Privacy Policy

1. Information We Collect

We collect the following categories of personal information:

• Identity information: Full legal name, date of birth, Social Security Number (SSN) or Employer Identification Number (EIN), government-issued photo ID.
• Contact information: Email address, phone number, mailing address.
• Financial information: Annual income, net worth, bank account details, investment history, accreditation status.
• Wallet information: Ethereum wallet addresses used to connect to the Platform.
• Usage data: IP address, browser type, pages visited, timestamps, and device identifiers.

2. How We Use Your Information

• To verify your identity and complete KYC/AML (Anti-Money Laundering) compliance.
• To process investment transactions and issue security tokens.
• To determine eligibility and enforce Reg CF investment limits.
• To communicate about your investments, account status, and Platform updates.
• To comply with federal and state securities regulations and reporting requirements.
• To improve the Platform, prevent fraud, and ensure security.

3. Third-Party Sharing

We share personal information only as necessary for the following purposes:

• FINRA-registered funding portal: Investment data is shared with our partner funding portal as required by Regulation Crowdfunding.
• KYC/AML provider: Identity and financial information is transmitted to our verification partner for compliance checks.
• Cloud infrastructure (Supabase): Account data is stored on Supabase, which provides encrypted database hosting.
• Email provider (Resend): Email addresses are shared for transactional communications.
• Law enforcement and regulators: We may disclose information when required by law, subpoena, or regulatory inquiry.

We do not sell personal information to third parties for marketing purposes.

4. Data Retention

We retain personal information for as long as your account is active and for a minimum of five (5) years after your last transaction, as required by federal securities record-keeping rules. KYC documentation is retained for a minimum of five years after the account is closed. You may request deletion of non-regulatory data by contacting us.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of data not required for regulatory compliance.
• Portability: Request your data in a machine-readable format.
• Opt-out: Unsubscribe from non-essential communications at any time.

7. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information is collected, request its deletion, and opt out of the sale of personal information. BaseLots does not sell personal information. To exercise your rights, contact us at the address below.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use analytics to understand Platform usage. You may disable non-essential cookies in your browser settings without affecting core functionality.

9. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

10. Contact