🆕 2. Scope

> This policy applies to users globally, including those whose data may be processed or stored in the United States, where our banking and financial infrastructure partners are based.

---

🆕 5. Data Sharing 

> Your data may be shared with or stored by U.S.-based banking partners, who are regulated under U.S. laws such as:

Gramm-Leach-Bliley Act (GLBA) for financial data protection,

Bank Secrecy Act (BSA) for anti-money laundering (AML) requirements.

We ensure that all partners meet SOC 2 Type II or ISO 27001 standards and have data transfer agreements in place to protect your rights across jurisdictions.

---

🆕 6. International Transfers 

> Since we work with financial institutions based in the United States, your data may be stored or processed on servers located in the U.S. We ensure:

Binding Data Processing Agreements (DPAs) with our U.S. bank partners,

Use of Standard Contractual Clauses (SCCs) approved by the European Commission (where applicable),

GLBA-compliant practices for the protection of nonpublic personal information (NPI),

Explicit user consent when legally required.

--

🆕 17. U.S. Consumer Rights (GLBA Notice)

For U.S.-based users, your rights under the Gramm-Leach-Bliley Act (GLBA) include:

Notification of the categories of data collected and shared.

Opt-out options for certain types of third-party financial data sharing (if applicable).

Secure access to your account records and financial statements.

We do not sell your financial data. To manage your GLBA-related preferences, email compliance@fazzadex.com.