Privacy Policy

Effective Date: 01/09/2025
Last Updated: 06/09/2025

This Privacy Policy describes how Solvent Global Ltd ("Solvent Global," "we," "us," or "our") collects, uses, stores, and protects personal data in connection with our comprehensive suite of products and services. We maintain an unwavering commitment to complying with all applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA), ensuring that your personal information is handled with the utmost care and in accordance with the highest standards of data protection. Information Collection Practices In the course of providing our services and operating our platforms, we collect various categories of data to enable functionality, ensure security, and maintain regulatory compliance.

Personal Identification Data encompasses fundamental identifying information including your name, email address, phone number, postal address, and job title, which enables us to establish and maintain your account and communicate with you effectively. For users of our compliance and financial services, we collect Financial and Compliance Data, which includes crucial documentation such as KYC documents, identity verification materials, account numbers, transaction records, and sanctions/PEP screening results that are essential for meeting regulatory obligations and ensuring the integrity of financial systems.

Our systems automatically collect Usage Data to understand how our services are utilized and to improve user experience, including technical information such as IP addresses, browser types, device identifiers, operating systems, referral URLs, and comprehensive platform usage logs that help us optimize performance and identify potential issues. For participants in our educational programs, we gather Educational and Training Data specific to Solvent Educational Signals, encompassing simulation results, quiz and test performance metrics, and detailed learning activity data that enables us to tailor educational content and track progress effectively. Additionally, we maintain records of Communication Data, including emails, support tickets, chat transcripts, and all correspondence with our teams, which allows us to provide consistent customer service and resolve issues efficiently. Purpose and Use of Personal Data The personal data we collect serves multiple essential purposes that enable us to deliver high-quality services while maintaining regulatory compliance and security standards.

We utilize your information primarily for Service Delivery, operating our comprehensive suite of products including Solvent GPT™, Insight™, ComplyIQ™, and Educational Signals, ensuring that each platform functions optimally and meets your specific needs. Compliance represents a critical aspect of our data usage, as we must satisfy stringent regulatory requirements including AML/KYC protocols, sanctions screening, and mandatory reporting obligations that govern financial services operations across multiple jurisdictions. We engage in continuous Performance Monitoring using aggregated and anonymized data to improve accuracy, reduce false positives in compliance screening, and optimize our trading and monitoring models, thereby enhancing the overall effectiveness of our services. Your data enables us to provide comprehensive User Support, allowing our teams to respond promptly to inquiries, resolve technical issues, and ensure a seamless user experience across all platforms.

Security measures rely on data analysis to detect and prevent fraud, abuse, unauthorized access attempts, and other threats to our systems and users. Through Analytics and Improvements, we analyze usage patterns, identify areas for enhancement, improve product design, and train our AI models to deliver increasingly sophisticated and accurate results. Finally, we process data to meet Legal Obligations, cooperating with regulators and law enforcement authorities when required by law or legal process. Legal Basis for Processing Under GDPR Our processing of personal data operates under clearly defined lawful bases as required by the General Data Protection Regulation. Contractual Necessity forms the primary basis for most data processing activities, as we must process certain information to deliver the services you have requested and to fulfill our obligations under the service agreement.

Legal Obligation provides the basis for processing required to comply with mandatory KYC/AML requirements and other regulatory frameworks that govern our operations in the financial services sector. We rely on Legitimate Interest for activities that improve our products, secure our systems against threats, and ensure the continued viability of our business operations, always balanced against your rights and freedoms. Where required, particularly for marketing communications and certain optional features, we obtain explicit Consent before processing your data, ensuring you maintain control over how your information is used beyond core service provision. Data Sharing and Third-Party Disclosure We maintain a strict policy against selling personal data and limit sharing to specific circumstances necessary for service provision and legal compliance.

We engage carefully vetted Service Providers including cloud hosting platforms, payment processors, analytics providers, and KYC verification vendors who assist in delivering our services, all bound by stringent confidentiality agreements and data protection obligations. Regulators and Authorities may receive data when legally required, including agencies such as OFAC, FinCEN, FCA, and GDPR supervisory authorities, ensuring we meet our obligations while protecting your interests to the fullest extent permitted by law. Strategic Affiliates and Partners, including established entities such as Deloitte and Microsoft Azure, may receive limited data necessary for joint ventures, integrations, and strategic partnerships that enhance our service capabilities, always under strict data protection agreements. In the event of corporate changes, Legal Entities involved in mergers, acquisitions, or asset sales may receive data as part of the transaction, with continued protection under applicable privacy laws. All third parties receiving data are contractually bound by comprehensive confidentiality and data protection obligations that meet or exceed our own standards. International Data Transfers Our global operations spanning the United Kingdom, United States, and Middle East necessitate occasional cross-border data transfers to deliver seamless international services. When transferring data outside the UK and European Union, we implement robust safeguards including Standard Contractual Clauses (SCCs) approved by regulatory authorities or equivalent protective measures that ensure your data receives consistent protection regardless of its location.

These mechanisms guarantee that international transfers comply with GDPR requirements and maintain the high standards of data protection you expect from our services. Data Retention Policies We adhere to strict data retention schedules that balance service requirements with privacy principles, retaining personal data only for as long as necessary to fulfill the purposes for which it was collected and to meet legal obligations. Regulatory compliance data, including KYC documentation and AML records, must be stored for periods ranging from five to seven years in accordance with financial regulations applicable in our operating jurisdictions. Training and educational data associated with our learning programs is maintained until the conclusion of the program or until you submit a deletion request, whichever occurs first. We regularly review and purge unnecessary data to minimize retention and reduce privacy risks. Security Measures and Safeguards We implement comprehensive, industry-standard security measures designed to protect your personal data from unauthorized access, disclosure, alteration, and destruction. Our security infrastructure includes end-to-end encryption for all sensitive financial data, ensuring information remains protected both in transit and at rest.

We utilize robust OAuth2 and OpenID Connect authentication protocols to secure user access and prevent unauthorized account entry. Our multi-cloud redundancy strategy across AWS, Azure, and GCP ensures data availability and resilience against infrastructure failures. Continuous monitoring systems detect and respond to potential fraud, abuse, and unauthorized access attempts in real-time. Despite these comprehensive safeguards, we acknowledge that no system can guarantee absolute security, and we encourage users to maintain strong account credentials and practice good security hygiene. Your Data Protection Rights Depending on your jurisdiction and applicable laws, you possess various rights regarding your personal data that we are committed to honoring.

You have the right to Access your personal data by requesting a copy of the information we hold about you. The right to Correction allows you to rectify any inaccurate or incomplete data in our systems. Subject to legal obligations and legitimate retention requirements, you may exercise your right to Deletion to request removal of your personal data from our systems. You can request Restriction of processing under certain conditions where you contest accuracy or object to processing.

The right to Portability enables you to receive your data in a structured, commonly used, and machine-readable format for transfer to another service provider. You may Object to processing based on legitimate interests or for direct marketing purposes. California residents possess the right to Opt-Out of any sale or sharing of personal data under CCPA provisions. To exercise any of these rights, please contact us at privacy@solvent.global, and we will respond to your request within the timeframes required by applicable law.

Protection of Children's Privacy Our Services are designed for professional and adult use and are not directed to, intended for, or marketed to individuals under the age of eighteen. We do not knowingly collect, process, or maintain personal data from children, and if we become aware that we have inadvertently collected such information, we will take immediate steps to delete it from our systems. Parents or guardians who believe we may have collected information from a child should contact us immediately so we can take appropriate action. Policy Updates and Modifications We reserve the right to update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. The "Last Updated" date at the beginning of this policy indicates when the most recent revisions were made, and we encourage users to review this policy regularly to stay informed about how we protect and handle personal data. Material changes to this policy may be communicated through prominent notices on our platforms or direct communications where appropriate. Contact Information and Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or our data protection practices, please contact our designated Data Protection Officer at Solvent Global Ltd, located at 100 Bishopsgate, 19th Floor, London, EC2N 4AG, United Kingdom. You may reach our privacy team directly via email at krish@solvent.life or by telephone at +44 20 4578 8438. We are committed to addressing all privacy-related inquiries promptly and thoroughly, ensuring that your data protection rights are fully respected and that you have complete transparency regarding our data handling practices.