• In this privacy policy ("Policy"), we describe:
• the information that we collect and process about you (that you provide directly to us or is provided to us by third parties);
• the purposes for which we collect and process information about you; and
• the basis on which we collect and process information about you, when you use this website (our "Website") and the services available through this Website, our mobile websites or applications, provided to our registered users (collectively, our "Services").
• In this Policy, the term "personal information" or "personal data" means personal information or data that relates to an identified or identifiable person.
• We recommend that you read this policy carefully in order to understand what Metaprise LLC ("we", "us", "Metaprise") does with your personal information. Your use of our Website and Services and any dispute over privacy, is subject to this Policy and any of our applicable Terms and Conditions for use of our Services.

• SPECIFIC TERMS FOR CUSTOMERS FROM THE STATE OF CALIFORNIA ONLY: Please take notice that the entirety of this Policy applies to you, combined with additional provisions which are specific to residents of California, and can be seen in Index 1.
• ADDITIONAL TERMS FOR U.S CUSTOMERS ONLY: Please take notice that the entirety of this Policy applies to you, combined with additional provisions which are specific to U.S customers of Metaprise and can be seen in Index 2.
• ADDITIONAL DISCLOSURES FOR U.S CUSTOMERS ONLY: Please take notice that the entirety of this Policy applies to you, combined with provisions which are specific to U.S customers of Metaprise and can be seen in Index 3.

• We collect personal information directly from you, about you from third parties such as our marketing affiliates & service providers used to verify your identity and prevent fraudulent activity, in addition to other Metaprise users and other Metaprise clients or customers for the purpose of providing the Metaprise services to you, & automatically as you use our Website and Services.

• When you apply for and use our Services, you contact us with questions, and you otherwise choose to provide personal information to us.
• We receive personal information about you from banking references, affiliates, other Metaprise users, and other third parties (e.g., entities that assist us in validating your identity, for risk assessment purposes, for fraud prevention, for marketing and advertising purposes, etc.). We may combine this information with other information that we collect about you.
• We, and our third party service providers, automatically collect the following information about your use of our Website and our online Services through cookies, web beacons, log files and other technologies (subject to your consent where required by applicable law): your domain name, your browser type and operating system, web pages you view, links you click, your IP address, the length of time you visit our Website or use our Services, your activities on our Website, and the referring URL or the webpage that led you to our Website. If you are a registered user using our Website, we also may collect the following information about you: mobile device ID; device name and model; operating system type, name, and version; your activities within the Website, the length of time that you are logged into our Website, and, with your permission, your precise geo-location information.
• Children's information: Our products and services are directed at adults 18 years and over and not intended for children. We do not knowingly collect information from this age group. Part of the verification process prevents Metaprise from collecting such data. If any information is collected from a child without verification of parental consent, it will be deleted.

• The types of personal information we collect about you depends on your specific interactions with our Website and our Services, and includes, where permitted by applicable law:

Categories of Personal Information Collected	Specific Personal Information	Source of Personal Information
Identifiers	Name, email address, phone number, billing or mailing address, IP address, date of birth, national identification numbers and documents that may include your photograph.	Directly from you, third parties on your behalf and as instructed by you, other Metaprise users and customers, our service providers & partners.
Financial Information	Bank account information, and details of any transactions carried out using any of the Services.	Directly from you, third parties on your behalf and as instructed by you, other Metaprise users and customers, our service providers and partners.
Internet or Other Similar Network Activity	Your interaction with our website. Other information collected through Cookies and other tracking technologies as listed above and as described in our "Cookies Policy"	From you directly and our third party analytic tools and cookies usage (See our "Cookies Policy" for more information).
Commercial Information	Information about your business.	Directly from you, third parties on your behalf and as instructed by you, other Metaprise users and customers, our service providers and partners.
Geolocation Data	Geolocation	Directly from you and/or through your use of the Website and/or our third party analytic tools and cookies usage (See our "Cookies Policy" for more information).
Other Categories	Any other information that you choose to provide to us (e.g., when you send us an email/otherwise contact us). Includes calls, emails, and other correspondence.	Directly from you, third parties on your behalf, and as instructed by you.
Special categories of Personal Data	Biometric Data in the form of 'selfies' (self-photographs) processed for the purposes of identity verification when you become a customer.	Directly from you, third parties on your behalf and as instructed by you, or from our service providers.

• To validate your identity (including via SMS or voice call, as applicable).
• To register you and provide our Services to you, to communicate with you about your use of our Services and KYC verification process (including via SMS or, for users of our Website, via email, message, "push" notifications) or any changes in our Terms and Conditions and this Policy that apply to you.
• For the purpose for which you specifically provide the personal information to us, including, to respond to your inquiries, to provide any information that you request, and to provide customer support (including via SMS, as applicable).
• To tailor the content and information that we may send or display to you, to offer location customization (where permitted by applicable law), personalized help and instructions, and to otherwise personalize your experiences while using our Website and our Services, such as developing and offering you with new and/or additional Metaprise services to the services we are providing you or new and/or additional features to existing Metaprise services, based, where appropriate, on your eligibility for such new and/or additional Metaprise services or features, as would be evaluated by us from time to time.
• For marketing and promotional purposes, for example, we may use your personal information, such as your email address, phone number (including via SMS, as applicable), or mailing address to send you newsletters, special offers and promotions, or to otherwise contact you about services or information we think may interest you (unless you are opted-out from our marketing communications), or to conduct draws for campaigns and the like and deliver prizes and rewards.
• As permitted by applicable law, to assist us in advertising our products and services in various mediums including, without limitation, sending you promotional emails, advertising our services on third party sites and social media platforms, sending you direct mail, and by telemarketing (unless you are opted-out from our marketing communications).
• To better understand how users access and use our Website and our Services, both on an aggregated and individualized basis, to administer, monitor, and improve our Website and Services, for our internal purposes, and for other research and analytical purposes. Please see our Cookies Policy for more information.
• To protect us, our customers, employees, partners or property — for instance, to investigate fraud and prevent fraudulent activity, abuse of the Services, harassment or other types of unlawful activities involving us or other companies that we do business with, to enforce this Policy, as well as our Terms and Conditions.

• We share your personal information with third parties, including service providers, regulated institutions (e.g., financial institutions), affiliated entities, and business partners as set out in the table below. In the table below, we also list the reasons why we share information.

How and Why Metaprise Shares Your Information	Does Metaprise Financial Share?
With our service providers and partners - for our business purposes, such as to assist us with the provision of the Services and to verify your identity, prevent, detect and protect against fraudulent activity or abuse of the Services, conduct internal research and analytical assessments, process your transactions, maintain your account(s) and provide you with customer support services. These include internet service providers, data and cyber security services, banks, financial institutions, payment processors, financial services providers, remote access services; service providers that help us verify your identity and help us comply with our legal and regulatory obligations; and our business, legal, tax, financial and other advisors, on a confidential basis. Such service providers may differ based on the services provided to you and your jurisdiction.	Yes
With fraud prevention and detection service providers - which provide fraud prevention, detection, protection services, or other similar services, on our, or our service provider's, behalf. Such service providers may keep records of information provided and use it when providing fraud detection and prevention services to other users of their databases.	Yes
For marketing purposes: 1. With our service providers and our partners - to market our own products and services; and 2. With non-affiliated third parties for joint marketing purposes.	Yes
With other Metaprise clients, customers or third parties using our Services - to perform the Services, assist in carrying out your transactions with such clients, customers or third parties.	Yes
In response to legal process - to comply with the law, a judicial proceeding, subpoena, court order, or other legal process.	Yes
In connection with business transfers - to another entity if we are acquired by or merged with another entity, if substantially all of our assets are transferred to another entity, or as part of a bankruptcy proceeding.	Yes
To protect the rights, property, or safety of us and others - we may disclose personal information to our business partners, service providers and other third parties when we believe it is necessary or appropriate. This includes exchanging and/or jointly using information with other companies, businesses and organizations when you use our Services in connection with such third parties', for the purpose of us and/or them investigating, preventing, or taking actions regarding suspicious or high risk transactions, illegal activities, suspected fraud or fraudulent operations connected to such other entities' businesses and/or our Services, situations involving potential threats to the safety of any person, violations of our or their Terms and Conditions or this Policy, or as evidence in or otherwise connected to litigation in which we or they are involved.	Yes
Aggregated and de-identified information - we may disclose aggregate or de-identified information about users for marketing, advertising, research, or similar purposes.	Yes

• All information you provide to us is stored on our secure servers or our third-party cloud service providers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

• We keep this Policy under regular review and may update it from time to time. You will be notified of changes to this Policy via the posting of an updated version on our Website and, where appropriate, via email and/or message to your account. Changes will take effect upon the date on which an updated Policy is posted on our Website. We recommend that you regularly check for updates or changes to our Policy and that you review this Policy when visiting our Website. We will not materially reduce your rights under this Policy without taking steps to bring such changes to your attention.

• If you are a Metaprise customer and would like to update your personal information, please contact us using the information below. If you are not a Metaprise services customer, but have provided us with personal information or if your personal information was provided to us by third parties, and you would like to update your personal information, you may contact us through the phone number or email address listed below. From time to time, we may email you or send you with special offers; you may opt-out of those offers by either using the unsubscribe link provided in the email or by contacting us as noted below.

• Metaprise LLC
• 9 E 53rd Street, 5th Floor
• New York, NY, 10022
• Phone: 866-655-6843
• Email: customer@metaprisebanking.com
• Web: www.metaprise.online

• This Policy shall be exclusively governed by and interpreted in accordance with the laws of the State of Delaware, and any dispute hereunder shall be brought exclusively in the courts of the State of Delaware except where prohibited by US law.

• We retain your personal data for at least such period required in order to meet our obligations under applicable laws or regulations and, to the extent not prohibited under applicable law, such additional period in accordance with our internal policies and procedures for purposes of prevention of fraudulent activities, risk management and security.

• Any and all content provided on this Website or the Services, including links to other websites is provided for information purposes only and does not constitute advice, recommendation or support of such content or website. Metaprise makes every effort to provide true and accurate content on its Website. However, Metaprise provides no warranty, express or implied, of the accuracy, completeness, timeliness, or applicability of such content. Metaprise accepts no responsibility for and excludes all liability in connection with information provided on the Metaprise website, including but not limited to any liability for errors, inaccuracies or omissions.

• This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Policy of Metaprise and applies solely to visitors, users, and others who reside in the State of California. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

• We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ('personal information'). In particular, we have collected the following categories of personal information from consumers from or about them or their device within the last twelve (12) months:

Category	Examples	Collected
Identifiers	Your name, alias, postal address, unique personal identifier, IP address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers. This information is collected directly from you and your device.	YES
Internet or other similar network activity	Browsing history, search history, information on a consumer's interaction with a website, application or advertisement. This information is collected directly from you and your device.	YES
Commercial information	About any transactions within the Services such as transaction information when you collect or make payments. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This information is collected directly from you and your device.	YES
Geolocation data	Such as your IP address or mobile device GPS. This information is collected directly from you.	YES
Biometric information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, self-picture verification (selfie), iris or retina scan, keystroke, or other physical patterns. This information is collected directly from you and your device.	YES
Professional or employment - related information	Such as your profession if you choose to provide it in a survey. This information is collected directly from you.	YES
Personal information categories listed in the California Customer Records statute (Cal. Civ. 1798.80(e)))	A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. This information is collected directly from you in the context of being our consumer.	YES
Protected classification characteristics under California or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). This information is collected directly from you in the context of being our consumer.	YES
Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
Non-public education information (per the Family Educational Rights and Privacy Act)	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO

• Publicly available information from government records;
• De-identified or aggregated consumer information;
• Information excluded from CCPA's scope like:
• • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector specific privacy laws, including the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
• We obtain categories of personal information listed above from the following categories of sources:
• Directly from our clients or their agents. For example, from documents that our clients provide us related to the services for which they engage us.
• Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
• Directly and indirectly from activity on our website or through our online banking. For example, from transactions submitted through our online banking portal or website usage details collected automatically.
• From third parties that interact with us in connection with the services that we perform. For example, from customers or third parties using our Services - to perform the Services, & assist in carrying out your transactions with such clients, customers or third parties.

• We may use or disclose the personal information we collect for one or more of the following business purposes:
• To fulfill or meet the reasons for which information is provided. For example, if you provide us with personal information in order for us to open a deposit account with us, we will use that information to open the account and submit information on the interest earned to the applicable taxing authorities;
• To provide you with information, products, or services that you request from us;
• To provide you with email alerts, service outages, and other notices concerning our products and services that may be of interest to you or that you have signed up for;
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
• To improve our website and present its contents to you;
• For testing, research, analysis, and product development;
• As necessary or appropriate to protect the rights, property or safety of us, our clients or others;
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

• We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
• In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
• Category a - Identifiers
• Category b - Personal information categories listed in the California Customer Records statute (Cal. Civ. Code s. 1798.80(e))
• Category c - Protected classification characteristics under California or federal law
• Category d - Commercial information
• Category f - Internet or other similar network activity
• Category g - Geolocation data
• Category i - Professional or employment - related information
• We disclose your personal information for a business purpose to the following categories of third parties:
• Nonaffiliated financial companies
• Service Providers
• Third Parties to whom you or your agents authorize us to disclose your personal information in connection with products and services we provide to you.
• In the preceding twelve (12) months, we have not sold any personal information.

• The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

• You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
• The categories of personal information we collected about you;
• The categories of sources for the personal information we collected about you;
• Our business or commercial purpose for collecting or selling that personal information;
• The categories of third parties with whom we share that personal information;
• The specific pieces of personal information we collected about you (also called data portability request);
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
• • Sales, identifying the personal information categories that we category of recipient purchased; and
  • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
• You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
• We may deny your deletion request if retaining the information is necessary for us or our service providers to:
• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code s. 1546 seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

• To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
• Phone: 1-866-655-6843
• Email: customer@metaprisebanking.com
• Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
• You may only make a verifiable consumer request for access or data portability twice within a 12 month period. The verifiable consumer request must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
• We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in verifiable consumer requests to verify the requestor's identity or authority to make the request.

• We endeavor to respond to a verifiable consumer request within 60 days of its receipt. If we require more time (up to 120 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will cover the 12 month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit from one entity to another entity without hindrance.
• We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

• We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CPPA, we will not:
• Deny you goods or services;
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• Provide you a different level or quality of goods or services;
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

• We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

• If you have questions or comments about this notice, our Privacy Policy, the ways in which we collect and user your personal information, your choices and rights regarding such use, or with to exercise your rights under California law, please do not hesitate to contact us at:
• Phone: 1-866-655-6843
• Email: customer@metaprisebanking.com

• The Personal Information Protection Act (PIPA) specifically requires data collectors to notify affected individuals whenever a breach of the security of the data collector's system data occurs. PIPA is the enactment of House Bill 1633, which was signed into law in June, 2005, and went into effect on January 1, 2006. With PIPA, Illinois became only the second state in the country to respond to major security breach cases.
• The Personal Information Protection Act creates several stipulations for notifying affected persons of a data breach.

• The definition of a breach under the Act is: "unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the data collector." As long as an institution "handles, collects, disseminates, or otherwise deals with nonpublic personal information" it is considered a data collector. Accessing the data is not a breach, so notification does not have to occur every time the data is collected. But if the data is accessed and used for a purpose unrelated to the business or if it is made available to further unauthorized disclosure, this would also be considered a breach.

• "Personal data" is the term for protected information that is used in PIPA and it is defined as: An individual's first name or first initial and last name, in combination with any one or more of the following:
• 1. Social security number
• 2. Driver's license number or State identification card number
• 3. Account number or credit or debit card number, or an account number or credit card number in combination with any security code, access code or password that would permit access to an individual's financial account.
• 4. Medical or health insurance information.
• 5. Unique biometric data generated from measurements or technical analysis of human body characteristics used by the owner or licensee to authenticate an individual
• - fingerprint
• - retina or iris image
• - other unique physical representation or digital representation of biometric data
• It is important to note, "personal information" does not include publicly available information or public records.

• For additional information about the Personal Information Protection Act please consult directly with the Metaprise at customer@metaprisebanking.com. To report a potential security breach related to the Personal Information Protection Act, please email us at customer@metaprisebanking.com. Metaprise has a formal procedure for handling security-related incidents and units must not attempt to respond to incidents involving confidential information on their own. The responses will be coordinated by security and compliance teams accordingly.

• Notification to individuals - Notification must be made in the most expedient time possible without unreasonable delay. However, time may be taken to determine the scope or the breach as well as to restore the integrity and security of the system.
• There are three acceptable means of notification:
• Written notice
• Electronic notice
• "Substitute notice" - This is when it is not feasible to provide written or electronic notice because
• • the cost of the notice would exceed $250,000 or
  • there are over 500,000 people to notify or
  • the data collector doesn't have sufficient contact info
• If substitute notice was the only option available, then there are three steps that must be taken for substitute notice:
• 1. email notice if the data collector has an email address for the subject persons
• 2. conspicuous posting of the notice on the data collector's web site
• 3. notification to major statewide media.

• Nevada Revised Statutes Chapter 603A governs the collection of personally identifiable information for consumers. Metaprise LLC is subject to the Gramm-Leach Bliley Act therefore the Nevada privacy law does not apply.

• Under Vermont law, Metaprise LLC will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows. We may share information with your consent, to service your accounts or under joint marketing agreements with other financial institutions with which we have joint marketing agreements. we may share information about our transactions or experiences with you within our corporate family without your consent.

• Title V of the Gramm-Leach-Bliley Act (GLBA) generally prohibits any financial institution, directly or through its affiliates, from sharing nonpublic personal information about you with a nonaffiliated third party unless the institution provides you with a notice of its privacy policies and practices, such as the type of information that it collects about you and the categories of persons or entities to whom it may be disclosed. In compliance with the GLBA, we are providing you with this document, which notifies you of the privacy policies and practices of Metaprise LLC.
• Unless it is specifically stated otherwise in the Privacy Policy notice, no additional nonpublic personal information will be collected about you.
• We may disclose any of the above information that we collect about our customers or former customers to our affiliates or to nonaffiliated third parties as permitted by law.
• WE DO NOT DISCLOSE ANY NONPUBLIC PERSONAL INFORMATION ABOUT YOU WITH ANYONE FOR ANY PURPOSE THAT IS NOT SPECIFICALLY PERMITTED BY LAW.
• We restrict access to nonpublic personal information about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information.
• We will review, maintain and implement procedures to protect the security and confidentiality of requests from FinCEN similar to those procedures established to satisfy the requirements of Section 501 of the Gramm-Leach-Bliley Act with regard to the protection of customers' nonpublic information.

• Regulation P requires Metaprise LLC to provide certain privacy notices and to comply with certain limitations on the disclosure of nonpublic personal information to nonaffiliated third parties and requires financial institutions and others to comply with certain limitations on redisclosure and reuse. Regulation P governs the treatment of nonpublic personal information about consumers by the financial institutions for which the Federal Reserve Board has primary supervisory authority. A general description of the regulation, by section, follows, which dictates Metaprise LLC's responsibilities to its customers.

• Metaprise has obligations to provide notice to its customers about its privacy policies and practices and the right of a consumer to prevent a financial institution from disclosing nonpublic personal information about him or her to nonaffiliated third parties by "opting out" of that disclosure. Only the U.S. offices of financial institutions for which the Federal Reserve Board has primary supervisory authority are subject to the requirements of the regulation.

• States that the examples in the regulation and the sample clauses in appendix A of the regulation are not exclusive and that compliance with an example or use of a sample clause, to the extent applicable, constitutes compliance with the regulation.

• Defines key terms used in the regulation, such as "consumer," "customer," and "nonpublic personal information." Metaprise defines its consumers as persons to which our products are oriented. Metaprise defines its customers as any entity that has signed up for the platform regardless of account opening or not. Metaprise defines nonpublic personal information as information — (i) provided by a consumer to a financial institution; (ii) resulting from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution. Such a term does not include publicly available information that may be available in public databases such as Google.

• Sets forth requirements to provide an initial privacy notice to a customer not later than when Metaprise establishes a customer relationship, and to a consumer before disclosing any nonpublic personal information about the consumer to any nonaffiliated third party, subject to certain exceptions. Also provides an exception to allow subsequent delivery of an initial notice under limited circumstances.

• Sets forth requirement to provide a privacy notice to a customer annually during the continuation of the customer relationship.

• Establishes the items of information required to be described in the initial, annual, and revised privacy notices.

• Establishes the items of information required to be described in the opt-out notice and sets forth requirements for providing a reasonable opportunity to opt out to consumers who jointly obtain a financial product or service.

• Sets forth requirement to Metaprise to provide a revised privacy notice to a consumer before disclosing nonpublic personal information about him or her to a nonaffiliated third party other than as described in the initial notice to the consumer.

• Sets forth requirement to Metaprise to provide a privacy notice to a customer annually during the continuation of the customer relationship.

• Establishes the general limitation against Metaprise disclosing nonpublic personal information about a consumer to any nonaffiliated third party.

• Establishes various limitations against Metaprise redisclosing and reusing nonpublic personal information received from a nonaffiliated financial institution.

• Sets forth the restriction against Metaprise disclosing a consumer's account number for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.

• Establishes an exception to the requirement to Metaprise to provide a consumer with an opt-out notice and reasonable opportunity to opt out of certain disclosures to nonaffiliated third parties who perform services on behalf of a financial institution, including marketing financial products or services offered pursuant to a joint agreement.

• Establishes exceptions to the requirements to Metaprise LLC to provide a consumer with an initial privacy notice, an opt-out notice, and reasonable opportunity to opt out of disclosures to nonaffiliated third parties as necessary, among other purposes, to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with maintaining or servicing the consumer's account.

• Establishes other exceptions to the requirements to Metaprise LLC to provide a consumer with an initial privacy notice, an opt-out notice, and reasonable opportunity to opt out of disclosures to various nonaffiliated third parties, such as to persons acting in a fiduciary capacity on behalf of the consumer, and for a variety of purposes, such as to comply with federal, state, or local laws.

• States that the regulation should not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any state, except to the extent that such state statute, regulation, order, or interpretation is inconsistent with the provisions of the regulation, and then only to the extent of the inconsistency.

• Sets forth the effective date for the regulation and a transition rule that applies to certain contracts between nonaffiliated third parties and financial institutions that were entered into on or before July 1, 2000.