Privacy Policy – Agroecopay

Last updated:September 16, 2025

Privacy Statement

Welcome to Agroecopay (hereinafter referred to as “the Company,” “we,” or “the Platform”). We are a Money Services Business (MSB) registered and regulated in the United States. Protecting your privacy and personal information is our top priority. This Privacy Policy aims to transparently explain how we collect, use, store, disclose, and protect your personal information when you are a visitor, user (including existing and potential customers), or a third-party partner (such as banks, payment gateways, etc.) using our services through this Platform. You should read and understand this Privacy Policy, and registering for and using Agroecopay services constitutes your agreement to this Privacy Policy. If you do not agree to this policy, please do not use our website or send us your personal data.

Important Note: Please read carefully. By registering, accessing, or using Agroecopay services, you agree to be bound by this Privacy Policy, including any revisions we may make from time to time. If you do not agree to any terms in this policy, please immediately stop accessing or using our services. This policy details the purposes for which we process your personal data, the categories of recipients with whom we share data, your data subject rights, and other key matters.

To adapt to legal, technological, and business developments, we may update this policy from time to time. Any revised version will take effect immediately upon publication on this website, and your continued use of our services constitutes acceptance of the updated policy. In light of such updates, we encourage you to review this policy periodically for the latest information.

Part I Definition of End-User Information

End-user information refers to information related to buyers using the Agroecopay payment system. This information, whether used alone or in combination with other information, can identify a specific natural person or reflect their activities. The information you voluntarily provide to us when using our services includes, but is not limited to: identity information such as name, date of birth, ID number, and biometric information; contact information such as address, contact information, and communication records and content; core payment information such as account password and financial status; and behavioral characteristics such as browser type, visited pages, referral sources, and activity patterns.

Part II What Information We Collect and How We Collect It

In accordance with the U.S. Bank Secrecy Act (BSA) and FinCEN’s regulatory requirements for MSBs, we are required to implement strict anti-money laundering and customer identity verification procedures, specifically as follows:

2.1 Information You Provide to Us:

• Identification Information: Such as name, date of birth, government-issued identification document information (such as driver’s license, passport), Social Security Number (SSN), or Taxpayer Identification Number (ITIN).

• Contact Information: Such as physical address, email address, and telephone number.

• Financial Information: Such as bank account information (bank code, account number, routing number), credit/debit card information (if applicable), and transaction history.

• Business Information (if applicable): If you are acting on behalf of a corporate entity, we may collect company registration certificate, tax information, and information on directors and beneficial owners.

• Verification Information: To fulfill our legal obligations under Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations, we may collect:

• Proof of address (such as utility bills). • In certain high-risk scenarios, and with your explicit and separate consent, we may collect biometric information (such as facial images or videos) for identity verification.

2.2 Information We Automatically Collect: When you interact with our services, we automatically collect the following information through cookies and similar technologies:

• Device Information: IP address, browser type and version, time zone settings, operating system, and platform.

• Usage Data: Your access patterns to the services, clickstream data, pages viewed, and access time and duration.

2.3 Information We Obtain from Third Parties:

• Identity Verification Service Providers: To verify the accuracy of the information you provide, we may obtain information from authorized third-party service providers.

• Anti-Fraud and Compliance Partners: For risk assessment and fraud monitoring, we may obtain information from organizations specializing in fraud prevention and AML compliance.

• Credit Reporting Agencies (where applicable): Where permitted by law and with your consent, we may obtain information from credit reporting agencies for credit assessment. Such use will comply with the U.S. Fair Credit Reporting Act (FCRA).

• Business Partners: For example, e-commerce platforms that direct you to our services through their platforms.

2.4 Our Specific Information Collection Practices:

Device Information. When you access or use this website via computer, mobile phone, or other devices, we may collect information related to your device, such as hardware model and ID, device type, operating system version, request type, request content, and basic usage information about your use of this website (such as date and time).

2.5 Anti-Money Laundering (AML) and Customer Authentication (KYC) Specific Explanation To fulfill the mandatory legal obligations required by the MSB license, including Anti-Money Laundering (AML), Counter-Terrorist Financing (CFT), and Customer Due Diligence (CDD), our collection, use, and retention of certain information is legally necessary. This includes, but is not limited to:

• Identity and Address Verification: We require you to provide and verify government-issued identity documents (such as passports, driver’s licenses) and recent proof of address, which are basic requirements for account opening and ongoing service.

• Business Entity Information: For corporate clients, we must collect and verify company registration certificates, articles of association, beneficial owners, directors, and authorized signatories information, and require relevant parties to provide Politically Public Figures (PEP) statements based on risk assessment.

• Biometric Data: To perform high-security identity verification, we collect your real-time facial images or videos and extract biometric templates during registration and certain transactions. This measure is a key compliance measure to prevent identity fraud and ensure the consistency of account holders, and its legal basis is primarily the fulfillment of statutory obligations.

• Proof of Funds and Wealth: In certain circumstances, to assess transaction risks and the legality of the source of funds, we may legally require you to provide evidence regarding the source of funds or wealth accumulation.

2.6 Third-Party Compliance Requirements: To ensure compliance throughout the payment chain, Agroecopay prioritizes and verifies that its payment processors, banks, and other financial service providers meet the following criteria when selecting partners:

• Partners operating within the United States must hold a valid MSB license or operate as a federally or state-regulated financial institution.

• For international partners, they must have passed an anti-money laundering/counter-terrorism financing compliance assessment accredited by FinCEN or meeting internationally recognized standards, and be under effective regulation.

• All partners must commit to and demonstrate their ability to provide a level of protection for the customer information they process that is consistent with this policy, particularly regarding data security and confidentiality.

We share information with these qualified third parties for the purpose of fulfilling contractual obligations, complying with legal obligations, and ensuring service security.

2.7 Transaction Monitoring Data Description: To continuously monitor and report suspicious activity and fulfill our MSB’s ongoing transaction monitoring obligations, our system will automatically collect and analyze your transaction behavior characteristics data. This data includes, but is not limited to:

* Transaction frequency, patterns, and amounts, especially activities that are unusual or significantly deviate from your historical behavior patterns.

* Counterparty information and geographical location.

* The path and destination of cross-border fund flows.

* Transaction activities related to specific high-risk jurisdictions or entities.

This monitoring aims to identify potential money laundering, fraud, or other illicit financial activities and is a core component of our risk management and compliance program. The processing of this data is based on fulfilling legal obligations and our legitimate interests (ensuring the safe and compliant operation of the platform).

How We Use Your Information

We use your information solely for legal reasons, including:

• Fulfilling contractual obligations: To provide you with payment services, process transactions, and manage your account.

• Complying with legal obligations: As an MSB, we must fulfill obligations required by federal and state laws such as BSA/AML/KYC, including identity verification, transaction monitoring, and reporting.

• Legal interests: To operate and improve our services, conduct data analysis, prevent fraud and abuse, and ensure the security of our network.

• With your consent: We use cookies and other technologies to collect your data on our platform for specific purposes, such as collecting biometric information in certain circumstances or for marketing communications. You have the right to withdraw your consent at any time.

II. To Whom May We Disclose Our Personal Data

To comply with applicable laws and regulations, respond to litigation disputes, or comply with legitimate requests from administrative or judicial authorities, we may provide your relevant information to third parties.

1. Sharing with Your Consent

We will not sell your personal information. We will only share information in the following circumstances:

• Service Providers: To ensure the implementation and operation of our products and services, we will share information necessary for achieving functionality with authorized partners, provided it is legal, legitimate, and necessary. Partners may only use the information within the agreed-upon purpose and have no right to use it for other purposes. We will also share information with trusted third parties that provide us with operational services (such as payment processing, customer support, cloud storage, and fraud detection). These service providers must protect your information in accordance with their contracts.

• Financial Institutions and Payment Networks: To process your payment instructions, we must share necessary information with relevant banks, card organizations, and other financial intermediaries.

• Certification Authorities: To verify the authenticity and accuracy of the identity information you provide, we may share relevant information with qualified third-party certification authorities.

• Legal and Regulatory Requirements: Information may be disclosed in response to subpoenas, court orders, or other legal proceedings, or to comply with reporting and inspection obligations of regulatory bodies such as FinCEN.

• Business Transfer: Your information may be transferred in the event of a company merger, acquisition, or sale of assets.

• Regulatory Bodies, Banks, E-commerce Platforms, and Payment Institutions: To fulfill legal obligations, process transactions, mitigate risks, or enforce user agreements, we may share information with regulatory bodies, banks, e-commerce platforms, licensed payment institutions, and other authorized third parties. For example:

• We may exchange information with relevant agencies for fraud monitoring and risk control;

• We need to share your information with banks, licensed payment institutions, etc., to facilitate transaction processing;

• Due to the nature of our business involving cross-border transactions, we may provide necessary information, including your name and address, to overseas receiving banks or intermediaries. You should review their privacy policies and practices before disclosing information to these third parties. If you have any questions about how these third parties use your personal information, you should review their policies and contact them directly.

• With Your Consent: Sharing with other parties with your explicit authorization.

III. How We Store Your Personal Data

We recognize the importance of protecting our users’ personal data. We take measures to ensure that your personal data is not misused, interfered with, lost, or subject to unauthorized access, modification, or disclosure. Your personal data is generally stored in our or our affiliates’ computer databases and/or with third-party storage providers. For information stored in our computer databases, we implement data security guidelines to ensure that your personal data is securely managed.

For more information, please see Section Six below (How Your Personal Data is Protected).

We employ a triple protection system of physical isolation, electronic encryption, and program control to comprehensively safeguard your information security. Your information is stored in encrypted electronic form. Depending on the service type, the data will be deployed on compliant servers in mainland China or Hong Kong, and a robust data security defense is built through high-level firewalls, real-time updated antivirus systems, and strict server access control. If you submit paper documents, we will properly retain paper copies and simultaneously generate encrypted electronic archives to ensure the integrity and security of information storage.

To strictly fulfill our legal obligations regarding anti-money laundering and counter-terrorism financing, all necessary regulatory information and data will be retained for at least five years, in accordance with laws and regulations such as the BSA, after the termination of your business relationship with Agroecopay. During this statutory retention period, even if you cancel your account, we are legally required to retain these records.

It should be noted that internet data transmission inherently carries technical risks and absolute security cannot be achieved. While we do not guarantee the absolute security of information collected and transmitted electronically, we consistently employ reasonable and necessary protective measures, such as encrypted transmission and security protocols, to minimize security risks and fully protect your personal information from unauthorized access or disclosure, adhering to high industry standards. If local regulations require longer retention periods for relevant information, we will strictly comply with compliance standards to extend the storage period, ensuring full compliance with applicable regulations for this platform and our partners.

IV. How is your personal data protected ?

We employ multiple security measures to ensure the confidentiality of your personal data and protect it from (a) loss, (b) theft, (c) unauthorized access, processing, alteration, or destruction, and (d) misuse or other similar risks.

Our information security framework is based on recognized international security standards and is subject to independent audits to ensure compliance and effectiveness. We are committed to continuously improving our practices to ensure the security of your personal data, while taking into account new legal and technological developments. If relevant data is no longer needed for storage and use, or is no longer legally required, we will immediately take data deletion or anonymization measures.

When using the platform services, we strongly recommend that you do not send your personal information using communication methods not recommended by the platform. If you receive a request from KeNing, please do not provide your information and contact our service representative to report it in accordance with this Privacy Policy.

You are responsible for protecting the security of your account password. Do not share this information with anyone. You will inevitably need to disclose your personal information to partners or potential partners; please protect your personal information carefully and only provide it to others when necessary. If your information is used without authorization or other security vulnerabilities occur, please contact customer service immediately so that we can take appropriate measures according to your request.

To fully protect your account security, we recommend that you set a strong password. We will use industry-leading security technology to comprehensively protect all information you submit.

Depending on the laws of your place of residence (such as California CCPA/CPRA, Colorado CPA, etc.), you may have some or all of the following rights:

• Right to know: To know the categories of personal information we collect and use.

• Right to access: To request access to specific personal information we hold about you.

• Right to correction: To request correction of inaccurate personal information.

• Right to erasure: To request the erasure of your personal information (subject to the retention obligations mentioned above).

• Right to restricted use: To restrict the use of your sensitive personal information in certain circumstances.

• Right to data portability: To obtain a copy of your personal information in a structured, universally applicable format.

• Right to opt out: To opt out of targeted advertising or the sale/sharing of personal information (we currently do not engage in such activities).

• Right not to retaliate: To not be discriminated against when exercising your rights.

To exercise these rights, please contact us at Support@Agroecopay.com. To protect your information, we need to verify your identity before processing your request.

V. Transparent Management of Your Information

5.1 To protect your right to control your personal information, we provide the following clear and convenient management methods:

You can log in to your account at any time to view and update your basic information, such as your mobile phone number and login password, through the platform’s management interface to ensure the information is always accurate. If you encounter any restrictions or need assistance during operation, please contact customer service for guidance and support.

Please note that to provide you with continuous and secure services, your contact information, identity information, and financial information are necessary personal information. Deleting them will affect the normal use of your account; therefore, individual deletion is not currently supported.

If you decide to no longer use this platform’s services, you can delete all your personal information at once by canceling your account. We will process your request and complete the information clearing in accordance with the law. Other non-essential information that you actively fill in or upload can still be deleted at any time on the corresponding page.

This operation will take effect immediately after you confirm account cancellation. Once your account is canceled, we will cease all services and delete or anonymize your personal information in accordance with relevant laws and regulations. Based on legal requirements, some information must be retained in the system for a specified period. After the expiration of this period, we will completely delete or anonymize your personal information.

If you have any questions, please contact our official customer service (Support@Agroecopay.com) for answers.

VI. Restrictions on Use by Minors

Users must be 18 years of age or older to use this service. We do not intentionally process the personal data of children under the age of 18, nor do we intend to do so. We reserve the right to request proof of age at any time to verify whether a minor under the age of 18 is using this service. If a user under the age of 18 is found to be using this service, we will prohibit and block that user from accessing the service and take appropriate measures to prevent them from continuing to use the service in order to maintain a safe and compliant community environment.

VII. Your Choices and Your Power

We always respect and support your legal rights regarding your personal information. Regardless of whether your country or region has mandatory laws regarding this, we are committed to protecting your right to manage your data in a responsible and transparent manner. If you wish to exercise any of the following rights, please contact us at Support@Agroecopay.com. We will provide timely support after verifying your identity and relevant information.

Right to Correct Information: If you find that the information we have recorded is incorrect or incomplete, you can contact us at any time for an update. We will correct it as soon as possible after verification to ensure the accuracy of your data.

Right to Erasure Information: You may request the deletion of your personal information, subject to compliance with laws and regulations and business necessity. We will assess this in accordance with our internal data retention policy and relevant legal obligations, and will endeavor to meet your needs to the best of our ability within permissible limits. All deletion requests will be recorded and used only for that purpose.

Right to Access Information: You have the right to know the details of your personal information held by us, including its content, purpose, and sharing. We will provide clear and understandable copies of the information to a reasonable extent. We reserve the right to charge appropriate administrative fees for duplicate or excessive requests and may refuse certain requests in accordance with the law.

Restriction of Processing Rights: If you wish for us to suspend further processing of your information, please inform us. We will assess whether there are legitimate reasons requiring continued processing (such as fulfilling legal obligations or contractual requirements) and inform you of the results promptly. Please note that in some cases, we may be unable to immediately cease processing due to legal or contractual obligations.

We value the trust of every user and are committed to treating each of your rights claims with professionalism and integrity. If you have any questions, we are always here to assist you.

VIII. Privacy Notice and Liability Statement Regarding Third Parties

We need to make you aware of your rights. Your rights depend on the reasons we process your personal data.

8.1 Your business partners, third-party websites or services you access through our platform, and other partner organizations that obtain your personal information from us may all have their own independent privacy policies. When accessing third-party platforms, please prioritize checking prominent entry points such as the “Privacy Policy” and “User Agreement” at the bottom of their official website, or look for data protection instructions on their settings page. When you use or browse web pages, applications, or related services provided by third parties, these partners may use their own tracking technologies, such as cookies or pixel tags. These technological tools are not under our control, and their use does not comply with this Privacy Policy. The Privacy Policy document clearly defines the scope of information collection, purpose of use, sharing rules, and security measures.

While we will make commercially reasonable efforts to advocate for and require our partners to take necessary security measures for the personal information you provide, we cannot guarantee that their actions will fully comply with our standards. Therefore, we recommend that you proactively review the privacy policies of such third parties to fully understand their information processing methods. If you identify any potential risks while using third-party services, we suggest you immediately terminate the relevant operations to protect your legitimate rights and interests.

8.2 Risk Warnings for Specific Scenarios

1. Cross-border Transaction Scenarios: Be aware of differences in information protection regulations in the regions where third parties are located, and confirm whether they have the qualifications to comply with cross-border data transmission regulations to avoid information leakage due to regional policy differences;

2. Platform Cooperation Scenarios: If the third party is a cooperative service provider (such as payment, logistics, technical support, etc.), verify their business qualifications and information security certification, and be cautious about providing sensitive personal information (such as bank card passwords, complete ID card numbers, etc.);

3. General Scenarios: Regardless of the form of cooperation, if you find that a third-party webpage/application exhibits abnormal redirects, forced collection of irrelevant information, or pop-ups that induce privacy leaks, you should immediately stop operating, close the relevant page/application, and promptly report the issue through our official channels so that we can assist in verifying the risk.

Special reminder: Your information security is our core focus, but the information security risks arising from independent third-party operations are ultimately the responsibility of the third party itself. We recommend that you fully understand their privacy policies before interacting with third parties, make prudent decisions, and protect your legitimate rights to the greatest extent possible.

IX. Changes to Our Privacy Policy

We may update this policy from time to time to reflect changes in business or law, and will publish the revised version on the Agroecopay platform, indicating the effective date of the revised version. Please check this Privacy Policy frequently for updates and changes. Significant changes will be communicated to you via email or platform notification. Your continued use of the service indicates your acceptance of the updated policy. Your continued access to or use of the Agroecopay platform and/or services indicates your acknowledgment and acceptance of such changes to this Privacy Policy.

X. Language

This Privacy Policy may be published in different languages. In case of any discrepancy, the English version shall prevail.

XI. Changes to the Privacy Policy

Agroecopay reserves the right to change this Privacy Policy at any time, so please visit this page frequently. We will notify you of any material changes to this Privacy Policy through the Service, and/or we will send you an email with information about such changes to the email address you have provided. Such material changes will take effect seven days (7 days) after notification is given through either of the foregoing methods. Otherwise, all other changes to this Privacy Policy will take effect from the stated “Last Revision” date, and your continued use of the Service after the Last Revision date constitutes your acceptance and agreement to be bound by those changes.

XII. Our Contact Information

If you have any questions (or comments) about this Privacy Policy, please contact us using the following methods:

For any questions, complaints, comments, or requests regarding this Privacy Statement, please email us at Support@agroecopay.com. We will try our best to respond within a reasonable time. You can contact us at any time.

To ensure your request receives priority processing and a timely response, we kindly request your cooperation in providing the following information and materials: valid identification, accurate and reliable contact information, a written application, and relevant supporting documents. We will initiate the processing procedure as soon as we complete identity verification and will do our best to provide you with feedback within thirty business days.

Version Update Date: September 16, 2025

Effective Date: September 16, 2025