Privacy Policy - Becoming Alpha

Introduction

Becoming Alpha, Inc. (headquartered at 8000 Avalon Boulevard, Suite 100, Alpharetta, GA 30009, USA – referred to as "Becoming Alpha," "we," or "us") is a U.S.-based crypto platform offering a digital asset marketplace and educational services, with plans to transition into a decentralized autonomous organization (DAO) over the next three years. We are committed to protecting your privacy and maintaining transparency in how we handle personal information. As a company based in the United States (Georgia), our operations are primarily governed by U.S. federal and state laws, including financial regulations like the Bank Secrecy Act. At the same time, we strive to honor major international data protection frameworks – for example, we align with the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where applicable.

This Privacy Policy explains what data we collect, how we use and share it, and the measures we take to keep it secure and compliant with relevant laws. By using Becoming Alpha's services (our "Services"), you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

This Privacy Policy should be read together with our Cookie Policy, which explains how we use cookies and tracking technologies. For region-specific privacy information, please see our EU/UK GDPR Privacy Notice and California Privacy Notice (CCPA/CPRA).

Important: Our Services are not intended for individuals under 25 years of age. If you are under 25, you must not use Becoming Alpha or provide any personal information to us.

Information We Collect

We collect various types of information to fulfill legal requirements and provide our Services effectively. This includes information you provide directly, information we obtain from third parties (such as verification providers), and data collected automatically. For detailed information about our identity verification (KYC/KYB) and anti-money laundering (AML) compliance procedures, please see our KYC / AML & Sanctions Compliance Overview. The categories of information we collect include:

Personal Identifiers: Information that can identify you, such as your full name, date of birth, government-issued identification numbers (e.g. Social Security number or tax ID), and copies of official ID documents (like a passport or driver's license). We may also collect proof of address (such as a utility bill or bank statement) to verify your residency. If you use our Services on behalf of a business or legal entity, we collect business identifiers like the company's legal name, Employer Identification Number (EIN), corporate registration details, and relevant organizational documents.
Contact Information: Your contact details such as mailing address (residential and/or business), email address, phone number, and other similar contact information.
Identity Verification Data: Additional information and documentation you provide for compliance checks. For detailed information about our identity verification procedures, including what information we collect, why we collect it, and how we use third-party providers, please see our KYC / AML & Sanctions Compliance Overview.
Financial Information: If our marketplace involves transactions with traditional currency (fiat), we may collect payment or financial account details (such as your bank account number, wire transfer details, or payment card information) to process deposits, withdrawals, or other payments. We also maintain records of transaction history on our platform, including deposit and withdrawal amounts, trading or exchange activity, and related financial details necessary for providing our Services and meeting regulatory obligations.
Crypto Wallet and Transaction Data: Information about the cryptocurrency wallet addresses and blockchain transactions you use in connection with our Services. For example, if you deposit or withdraw crypto or link an external wallet, we record the wallet addresses and details of those transactions. Please note that blockchain transactions are public by design – any crypto transfers you initiate may be recorded on a public blockchain, which is immutable and publicly accessible to anyone. We may associate on-chain data (such as your blockchain addresses, transaction hashes, amounts, and timestamps) with your account to facilitate services and for compliance purposes (such as fraud monitoring and blockchain analytics).
Business Profile Data: If you use Becoming Alpha for business or institutional purposes, we collect information related to your business profile. This includes details like your company name, industry, nature of business activities, corporate address, and any documents you submit for business verification. We may also require information about your business's controlling persons or UBOs (ultimate beneficial owners), as noted above, to fulfill KYB checks.
Usage and Technical Data: Like most websites and apps, we automatically collect certain technical information about your device and how you interact with our Services. This includes your IP address, browser type, device identifiers, pages or screens you access on our site/app, and timestamps of your visits. We may use cookies and similar technologies to remember your preferences, authenticate your session, and gather analytic data. (For more details, please see our Cookie Policy.) This usage data helps us secure the platform, detect fraud or abuse, and improve user experience and functionality.
Communication and Support Data: If you contact us for customer support, inquiries, or other purposes, we will collect the information you choose to share with us. This may include the content of your communications (emails, chat logs, support tickets, phone calls) and any contact information or screenshots you provide. We retain records of correspondence and any resolutions or feedback provided to ensure we address your issues and improve our services.
Additional Compliance Information: In certain cases, we might request extra data to comply with legal obligations or for risk management. For example, we may ask for your "source of funds" (i.e. an explanation of how you obtained the money or crypto you plan to use on our platform) or the intended purpose of your cryptocurrency transactions – especially for higher-risk profiles or large transfers. We might also request information about your employment or occupation if required for due diligence. We only collect such information when necessary for regulatory compliance (e.g. customer due diligence under U.S. anti–money laundering laws). If we require additional information, we will inform you at the time of collection and explain why it's needed.

We limit our data collection to what is relevant for the purposes described in this Policy, and you have choices about providing certain information. However, if you choose not to provide data that is required for identity verification or regulatory compliance, we may not be able to offer you some or all of our Services. For instance, you will not be able to open or maintain an account without completing required KYC verification.

How We Use Your Information

We use personal information for the following purposes, in line with applicable law and our commitment to transparency:

Providing and Improving Services: We use collected information to create and manage your Becoming Alpha account, to enable marketplace functionality (such as buying, selling, or trading crypto assets), to deliver educational content, and to provide customer support. For example, we use your contact information to send account notices or transaction confirmations, and your wallet and transaction data to facilitate trades or transfers you initiate on the platform. We also analyze usage data to understand how our Services are used and to improve the platform's performance, features, and user experience.
Identity Verification and Regulatory Compliance: A core use of your information is to verify your identity and fulfill our KYC/KYB and AML compliance obligations. For detailed information about our identity verification procedures, sanctions screening, and regulatory compliance practices, please see our KYC / AML & Sanctions Compliance Overview.
Transaction Processing and Platform Security: We use wallet addresses, transaction details, and usage data to carry out the transactions you request and to keep our platform secure. For instance, when you initiate a crypto trade, withdrawal, or deposit, we use the information provided to execute the transaction and record it on our systems (and on the relevant blockchain, where applicable). We monitor transactions and account activities for signs of suspicious or fraudulent behavior such as hacking attempts or unauthorized use. This ongoing monitoring helps us detect and respond to potential fraud or security threats, and we will investigate or report such issues to regulators or law enforcement as required by law. These measures protect both you and Becoming Alpha from fraud and financial crime.
Communications and Customer Service: We may use your email address or phone number to send you service-related communications. These include confirmations of transactions, alerts about important account activity (for example, a login attempt or password change), security notifications, and updates to this Privacy Policy or other terms. With your consent or as otherwise permitted by law, we may also send you educational newsletters, information about new features or services, or market insights related to cryptocurrency. You can opt out of marketing emails at any time by using the unsubscribe link in those emails or adjusting your account preferences. When you contact our support team, we will use the information from your request and our records (such as your account data and prior communications) to help troubleshoot and resolve any issues you're facing.
Crypto Education and Community Engagement: If you participate in our educational programs, webinars, or community forums, we may use the information you share to personalize your experience and facilitate community interaction. For example, if you post content or achievements in a community forum or complete a module in our educational platform, we might (with your consent) highlight your contributions or progress to other users. Keep in mind that any information you choose to make public in community forums or on a public blockchain (such as participating in on-chain learning exercises) can be visible to others, and we encourage you to exercise caution when sharing personal data in these public contexts.
Analytics and Product Development: We analyze aggregated and de-identified data to understand user trends and preferences, which helps us develop new features and improve our Services. For example, we might look at overall usage patterns to determine which features are most popular or to identify areas of the user interface that can be improved. When possible, we use techniques like anonymization or pseudonymization for analytics, so that individuals are not directly identifiable. Insights from analytics help inform our product development and enhance performance and security across our platform.
Legal Obligations and Enforcement: We use personal information to comply with our legal obligations and to enforce our terms and policies. This includes fulfilling duties such as tax reporting, responding to legally binding requests from government authorities (for example, subpoenas, court orders, or lawful information requests), and meeting record-keeping requirements. For instance, U.S. regulations require that we retain certain identifying information and transaction records for set periods to comply with the Bank Secrecy Act's record retention rules. We also may use your data as necessary to enforce our Terms of Service and other agreements, to investigate and take action against potential violations or illegal activities (such as fraud, hacking, or abuse), and to protect the rights, property, and safety of Becoming Alpha, our users, and the public.
Future Decentralization Initiatives: As Becoming Alpha transitions toward a DAO model, we may use certain information (such as your wallet addresses or participation data) to enable decentralized governance features. For example, if governance tokens are issued as part of the DAO, we might use your wallet address and token holdings to allow you to participate in voting or proposals. Any such use of data will remain governed by this Privacy Policy (and any additional notices we provide at that time). We remain committed to data protection best practices even as some processes become decentralized. We will update this Privacy Policy to reflect any material changes once the DAO transition occurs, to ensure you are informed of how your data is handled in a decentralized framework.

We always ensure that we have a valid legal basis for processing your personal information. In most cases, processing is necessary to perform our contract with you (for example, to provide the services you signed up for) or to comply with our legal and regulatory obligations, or it is done in furtherance of our legitimate interests in operating a safe, efficient, and innovative crypto platform (for example, improving services or preventing fraud). Where we rely on your consent for certain processing (such as sending marketing communications), you have the right to withdraw that consent at any time (see Your Rights & Choices below). Withdrawing consent will not affect the lawfulness of any processing we conducted based on consent before its withdrawal, and it may not affect processing that is occurring on other legal grounds.

How We Share Your Information

Becoming Alpha respects your privacy – we do not sell your personal information to third parties for monetary compensation. However, in the normal course of business and to comply with the law, we do share personal data with certain trusted parties, as outlined below. Any third parties that receive personal data from us are required to use it only for the purposes described and to protect it in accordance with applicable law and this Policy.

Service Providers: We share information with third-party service providers and contractors who perform services on our behalf. This includes, for example, our KYC/KYB identity verification partners (who receive your identification details and documents to conduct identity checks and fraud prevention), cloud hosting and data storage providers, analytics and advertising partners, email/SMS vendors (for sending authentication codes and notifications), customer support platforms, and cybersecurity firms. These service providers are bound by contracts that limit their use of your information to the services they are providing for us and that require them to protect your information. For example, our identity verification provider will use your ID documents only to verify your identity and not for any other purpose.
Financial and Transaction Partners: If you link a bank account or use other financial features of our platform (such as purchasing crypto with fiat currency or receiving payouts), we may share the necessary information with banks, payment processors, or relevant blockchain networks to facilitate those transactions. For instance, if you initiate an ACH bank transfer or a credit card payment, we must share certain details (like your name and account number or card information) with our banking partners and payment processor to complete the transaction. Likewise, if you perform on-chain transactions through our interface (for example, trading via a decentralized exchange integration), certain data (such as your public blockchain wallet address and transaction details) will be transmitted to the applicable blockchain network and any intermediary technology providers helping to facilitate the transaction. Keep in mind that transactions recorded on a blockchain will be public due to the nature of decentralized networks.
Affiliates and Future Entities: We may share your information with companies that are under common ownership or control with Becoming Alpha (such as any subsidiaries, affiliates, or successor entities). This sharing would occur as needed to operate the platform and provide services to you. Currently, Becoming Alpha may not have affiliated entities, but if in the future we establish additional corporate affiliates or transition certain operations to a DAO or other community-governed entity, your data may be transferred to or accessed by that new entity to ensure continuity of services. For example, if certain marketplace features or governance functions are taken over by a DAO structure in the future, we will ensure that any personal data involved in those processes remains protected consistent with this Privacy Policy.
Regulatory and Legal Disclosures: We may disclose personal information to government authorities, regulators, law enforcement agencies, or other third parties when we are required to do so by law or when such disclosure is necessary to protect our legal interests. This includes responding to subpoenas, court orders, or other legal process; sharing information for the purposes of preventing money laundering or terrorist financing (for example, filing required reports with the U.S. Financial Crimes Enforcement Network, FinCEN, under the Bank Secrecy Act); or providing data to law enforcement as part of an investigation (e.g. if we suspect fraud, theft, or any illegal activity involving our platform). We also may share information as needed to enforce our terms of service or other agreements, or to protect the rights and safety of Becoming Alpha, our users, or others. Any such disclosures will be made in compliance with applicable laws and with careful consideration of your privacy rights.
Business Transfers or Corporate Changes: If Becoming Alpha undergoes a business transaction such as a merger, acquisition, reorganization, financing, or sale of all or part of our business/assets, your personal information may be disclosed to the parties involved (for example, to potential investors, counter-parties, or their professional advisors) as part of due diligence, and may be transferred as part of the completed transaction. This could also occur in the context of our planned transition to a community-governed DAO or a similar reorganization of our corporate structure. If such a transfer of personal data happens, we will ensure that your information remains subject to privacy protections at least as stringent as those in this Policy. We will also provide notice to users (for example, via email or a prominent notice on our site/app) if your personal information will become subject to a different privacy policy or governance structure as a result of a business change.
Professional Advisors: We may share relevant information with our professional advisors – such as auditors, legal counsel, accountants, insurance providers, and other consultants – when necessary. These parties may need access to certain personal data to provide us with advice, audit our business or compliance practices, or protect our rights. For example, auditors might review KYC records and procedures as part of a compliance audit, under strict confidentiality, to ensure we are meeting our regulatory obligations.
With Your Consent or At Your Direction: In certain situations, you may request or consent to your information being shared with a third party. For instance, if you decide to participate in a co-sponsored promotion, beta test, or integrate your Becoming Alpha account with a third-party service, we will share your data with that third party only with your knowledge and consent. Similarly, if you submit a testimonial or public review of our platform and agree to let us share it, we might repost your comments (along with your name or username) on our website or social media accounts. Outside of the scenarios described in this Policy, we will not share your personal data with third parties unless you have explicitly authorized us to do so.

No Selling of Personal Data: As stated above, we do not sell personal information to data brokers or other third parties for their own marketing use. We also do not share data with third parties for cross-context behavioral advertising in a manner that would be considered a "sale" or "share" under applicable U.S. state privacy laws. If in the future we ever consider using personal data in ways that could be deemed a sale or would otherwise materially affect your privacy rights, we will update this Privacy Policy and provide any required opt-outs or obtain your consent as required by law.

Note for California (and Certain U.S. State) Residents: While we do not sell data, if you are a resident of California (or another U.S. state with similar privacy laws, such as Colorado, Virginia, Connecticut, Utah, etc.), you have the right to opt out of any sale of your personal information or sharing of it for targeted advertising purposes. We honor such opt-out requests and also recognize applicable universal opt-out signals, such as the Global Privacy Control (GPC) browser signal, as required by law. If you believe we are selling or sharing your personal data in a manner covered by those state laws, please contact us (see Contact Us at the end of this Policy) to exercise your opt-out rights. We confirm that, as of the Last Updated date of this Policy, we do not sell personal information to third parties for monetary value, and any sharing of data we engage in is solely for the business, operational, and compliance purposes described above.

Data Security

We take data security very seriously and implement industry-standard measures to protect your personal information from unauthorized access, loss, misuse, or alteration. Becoming Alpha's security program includes technical, administrative, and physical safeguards designed to protect the confidentiality, integrity, and availability of data. These measures include, for example: encryption of sensitive data in transit and at rest (we use protocols like SSL/TLS to secure data transmitted between your device and our servers); firewalls and intrusion detection systems to protect our network; and regular security audits, penetration tests, and continuous monitoring of our systems. Personal data, including any identity documents or private keys you may provide to us, is stored on secure servers with strict access controls – only authorized personnel with a legitimate business need can access such information, and they are bound by confidentiality obligations. We also employ multi-factor authentication and other access controls to prevent unauthorized access to user accounts.

Our team is trained on privacy and security best practices, and we continually update our protocols to adapt to new threats and vulnerabilities. In the event of a data breach or security incident, we have an incident response plan to contain the issue, investigate the scope and cause, and remediate the situation. Where required by law (for example, certain jurisdictions' breach notification laws), we will notify affected individuals and relevant authorities of breaches involving personal data. We also take steps to prevent future incidents by analyzing root causes and improving our safeguards.

While we strive to protect your information, please understand that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your information. You also play a critical role in keeping your data safe. We encourage you to use a strong, unique password for your Becoming Alpha account, enable two-factor authentication (2FA) if we offer it, and safeguard your account credentials and devices. If you suspect any unauthorized access to your account or discover a potential security vulnerability, please contact us immediately (see the Contact Us section below), so we can take appropriate measures.

Your Rights & Choices

We believe in being transparent and giving users control over their personal information. Depending on your jurisdiction and applicable laws, you have a number of rights regarding your personal data. We honor all applicable privacy rights requests in accordance with the laws that apply to us. These rights may include:

Right to Access: You have the right to request confirmation of whether we are processing your personal information, and to obtain a copy of the personal information we hold about you. You also have the right to request information about how we use your data and with whom we have shared it. We will provide this in a suitable format (often this is referred to as the "data portability" right, providing data in a commonly used machine-readable format).
Right to Rectification: If any of the personal information we have about you is incorrect or out of date, you have the right to request that we correct or update it. You can also review and update some of your information directly by logging into your account (for example, you can change your contact details in your profile). If you request a change to critical information (such as your legal name or government ID number), we may need to verify the accuracy of the new information you provide, especially where it is used to satisfy legal requirements.
Right to Deletion: You can request that we delete your personal information under certain circumstances. For example, if you have closed your account and you want us to remove the personal data we no longer need, you can ask us to delete it. We will honor valid deletion requests to the extent we are legally permitted to do so. Please understand that we cannot delete data in cases where we are required by law to keep it, or where the data is necessary for fraud prevention and security or other legitimate purposes. For instance, as noted in our Data Retention section, we are obligated by law to retain certain compliance records, including KYC/AML verification records, for a minimum period (typically at least 5 years after account closure). For details about our data retention practices for compliance records, please see our KYC / AML & Sanctions Compliance Overview. Therefore, we cannot immediately erase certain verification data even if you request it. However, if your account is closed, we will mark it as such and cease using your personal information for active business purposes, aside from securely storing it for compliance reasons until the retention period expires.
Right to Object or Restrict Processing: If you believe we are processing your information in a way that is not appropriate or not justified, you have the right to object to that processing. One common example is objecting to the use of your data for direct marketing – if you tell us to stop using your data for marketing purposes, we will stop. In certain situations, you also have the right to request that we temporarily restrict processing your data. This could apply, for example, if you contest the accuracy of the data we hold or object to our processing and we are evaluating your request. During that time, we will restrict processing your data (aside from storing it securely) until the issue is resolved. Where applicable law grants these rights, we will review such requests and comply as required.
Right to Data Portability: For personal data that you have provided to us directly, you may have the right to obtain it and reuse it elsewhere. Specifically, you can request that we provide your information in a structured, commonly used, and machine-readable format so that you can transfer it to another service provider. You may also request, if it is technically feasible, that we transmit that information directly to another company at your direction. Note that the right to portability generally applies to information you provided (for example, your account details or content you've submitted), and not to data that we generated internally (like internal risk scores or analytics).
Privacy Rights Under U.S. State Laws: Residents of certain U.S. states have specific privacy rights under their state laws. For example, if you are a resident of California, Virginia, Colorado, Connecticut, Utah (and other states that may enact privacy laws), you have rights such as: the right to know/access personal information (similar to the access right described above – you can ask for details about the categories and specific pieces of personal information we have about you, as well as the categories of sources and our business purposes for that data, and what categories of third parties it's shared with); the right to delete personal information (with similar limitations as described in our deletion right above); the right to correct inaccuracies in your personal information; and the right to opt out of certain data uses like the "sale" of personal information or sharing of personal data for targeted advertising purposes. California residents also have the right to request, up to twice in a 12-month period, a report disclosing the categories of personal information we have collected, used, and disclosed for business purposes in the prior 12 months, including the categories of third parties to whom information was disclosed. We have included in this Privacy Policy disclosures that we do not sell personal information and that we only share data as described for our business and legal needs. California (and some other states') laws also provide that you have the right not to receive discriminatory treatment for exercising your privacy rights. We respect this – we will not deny you our Services or provide you a different level of service just because you exercised any of your data rights.
Right to Withdraw Consent: In situations where we are processing your personal information based on your consent, you have the right to withdraw that consent at any time. For example, if you have given us consent to receive promotional emails or newsletters, you can opt out later by clicking the "unsubscribe" link in those emails or changing your account preferences. Please note that withdrawing consent will not affect the legality of any processing we conducted prior to your withdrawal, and it won't affect processing of your data under other legal bases (for example, we may still need to process data that is required for a service or by law).
Rights Regarding Automated Decision-Making: Becoming Alpha does not currently make any decisions about you that have legal or similarly significant effects solely by automated means (i.e. with no human involvement). We do not, for instance, use algorithms alone to determine your eligibility for services in a way that would impact you without a manual review. If this policy changes in the future and we introduce automated decision-making that could significantly affect you (for example, some kind of automated creditworthiness or fraud-detection decision with no human review), we will inform you of that and ensure you have the right to contest such decisions or request human intervention, as required by law.

Exercising Your Rights

To exercise any of the rights outlined above or to send us a privacy-related request, please contact us using the information provided in the Contact Us section at the end of this Policy. For certain requests, we will need to verify your identity to ensure that we are dealing with the correct person and to prevent unauthorized access to or deletion of someone else's data. We may ask you to provide information that matches our records (for example, we might ask you to confirm the email address associated with your account, or details of a recent transaction you made on the platform). In some cases, we might require additional verification or documentation if the request is of a sensitive nature – for instance, if an authorized agent is making a request on your behalf, we will ask for proof of the agent's authority and perhaps confirmation from you as the account holder, consistent with applicable laws.

We will respond to privacy rights requests within the timeframe required by law. This is generally within 30 to 45 days for most requests, although we may inform you that we need an extension (an additional 45 days, for example) if your request is complex. We do not charge a fee for processing your rights requests. However, if a request is manifestly unfounded or excessive (for example, repetitive requests beyond what the law requires us to respond to), we reserve the right to either charge a reasonable fee or refuse to act on the request, as permitted by law. If we cannot fulfill a certain part of your request, we will explain the reasons in our response. For example, if you request deletion of data that we are legally required to keep, we will let you know that we must retain it and cite the obligation.

Importantly, if some of your data is stored on a public blockchain, we are unable to erase, modify, or rectify that blockchain-stored data due to the immutable nature of blockchain technology. What we can do is delete or anonymize any personal data in our own systems that links you to that blockchain record, if you request erasure (assuming we have no independent legal need to retain it). We will always do our best to accommodate your requests in line with applicable laws and technological constraints.

If you have any concerns about how we handle your personal information or if you believe your privacy rights have been violated, you have the right to lodge a complaint with a supervisory authority or other regulator. For example, U.S. residents can contact the Attorney General's office in their state, and individuals in the European Union or United Kingdom can contact their country's Data Protection Authority (DPA). A list of EU DPAs and their contact information is available online (for instance, on the European Data Protection Board's website). In the UK, you can contact the Information Commissioner's Office (ICO). We ask that before you contact a regulator, please consider reaching out to us first with your concerns – we value your privacy and we will do our best to resolve any issue in a satisfactory manner.

Automated Decision-Making and Profiling

Becoming Alpha may use automated systems and profiling to improve our services, detect fraud, and provide personalized experiences. This section explains what automated decision-making and profiling we engage in and your rights regarding these activities.

What We Do: We may use automated systems to:

Fraud Detection: Automatically analyze transactions and account activity to detect potential fraud or suspicious behavior
Content Recommendations: Analyze your usage patterns to recommend relevant content, features, or marketplace listings
Risk Assessment: Automatically assess risk levels for certain activities or transactions based on patterns and signals
Content Moderation: Automatically filter or flag content that may violate our policies

Your Rights: If automated decision-making produces legal effects or similarly significantly affects you, you have the right to:

Request human review of any automated decision
Express your point of view and contest the decision
Obtain an explanation of the logic involved in the automated processing
Opt out of certain profiling activities where permitted by law

We generally do not make decisions that have legal or similarly significant effects solely through automated means without human review. If we do engage in such automated decision-making in the future, we will notify you and provide opportunities to request human review or contest decisions.

Data Subject Rights Process

This section explains how to exercise your data protection rights and what to expect when you make a request.

How to Submit a Request: To exercise any of your data protection rights, please submit a request to us by emailing privacy@becomingalpha.world. Please include:

Your name and email address
A clear description of the right you wish to exercise
If requesting access or deletion, specify what information you are requesting

Identity Verification: To protect your privacy and security, we may need to verify your identity before processing certain requests. We may ask you to:

Provide information that matches our records (e.g., email address, account username)
Answer security questions
Provide government-issued identification for sensitive requests (e.g., requests to access or delete certain categories of data)

Response Times: We will respond to your request within the timeframes required by applicable law:

GDPR (EU/UK): We will respond within one month (may be extended to two months for complex requests)
CCPA/CPRA (California): We will respond within 45 days (may be extended by an additional 45 days for complex requests)
Other Jurisdictions: We will respond within the timeframe required by applicable local law

If we need additional time to process your request, we will notify you and explain the reason for the delay.

Limitations: Some rights may be limited in certain circumstances, such as when we are required by law to retain data (e.g., KYC/AML retention requirements as described in our KYC / AML & Sanctions Compliance Overview) or when deletion would impact ongoing legal proceedings. We will explain any limitations when we respond to your request.

Cookies and Tracking Technologies

Becoming Alpha uses cookies and similar tracking technologies (such as pixels, tags, local storage, and web beacons) to operate our platform, enhance performance, personalize content, provide certain features, and analyze user behavior.

For detailed information about the types of cookies and tracking technologies we use, the purposes they serve, your choices in managing them, and how to control tracking through browser settings and opt-out tools, please refer to our Cookie Policy.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:

Account Information and KYC Data: For active customers, we keep your personal data for the life of your account. If you decide to close your account or your account becomes inactive, we will retain your data for a period of time afterward as needed to comply with our legal obligations and legitimate business needs. Specifically, identity verification information collected for KYC/KYB purposes is retained for at least five (5) years after an account is closed, in order to meet U.S. regulatory requirements under the Bank Secrecy Act and related anti–money laundering laws. This retention period (which may be extended by law or regulation) allows us to respond to any government inquiries or audits and is a standard requirement for financial institutions. It includes copies of identification documents, verification records, and associated personal data you provided during the KYC/KYB process.
Transaction Records: We keep records of cryptocurrency transactions, payments, and trades in accordance with financial record-keeping rules and our compliance programs. Transaction data is generally retained for a minimum of five years, and often longer (e.g. seven years or more), as required by various regulations and our internal policies. Extended retention of transaction records may be necessary for fraud detection, tax reporting, accounting purposes, or to comply with audits and inquiries.
Communications and Support Records: Copies of communications you have with us (such as customer support emails, chat logs, or support tickets) are typically retained while you have an active account and for a period afterward (usually up to 2–3 years). This allows us to reference past interactions if you contact us again and helps us train our support team and improve our customer service. In some cases, we may retain certain correspondence longer if needed for legal reasons – for instance, if a particular communication relates to a dispute, a regulatory matter, or an incident that we need to document.
Usage Logs and Analytics Data: General usage analytics are usually collected in aggregate form (without directly identifying users) and may be retained indefinitely for statistical and business analysis purposes. However, any usage logs that are tied to personal identifiers (for example, detailed IP address logs associated with your account) are kept for a shorter period – typically a few months up to a year – unless we determine it's necessary to retain them longer for security investigations or legal compliance. We continuously evaluate whether ongoing retention of such logs is needed or if they can be anonymized or deleted.
Smart Contract / Blockchain Data: If any personal data becomes recorded on a public blockchain through your use of our Services (for example, information written into a smart contract or a public transaction you execute), we cannot delete that blockchain record. Data recorded on decentralized ledgers is, by its nature, immutable and often publicly accessible indefinitely. While we do not control the persistence of blockchain data, we will handle any related off-chain personal data (for instance, records in our systems linking you to a given blockchain address or transaction) according to our retention policy and applicable law. In other words, we might delete or anonymize internal records linking you to a blockchain transaction after our retention period, but the public transaction record on the blockchain will remain as-is beyond our control.

When we no longer have a legitimate business need or legal obligation to retain your personal information, we will take steps to securely dispose of it. This may include erasing it from our systems or anonymizing the data so that it can no longer be associated with you. For example, we might anonymize certain historical trading records for long-term analysis but remove or de-identify any personal identifiers attached to those records once they are no longer needed.

Please note that due to technical and legal constraints, complete removal of data from all systems may not be instantaneous or may not be possible in certain scenarios. For instance, data that has been stored in our encrypted backups or on blockchain networks cannot be immediately deleted; instead, such data will be overwritten or pruned according to our regular backup retention schedule or will remain on the blockchain permanently. However, if you request deletion of your data or close your account, we will cease using your personal data for new purposes, and aside from archival compliance needs, we will remove or anonymize it in active systems. Data that must be retained longer for legal compliance will be securely isolated and protected until deletion is permissible.

International Data Transfers

Becoming Alpha is based in the United States, and most of our systems and data storage are located in the U.S. If you are using our Services from outside the United States, please be aware that your personal information will likely be transferred to, and processed in, the United States (and potentially other countries) which may have data protection laws that are different from those in your country of residence. In particular, personal data of users will be stored on servers in the U.S., and may be accessible to our staff and service providers in the U.S. or in other jurisdictions where we or our vendors operate.

By using our Services or providing us with your information, you acknowledge that your information will be transferred to and processed in the United States and any other country where we or our service providers maintain facilities. We will take appropriate measures to ensure that your personal data is handled securely and in accordance with this Privacy Policy, wherever it is processed.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we are committed to protecting your data when it is transferred outside of those regions. Such transfers will be protected by appropriate safeguards as required by law. For example, we rely on the European Commission's Standard Contractual Clauses (SCCs) or other approved transfer mechanisms (such as UK International Data Transfer Agreements or equivalent mechanisms for transfers outside the EEA/UK) to ensure that European personal data receives an adequate level of protection when transferred to the U.S. or other countries that may not have been deemed "adequate" by the EU. Standard Contractual Clauses are contractual commitments between Becoming Alpha and our service providers (or between Becoming Alpha and our affiliates) that require the recipient to protect personal data in accordance with EU data protection standards. We will also implement additional technical and organizational measures as needed to protect data in transit and at rest. For more information about our international transfer safeguards, or if you have questions about how your data is protected when transferred, please contact us at privacy@becomingalpha.world.

Regardless of where you live, all users' data is treated in line with the commitments of this Privacy Policy. Our security measures (described above) apply globally. We will only transfer personal data to third parties or to other countries if we have ensured that adequate protections are in place to safeguard the data. This could mean that the recipient is in a country deemed adequate by relevant regulators, or that we have implemented contractual clauses, internal policies, or other safeguards to protect your privacy.

Children's Privacy

Becoming Alpha's Services are not intended for individuals under 25 years of age, and we do not knowingly collect personal information from children or minors. If you are under 25, you are not authorized to use our platform or provide any personal information to us. We do not market our Services to minors, nor do we intentionally invite minors to use our platform.

If we become aware that we have inadvertently collected personal information from a person under 25, we will take immediate steps to delete such information from our records. Parents or legal guardians who believe that their child (under 25) may have submitted personal data to us should contact us right away so that we can investigate and delete the information in question. We also encourage parents and guardians to supervise their children's online activities and to teach their children about never sharing personal information with strangers on the internet.

In the event that we ever offer features or content that are suitable for a younger audience (for example, general educational content about blockchain that does not involve account registration), we will ensure that such offerings are structured in a way that does not collect personal data from minors, in compliance with applicable laws like the Children's Online Privacy Protection Act (COPPA). If our target audience changes in the future to include minors (which is not our plan at this time), we will update our practices and this Policy accordingly and seek any necessary parental consent.

Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our business, to address new legal requirements, or to implement new privacy or security practices. If we make changes, we will update the "Last Updated" date at the top of this Policy. In cases where changes are significant (for example, if we make a change that materially affects how we handle personal data), we will provide a more prominent notice of the changes. This may include, for example, sending an email notification to the email address associated with your account, or posting a prominent announcement on our website or within our app to alert you to the update.

We encourage you to review this Privacy Policy periodically so that you stay informed about how we are protecting your information. If you continue to use Becoming Alpha's Services after a new or revised Privacy Policy has become effective, that will indicate your acceptance of the revised policy. If you do not agree with any changes to the Privacy Policy, you should stop using our Services and you may request that we delete your account data (subject to the retention obligations and exceptions discussed above). For any material changes that would retroactively apply to personal data we collected from you under a previous version of the Policy (in other words, if we want to use information we already collected from you in a new way that was not disclosed at the time of collection), we will obtain your consent as required by law before doing so.

Our commitment to transparency means we will not make unexpected or intrusive changes without notice. We will also make prior versions of this Privacy Policy available upon request so you can see how our practices have evolved over time.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help, and we are committed to being transparent about our privacy practices and responsive to your rights.

You can reach our privacy team through any of the following methods:

Email: privacy@balpha.co (Attn: Data Protection Officer / Privacy Team)
Mail: Becoming Alpha, Inc. – Privacy Department, 8000 Avalon Boulevard, Suite 100, Alpharetta, GA 30009, USA
Support Portal: You may also contact us through our Contact page, or submit requests through your account settings (if available).

We will respond to your inquiry as soon as reasonably possible, generally within one business week. If you are contacting us to exercise a specific data right, please describe your request in detail (so we can better assist you) and be prepared to verify your identity as noted above in Your Rights & Choices.

Thank you for choosing Becoming Alpha and for trusting us with your information. We value your privacy and are committed to keeping your personal information safe and secure while providing you with a compliant and cutting-edge crypto marketplace and educational experience. Remember, this Privacy Policy is intended to inform you – if anything is unclear or if you have any questions, please reach out and we will gladly explain. Your privacy, security, and satisfaction are our priorities, and we will continue to improve our practices as we grow and evolve (on the path to a decentralized future).