Privacy Policy

This Privacy Policy describes how TokenCapStack Inc. (“TokenCapStack,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use our website at tokencapstack.com, our cap table management platform, the Insumer suite of applications (InsumerWallet, InsumerScanner, InsumerDashboard, InsumerRegistry), and any related services (collectively, the “Services”).

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, company name, and job title when you create an account or submit a contact form.
• Cap Table Data: Shareholder names, equity holdings, share classes, vesting schedules, option grants, and related corporate records you upload to the platform.
• Payment Information: Billing details processed through our third-party payment processor. We do not store full credit card numbers on our servers.
• Wallet Addresses: Public blockchain wallet addresses you connect to the Insumer applications for token verification purposes.
• Communications: Messages, feedback, and correspondence you send to us.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and session duration.
• Device Information: Browser type, operating system, device identifiers, IP address, and screen resolution.
• Cookies and Analytics: We use Google Analytics and similar tools to understand how our Services are used. See Section 6 for cookie details.

1.3 Blockchain Data

Our Services interact with public blockchains (Ethereum, Polygon, Avalanche, Arbitrum, Optimism, Base, and Solana). Any data recorded on a public blockchain is inherently public and immutable. We read publicly available on-chain data such as token balances and transaction histories associated with wallet addresses you provide. We do not control or store your private keys.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services, including cap table management, equity tokenization, and shareholder dashboards.
• Process transactions and send related information such as confirmations and invoices.
• Verify token holdings and generate QR codes for shareholder verification through the Insumer applications.
• Send you technical notices, security alerts, and support messages.
• Respond to your comments, questions, and customer service requests.
• Send marketing communications (with your consent), which you may opt out of at any time.
• Monitor and analyze trends, usage, and activities in connection with the Services.
• Detect, investigate, and prevent fraudulent transactions and other illegal activities.
• Comply with legal obligations, including securities regulations and regulatory requirements.

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf, such as payment processing, email delivery, cloud hosting, and analytics. These providers are contractually obligated to protect your information.
• Company Administrators: If you are a shareholder, the company that manages the cap table on our platform may access your equity holding information as part of their administration of the cap table.
• Compliance and Legal: When required by law, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: When you direct us to share information with a third party.

4. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/SSL), encryption at rest, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

For blockchain-related data, please note that public blockchain transactions are immutable and cannot be deleted or modified once recorded.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. We also retain information as necessary to comply with legal obligations (including securities recordkeeping requirements), resolve disputes, and enforce our agreements. Cap table records may be retained for extended periods as required by applicable securities laws and regulations. When you request account deletion, we will delete or anonymize your information within 90 days, except where retention is required by law.

6. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for the Services to function, such as session management and security tokens.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect information about your use of the Services, which is transmitted to and stored by Google.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request a portable copy of your data in a structured format.
• Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link in our emails or by contacting us.

To exercise any of these rights, contact us at support@tokencapstack.com. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used, (b) request deletion of your personal information, (c) opt out of the sale of your personal information (we do not sell personal information), and (d) not be discriminated against for exercising your privacy rights. To make a request, contact us at support@tokencapstack.com.

9. Children’s Privacy

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

10. International Data Transfers

Our Services are hosted in the United States. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Services, you consent to the transfer of your information to the United States.

11. Third-Party Links

The Services may contain links to third-party websites or services, including blockchain explorers, wallet providers, and partner platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: