request;
process transactions and send notices about your transactions or your network activity;
resolve disputes, collect fees, and troubleshoot problems;
prevent potentially fraudulent, prohibited, or illegal activities, and enforce our User Agreement through the use of our risk and fraud tools, which may include the use of Account Information, Identification Information, Financial Information, Device Information, Social Web Information, and Geolocation Information;
create an account connection between your getGFTD account and a third-party account or platform;
customize, personalize, measure, and improve our services and the content and layout of our website;
send you updates about new products and services that we are offering to customers;
Compare information for accuracy and verify it with third parties.
perform other duties as required by law; and
If you choose to share your Geolocation Information, we will use it to enhance the security of the Services. We may also use this information to provide you with location-specific options, functionality, offers, advertising, search results, or other location-specific content.

California Privacy Rights. Suppose you are a resident of the State of California, under the California Consumer Privacy Act (CCPA). In that case, you have the right to request information on how to exercise your disclosure choice options from companies conducting business in California. Specifically:

● Exercising the Right to Know. You may request, up to twice in 12 months, the following about the personal information collected on you in the past 12 months:

o the categories and specific pieces of personal information we have collected;

o the categories of sources from which we collected the personal information;

o the business or commercial purpose for which we collected it;

o the categories of third parties with whom we shared the personal information; and

o the categories of personal information about you that we disclosed for a business purpose.

● Exercising the right to delete. You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.

● Exercising the right to opt out of a sale. You may request to opt out of any “sale” of your personal information that may take place by means not controlled or initiated by us. Your data is not sold by us to any third-party vendors.

● Non-discrimination. The CCPA provides that you may not be discriminated against for exercising your rights under this law.

To submit a request to exercise any of the rights described above, you may contact getGFTD, LLC either via email at contact@getgftd.io or contact us via postal mail, properly postage prepaid, at:

getGFTD, LLC

Attn: Your California Privacy Rights

7101 Rich Hill Rd. Baltimore, MD 21212

Please indicate your preferred method of response to your request (i.e., email or postal mail). All requests sent via postal mail must be labeled “Your California Privacy Rights” on the envelope or postcard and clearly stated on the actual request. For all requests, please include your name, street address (if you would like a response via postal mail), city, state, and zip code. We may need to verify your identity before responding to your request, such as confirming that the email address or contact information used to send the request matches the information we have on file. Authentication may be required using a government-issued and valid identification document. We will not accept requests via telephone or fax. We are not responsible for notices that are not labeled or sent properly or do not have complete information.

HOW WE SHARE PERSONAL INFORMATION WITHIN THE getGFTD NETWORK

To process payments on getGFTD, we need to share some of your personal information. Your contact information, date of sign-up, the number of payments you have received, and other verification metrics, such as social graph activity, may be provided to users or companies with whom you transact.

We work with vendors to enable them to accept payments from you using their digital wallet account. In doing so, a vendor may share information about you with us, such as your mobile phone number, when you attempt to pay that vendor. We use this information to confirm with the vendor that you are a digital wallet customer and that they should accept this form of payment for your purchase.

Regardless, we will not disclose your credit card number or bank account number to anyone you have paid or who has paid you, except with your express permission or if we are required to do so to comply with a subpoena or other legal process.

HOW WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES

getGFTD does not share your personal information with third parties for any promotional or marketing purposes.

Some personal information is public information, such as the public transactions in which you've been involved, and may be seen by anyone on the internet, whether or not they have a getGFTD account. Public information may also be seen, accessed, reshared, or downloaded through getGFTD’s APIs or third-party services that integrate with our products. In addition to any public information, your getGFTD friends’ lists, accessed through their contacts, may be visible to any logged-in getGFTD user.

We may share your personal information with:

Law enforcement, government officials, or other third parties if compelled to do so by a subpoena, court order, or similar legal procedure, when it is necessary to do so to comply with the law, or where the disclosure of personal information is reasonably necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of the User Agreement, or as otherwise required by law.
Third-party service providers who assist us in providing services to you or who provide fraud detection or similar services on our or any vendor’s behalf.
The other user participates in the transaction, and depending on the privacy setting of each account, the transaction may be public, visible through the GFTD feed on our website and mobile application, and elsewhere on the internet.
Service providers under contract who help with parts of our business operations (for example, fraud prevention, payment processing, or technology services). Our contracts stipulate that these service providers may only use your information in connection with the services they perform for us, and not for their own benefit.
Other third parties, with your consent or at your direction to do so, including if you authorize an account connection with a third-party account or platform.

For this privacy policy, an "account connection" with such a third party is a connection you authorize or enable between your account and a non-getGFTD account, payment instrument, or platform that you lawfully control or own. When you authorize such a connection, getGFTD and the third party will exchange your personal information and other information directly. Examples of account connections include, without limitation: linking your beenGFTD account to a social media account or social messaging service; connecting your getGFTD and beenGFTD account to a third-party data aggregation or financial services company, if you provide such company with your getGFTD account log-in credentials; or using your account.
Suppose you connect your getGFTD or beenGFTD account to other financial accounts, directly or through a third-party service provider. In that case, we may have access to your account balance and account information, including transaction and purchase details. If you choose to create an account connection, we may receive information from the third party about you and your use of the third party’s service. For example, if you connect your getGFTD or beenGFTD account to a social media account, we will receive personal information from the social media provider via the account connection. We will use all information received from a third party via an account connection in a manner consistent with this privacy policy.
Information that we share with a third party based on an account connection will be used and disclosed in accordance with the third party’s privacy practices. Before authorizing an account connection, you should review the privacy notice of any third party that will gain access to your personal information as part of the account connection. For example, personal information that getGFTD shares with a third-party account or platform, such as a social media account, may, in turn, be shared with certain other parties, including the general public, depending on the account’s or platform’s privacy practices.
If you choose to use Siri or iMessage to send payments via getGFTD or to use the Services, such use otherwise is subject to Apple’s terms and conditions for use of iMessage and/or Siri, as applicable, and the terms of the getGFTD or beenGFTD User Agreement. By using Siri or iMessage, you authorize us to share some of your getGFTD account data (including your friends' list, list of persons you have transacted with most recently and most frequently, transaction instructions, and transaction notes) with Apple to allow it to facilitate transaction requests made through Siri or iMessage on iOS. Data shared with Apple will be used pursuant to Apple’s then-current user agreements and privacy policies. You can grant or revoke Apple’s access to getGFTD on iOS at any time under the “Siri” or “iMessage” settings on your iPhone.The information you choose to share is your responsibility to safeguard and will not be our responsibility to secure.

getGFTD and beenGFTD do not send your personal information to third-party social networks unless you have specifically requested or authorized us to do so. When you broadcast information to such third-party social networks, such information is no longer under the control of getGFTD and is subject to the terms of use and privacy policies of such third parties.

HOW YOU CAN ACCESS OR CHANGE YOUR PERSONAL INFORMATION

You can review and update your personal information in your account settings at any time by logging in to your account.

LINKS TO OTHER SERVICES OR SITES

The Services may contain links to (or allow you to link to) other third-party services or websites. GetGFTD, LLC does not control the information collection of third-party services or websites that can be reached through such links. We encourage our users to be aware when they are linking to a third-party service or website and to read the privacy statements of any third-party service or website that collects personally identifiable information.

ACCOUNT DELITION AND DATA REMOVAL

Right to Delete: Users may delete their getGFTD account at any time, either through in-app settings or by contacting support@getgftdapp.com

Effect of Deletion: Once your account is deleted, all personal data, account information, and associated activity will be permanently removed from our active systems within a commercially reasonable timeframe, typically not exceeding thirty (30) days.

No Retention: getGFTD does not retain user data after deletion, except where retention is required by law (e.g., tax, regulatory, or fraud-prevention obligations).

Third-Party Access: If you created your account via a third-party login (e.g., Facebook, Google), deleting your getGFTD account will not automatically delete data retained by those third parties. You must manage those services directly.

PROMOTIONAL GETGFTD CARDS (Initial GFTs)

Upon sign-up, eligible users may receive an Initial GFT funded into their digital wallet.

The Initial GFT shall remain valid for a period of not less than three (3) months and not more than five (5) months, with the exact duration determined solely by getGFTD.

If a user fails to establish or activate their digital wallet within this validity period, the Initial GFT will be revoked, canceled, or reclaimed by getGFTD.

Promotional credits are discretionary, non-transferable, and do not constitute a vested right or contractual entitlement.

CHANGES TO OUR PRIVACY POLICY

BeenGFTD and getGFTD are always improving. As the Services evolve, we may occasionally update this privacy policy. If we modify this Privacy Policy, we will post the revised policy on the website and update the "last updated date" stated above accordingly. If we make material changes in the way we use personal information, we will notify you by posting an announcement on our mobile application or website. It is your responsibility to review this privacy policy periodically. Any changes to the privacy policy will bind users who continue to use the Services after such changes have been first posted.

HOW TO CONTACT US

If you have questions or concerns regarding this privacy policy, or any feedback about your privacy and the Services that you would like us to consider, please email us at contact@getgftd.io