This Privacy Policy explains how We3Wire collects, uses, and shares information when you use our website, applications, and services that integrate Bridge infrastructure. Depending on where you live, some parts of this Policy apply specifically to you (see Regional Addenda for the EEA and the USA).

We3Wire provides the customer interface and product experience. Regulated activities (e.g., money transmission, VASP services, custody) are performed by Bridge entities and/or financial partners. Their privacy notices also apply to your use of those components.

We collect information in three main ways: (a) directly from you; (b) automatically from your devices; and (c) from third parties.

3.1 Information you provide

• Identification data (name, date of birth, nationality, address, phone, email).
• Government identifiers (passport/ID numbers; SSN/TIN where required by law).
• Account data (username, security credentials, 2FA secrets, preferences).
• Financial data (linked bank accounts, virtual account details, IBAN/account & routing, payment tokens).
• Blockchain data (wallet addresses you provide or link).
• Compliance data (KYC/KYB artifacts; source of funds; purpose of transactions; business registration docs; beneficial ownership).
• Communications (support requests, feedback, recordings where permitted).

3.2 Information collected automatically

• Usage and log data (pages viewed, clickstream, session metadata, product telemetry).
• Device and network data (IP address, user agent, language, time zone, device IDs).
• Location inference (approximate city/country from IP; precise location only with your device permission).
• Cookies and similar technologies (see Cookies).

3.3 Information from third parties

• Bridge entities and financial partners (KYC/KYB status, fraud signals, transaction outcomes).
• Identity verification vendors and sanctions/AML screening providers.
• Referrals, program partners, and publicly available sources (e.g., corporate registries).

We process personal data to:

1. Provide Services — create accounts; provision wallets and virtual accounts; execute on/off-ramp transfers; issue cards; enable stablecoin issuance features you request
2. Comply with law — KYC/KYB, sanctions screening, record-keeping, reporting, transaction monitoring, fraud prevention.
3. Secure and operate — authenticate users, prevent abuse, detect incidents, debug and maintain systems.
4. Improve and personalize — analyze usage, develop new features, and personalize content.
5. Communicate — send service, security, and transactional messages; obtain feedback; provide support.
6. Marketing — send optional product updates and promotions (you can opt out).
7. Defend rights — manage claims, respond to lawful requests, enforce terms, and protect users.

Legal bases (EEA only). Contract necessity; legal obligation; legitimate interests (e.g., to secure services, prevent fraud, improve features); consent (for certain marketing, cookies, or where required by law). See EEA Addendum.

Controller(s). We3Wire acts as a controller for the data it collects. For regulated rails, Bridge Building Sp. z o.o. may act as an independent controller or service provider when you use those features.

Legal bases. We rely on one or more of the following: contract necessity; legal obligation; legitimate interests (e.g., securing the Services, preventing fraud, product improvement); consent where required (e.g., certain marketing/cookies).

Your rights. Subject to exceptions, you have: right of access, rectification, erasure, restriction, portability, objection (including to direct marketing), and the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.

International transfers. Where personal data is transferred outside the EEA, we use appropriate safeguards (e.g., Standard Contractual Clauses) and supplementary measures.

Data retention. Minimum periods may apply under AML/CTF and financial services laws.

How to exercise your rights. Email [support@we3wire.com](mailto:support@we3wire.com) with “EEA Privacy Request” in the subject line. We may need to verify your identity and may decline requests where an exemption applies.

Scope. This section explains US state privacy rights (e.g., California). It applies to residents of states with consumer privacy laws that grant specific rights.

Categories collected. Identifiers (name, email, phone, government ID); customer records; financial information; internet/electronic activity; geolocation (approximate); professional/employment; inferences; and sensitive information (e.g., government IDs) where required by law.

Sources. Directly from you, automatically, and from partners/service providers.

Purposes. As described in Section 4 (provide Services; compliance; security; improvement; communications; marketing; legal).

Sharing/disclosure. We disclose personal information to service providers and contractors for business purposes; to Bridge entities and financial partners to operate the Services; and to authorities where required by law.

Sensitive information. We use sensitive information (e.g., government IDs) only as reasonably necessary to perform services or comply with law, and we do not use it to infer characteristics about you.

Retention. We keep data only as long as necessary for the purposes described, including legal retention obligations.

Your rights (state-specific). Access (including data portability), correction, deletion, and the right to opt out of sales/sharing/profiling where applicable. You also have the right to non-discrimination for exercising your rights.

How to exercise your rights. Email [support@we3wire.com](mailto:support@we3wire.com) with “US Privacy Request” in the subject line. We may verify your request and, where permitted, respond through your account. You may authorize an agent to submit a request on your behalf, subject to verification.

Appeals. If we deny your request, you may appeal by replying to our decision email with “Appeal” in the subject line.