Privacy Policy
Greentruth (Earn DLT, Inc.)
1. Who We Are
Earn DLT, Inc. (“Earn”, “we”, “us”, “our”) is the operator of the Greentruth Marketplace (“Greentruth” or the “GTM”), a platform delivered via web, mobile, and application programming interface (“API”). Greentruth enables organizations to produce, manage, transfer, and retire Quantified Emissions Tokens (“QETs”). These digital instruments are underpinned by verified Measurement, Reporting, and Verification (“MRV”) data, which supports compliance, auditability, and sustainability reporting across energy and environmental markets.
This Privacy Policy applies globally to your use of the Services, regardless of location. Earn acts as a data controller for most processing activities described in this Privacy Policy. This includes onboarding and identity verification (“KYB”), wallet assignment, platform operations, transaction recording, payout facilitation, and security monitoring.
In this Privacy Policy, “Services” refers to the GTM and related offerings provided by Earn DLT, Inc., including web, mobile, and API interfaces, as well as associated support and integrations. See Glossary for defined terms.
2. What Does This Privacy Policy Contain?
This Privacy Policy is designed to provide a clear and structured explanation of how Earn handles Personal Data across the Greentruth ecosystem. It sets out:
- The types of Personal Data we collect when you use our website, app, and APIs;
- The purposes for which we use that data, and the legal bases that allow us to do so;
- The categories of recipients with whom we share Personal Data, and why;
- How long we retain Personal Data, and the measures we take to protect it;
- How we manage international data transfers and the safeguards we apply;
- The privacy rights available to you under applicable laws, and how to exercise them;
- How Greentruth handles blockchain records, including the distinction between on-chain and off-chain data; and
- How to contact us, how we handle updates to this notice, and where Earn is based.
This Privacy Policy may be supplemented by just-in-time notices that appear at specific points in your interaction with the platform. For example, you may see additional disclosures during KYB checks, when setting up payout details via Stripe or Plaid, when generating API keys, or when initiating token transfers or retirements. These notices are intended to provide context and transparency at the moment of data collection, and should be read alongside this Privacy Policy.
3. Who Does This Privacy Policy Apply To?
This Privacy Policy applies to all individuals and organizations who engage with the GTM, including:
- Producers and Buyers who use Greentruth to create, manage, and transact QETs;
- Enterprise/SaaS clients and their Authorized Users who access Greentruth under a commercial agreement;
- Developers and API users who integrate their systems with Greentruth using our developer tools and interfaces; and
- Website and app visitors, support contacts, and any other individuals who communicate with Earn in relation to the Services.
You may interact with Earn either personally or on behalf of an organization. If you provide Personal Data about someone else, or submit information on behalf of your company, you confirm that you are authorized to do so and that you have provided any required notices to the relevant individuals. The Services are intended for professional use and are not directed to children (see Section 14).
4. What Data Do We Collect About You?
We collect Personal Data in a few predictable ways:
- Directly from you (e.g., account setup, KYB uploads).
- From your organization (e.g., admin provisioning).
- From third-party providers (e.g., Stripe, Plaid, Dun & Bradstreet).
- Automatically (e.g., cookies, similar tracking technologies, device identifiers).
Sensitive Personal Information (such as government IDs and financial details) is collected only for compliance purposes and never used for marketing.
We only collect information that is necessary for the purposes described in this Privacy Policy and as permitted by applicable law.
Account and identity information
When you create or are assigned a Greentruth account, we process basic professional contact details (such as your name, business email address, phone number, job title, and the organization you represent).
For secure access, we also process authentication data (for example, a username and password or other credentials) and maintain audit logs of sign-in events and relevant account actions so that access can be monitored and reviewed.
KYB/KYC and compliance data
To meet legal and regulatory obligations and protect the integrity of the platform, we perform Know Your Business/Customer checks and sanctions/Politically Exposed Person (“PEP”) screening using reputable third-party providers such as Dun & Bradstreet.
In this context we process business verification information, screening outcomes, and risk indicators required under Anti-Money Laundering (“AML”)/Counter Terrorism Financing (“CTF”) regulations. These records help us confirm eligibility to use Greentruth and reduce the risk of fraud or misuse.
Operational data and token metadata
Greentruth is designed to represent verified environmental attributes in a consistent, auditable format. To mint and verify QETs, we therefore process operational and MRV-related data such as facility or segment identifiers, basin or region, timestamps, emissions metrics, methodology references, and verifier identifiers.
Where LCFS functionality is used, we may process additional compliance fields (including pathway codes, carbon intensity values, and verifier accreditation IDs). The platform is engineered so that token metadata and on-chain entries do not include Personal Data; they capture technical attributes needed for provenance and audit without identifying natural persons. Where applicable, MRV processing follows the QET Protocol that governs data collection, validation, and token lifecycle.
Wallet and transaction data
Each customer organization is assigned enterprise wallets (and, if required, sub-entity wallets) that are used to mint, transfer, and retire tokens. We keep records of these transactions to maintain chain-of-custody and support settlement or reporting. The blockchain layer stores non-identifying hashes and metadata only; Personal Data remains off-chain.
Payment and payout information
If your organization receives payouts or pays platform fees, bank account details, automated clearing house (“ACH”) or card information, and payout preferences are handled through payment partners such as Stripe and Plaid. These partners typically act as independent controllers for their services. We retain limited settlement identifiers necessary for reconciliation and compliance.
Personal Data included in API Data submitted to the Services is processed solely to provide, secure, maintain, and improve the Services and not for marketing purposes.
Device, usage, and analytics data
When you use the Services, we process technical telemetry that helps keep Greentruth secure and reliable. This includes IP address (general location), device identifiers, browser or app characteristics, interaction logs, and performance data. We use cookies to provide essential functionality and to perform analytics; you can learn more about these technologies, and your choices, in our Cookies Policy.
Support and correspondence
If you contact us, we process the content of your request (for example, helpdesk tickets, emails, or in-app chat) and associated metadata so we can diagnose issues and respond. If you work with us in a Greentruth deal room or data room, documents and datasets you upload or access are handled under the relevant confidentiality terms and used solely for the purposes agreed with you or your organization.
Keeping your details current.
To ensure accuracy and continuity of service, please keep your information up to date and notify us promptly if your contact details or organizational affiliation change.
5. How Do We Use Your Personal Data?
We process Personal Data only where we have a lawful basis to do so under applicable data-protection laws. The sections below explain, first in narrative form, then in a summary table, the purposes for which we use Personal Data and the legal bases that apply.
Registering and operating accounts.
We use your information to create and manage accounts, assign organization wallets, and enable secure access to the web app, mobile app, and APIs. This processing is necessary to perform our contract with you (or to take steps at your request before entering into a contract).
Providing and improving the Services.
We process operational data and token metadata to mint, transfer, and retire QETs, to maintain verifiable transaction records, to generate statements, and to ensure functionality, availability, and reliability across the platform. This processing is necessary for the performance of our contract, and we also rely on our legitimate interests to measure and improve the Services.
Compliance and risk management.
We conduct KYB/KYC checks, AML/CTF screening, and sanctions monitoring; we produce or format data for applicable reporting obligations (for example, Low Carbon Fuel Standard ("LCFS")/ LCFS Reporting Tool Credit Bank and Transfer System ("LRT-CBTS"), where used. This processing is required to meet legal obligations and is also supported by our legitimate interests in preventing fraud and ensuring compliant operation.
Security and integrity.
To safeguard Greentruth and customer environments, we apply access controls, monitor for vulnerabilities, investigate security events, maintain audit logs, and respond to incidents. This processing is carried out in our legitimate interests and, where relevant, to comply with legal obligations.
Analytics and service improvement.
We transform usage telemetry into aggregated, anonymised insights that help us monitor performance, improve features, and enhance user experience. These outputs do not identify individuals or organizations, and we do not re-identify aggregated data. We rely on our legitimate interests for this activity.
Communications.
We send operational messages, such as service updates, changes to terms or policies, and security or maintenance notices, because they are necessary to provide the Services and to meet legal obligations. We provide just-in-time notices at collection points (e.g., KYB/KYC, payouts, API key creation, token events) for added transparency.
Marketing.
With your permission where required (and otherwise in line with applicable law), we may send product updates, newsletters, or event invitations. You can opt out of marketing at any time without affecting your access to service-critical communications.
Corporate transactions and legal claims.
We may process and share data as needed to evaluate or complete mergers, acquisitions, or reorganizations, and to establish or defend legal claims. We rely on our legitimate interests and, where applicable, legal obligations.
Automated Decision Making and Profiling.
We do not engage in automated decision-making that produces legal or similarly significant effects. We also do not use profiling for marketing or risk scoring beyond compliance checks.
Summary of purposes and legal bases
| Purpose | Examples of Processing | Legal Basis |
|---|---|---|
| Register and operate accounts | Create/manage accounts; assign wallets; enable app/API access | Contract (incl. precontract steps) |
| Provide and improve the Services | Mint/transfer/retire QETs; maintain records; generate statements; ensure reliability | Contract; Legitimate interests (service quality and improvement) |
| Compliance and risk management | KYB/KYC; AML/CTF and sanctions checks; regulatory formatting (e.g., LCFS/LRTCBTS) | Legal obligation; Legitimate interests (fraud prevention) |
| Security and integrity | Access controls; vulnerability management; incident response; audit logging | Legitimate interests; Legal obligation |
| Analytics and service improvement | Aggregated, anonymised analytics for performance and UX improvements (no reID) | Legitimate interests |
| Communications | Service updates; policy/terms changes; operational notices | Contract; Legal obligation |
| Marketing | Product updates, newsletters, events (optional; optout anytime) | Consent (where required); Legitimate interests |
| Corporate transactions and legal claims | M&A due diligence; reorganizations; establish/defend claims | Legitimate interests; Legal obligation |
6. Who Do We Share Your Personal Data With?
We do not sell Personal Data. We share Personal Data only as necessary to provide the Services, comply with law, protect our rights or users, or as you direct. All recipients are bound by confidentiality and security obligations.
Service providers
We engage trusted service providers to support the operation of Greentruth. These providers deliver essential services such as cloud hosting, email delivery, CRM systems, development tools, esignature solutions, billing platforms, and productivity applications. Each provider acts as a processor under our instructions and is contractually bound to process Personal Data only for specified purposes and in accordance with our security requirements.
Independent controllers
Certain partners act independently when processing your Personal Data. This includes payment and payout partners such as Stripe and Plaid, which handle financial transactions and account verification; KYB and screening providers such as Dun & Bradstreet, which perform business verification and sanctions checks ; and verification partners that validate emissions data or compliance attributes for QET transactions. These organizations determine their own purposes for processing and provide their own privacy notices.
Counterparties
To complete QET transactions or retirements, we may share limited transaction details, such as token identifiers or retirement IDs, with counterparties. These disclosures are necessary to ensure settlement and auditability. We do not share Personal Data unless it is strictly required for compliance or contractual purposes.
Regulatory and legal disclosures
We may disclose Personal Data to regulators, law enforcement agencies, or courts where required by law. In addition, data may be shared in connection with mergers, acquisitions, or reorganizations, subject to appropriate safeguards to protect confidentiality.
CPRA
We do not sell or share Personal Data for crosscontext behavioural advertising and we honour Global Privacy Control ("GPC") signals.
7. How Long Do We Retain Your Personal Data?
We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal, regulatory, and contractual obligations. When data is no longer required, we securely delete or irreversibly de-identify it using methods consistent with NIST SP 80088 and our internal System Integrity Procedures.
| Data Category | Examples | Typical Retention | Rationale |
|---|---|---|---|
| Account & Profile | Name, email, role, organization | Life of account + 12 months | Account management & audit |
| Authentication & Access Logs | Login timestamps, IP, device ID | 12–24 months | Security monitoring & incident response |
| KYB/KYC & AML/CTF | Screening results, risk indicators | 7 years | Legal compliance |
| Contracts & E-signatures | SaaS agreements, DPAs | Term + 7 years | Enforcement & limitation periods |
| Payments & Payouts | Invoices, settlement IDs | ~7 years | Tax/accounting law |
| Support Tickets | Helpdesk threads, chat logs | 12 – 24 months | Troubleshooting history |
| Product Analytics | Pseudonymous usage metrics | 12 – 24 months | Service improvement |
| Marketing Preferences | Opt-ins/opt-outs | Until opt-out + suppression list retained indefinitely | Proof of consent |
| DSAR Records | Identity checks, request logs | 3 – 7 years | Demonstrate compliance |
Blockchain entries remain permanently for audit integrity and do not contain Personal Data (only non-identifying hashes and technical metadata). Off-chain Personal Data follows the schedule above.
Contractual Client Data recordkeeping obligations do not extend our retention of Personal Data beyond this Policy. Onchain entries are nonidentifying and remain permanent by design.
8. Where Do We Transfer Your Personal Data?
If we transfer Personal Data outside your country, we implement safeguards to ensure that your data remains protected to the standards required by law. These safeguards include:
- Standard Contractual Clauses (“SCCs”) approved by the European Commission for transfers from the EEA.
- The UK Addendum or International Data Transfer Agreement (“IDTA”) for transfers from the United Kingdom.
- Transfer Impact Assessments (“TIAs”) for relevant transfers and supplementary measures (such as encryption, access minimisation, and key segregation) where required.
- Additional technical and organizational measures to maintain confidentiality and security.
Where applicable, we may rely on the EU–U.S. Data Privacy Framework (“DPF”) for certified vendors.
We also monitor developments in international data transfer frameworks to ensure ongoing compliance. You can request a copy of the relevant SCCs or UK Addendum by contacting privacy@earndlt.com. Certain commercial terms may be redacted for confidentiality.
9. Keeping Your Personal Data Safe
We apply robust technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest using industryrecognised standards.
- Rolebased access controls and regular reviews to ensure that only authorized personnel can access sensitive systems.
- Vulnerability scanning, patch management, and penetration testing to identify and remediate security risks promptly.
- Secure development practices and segregation of production and nonproduction environments.
- Incident response procedures to detect, contain, and remediate security events, and secure disposal of data when retention periods expire.
- We align with ISO 27001 and NIST CSF principles. We conduct weekly vulnerability scans and annual penetration tests.
While no system can guarantee absolute security, we continuously monitor and improve our controls and require all service providers to meet equivalent standards.
10. Cookies and Similar Technologies
GreenTruth uses cookies and similar technologies to ensure the platform operates securely and efficiently, to improve functionality, and to analyse usage patterns. These technologies help us authenticate users, remember preferences, and measure performance so we can enhance your experience.
We use essential cookies for authentication and security, functional cookies to store settings and preferences, and analytics tools to understand how users interact with the platform and identify areas for improvement. These tools do not store sensitive information such as passwords or financial details.
We use the following types of cookies and similar technologies:
- Essential cookies enable core platform functions such as authentication, session management, and security controls. These cannot be disabled without affecting functionality.
- Functional cookies store your preferences and settings to provide a customized experience.
- Analytics cookies from third-party providers such as Google Analytics help us understand how users interact with the platform, compile usage statistics, and identify areas for improvement.
We may also use web beacons in emails and on our platform to track engagement and measure the effectiveness of communications.
Managing cookies: You can control cookie settings through your browser at any time. Most browsers allow you to block or delete cookies, though doing so may limit certain features. To opt out of Google Analytics specifically, visit https://tools.google.com/dlpage/gaoptout. To opt out of interest-based advertising more broadly, visit www.aboutads.info/choices.
We do not currently respond to Do Not Track (DNT) browser signals. However, where legally required, we honor Global Privacy Control (GPC) signals as an opt-out preference for sale/share.
11. Marketing Communications
We may send you product updates, newsletters, and invitations to events if you have opted in or if permitted under applicable law. You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at privacy@earndlt.com.
Opting out of marketing will not affect service-related communications. You will still receive important messages such as security alerts, policy updates, and operational notifications necessary for the functioning of the Services.
12. Your Rights
Depending on your location, you have specific rights under data protection laws:
Under GDPR and UK GDPR
- Access: You can request a copy of the Personal Data we hold about you.
- Rectification: You can ask us to correct inaccurate or incomplete data.
- Erasure: You can request deletion of your data where legally permitted.
- Restriction: You can ask us to limit processing under certain conditions.
- Portability: You can request your data in a structured, machine-readable format.
- Objection: You can object to processing based on legitimate interests.
- Withdraw consent: Where processing relies on consent, you can withdraw it at any time.
Under California Consumer Privacy Act (“CCPA”)/California Privacy Rights Act (“CPRA”)
- Know: Request details about the categories and sources of Personal Information we collect.
- Delete: Ask us to delete your Personal Information, subject to legal exceptions.
- Correct: Request corrections to inaccurate data.
- Opt out of sale or sharing: If we engage in cross-context advertising, you can opt out.
- Limit use of sensitive information: We only use sensitive data for essential purposes such as payouts and compliance.
To exercise your rights, contact us at privacy@earndlt.com. We may need to verify your identity before fulfilling your request.
13. Privacy When Using Digital Assets and Blockchains
Greentruth uses blockchain technology to ensure transparency and prevent double-counting. We never write Personal Data on-chain. On-chain entries contain only non-identifying technical metadata such as token IDs, cryptographic hashes, and retirement references.
LCFS/LRT-CBTS fields (e.g., pathway codes, carbon intensity values, verifier accreditation IDs) are not Personal Data and may appear in compliance-related records.
If you request erasure, we delete or de-link all off-chain Personal Data and remove mapping keys that could connect off-chain records to on-chain entries. Immutable on-chain entries remain but cannot identify you after de-linking.
To comply with GDPR erasure requirements, Earn implements a mapping key deletion process that ensures no residual identifiers remain after de-linking. This process includes permanent deletion of mapping keys from all operational databases and backups within 90 days of a validated erasure request, verification logs maintained for 7 years to demonstrate compliance without retaining any linkable identifiers, and technical safeguards to prevent reconstruction of associations between on-chain metadata and off-chain Personal Data.
14. Children’s Data
Our Services are intended for professional and organizational use by individuals aged 18 and older. We do not knowingly collect Personal Data from anyone under 18. If you believe a minor has provided us with Personal Data, please contact us at privacy@earndlt.com and we will delete it.
15. Personal Data Breach
If a Personal Data Breach occurs that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach. We maintain internal logs and remediation procedures for all incidents. We notify affected individuals without undue delay if the breach poses a high risk.
16. Third-Party Websites and Services
Our Services may link to or integrate with third-party websites, applications, or services (“Third-Party Services”). These are governed by their own terms and privacy notices. We do not control and are not responsible for their privacy or security practices. When you enable an integration or follow a link, you do so at your own discretion. Review their privacy notices before sharing information.
Where a Third-Party Service acts as an independent controller (e.g., Stripe, Plaid, Dun & Bradstreet), it determines its own purposes and means of processing and may collect Personal Data directly from you. Your use of such services is a matter between you and that third party. We only disclose the minimum Personal Data needed to enable your requested integration or transaction.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our Services or legal requirements. Updates will be posted at earndlt.com/privacy-policy, and for material changes, we will notify you via email or in-app message. Continued use of the Services after changes take effect means you accept the updated policy.
18. How to Contact Us
If you have any questions about this Privacy Policy or how we process your Personal Data, please contact us:
Email: privacy@earndlt.comPostal: Earn DLT, Inc., 200 Broadway, 3rd Floor, New York, NY 10038 USA
Data Protection Officer: Monica Spiteri | monica.spiteri@earndlt.com
19. Where We’re Based
Earn DLT, Inc. is incorporated in Delaware, USA with principal offices at 200 Broadway, 3rd Floor, New York, NY 10038 USA.
20. Complaints
If you have concerns about how we process your Personal Data, please contact us first at privacy@earndlt.com. You also have the right to lodge a complaint with your local supervisory authority, such as:
- Ireland: Data Protection Commission (“DPC”)
- UK: Information Commissioner’s Office (“ICO”)
- EU: Your national data protection authority.
21. Glossary
| Term / Acronym | Definition |
|---|---|
| ACH | Automated Clearing House – U.S. electronic payment network for bank transfers. |
| Aggregated Outputs | Statistical or analytical data that does not identify individuals and cannot reasonably be re-identified. |
| AML | Anti-Money Laundering – Laws and processes to prevent financial crime. |
| API | Application Programming Interface – Interface for integrating systems with Greentruth. |
| API Data | Data provided via or through the API by or on behalf of a customer, user, or integration partner. |
| CCPA | California Consumer Privacy Act – Privacy law granting rights to California residents. |
| Controller | The party that determines the purposes and means of processing Personal Data. |
| CPRA | California Privacy Rights Act – Expands CCPA rights, including sale/share definitions. |
| CTF | Counter-Terrorism Financing – Measures to prevent funding of terrorism. |
| DPF | Data Privacy Framework – EU-U.S. framework for compliant data transfers. |
| GPC | Global Privacy Control – Browser signal for opt-out of data sale/share under CPRA. |
| GLBA | Gramm-Leach-Bliley Act – U.S. financial privacy law for consumer financial services. |
| GreenTruth Marketplace (“GTM”) | The Greentruth Marketplace environment; references to ‘Greentruth’ or ‘GTM’ in legacy materials refer to the same Greentruth context. |
| IDTA | International Data Transfer Agreement – UK-specific transfer safeguard. |
| KYB | Know Your Business – Verification of business entities for compliance. |
| KYC | Know Your Customer – Identity verification of individuals for compliance. |
| LCFS | Low Carbon Fuel Standard – Regulatory program for carbon intensity tracking. |
| LRT-CBTS | LCFS Reporting Tool – Credit Bank & Transfer System for LCFS compliance. |
| Market Data | Aggregated and anonymised market-level insights derived from transactions and activity across the GTM that do not identify any person or organization. |
| MRV | Measurement, Reporting, and Verification data used for compliance and sustainability. |
| PEP | Politically Exposed Person – Individuals in prominent roles subject to enhanced screening. |
| Personal Data | Any information relating to an identified or identifiable individual. |
| Processing | Any operation performed on Personal Data, such as collection, storage, use, or disclosure. |
| Processor | A party that processes Personal Data on behalf of a controller. |
| QET | Qualified Environmental Token – Token evidencing qualified environmental attributes as defined by the QET Protocol. |
| QET Protocol | Greentruth’s methodology governing MRV and the lifecycle of QETs (including eligibility, issuance, transfer, and retirement). |
| SCCs | Standard Contractual Clauses – EU-approved mechanism for international data transfers. |
| Sensitive Personal Information | Data requiring special protection, such as financial details or government IDs. |
| Services | The GTM and related offerings provided by Earn DLT, Inc., including web, mobile, and API interfaces, as well as associated support and integrations. |
| TIAs | Transfer Impact Assessments – Risk assessments for cross-border data transfers. |
22. US Consumer Privacy Notices
Gramm-Leach-Bliley Act (“GLBA”) Privacy Notice
This notice applies if you are an individual residing in the United States or its territories and use Earn DLT’s Services. For U.S. residents, the terms in this notice take precedence over other sections of this Privacy Policy.
What does Earn DLT do with your personal information?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some, but not all, sharing. It also requires us to explain how we collect, share, and protect your information. Please read this notice carefully.
How we collect and share your information.
All financial companies need to share customers’ personal information to run their everyday business. Below are the reasons financial companies can share personal information, whether Earn DLT shares, and whether you can limit this sharing:
| Reason for Sharing | Does Earn DLT Share? | Can You Limit Sharing? |
|---|---|---|
| For our everyday business purposes (e.g., process transactions, maintain accounts, respond to legal requests) | Yes | No |
| For our marketing purposes (e.g., offer products and services) | Yes | Yes, you can opt out of marketing messages |
| For joint marketing with other financial companies | No | N/A |
| For our affiliates’ everyday business purposes (information about transactions and experiences) | Yes | No |
| For our affiliates’ everyday business purposes (information about creditworthiness) | No | N/A |
| For our affiliates to market to you | Yes | Yes |
| For non-affiliates to market to you | No | N/A |
What we collect.
The types of personal information we collect and share depend on the product or service you have with us. This may include:
- Social Security number, date of birth, government ID, and identity verification data
- Financial and transaction data
- Technical and usage data
When you are no longer our customer, we continue to share your information as described in this notice.
How we protect your information.
We use security measures that comply with federal law, including technical, physical, and administrative safeguards to protect the confidentiality and integrity of your personal information.
How we collect your information.
We collect personal information when you:
- Create an account or use our Services
- Conduct transactions on our platform
- Provide information directly or through partners
We may also collect information from affiliates, partners, and service providers (e.g., identity verification services).
Your rights under federal law.
Federal law gives you the right to limit only:
- Sharing for affiliates' everyday business purposes (creditworthiness)
- Affiliates using your information for marketing
- Sharing for non-affiliates to market to you
State laws may give you additional rights.
Questions? Email us at privacy@earndlt.com.
Notice to California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, you have rights regarding your personal information:
- Right to Know: Request details about the categories and sources of personal information we collect.
- Right to Delete: Ask us to delete your personal information, subject to legal exceptions.
- Right to Correct: Request corrections to inaccurate data.
- Non-Discrimination: We will not discriminate against you for exercising your rights.
- Authorized Agent: You may appoint an agent to submit requests on your behalf with proof of authorization.
To exercise these rights, contact us at privacy@earndlt.com. We may need to verify your identity before fulfilling your request.