Back to Home

Privacy Policy

Last updated: January 2025

Data Protection

Bank-grade encryption and security measures protect your information.

Transparency

Clear disclosure of what data we collect and how we use it.

Your Control

Full control over your data with easy access and deletion options.

Medical Privacy

Special protections for medical information and patient data.

1. Information We Collect

Personal Information

When you create an account or use our services, we collect:

  • Identity Information: Full name, date of birth, government-issued ID
  • Contact Information: Email address, phone number, mailing address
  • Financial Information: Bank account details, tax identification numbers
  • Investment Profile: Accredited investor status, risk tolerance, investment history
  • Verification Documents: Passport, driver's license, utility bills, financial statements

Usage and Technical Information

We automatically collect technical and usage data:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent, click patterns, feature usage
  • Transaction Data: Investment amounts, timing, returns, portfolio performance
  • Communication Records: Support tickets, chat logs, email correspondence
  • Location Data: General location based on IP address (not precise GPS)

Medical Case Information

For medical emergency cases, we collect limited, anonymized information:

  • Medical Details: Type of procedure, urgency level, estimated costs
  • Location Data: Country and city (never specific addresses)
  • Insurance Information: Coverage verification, policy limits, claim status
  • Provider Details: Hospital/clinic name, medical professional credentials

2. How We Use Your Information

Platform Operations

  • Account creation and management
  • Identity verification and KYC compliance
  • Processing investments and returns
  • Fraud prevention and security monitoring
  • Customer support and communication

Legal & Regulatory

  • SEC and FINRA compliance reporting
  • Anti-money laundering (AML) monitoring
  • Tax reporting and documentation
  • Legal proceedings and investigations
  • Regulatory audits and examinations

Service Improvement

  • Platform analytics and optimization
  • Personalized investment recommendations
  • Risk assessment and modeling
  • New feature development
  • Market research and analysis

Communication

  • Transaction confirmations and updates
  • Account security notifications
  • Regulatory and policy changes
  • Educational content and market insights
  • Marketing communications (with consent)

3. Information Sharing and Disclosure

🔒 We never sell your personal information to third parties for marketing purposes.

Service Providers

We share information with trusted partners who help us operate our platform:

  • Payment Processors: Stripe, ACH providers for transaction processing
  • Identity Verification: Jumio, Onfido for KYC/AML compliance
  • Cloud Infrastructure: AWS, Google Cloud for secure data storage
  • Analytics: Mixpanel, Amplitude for platform optimization
  • Customer Support: Zendesk, Intercom for user assistance
  • Legal Services: Law firms for compliance and regulatory matters

Regulatory and Legal Requirements

  • Government Agencies: SEC, FINRA, FinCEN for regulatory compliance
  • Law Enforcement: When required by valid legal process
  • Tax Authorities: IRS and state agencies for tax reporting
  • Courts: In response to subpoenas or court orders
  • Regulatory Examinations: During official audits and investigations

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice and ensure appropriate privacy protections remain in place.

Emergency Situations

We may disclose information without consent to protect the safety of users, prevent fraud, or comply with emergency legal requirements.

4. Medical Information Privacy

Special Protection for Medical Data

Patient medical information receives the highest level of protection under our privacy framework.

Patient Data Protection

  • Complete Anonymization: All patient identifiers are removed or encrypted
  • Minimal Disclosure: Only essential medical information is shared with investors
  • Separate Storage: Medical records are isolated from investment and user data
  • Access Controls: Restricted to authorized medical verification staff only
  • Audit Trails: All access to medical data is logged and monitored
  • Data Minimization: We collect only what's necessary for verification

What Investors See

✅ Disclosed Information

  • • General location (city/country)
  • • Type of medical procedure
  • • Urgency level and timeline
  • • Insurance coverage verification
  • • Estimated costs and returns
  • • Hospital/provider credentials

❌ Protected Information

  • • Patient name or identity
  • • Specific medical history
  • • Personal contact information
  • • Detailed medical records
  • • Family or emergency contacts
  • • Specific address or location

5. Data Security

Technical Safeguards

  • Encryption: AES-256 encryption for data at rest
  • Transport Security: TLS 1.3 for all data transmission
  • Access Controls: Multi-factor authentication required
  • Network Security: Firewalls and intrusion detection
  • Data Backup: Encrypted, geographically distributed backups

Operational Security

  • Security Audits: Regular third-party penetration testing
  • Compliance: SOC 2 Type II certified infrastructure
  • Monitoring: 24/7 security operations center
  • Incident Response: Dedicated cybersecurity team
  • Employee Training: Regular security awareness programs

Security Incident Notification: In the unlikely event of a data breach, we will notify affected users within 72 hours and provide detailed information about the incident and our response measures.

6. Your Privacy Rights

Universal Rights

  • Access: Request copies of your personal information
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request removal of your data (subject to legal requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Opt-out: Unsubscribe from marketing communications

Enhanced Rights (GDPR/CCPA)

  • Object to Processing: Opt out of certain data uses
  • Restrict Processing: Limit how we use your data
  • Automated Decision-Making: Request human review of algorithmic decisions
  • Data Protection Officer: Contact our DPO for privacy concerns
  • Supervisory Authority: File complaints with privacy regulators

How to Exercise Your Rights

Contact us at privacy@emsx.com or use the privacy controls in your account settings. We will respond to all requests within 30 days and may require identity verification for security purposes.

7. Cookies and Tracking Technologies

Types of Cookies We Use

Essential Cookies

Required for platform functionality, security, and user authentication.

Analytics Cookies

Help us understand how users interact with our platform to improve performance.

Functional Cookies

Remember your preferences and settings for a personalized experience.

Marketing Cookies

Used for targeted advertising and measuring campaign effectiveness (with consent).

Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect platform functionality.

8. International Data Transfers

EMS-X operates globally and may transfer your information to countries other than your own. We ensure appropriate safeguards are in place for all international transfers:

Adequacy Decisions

Transfers to countries with adequate privacy protections as determined by regulators.

Standard Contractual Clauses

Legally binding contracts that ensure privacy protections during data transfers.

Certification Programs

Participation in recognized privacy frameworks like Privacy Shield successors.

9. Data Retention

We retain your information only as long as necessary for legitimate business purposes and legal compliance:

Account InformationDuration of account + 7 years
Investment Records7 years after final transaction
KYC/AML Documentation5 years after account closure
Marketing CommunicationsUntil opt-out or 3 years
Support Communications3 years after resolution

Note: Some information may be retained longer if required by law, ongoing legal proceedings, or legitimate business interests such as fraud prevention.

10. Children's Privacy

Age Restriction: 18+ Only

EMS-X is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete it immediately.

If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@emsx.com.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Material Changes

  • • 30-day advance notice via email
  • • Prominent notice on platform
  • • Option to opt-out or close account
  • • Summary of key changes provided

Minor Changes

  • • Updated policy posted immediately
  • • "Last updated" date modified
  • • Notification in next communication
  • • Continued use implies acceptance

We encourage you to review this privacy policy periodically to stay informed about how we protect your information.

12. Contact Information

Privacy Inquiries

Email: privacy@emsx.com

Phone: +1 (888) 555-EMSX

Response Time: Within 30 days

Languages: English, Spanish, French

Data Protection Officer

Email: dpo@emsx.com

Address: 123 Financial District
New York, NY 10004

EU Representative: Available upon request

Regulatory Complaints

If you're not satisfied with our response to your privacy concerns, you have the right to file a complaint with your local data protection authority or the relevant supervisory authority.

Questions About This Policy?

Our privacy team is here to help you understand how we protect your information.