Last updated: December 2022

Plutus Financial, Inc., its subsidiaries and affiliates (collectively, “Abra”), provides individuals, private clients, and institutions with cryptocurrency services, including trading, lending, liquidity, and asset management. This Privacy Policy explains how Abra collects, uses, and discloses your Personal Information and how you may exercise your applicable privacy rights. 

The nature of your relationship with Abra, as well as your individual circumstances, may determine the privacy practices applicable to you. In certain circumstances, we may provide you with additional privacy notices as the circumstances may require, including:

  • Gramm-Leach-Bliley Act (“GLBA”) Privacy Notice

If you have questions about how this Privacy Policy applies to you, please contact us at [email protected]

Updates to this Privacy Policy

We may update this Privacy Policy from time-to-time. If we make any material changes, we will notify you by revising the date at the top of the policy and, in some cases, may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review this Privacy Policy whenever you interact with us to stay informed about our privacy practices and the choices available to you. Abra will not process Personal Information for a purpose different than the purpose for which it was originally obtained without providing you with prior notice and/or obtaining your consent.

Collection of Personal Information 

Personal Information is data that identifies, relates, or could be linked to an individual. We may collect the following categories of Personal Information collected or supplied to us through this website located at https://abra.com, the Abra iOS or Android mobile apps, the Abra payment card application, or by other means, including through any email message, webform, chat box, survey, social media page, or other correspondence:

Contact Data Name (first and last), phone number, e-mail, mailing address, and country
Individual Account Registration Data Full legal name, Social Security Number* (“SSN”) or a comparable government-issued identification number*, date of birth, proof of identity (e.g., unexpired driver’s license, passport or other government-issued identification), “selfie” picture and live recorded “liveliness” check of your face and likeness, home address (not a mailing address or P.O. Box), consumer and credit report information, and any additional Personal Information or documentation at the discretion of our Operations Team
Company Account Registration Data Entity legal name, Employer Identification Number (“EIN”) or any comparable identification number issued by a government, full legal name of all account signatories, email address of all account signatories, mobile phone number of all account signatories, principal place of business and/or other physical location, proof of legal existence (e.g., state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable), documentation indicating that the signatories are authorized to act on behalf of the legal entity, “selfie” picture and recorded “liveliness” check of your face and likeness, and any additional information or documentation at the discretion of our Operations Team 
Abra Payment Card Application Data Full legal name, Social Security Number* (“SSN”) or a comparable government-issued identification number*, date of birth, proof of identity (e.g., unexpired driver’s license, passport or other government-issued identification), home address (not a mailing address or P.O. Box), net worth, payment information, income information, information about your transactions with us or others, such as your account balance and account transactions, and information received from a consumer reporting agency, such as credit history
Transactions Data Data associated with any activities, including trades, orders, deposits, withdrawals, wallet balances, and other transactions conducted by or through Abra products or services
Message Data The object of any messages or correspondences, including email, web chat, share-file, or web form messages, and any personal data contained therein
Survey Data Information you may provide in a survey, poll, or the like, including your responses
Meeting Data Information captured or recorded during any web meeting, webinars, video calls, or phone/conference calls
Social Media Data Information and messages shared with us through our social media pages, including your associated profile information
Referral Data Information about you provided to us from other sources 

 

Information marked with a “*” is considered “sensitive information” under the California Privacy Rights Act (“CPRA”).

Please be advised: The USA PATRIOT ACT requires all financial institutions, including Abra, to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all new Abra users. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. 

Uses of Personal Information

We may use Personal Information collected about you for the following purposes:

  • Providing Abra’s products and services;
  • Operating our business and administering customer accounts;
  • Communicating through email and other means;
  • Promoting our products through sales and marketing;
  • Detecting and preventing abuse and security threats;
  • Complying with laws and regulations, e.g., anti-money laundering laws and regulations;
  • Providing you with information that you request from us;
  • Fulfilling any other purpose for which you have provided us with your information;
  • Notifying you about changes to the website, our Terms of Use, or this Privacy Policy;
  • In any other way we may describe when you provide the information; and
  • For any other purpose to which you consent.

Collection of Interaction Data

We may also automatically collect other categories of information when you access or use the Site or otherwise interact with us (collectively, “Interaction Data”), including: 

Log Data Information collected by our servers when you access our website and mobile applications, including IP addresses, referral URLs, date and time, and crash data
Device Data Information about your device, including type of device, operating system, application IDs, and unique device identifiers
Browser Data Information about your browser type and settings, language preferences, and Cookie data
Analytics Data Approximate location based on your IP address (e.g., geolocation), information about your time of access, session and duration, and your interactions with our website or mobile applications

 

Uses of Interaction Data

We may use Interaction Data for the following purposes: 

  • Administering, designing, and improving our products and services;
  • Identity verification, fraud prevention, and security; 
  • Analytics, e.g., tracking and measuring activity on our website and mobile applications;
  • Gaining sales and marketing insights;
  • Detecting and prevent abuse and security threats;
  • Operating and improving our business and services; and
  • Complying with legal and regulatory obligations, including anti-money laundering requirements.

The technologies we may use to collect Interaction Data include small data files placed on your computer or device when you visit our website, commonly known as “Cookies,” as well as “Pixels,” “Web Beacons,” and similar technologies. A Cookie file may contain information that can identify you each time you visit our website. Our website may use Cookies as a way to measure activity and traffic patterns on our website in order to improve your experience, monitor usage, compile analytics, and for advertising and marketing purposes. However, Abra does not link the information we store in cookies to any personally identifiable information you submit while on our website.

Your browser can be set to warn you before accepting Cookies and you can choose to refuse Cookies by turning them off in your browser. You do not need to have Cookies turned on to visit the website, but you may need them to use certain features of the website. 

 

Do Not Track Signals

Under the California Online Privacy Protection Act (“CalOPPA”), we want to inform you about our “Do Not Track” (“DNT”) request policy. DNT is a feature that some web browsers offer to allow users to send signals to websites so that no information about their browser session will be shared. While we take all reasonable steps to protect your online privacy, we cannot promise that our current Site will address every browser setting or honor every personal browser preference. In particular, we have not implemented the necessary programming changes to honor “DNT” browser signals. Please return to this Privacy Policy for further updates on this topic. You can learn more about DNT here: https://www.eff.org/issues/do-not-track

Disclosure of Personal Information

We may disclose any category of Personal Information and Interaction Data to the following categories of recipients for the purposes described below:

Affiliates We share Personal Information and Interaction Data within the Abra family of companies to operate and improve our business
Financial Services Partners We share Personal Information with banks, payment card companies, and other financial institutions with whom we disclose information necessary to provide our products and services 
Service Providers We share Personal Information and Interaction Data with our Service providers as necessary for processing or administering financial transactions, including companies that provide “back-end” systems, identity verification services, web services, and IT and technical support
Business Services Providers We share Personal Information and Interaction Data with our business services providers, including contractors, consultants, marketing services, security vendors, auditors, information services providers, and professional advisors
Consumer Reporting Agencies We share Personal Information with consumer reporting agencies, such as credit bureaus, in offering financial products and services
Marketing Partners We share Personal Information and Interaction Data with marketing and advertising partners for marketing and joint marketing purposes
Government and Legal We share Personal Information and Interaction Data with public authorities and third parties as may be required by applicable law, regulation, or legal process
Corporate Transaction We may share Personal Information and Interaction Data as part of a corporate transaction e.g., to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some of assets, whether as a going concern or as a part of bankruptcy, liquidation or similar proceeding

 

Aggregated and/or anonymized information that is incapable of identifying a specific individual is not considered Personal Information under this Privacy Policy. We may use and disclose such aggregated and/or anonymized information without restriction. 

International Transfers of Personal Information

Except as may otherwise be governed by applicable privacy or data protection law, your Personal Information may be transferred to third countries other than the country from which it originated. Such third countries may have different or less protective privacy and data protection laws than the originating country. By sharing Personal Information with us, you consent to the transfer of your Personal Information to the United States and the Philippines. 

Privacy Rights of U.S. Residents

Under the California Consumer Privacy Act of 2018 and California Privacy Rights Act (the “California Privacy Laws”), Virginia Consumer Data Protection Act (“VCPDA”), Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CDPA”), Utah Consumer Privacy Act (“UCPA”), Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), and their respective amendments and implementing regulations (collectively, the “U.S. Privacy Laws”), eligible U.S. state residents may be afforded certain privacy rights subject to certain limitations, including:

  • Right to Know. You have the right to access the specific pieces of Personal Information collected about you, the sources from which such information was obtained, the categories of information that have been sold or disclosed for a business purpose, and the commercial purpose for which the information was collected or sold, provided to you in a reasonably portable format if you have a password-protected account.
  • Deletion. You have the right to request that we delete any of the Personal Information we have collected or maintain about you.
  • Rectification and Correction. You have the right to rectify and correct inaccuracies in your Personal Information. 
  • Opt-out of Sales and Sharing of Personal Information. You have a right to opt-out of the sale or sharing of your Personal Information, including cross-context behavioral advertising, and to opt-in again at your election. 
  • Limit Use and Disclosure of Sensitive Personal Information. You have the right to opt-out of secondary uses and disclosures of your Sensitive Personal Information. 
  • Restrict Profiling. You have the right to restrict the use of your Personal Information for purposes of profiling. 
  • Portability. You have the right to obtain a copy of certain Personal Information in portable (e.g., machine readable) format. 
  • Opt-out of Automated Decision-making. You have the right to opt-out to certain types of automated decision-making, subject to certain exceptions. 
  • Non-Discrimination. You have the right to not be discriminated against in the event you exercise your other rights listed above. If you exercise these rights, you will not be denied goods or services, charged a higher rate, or provided with lower quality products.

Exercising Your Rights Under the U.S. Privacy Laws. You, or an authorized agent, may exercise your rights by submitting a request to our Legal Team at [email protected] or by calling 1-877-246-2272. Unless otherwise required by law, Abra will allow two disclosure requests per 12-month period at no cost to you. For subsequent requests, we may charge a fee if we determine that the request is excessive, repetitive, or manifestly unfounded, but will not do so without providing you with a cost estimate before processing your request. 

We respond to and process requests promptly and within the timeframes required by the U.S. Privacy Laws. Except with respect to certain “opt-out” rights, all privacy requests are subject to proper prior verification before processing.

If you are the authorized agent of an individual making a request, you may have to take additional steps to verify your identity and demonstrate that you can exercise the individual’s rights on their behalf. You may be required to provide their customer id number, the address provided to Abra when they created their account, or other account information to verify your identity.

Sale of U.S. Resident Personal Information. Abra may use Personal Information for targeted and/or cross-context behavioral advertising and therefore may “sell” your Personal Information, including within the past 12-months, as disclosed in this Policy. 

Abra’s services are not available to minors and Abra does not collect any Personal Information of minors. Abra does not sell any Personal Information relating to minors.

Opt-out of Sales of Personal Information. To opt-out of the sale of your Personal Information, please email [email protected] or call 1-877-246-2272. 

Please note that your opt-out choices may apply only to this specific web browser and persist only until the opt-out Cookie is removed or “cleared” from your web browser, e.g., by clearing Cookies in your browser settings. 

Global Privacy Control

Abra’s Site responds to requests from web browsers with user-enabled Global Privacy Control (“GPC”). More information about GPC is available here: https://globalprivacycontrol.org/ 

Privacy Rights of EU/EEA, United Kingdom, and Swiss Data Subjects

Under the General Data Protection Regulation (“GDPR”), UK Data Protection Act 2018 (“UK GDPR”), and Swiss Federal Act on Data Protection (“FADP”), and their respective amendments, revisions, and implementing regulations (collectively, the “European Data Protection Laws”), EU/EEA, United Kingdom, and Swiss data subjects (collectively, “European Data Subjects”) have the following rights concerning their Personal Information: 

  • Withdrawal of Consent. If processing is on the basis of consent, you have the right to withdraw consent to the processing at any time.
  • Access and Rectification. You have the right to access, correct, and update your Personal Information.
  • Deletion/Erasure. You have the “right to be forgotten” through the erasure or deletion of your Personal Information.
  • Portability. You may have the right to move, copy, and/or transfer certain Personal Information from our service to another service. 
  • Stop Processing. If processing is on the basis of legitimate interests, you have the right to object to the processing of your Personal Information and to ask us to restrict the processing of your Personal Information, subject to certain limitations.
  • Submit a Complaint. You have the right to submit a complaint to a data protection authority about our collection and use of your Personal Information. Contact details for the UK data protection authorities is located here, for the EU/EEA here, and for Switzerland here.

Lawful Basis. We process Personal Information of European Data Subjects on the following lawful bases:

  • Legitimate Interest. Where the processing is necessary for the purposes of the legitimate interests pursued by Abra or by a third party and not overridden by your interests or fundamental rights and freedoms (e.g., product development and security purposes);
  • Contract. Where the processing is necessary for the performance of a contract with you (e.g., to deliver the product or service you have requested); 
  • Consent. Where you have given explicit consent to the processing of your Personal Information for one or more specific purposes (e.g., new and unexpected processing activities); and
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which Abra is subject (e.g., compliance with anti-money laundering laws and regulations).

Exercising Your Rights Under the European Data Protection Laws. You, or an authorized agent, may exercise your rights by submitting a request to [email protected]

We respond to and process requests promptly and within the timeframes required by the European Data Protection Laws. Please note that all requests are subject to proper prior verification before processing.

If you are the authorized agent of an individual making a request, you may have to take additional steps to verify your identity and demonstrate that you can exercise the individual’s rights on their behalf.

Retention of European Data Subject Personal Information. Abra retains Personal Information proportionate with the purposes for which it was collected and processed. Certain Personal Information may be retained for longer periods as necessary for legal and compliance purposes. 

Contact Information. You may contact Abra’s Global Privacy Office at the following: 

Plutus Financial, Inc.
PO Box 390004
Mountain View, CA 94039
USA

Privacy Rights of Canadian Residents

Under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the Provincial Privacy Acts (together, the “Canadian Privacy Laws”), and their respective amendments and implementing regulations, Canadian residents are afforded certain privacy rights. If you are a Canadian resident, subject to certain limitations, you have the following rights concerning your Personal Information:

  • Openness and Transparency. You have the right to know the personal information we collect about you and the purposes for its collection. 
  • Access. You have the right to access personal information we maintain about you, subject to certain exceptions. 
  • Correction. You have the right to correct inaccuracies in personal information we maintain about you. 
  • Right to Deletion. You have the right to request that we delete personal information we have collected or maintain about you.
  • Right to De-indexing. You have the right to request your personal information be “de-indexed” from certain types of distribution. 
  • Right to Withdraw Consent. You have the right to withdraw consent to our use of your personal information, subject to certain exceptions. 

Exercising Your Rights Under the Canadian Privacy Laws. You, or an authorized agent, may exercise your rights by submitting a request to [email protected]

We respond to and process requests promptly and within the timeframes required by the Canadian Privacy Laws. Please note that all requests are subject to proper prior verification before processing.

If you are the authorized agent of an individual making a request, you may have to take additional steps to verify your identity and demonstrate that you can exercise the individual’s rights on their behalf.

Transfer of Canadian Personal Information. Your Personal Information may be transferred to third countries where an adequate level of data protection can be ensured. By sharing Personal Information with us, you consent to the transfer of your Personal Information to such third countries. 

Use by Minors

Abra does not knowingly collect Personal Information from or about minors. Minors should not use this Site or otherwise provide us their Personal Information. If we learn that we have collected or received Personal Information from a minor without verification of parental consent, we will delete that information. If you believe we might have inadvertently collected Personal Information from or about a minor, please contact us at [email protected].   

Security of Personal Information

Taking into account the nature and scope of the processing and the particular risks to Personal Information, Abra utilizes reasonable technical and organizational measures to help protect the confidentiality, integrity, and availability of Personal Information and of our systems and services. Abra regularly tests, assess, and evaluates the effectiveness of the technical and organizational measures for ensuring the security of the processing. 

Breach Notification

If your Personal Information is the subject of a data breach under applicable law or regulation, we will take appropriate action, including providing you with notice, as such law or regulations may require.

General Inquiries and Updates

For inquiries concerning this Privacy Policy, you may contact:

Plutus Financial, Inc.
PO Box 390004
Mountain View, CA 94039
USA