Privacy Policy

Last Updated: June 25, 2026

Click here to view and edit your Privacy Settings

This Privacy Policy applies to your use of the website or mobile application (together, the “Site”) owned and operated by Electric Solidus, Inc. (“Swan”, “we”, or “us”). We respect your privacy and want to protect your non-public personal information. To learn more, please read this Privacy Policy.

Accordingly, this Privacy Policy serves as Swan’s consumer privacy notice and covers the information collected through the Site, account onboarding processes, and related services (collectively, the “Services”) and explains how we may collect, use and, under certain conditions, disclose your non-public personal information in connection with financial products and services. This Privacy Policy also explains the steps we have taken to secure your non-public personal information. Finally, this Privacy Policy explains your options regarding the collection, use and disclosure of your non-public personal information. By visiting the Site, you accept the practices described in this Privacy Policy for the Site.

This Privacy Policy applies only to the Site. This Privacy Policy does not necessarily apply to any offline collection of your non-public personal information. Please see below for details. Where this Policy conflicts with specific financial privacy notices or disclosures required by law, those notices shall govern.

1. INFORMATION COLLECTION AND USE

We collect information from you in several different ways on the Site. Collecting non-public personal information from you allows Swan to provide an efficient, meaningful, and customized experience. For example, we may use your personal information to:

provide you with the services we offer.
help make the Site easier for you to use by not having to enter information more than once.
help you quickly find information, products, and services.
help us create content on the Site that is most relevant to you.
alert you to new information, products, and services that we offer.

Sensitive personal information is collected solely for compliance with legal obligations, fraud prevention, identity verification, and account security. Swan does not use sensitive personal information for advertising or profiling unrelated to service delivery. The types of information collected may include, but are not limited to:

Government-issued identification numbers and documents (including driver’s licenses and passports).
Biometric Identifiers and Biometric Information is collected for identity verification purposes (e.g., facial images, video recordings, and liveness detection data processed for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance).
Transaction monitoring and behavioral risk signals used for fraud detection and compliance purposes.
Biometric Information is collected only for KYC/AML compliance, fraud prevention, and identity verification. Key protections:
Explicit consent required before collection
Retained for 3 years after last interaction or until purpose satisfied, whichever is longer
Never sold, leased, or used for advertising/profiling
Subject to enhanced security and state biometric privacy laws (Illinois BIPA, Texas CUBI, Washington, Colorado)

(a) Registration and Purchasing. Before using certain parts of the Site or using our services, you may have to register. During registration, you will be prompted to provide to us certain personal information, which may include, but not be limited to, your name, mobile phone number, physical address, email address, social security number, date of birth and government-issued identification. These kinds of personal information are used to provide services to you in accordance with existing regulations, to assist third-party service providers to provide services to you, to communicate with you about our services and our Site, and for marketing purposes. If we encounter a problem when providing services, we use the personal information to contact you.

(b) Email Addresses. Several locations of the Site may permit you to enter or for us to capture your email address for purposes including but not limited to: to register for promotions, referral programs or services; or to request us to notify you regarding particular promotions, referral programs or services. Your participation in a promotion or referral program is completely voluntary, so you have a choice whether to participate and disclose information to us. We use this information to notify promotion winners, pay referral fees and to award prizes.

(c) Cookies and Other Technology. Like many websites, the Site employs cookies, location-based services and web beacons (also known as clear GIF technology or “action tags”) to speed your navigation of the Site, recognize you and your access privileges, and track your usage.

(i) The Site captures some information about you automatically utilizing background local storage and session storage technologies (“Cookies”) in order to improve the user experience. Cookies are small files or other pieces of data which are downloaded or stored on your computer or other device, that can be tied to information about your use of the Site (including certain third-party services and features offered as part of our website). Examples of information of this type are your IP address, the browser you are using, the operating system you are using, the pages on the website that you visit and details of your transaction activity, such as the amount, date and time for each transaction. When we use Cookies, we may use “session” Cookies that last until you close your browser or “persistent” cookies that last until you or your browser delete them. You may change your browser setting to decline the use of Cookies. Users may manage Cookie preferences through browser settings or Swan’s Cookie management tools where available. Tracking technologies are not used to profile customers for unrelated third-party advertising purposes. THE SITE’S COOKIES DO NOT AND CANNOT INFILTRATE A USER’S HARD DRIVE TO GATHER A USER’S CONFIDENTIAL INFORMATION. Our Cookies are not “spyware.” Click here to view and edit your Privacy Settings
(ii) Web beacons assist in delivering cookies and help us determine whether a web page on the Site has been viewed and, if so, how many times. For example, any electronic image on the Site, such as an ad banner, can function as a web beacon. We may also use web beacons to collect information about whether our electronic communications to our users have been delivered, viewed and opened. This data may impact the quantity and content of future communications from us to our users.
(iii) We may use third-party companies to help us tailor Site content to users or to serve ads or messages on our behalf. These companies may employ cookies and web beacons to measure advertising or messaging effectiveness (such as which web pages are visited, which messages are responded to, or what products are purchased and in what amount). Any information that these third parties collect via cookies and web beacons is not linked (by them) to any non-public personal information collected by us. Please see Privacy Settings for more information.

(d) Video Verification Data. We may collect and store video recordings, which may include biometric data such as facial images, to verify your identity for account actions, such as withdrawals or service changes, across our services. These recordings are securely stored and used only for security, fraud prevention, and compliance purposes, in accordance with applicable laws. We retain video data only as necessary for these purposes or as required by law, after which it is securely deleted (see Section 4 for our general data security practices). You consent to this collection and storage when using services requiring video verification.

(e) Log Files. As is true of most websites, the Site automatically recognizes the Internet URL or location from which you access the Site. We may also log your Internet protocol (“IP”) address, Internet service provider, and date/time stamp for system administration, order verification, marketing, and system troubleshooting purposes. An IP address may indicate the location of your computer on the Internet.

(f) Age Requirement. Swan’s Services are not directed to children under the age of 18 and we do not knowingly collect information from users of the Site under the age of 18 and/or their Internet usage, and such persons are not authorized to use the Site. Any information about a minor that is provided by a parent or legal guardian is processed solely in the context of the adult-managed account and under the adult’s direction. If we obtain actual knowledge that a user is under the age of 18, then we will take steps to remove that user’s non-public personal information from our databases. By using the Site, you represent that you are at least 18 years old. You also represent, by accessing or using the Site, that you are of legal age to enter into legal agreements, or if you are not, that you have obtained your parent’s or legal guardian’s consent to accept the terms in this Privacy Policy.

(g) SMS Communications and Text Message Consent. You have a choice about receiving text messages from Swan. When you register for a Swan account or provide your mobile phone number, you consent to receive transactional text (SMS) messages from Swan about your account and services.

Transactional Messages You May Receive:

Two-factor authentication codes and security verification
Transaction confirmations and alerts
Account security notifications and fraud alerts
Recurring purchase reminders (if you have enabled recurring purchases)
Service announcements and critical system updates
Balance alerts and withdrawal confirmations
Other strictly transaction-related messages

What Messages You May Receive (If You Consent):

You may be presented the option to consent to additional informational or promotional messages from Swan. We will only send you such messages with your explicit consent.

Your SMS Consent Rights:

Message Frequency: Message frequency varies based on your account activity. You may receive between 3-15 messages per month, with higher volume during periods of high activity.
Costs: Swan Bitcoin does not charge you for text messages. However, standard message and data rates may apply based on your mobile carrier's plan. Contact your carrier for details about your messaging plan and rates.
Supported Carriers: Messages are supported by all major U.S. carriers including AT&T, Verizon, T-Mobile, Sprint, and U.S. Cellular. Carrier fees may vary.
Opt-Out / STOP: You can opt out of text messages at any time by:
- Replying STOP to any text message from Swan
- Texting STOP to the number from which you received Swan messages
- Updating your communication preferences in your account settings
- Emailing support@swanbitcoin.com with "SMS Opt-Out" in the subject line

After you opt out, you will receive one final confirmation message, and then no further messages unless you opt back in.

Help / HELP: Reply HELP to any message for assistance, or contact support@swanbitcoin.com.
Opt Back In: If you opt out and later wish to resume text messages, you can opt back in through your account settings or by contacting support@swanbitcoin.com.

How We Obtain Your Consent:

When you provide your mobile phone number during account registration, you consent to receiving transactional alerts such as security codes by providing your phone number. We will not use your phone number for marketing without your express consent.

Text Message Service Terms:

By consenting to receive text messages, you agree that:

You are the owner or authorized user of the mobile phone number you provide
You are at least 18 years of age
You will notify Swan if you change your mobile phone number
You understand that message delivery may be delayed or not delivered due to carrier issues, network congestion, or device compatibility

Privacy: Your mobile phone number is used only for the purposes described in this Privacy Policy. We do not sell or rent your mobile phone number to third parties. Your mobile number may be shared with our SMS service provider (Twilio) solely to deliver text messages on our behalf.

SMS Service Provider: Text messages are delivered through Twilio. Swan is not liable for Twilio's performance, including message delivery failures, delays, errors, or service interruptions Twilio's privacy practices are available at https://www.twilio.com/legal/privacy.

For questions about Swan's text messaging program, email support@swanbitcoin.com.

2. INFORMATION USE AND DISCLOSURE.

(a) Internal Use. We use your personal information to provide you with our services. We may internally use your personal information to improve the Site’s content and layout, to improve our outreach and for our own marketing efforts (including marketing our services to you), and to determine general marketplace information about visitors’ usage behavior to the Site.

(b) Communications with You. We may use your personal information to communicate with you about the Site, your use of our services, and new information available on the Site. Also, we may send you a confirmation email when you register with us or when you have received a gift from another person. We may send you a service-related announcement on the rare occasions when it is necessary (for example, if we must temporarily suspend our service for maintenance.) Also, we will send you a notification email or text message when you request us to notify you when particular services, promotions or referral programs become available or change. We always permit you to unsubscribe from promotional notifications. Because we have to communicate with you about our services that you choose to use, you cannot opt out of receiving emails related to those services or your account with us.

(c) External Use.

(i) We disclose information to our service providers to help enable them to perform services on your behalf. Specifically, any financial institutions or custodians (“Custodians”) providing you services require that we share certain personal information for the purpose of combating money laundering activities, in keeping with the relevant provisions of the USA PATRIOT ACT. Accordingly, in order to purchase and custody bitcoin (BTC) (“bitcoin”), we must share some information with Custodians and/or other third parties that assess identity and risk, such as your name, email address, physical address, social security number, date of birth, government-issued identification and the amount of bitcoin being purchased. Similarly, when we obtain bank account information for ACH transactions and credit card or debit card information, a third-party receives that information to process the payment in connection with the sale of bitcoin. We do not store any credit card data.

We are committed to the protection and secure storage of your bank account information. Utilizing industry-standard encryption methods, updated regularly, we seek to ensure the ongoing security of your data, accessible solely to authorized personnel. In the event of a breach, we would promptly notify you and initiate immediate remedial actions. For the purpose of conducting risk assessments, your data may be shared with trusted vendors, bound by stringent confidentiality obligations and compliance with all relevant data protection laws. Otherwise, disclosure, sale, or transfer of your data to third parties will not occur without your explicit consent, barring legal obligations. Our commitment to your data privacy will remain in effect following any such time that you cease to use our services.

(ii) It is possible that we might merge with or be acquired by another company or that we might dispose of some or all of our assets. If that happens, then your personal information may be disclosed to another company, but that disclosure will be subject to the Privacy Policy in effect.
(iii) We may be required to disclose certain information in response to requests from law-enforcement officials conducting investigations; subpoenas; a court order; or if we are otherwise required to disclose such information by law. We also will release non-public personal information where disclosure is necessary to protect our legal rights, enforce other agreements, or to protect ourselves or others. For example, we may share information to reduce the risk of fraud or if someone uses or attempts to use the Site for illegal reasons or to commit fraud.
(iv) We may share non-personal information (such as the number of daily visitors to the Site or the size of an order placed on a certain date) with third parties. This information does not directly personally identify you or any user. For the avoidance of doubt, any IP addresses or a device or other identifier we collect may be shared with one or more third parties.
(v) Swan does not sell non-public personal information. We may share non-public personal information only with service providers under strict contractual controls, to provide service in the following categories.
- Identity Verification and Compliance (KYC/AML verification, biometric identity verification, document validation)
- Banking and Payments (bank account verification, ACH processing, payment processing)
- Custody Services (bitcoin custody and transaction processing)
- Technology Infrastructure (cloud hosting, database storage, authentication services)
- Communications (email delivery, SMS messaging)
- Customer Support (support ticketing and messaging)
- Analytics (website usage and performance analysis)

The following vendors process sensitive data such as Social Security numbers, government-issued IDs, or biometric information:

Persona - Biometric verification and facial recognition
Plaid - Bank account verification
Bakkt - Custodian
Equity Trust - Custodian
BitGo - Custodian

For a current list of all service providers, including their names, services performed, and links to their privacy policies, email privacy@swanbitcoin.com with subject line "Service Provider List Request." All service providers are bound by written contracts requiring them to: use information only to perform services for Swan, maintain confidentiality and security, comply with data protection laws (CCPA, CPRA, GDPR), not use information for their own purposes, and not sell or share information with other parties.

(d) Other Uses. We may also use non-public personal information to comply with the Bank Secrecy Act (BSA), AML obligations, and related regulatory requirements, operate identity verification, fraud detection, and risk monitoring programs, maintain an Identity Theft Prevention Program, fulfill legal, regulatory, and audit obligations, or to improve operational integrity, security controls, and service reliability. Use of non-public personal information for identity verification and regulatory compliance using biometric technologies are subject to explicit consent.

3. YOUR RIGHTS, CHOICES AND DISCLOSURES

(a) General.

(i) We provide herein certain specific disclosures on privacy rights set forth below. We are committed to facilitate the exercise of your rights granted by the laws of your jurisdiction, which may include the right to request the access, correction, modification or deletion, restrict or object to certain processing, or request portability of your non-public personal information and the right to opt out of the sale of your personal information (as applicable). Requests may be submitted to privacy@swanbitcoin.com. Swan may require identity verification prior to fulfilling requests. We will do our best to honor your requests subject to any legal and contractual obligations. Although we may do so in our discretion, we do not delete your information upon request, unless required to do so under applicable law.
(ii) You may opt out of receiving electronic marketing communications from us by clicking next to the “unsubscribe” link on the communication or contacting us at support@swanbitcoin.com. Some non-marketing communications may not be subject to a general opt-out, such as fulfilling our obligations when services are requested and disclosures to comply with legal requirements, software updates and other support-related information.
(iii) Subject to local law, you may have additional rights under the laws of your jurisdiction regarding your personal data, such as the right to complain to your local data protection authority.
(iv) You may be able to disable Cookies through your browser settings, but if you delete or disable Cookies, you may experience interruptions or limited functionality in certain areas of the Services.

(b) California Disclosures.

(i) Pursuant to the California “Shine the Light” information-sharing disclosure requirements, California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send us a written request by email to support@swanbitcoin.com with “California Shine The Light Rights” in the subject line.
(ii) Pursuant to the California Do Not Track disclosure requirements, we do not currently respond to Do Not Track browser settings.
(iii) Pursuant to the California Consumer Privacy Act (“CCPA”) disclosure requirements, California residents have the right to request:
- the categories of non-public personal information we have collected about you;
- the categories of sources from which the non-public personal information is collected;
- the business or commercial purpose of collecting or selling non-public personal information;
- the categories of third parties with whom we share or sell non-public personal information;
- the categories of non-public personal information about you that we have sold; and
- the specific pieces of non-public personal information we have collected about you.

(c) Do Not Sell or Share My Personal Information.

Residents of California and other applicable jurisdictions may designate an authorized agent to submit requests on their behalf. Additionally, you have the right to request deletion of your non-public personal information, the right to opt out of the sale of your information (if applicable) and the right not to be discriminated against for exercising any of your CCPA rights.

Our contact information, including a toll-free phone number, is listed at the bottom of this policy.

4. DATA RETENTION; DATA SECURITY

We retain the non-public personal information we collect for so long as reasonably necessary to fulfill the purposes described in this privacy Policy, unless a longer period is required by law. Typical retention practices include:

Data Type	Retention Standard
KYC / identity documents	5–7 years after account closure
Financial transaction records	7 years
Biometric data	3 years from date of collection, or until purpose satisfied, whichever is longer (unless otherwise legally required)
Customer communications	3 years
Marketing data	Until opt-out or withdrawal of consent

Where deletion conflicts with legal obligations, Swan will restrict processing while retaining required data. Biometric Data Retention Details: Facial images and video recordings collected for identity verification are retained for up to 3 years to (1) defend against fraud claims and identity theft reports, (2) comply with regulatory examination requirements, (3) support law enforcement investigations, and (4) maintain audit trails for AML/KYC compliance. You may request earlier deletion by emailing privacy@swanbitcoin.com with subject line "Biometric Data Deletion Request." We will honor deletion requests unless we have a legal obligation to retain the data (e.g., ongoing fraud investigation, regulatory hold, litigation hold).

Swan maintains an information security program designed to safeguard personal data, including:

Encryption of sensitive data in transit and at rest
Access controls and role-based permissions
Multi-factor authentication for system access
Regular penetration testing and vulnerability assessments
Independent third-party security audits and compliance reviews

Despite these measures, no system can be guaranteed as completely secure, and Swan does not make such a guarantee. As such, you assume the risk of security breaches and all consequences resulting from them. To that end, please safeguard your credentials.

5. INCIDENT RESPONSE & BREACH NOTICE.

In the event of a security incident involving non-public personal information, Swan will notify affected individuals and appropriate regulators in accordance with applicable law. Such notification may be provided via email, account messaging, or other legally permitted methods.

Where appropriate, Swan may offer remediation services such as identity monitoring.

6. JURISDICTION

The Site is controlled, operated and hosted in the United States. Please be advised that through your continued use of the Site, which is governed by California law, this Privacy Policy, and our Terms of Use, your non-public personal information will be held in the United States and you expressly consent thereto and consent to be governed by California law for these purposes. Personal information may be processed in jurisdictions outside of your place of residence. Swan employs appropriate safeguards, including Standard Contractual Clauses and contractual controls, to ensure lawful transfer and protection of personal data.

7. LINKS TO OTHER SITES

The Site may contain links to other websites for your convenience or information. These websites may be operated by companies unaffiliated with the Company, and we are not responsible for the content or privacy practices of those websites. Linked websites may have their own terms of use and privacy policies, and we encourage you to review those policies whenever you visit the websites.

8. PRIVACY POLICY CHANGES

We may update this Privacy Policy from time to time and without prior notice to you to reflect changes in our information practices, and any such amendments shall apply to information already collected and to be collected. Your continued use of the Site after any changes to this Privacy Policy indicates your agreement with the terms of the revised Privacy Policy. Please review this Privacy Policy periodically and especially before you provide personal data to us. If we make material changes to this Privacy Policy, we will notify you here, by email or by means of a notice on the home page the Site. The date of the last update of the Privacy Policy is indicated at the top of this Privacy Policy.

9. QUESTIONS AND CONTACT INFORMATION

The Company is located at:

26565 Agoura Road, Suite 200
Calabasas, CA 91302, United States

How to Contact Us:

For different types of inquiries, please use the appropriate contact method:

General Questions and Customer Support:

Email: support@swanbitcoin.com
Phone: (218) 379-7926

Biometric Information Inquiries: For questions about biometric data collection, use, retention, or your rights under BIPA/CUBI, contact privacy@swanbitcoin.com with subject "Biometric Information Inquiry."

Privacy Rights Requests (access, deletion, correction, opt-out, data portability):

Email: privacy@swanbitcoin.com
Subject Line: Include "Privacy Rights Request" and specify the type of request (e.g., "Access Request," "Deletion Request," "CCPA Opt-Out")
Phone: (218) 379-7926
Mail: Privacy Rights Request, Electric Solidus, Inc., 26565 Agoura Road, Suite 200, Calabasas, CA 91302

Security Incidents and Vulnerability Reports:

Email: security@swanbitcoin.com
For urgent security matters, also call (218) 379-7926

Response Times:

General inquiries: We aim to respond within 2 business days
Privacy rights requests: We will respond within 45 days as required by law (may be extended to 90 days for complex requests with notice to you)
Security reports: We will acknowledge receipt within 24 hours

California Residents - Regulatory Contacts:

If you have concerns about our privacy practices that we have not addressed satisfactorily, you may contact:

California Privacy Protection Agency (CPPA):
- Website: https://cppa.ca.gov
- Address: California Privacy Protection Agency, 2101 Arena Boulevard, Sacramento, CA 95834
California Department of Financial Protection and Innovation (DFPI):
- Website: https://dfpi.ca.gov/submit-a-complaint/
- Phone: (866) 275-2677
- Address: Department of Financial Protection and Innovation, Consumer Services, 2101 Arena Boulevard, Sacramento, CA 95834

Biometric Information Privacy Policy

Last Updated: June 25, 2026

This Biometric Information Privacy Policy supplements Swan's main Privacy Policy (available at swanbitcoin.com/privacy-policy), and governs our collection, use, and protection of biometric identifiers and biometric information, in compliance with the laws of Illinois, Texas, Washington, Colorado, and other U.S. states that regulate biometric and sensitive personal data. In the event of any conflict between this Biometric Policy and Swan’s main Privacy Policy, this Biometric Policy shall control.

(a) Definitions

Biometric Identifier means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
Biometric Information means any information, regardless of how it is captured, converted, stored, or shared, that is based on an individual’s Biometric Identifier and is used to identify that individual.
The term includes templates or measurements extracted from images or videos that can identify a person, but excludes photographs, video recordings, or data that cannot reasonably identify a specific individual without further processing.

(b) Collection and Use

Scope and Vendors:
We may collect or receive Biometric Identifiers or Biometric Information indirectly through the following third-party identity verification and fraud-prevention vendors:

Persona - Facial recognition, liveness detection, facial geometry analysis
- Privacy Policy: https://withpersona.com/legal/privacy-policy

If we engage additional biometric service providers in the future, we will update this policy and notify you as described in Section (i). We select vendors based on their security certifications, compliance with biometric privacy laws, and contractual commitments to data protection; we do not make any other representation with respect to vendors’ compliance with their internal policies or applicable law.

Purpose of Collection:
We collect and use Biometric Information only for the following limited purposes:

To verify your identity as required for compliance with anti-money-laundering (AML) and know-your-customer (KYC) regulations and policies.
To detect and prevent fraud or unauthorized account access.
To comply with legal or regulatory obligations.
To improve the security and reliability of identity verification systems.

Swan does not use Biometric Information as the sole basis for decisions that produce legal or similarly significant effects without meaningful human review. We do not use Biometric Information to create consumer profiles, behavioral analytics, or predictive scoring unrelated to identity verification or legal compliance, and we do not deploy such information for surveillance purposes.

(c) Notice and Consent

Before any Biometric Identifier or Biometric Information is collected, captured, or processed, we (or our vendor) will provide clear written notice describing:

The categories of Biometric Information collected.
The specific purpose(s) and duration for which the information will be used and retained.
The identity of the party responsible for collection and storage.

We will obtain your explicit, written or electronic consent prior to collection, in accordance with Illinois BIPA, Texas CUBI, Washington’s biometric statute, and Colorado’s Biometric Data obligations under the CPA (effective July 1, 2025).

If you decline to provide consent, certain services that rely on identity verification may not be available. You may withdraw your consent for biometric collection at any time by emailing privacy@swanbitcoin.com with subject "Withdraw Biometric Consent", calling (218) 379-7926, or updating your preferences in account settings (if available).

(d) Disclosure to Third Parties

We may disclose your Biometric Information only to:

Authorized service providers acting on our behalf for the stated purposes.
Law enforcement or regulators if required by applicable law, subpoena, or court order.
You or your authorized representative upon verified request.

All biometric service providers are subject to written agreements requiring compliance with BIPA, state biometric statutes, and applicable data protection laws, including prohibitions on secondary use, retention beyond authorized purpose, and independent model training.

(e) Retention and Destruction

We will retain Biometric Information only as long as necessary to fulfill the initial purpose of collection or as required by law, whichever is longer.
In no case will Biometric Information be retained longer than three years from the date of collection or after the initial purpose has been satisfied, unless a longer period is required for compliance with AML, KYC or other legal obligations.
After this period, Biometric Information will be permanently deleted or destroyed using secure, unrecoverable methods.

(f) Prohibition on Sale and Secondary Use

We will not sell, lease, trade, or otherwise profit from Biometric Identifiers or Biometric Information.
We will not use Biometric Information for advertising, marketing, or behavioral profiling.

(g) Data Security

We and our vendors will protect Biometric Information using at least the same or greater level of security as other sensitive personal data, including:

Encryption in transit and at rest.
Role-based access controls.
Audit logging and monitoring for unauthorized access.
Secure destruction protocols appropriate to the storage medium:
- Cloud databases: Cryptographic key destruction and multi-pass database deletion
- Backup systems: Automated purging from backup retention cycles
- Physical media (if any): Sanitization per NIST SP 800-88 guidelines
- Vendor systems: Contractually required deletion verification within 30 days.
Vendor risk assessments and contractual security obligations.

(h) Individual Rights

Residents of any state with biometric or comprehensive privacy laws may exercise the following rights:

Access: You may request confirmation whether we hold Biometric Information about you.
Deletion: You may request deletion of Biometric Information once its purpose has been fulfilled.
Restriction: You may request restriction or limitation of processing of your Biometric Information.
Complaint: You may contact your state attorney general or privacy authority if you believe your rights have been violated.

Requests relating specifically to Biometric Information will be handled in accordance with applicable biometric privacy laws, and may require additional identity verification.

To Submit Biometric Information Requests:

Email: privacy@swanbitcoin.com
Subject Line: "Biometric Information Request - [Access/Deletion/Restriction]"
Mail: Privacy Rights Request - Biometric Information, Electric Solidus, Inc., 26565 Agoura Road, Suite 200, Calabasas, CA 91302

Include your full name, email address associated with your Swan account, and specific request (access confirmation, deletion, restriction of processing, or complaint). We will respond within 45 days of receiving a verifiable request.

(i) Policy Updates

We may update this policy to reflect changes in technology, vendors, or applicable law. Any material changes will be communicated through our website or direct notice where required. The current version will always display an effective date and last-modified date.