Get in touch

Legal — Privacy

Privacy Policy.

Effective May 23, 2026

This Privacy Policy describes how Issuant LLC and its affiliates (collectively, “Issuant,” “we,” “us,” or “our”) collect, use, disclose, and safeguard personal information when you access our website, investor portals, issuance tools, smart-contract infrastructure, and related services (collectively, the “Services”).

Issuant is headquartered in San Juan, Puerto Rico. By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, do not use the Services.

1. Information We Collect

1.1 Information you provide

  • Identity and contact data— full legal name, date of birth, residential address, email, phone, nationality, government identification (e.g., passport, driver’s license, SSN, ITIN, or foreign equivalent), employer, and signature.
  • Investor qualification data — accreditation status, income, net worth, source of funds, investment experience, tax residency, and supporting documentation required by applicable securities laws.
  • Financial data — bank account, wire instructions, custodian account details, and wallet addresses used to subscribe for, hold, or transfer digital securities.
  • Communications — messages, intake-form submissions, support requests, and any other content you send us.

1.2 Information collected automatically

  • Device and usage data — IP address, browser type, operating system, referring URLs, pages viewed, session duration, and similar telemetry.
  • On-chain data — public blockchain addresses, transaction hashes, token balances, and other information recorded on a public or permissioned ledger in connection with your use of tokenized securities.
  • Cookies and similar technologies — used for authentication, session management, analytics, and security. You can control cookies through your browser settings; some features may not work without them.

1.3 Information from third parties

We receive information from KYC/AML vendors, accreditation verification providers, identity-fraud screening services, broker-dealers, transfer agents, custodians, blockchain analytics providers, and publicly available sources.

2. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Services;
  • Perform identity verification, sanctions screening, and anti-money-laundering checks required under U.S. federal and territorial law, including the Bank Secrecy Act;
  • Determine investor eligibility for offerings exempt from registration under Regulation D, Regulation S, Regulation A, or other applicable exemptions;
  • Facilitate the issuance, custody, transfer, and servicing of tokenized securities and related cap-table records;
  • Respond to inquiries, deliver requested materials (including service decks and offering documents), and provide customer support;
  • Detect, investigate, and prevent fraud, security incidents, and illegal activity;
  • Comply with legal obligations, including SEC, FINRA, IRS, OFAC, and state and territorial regulatory requirements; and
  • Improve and develop the Services, including analytics and product research.

3. Legal Bases for Processing

Where applicable law (such as the EU GDPR or UK GDPR) requires a legal basis for processing, we rely on: (i) performance of a contract; (ii) compliance with a legal obligation; (iii) our legitimate interests in operating the Services, preventing fraud, and securing our infrastructure; and (iv) your consent, where required.

4. How We Share Information

We disclose personal information only as follows:

  • Regulated counterparties — FINRA-registered broker-dealers, SEC-registered alternative trading systems, transfer agents, qualified custodians, escrow agents, and paying agents engaged to effect securities transactions.
  • Service providers — KYC/AML and accreditation vendors, identity-verification providers, cloud hosting and infrastructure providers, analytics providers, and professional advisors, each bound by confidentiality and data-protection obligations.
  • Issuers — if you subscribe for tokens of a third-party issuer through Issuant infrastructure, we share the information necessary for that issuer (and its administrators) to maintain its cap table and comply with applicable law.
  • Legal and regulatory disclosures — government authorities, regulators, and law-enforcement agencies when required by subpoena, court order, or other legal process, or when we reasonably believe disclosure is necessary to protect rights, safety, or property.
  • Corporate transactions — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to customary confidentiality protections.

We do not sell personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws.

5. Blockchain Disclosures

Information recorded on a public blockchain is, by design, public, immutable, and outside our control. Wallet addresses, transaction amounts, and timestamps may be permanently visible and may be associated with you through on-chain analysis. You should not use the Services if you do not consent to this characteristic of blockchain technology.

6. Data Retention

We retain personal information for as long as necessary to provide the Services and to comply with our legal obligations, including recordkeeping requirements under the Securities Exchange Act, FINRA rules, and the Bank Secrecy Act, which can require retention for at least five years and in some cases longer.

7. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. No system is perfectly secure, and we cannot guarantee the absolute security of information transmitted to or stored on the Services.

8. International Transfers

Personal information may be processed in the United States, Puerto Rico, and other jurisdictions that may not provide the same level of data protection as your home jurisdiction. Where required, we implement appropriate safeguards, such as Standard Contractual Clauses, for international transfers.

9. Your Rights

Subject to applicable law, you may have the right to access, correct, delete, or port your personal information; to opt out of certain processing; to withdraw consent; and to lodge a complaint with a supervisory authority. To exercise these rights, contact us at the address below. We may need to verify your identity before fulfilling a request, and certain information may be retained where law requires.

U.S. state-specific rights. Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other states with comprehensive privacy statutes may have additional rights, including the right to know the categories of personal information collected, the right to opt out of targeted advertising, and the right to non-discrimination for exercising privacy rights.

10. Children

The Services are not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with a revised effective date and, where appropriate, communicated by email.

12. Contact

Questions or requests regarding this Policy should be directed to:

Issuant LLC
Attn: Privacy
San Juan, Puerto Rico
privacy@issuant.com