This Privacy Notice describes how Sphere Laboratories, Inc. and any subsidiaries, including Symmetry Financial Technologies, LLC and Arcadia Financial Technologies, LLC (“we,” “us,” or “our”) collect, use, store, disclose, and otherwise process information about you when you access or use our website (https://spherepay.co), applications, services, tools, and features, or otherwise interact with us (collectively, the “Services”).

For purposes of this Privacy Notice, “you” and “your” mean you as a user of the Services.

For the purposes of applicable data protection laws, we act as the data controller.

1. Contact Information & Representatives

If you wish to exercise your data protection rights or contact us with questions about this Privacy Notice, you may contact us or our appointed representatives at:

EEA Representative:
INSTANT EU GDPR REPRESENTATIVE LIMITED
Contact person: Adam Brogden
Address: Office 2, 12A Lower Main Street Lucan, Co. Dublin, K78 X5P8, Ireland
EEA portal or contact@gdprlocal.com

UK Representative:
GDPRLocal Ltd.
Contact person: Adam Brogden
Address: 1st Floor Front Suite, 27–29 North Street, Brighton, England, BN1 1EB
UK portal or contact@gdprlocal.com

Data Protection Officer (DPO):
Josh Box
4 The Boulevard
Leeds, United Kingdom
Email: josh.box@cognisys.group

Privacy rights requests may also be submitted via our Your Choices - Your Information Portal.

2. Scope & Acceptance

Please read this Privacy Notice carefully.

By using these services, you acknowledge that your personal information will be processed as described in this Privacy Notice. Where we rely on your consent to process personal information, we will obtain such consent as required by applicable law. If you do not agree with this Privacy Notice, please do not access or use our services.

Our U.S. Consumer Privacy Notice applies to information collected about U.S. individuals who seek, apply for, or obtain our financial products or services for personal, family, or household purposes.

3. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will amend the “Last Updated” date above. If we make material changes, we will take reasonable steps to notify you, such as by email, through the Services, or by other means consistent with applicable law. Where required, we will obtain your consent.

4. Collection and Use of Information

We collect personal information from a variety of sources depending on how you interact with us. We process this information to provide and improve the Services, maintain our relationship with you, comply with legal obligations, protect our rights, and pursue our legitimate business interests, where permitted by law.

A. Information You Provide to Us

This may include:

• Contact details (e.g., name, address, phone number, email):
  Used to create and maintain accounts, provide Services, communicate with you, and—where permitted—send marketing communications.

• Account credentials (e.g., username, password, security questions):
  Used to authenticate users and secure accounts. You are responsible for safeguarding your credentials.

• Financial account information (e.g., linked accounts, balances, assets)
  Used to provide the Services you request.

• Payment information (e.g., bank account or card details, billing address):
  Used to process payments and fulfill contractual obligations.

• Employment application information (e.g., resume, CV, references):
  Used to evaluate and process job applications.

• User-generated content (e.g., messages, photos, recordings):
  Content submitted to public areas of the Services may be accessible to others.

• AI-powered tools input and output:
  Information you choose to input into AI-powered tools (“Input”) and content generated as a result (“Output”).
  We do not use personal information, financial account data, or other sensitive information contained in Inputs to train or fine-tune AI models unless such data has been de-identified or you have provided explicit consent, where required by law.

• Financial crime, sanctions, and AML information:
  We may process personal data, including criminal offense data, as required to comply with applicable laws relating to fraud prevention, sanctions screening, and anti-money laundering obligations. Such processing is conducted under legal obligations and subject to appropriate safeguards.

• Communications:
  Information you provide when contacting us for support or inquiries.

B. Information Collected Automatically

We and our service providers may automatically collect information using cookies, pixels, and similar technologies, including:

• Device and browser information
• IP address
• Approximate or precise location (where enabled)
• Usage data, logs, timestamps, and interactions
• Marketing and advertising engagement data

These technologies are used with your consent where required, or otherwise based on our legitimate interests.

For more information, please see our Cookie Notice and Cookie Settings.

We do not respond to browser “Do Not Track” signals, but we recognize legally required opt-out signals such as the Global Privacy Control (GPC) where applicable.

C. Information from Other Sources

We may receive information from:

• Financial institutions and account-linking providers
• Analytics providers (e.g., Google Analytics)
• Career platforms (e.g., LinkedIn)
• Marketing and data enrichment providers

We treat such information in accordance with this Privacy Notice.

D. Erasing Information

We may erase  or anonymize information so it cannot reasonably be linked to you.

5. Disclosure of Information

We may disclose personal information to:

• Affiliates and corporate group members
• Financial institutions and payment processors
• Service providers and vendors
• Marketing partners (with consent, where required)
• Third parties at your direction
• Professional advisors
• Parties involved in corporate transactions
• Authorities or others as required by law or to protect rights and safety

6. Social Features

Use of social features may allow third parties to collect information about you. Content shared via such features may be publicly visible.

7. Third-Party Websites and Links

We are not responsible for the privacy practices of third-party websites or platforms.

8. Children’s Privacy

Our services are not intended for children under 13. If we learn that we have collected such information, we will delete it.

9. Data Security & Retention

We implement reasonable safeguards to protect personal information and no system is completely secure.

We retain personal information only as long as necessary, considering legal, regulatory, and operational requirements, including:

• Account data: for the life of the account
• Contact inquiries: up to 60 months
• Usage and technical data: up to 60 months
• Sanctions and AML records: up to 120 months, as required by law

10. Technical & Organizational Security Measures

We maintain layered security controls, including encryption, access controls, logging, monitoring, least-privilege access, segregation of duties, and disaster recovery practices aligned with SOC 2 Security and Confidentiality criteria.

11. International Data Transfers

We are based in the United States. Where personal data is transferred outside the EEA or UK, we rely on approved safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement, where required by law.

We will always notify clients upon the intention of any data transfer taking place. No data will be transferred without specific, direct communication from the company to advise of these plans.  

12. Privacy Rights

Depending on your location, you have rights including access, correction, deletion, portability, restriction, objection, withdrawal of consent, and registering a complaint to a supervisory authority.

You may exercise your privacy rights by submitting a request through our Your Choices - Your Information Portal or by contacting us using the details provided in Section 1.

13. California Privacy Rights (CCPA / CPRA)

California residents have additional rights, including the right to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and not be discriminated against.

We do not sell personal information. We may share personal information for cross-context behavioral advertising.

You may exercise your privacy rights by submitting a request through our Your Choices - Your Information Portal or by contacting us at:

Email: privacy@spherepay.co
Address: US Privacy Officer, 8 The Green, #22219, Dover, DE 19901, USA