Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Caviar Inc. ("Caviar," "we," "us," or "our") is committed to protecting the privacy of our users, clients, and partners. This Privacy Policy describes how we collect, use, disclose, and safeguard personal data when you use our platform, services, and websites (collectively, the "Services").

This policy applies to all users of our Services, including institutional clients, corporate entities, and individual representatives acting on behalf of such entities.

2. Data We Collect

2.1 Information You Provide

  • Identity data: Full name, date of birth, nationality, government-issued identification numbers, and photographs for KYC/KYB verification
  • Corporate data: Company registration details, beneficial ownership structures, financial statements, and authorized signatory information
  • Transaction data: Trade documentation, invoices, bills of lading, offtake agreements, and related commercial documents submitted for financing
  • Communication data: Correspondence, support requests, and feedback provided through our channels

2.2 Information Collected Automatically

  • Technical data: IP address, browser type, device identifiers, operating system, and access timestamps
  • Usage data: Pages visited, features used, transaction volumes, and interaction patterns
  • Blockchain data: Wallet addresses, on-chain transaction hashes, and smart contract interactions

2.3 Information from Third Parties

  • Sanctions screening providers: OFAC, UK OFSI, EU consolidated list verification results
  • Credit data providers: Credit scores, default histories, and financial standing assessments
  • Registry data: Corporate registry information from ACRA (Singapore), CAC (Nigeria), ADGM, and other jurisdictional registries

3. How We Use Your Data

We process personal data for the following purposes:

  • Service delivery: Processing transactions, executing settlements, and providing platform functionality
  • Compliance: KYC/KYB verification, AML screening, sanctions monitoring, and regulatory reporting obligations
  • Risk management: Credit assessment, collateral monitoring, and fraud prevention
  • Platform improvement: Analytics, performance optimization, and feature development
  • Communication: Service notifications, security alerts, and regulatory updates

4. Zero-Knowledge Privacy Architecture

Caviar employs zero-knowledge proof technology to minimize data exposure in financial transactions. Our ZK infrastructure enables:

  • ZK AML proofs: Sanctions screening verification without disclosing underlying identity data to transaction counterparties
  • ZK credit proofs: Credit quality attestation without revealing financial statements or credit scores
  • ZK pool composition proofs: Portfolio compliance verification without exposing individual instrument details

This architecture ensures that only the minimum necessary data is shared with counterparties, while full regulatory compliance is maintained with authorized supervisory bodies.

5. Data Sharing and Disclosure

We may share personal data with:

  • Regulatory authorities: As required by applicable law in Singapore, DIFC, Kenya, and other operating jurisdictions
  • Compliance providers: KYC/AML verification services, sanctions screening providers, and credit bureaus
  • Transaction counterparties: Limited data as necessary for transaction execution, subject to ZK privacy protections where applicable
  • Development finance institutions: IFC, AfDB, AIIB, and other DFI partners as required for co-financing arrangements
  • Service providers: Cloud infrastructure, analytics, and customer support providers under strict data processing agreements

We do not sell personal data to third parties. We do not share personal data for marketing purposes without explicit consent.

6. Data Retention

We retain personal data for as long as necessary to provide the Services and comply with legal obligations. Specific retention periods:

  • KYC/KYB records: 7 years after the end of the business relationship (or longer if required by applicable AML regulations)
  • Transaction records: 10 years from transaction completion
  • On-chain records: Blockchain data is immutable and permanent by design; off-chain data associated with on-chain transactions follows the applicable retention period above

7. International Data Transfers

As a global platform operating across Singapore, DIFC, Kenya, Brazil, and other jurisdictions, personal data may be transferred internationally. We implement appropriate safeguards including Standard Contractual Clauses (SCCs), adequacy decisions, and binding corporate rules as applicable.

8. Data Security

We implement industry-standard technical and organizational measures to protect personal data, including encryption at rest and in transit, access controls, audit logging, and regular security assessments. Our zero-knowledge architecture provides an additional layer of cryptographic protection for sensitive financial data.

9. Your Rights

Subject to applicable law, you may have the right to access, correct, delete, or port your personal data, as well as the right to restrict or object to certain processing activities. To exercise these rights, contact our Data Protection Officer at privacy@caviarfi.com.

Note that certain data processing is required for regulatory compliance and cannot be subject to deletion requests during applicable retention periods.

10. Cookies and Tracking

We use essential cookies for platform functionality and authentication. We use analytics cookies to understand usage patterns and improve the Services. You can manage cookie preferences through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the platform or email with at least 30 days' notice.

12. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@caviarfi.com.

Caviar Inc.
Singapore