Privacy Policy

Last Updated: December 12, 2025

This Privacy Policy describes how Valid8 Financial, Inc. and its subsidiaries and affiliates (“Valid8,” “we,” “us,” or “our”) collect, use, and share personal information. It applies to personal information collected in connection with:

  • our website at www.valid8financial.com and any other websites we own and operate that link to this Privacy Policy (collectively, the “Site”), and
  • our products, services, social media pages, events, emails, and other electronic communications (collectively, the “Service”).

Valid8 primarily provides its Service to business clients. This Privacy Policy applies to personal information about individuals (such as employees, contractors, or other representatives of our business clients) who use the Service or otherwise interact with Valid8. When Valid8 determines the purposes and means of processing your information, we act as a “business” (under U.S. privacy laws) or “controller” (under European law), and this Policy describes our practices in those situations.

This Privacy Policy does not apply to personal information that we handle solely as a service provider or data processor on behalf of our customers. 

Valid8 may modify this Privacy Policy from time to time. If we make material changes to how we collect, use, or share personal information, we will notify you by updating the “Last Updated” date at the top of this Policy and, in some cases, by additional means (such as email or a prominent notice on our Site). In all cases, your continued use of the Service after we provide notice of changes will constitute your acknowledgement of the changes. We encourage you to review this Privacy Policy periodically to stay informed about our practices.

Table of Contents

  1. Collection of Personal Information
  2. Use of Personal Information
  3. Sharing of Personal Information
  4. International Transfers of Personal Information
  5. Your Choices
  6. Children’s Privacy
  7. Security of Personal Information
  8. Third-Party Websites and Services
  9. Notice to California Residents
  10. Notice to Nevada Residents
  11. Notice to European Users
  12. Contacting Us

1. COLLECTION OF PERSONAL INFORMATION

Personal Information You Provide. We collect personal information that you provide to us, which may include:

  • Contact information (such as your first and last name, company name, email address, phone number, and mailing address).
  • Professional information (such as your job title, department, and other details about your business or profession).
  • Account information (such as information you provide when registering an account or entering into an agreement with us, records of products and services you have purchased, and other details about your use of the Service).
  • Payment information (such as your bank account number, credit or debit card number, or other financial account details for processing payments). All payment processing services related to the Service are provided by third-party payment processors. We treat this financial information as sensitive and use it solely for facilitating payments and related purposes.
  • Preferences (such as your marketing and communication preferences).
  • Survey responses (such as information you provide in surveys or questionnaires).
  • Communications (such as the content of your requests or inquiries to our support team, and any feedback you provide). We and our service providers may monitor or record phone calls or online chats with you for quality assurance, training, and to enforce our rights.

Personal Information from Third Parties. We may also obtain personal information about you from other sources. We may receive your information from social media platforms, advertising and lead-generation partners, joint marketing or event co-sponsors, public databases, or other third parties. We use this information in combination with data we collect directly from you for the purposes described below.

Personal Information Collected Automatically. We, our service providers, and our advertising partners automatically collect certain information about your device and your activities over time on our Site and Service through cookies, web beacons, and similar tracking technologies. This may include:

  • Device data (such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, IP address, unique device identifiers, and general location information such as city, state, or geographic region based on your IP address).
  • Online activity data (such as the pages or screens you viewed on our Site, how long you spent on a page, navigation paths between pages, information about your activity on a page or interaction with our emails, the dates/times of your visits, and duration of use).

Like many online services, we use various technologies to facilitate automatic data collection, including:

  • Cookies – small text files that websites store on your device to uniquely identify your browser or to store information/settings in your browser. Cookies help us, for example, to recognize you on return visits, remember your preferences, keep you logged in, understand user activity, and facilitate online advertising.
  • Web beacons (also called pixel tags or clear GIFs) – tiny images or code embedded in a webpage or email that help us determine whether the page or email was accessed or opened, or whether certain content was viewed or clicked. Web beacons enable us to compile statistics about Site usage and the effectiveness of our marketing campaigns.
  • Local storage – technologies like HTML5 local storage that allow data to be stored locally on your browser or device to support interactive website features (for example, to remember preferences or caching data to improve performance).

Session replay – third-party technologies that record a video replay of your interactions with our Site, including clicks, mouse movements, scrolls, keystrokes, and other browsing data during your visit. We use these replays internally to troubleshoot issues, analyze user behavior on our Site, and improve the functionality and user experience of our Service.

2. USE OF PERSONAL INFORMATION

Valid8 uses personal information for the purposes described below, and as otherwise described in this Privacy Policy or at the time of collection:

  • To Provide the Service. We use personal information to deliver our Service and operate our business. For example, we use personal information to:
    • Process your transactions and provide you with access to our platform, products, and technology.
    • Establish, maintain, and manage your user account (including authenticating you and authorizing activities).
    • Personalize and improve your experience with the Service.
    • Verify your identity and determine your eligibility for certain offers or promotions.
    • Communicate with you about your account or transactions (e.g., sending confirmations, invoices, technical notices, updates, and security alerts) and respond to your inquiries, feedback, or requests.
    • Contact you about the Service via phone, email, or other channels of communication.
    • Administer and fulfill contests, surveys, sweepstakes, or other promotions that you choose to participate in.
    • Provide technical support, customer service, and account management.
    • Fulfill any other purpose for which you provide personal information.
  • Research and Development. We may use personal information for internal research and product development purposes. This helps us to understand usage trends and user preferences, improve and optimize the Service, and develop new features, functionality, products, and services. As part of these efforts, we may create aggregated, de-identified, or anonymized data from personal information by removing details (like names or contact info) that would personally identify you. We use such aggregated or anonymized data for our own legitimate business purposes, and we may share it with third parties in a form that does not identify any individual.
  • Direct Marketing. We may use your contact information and preferences to send you marketing and promotional communications, as permitted by law. For example, we may send newsletters, product updates, or information about new services or upcoming events. We may also send promotional messages jointly with our business partners. You can opt out of marketing emails at any time as described in the Your Choices section below.
  • Interest-Based Advertising. We may use certain personal information about you to show you targeted advertisements for Valid8 or our partners’ products on our Site or on third-party sites and platforms. For instance, we may use cookies and similar technologies to collect online activity data and device data (as described above in Collection of Personal Information) over time and across different websites and services. Our advertising partners use this information to serve ads that are more likely to be relevant to your interests. In addition, we may share a hashed (encrypted) version of your email address or other identifier with social media or advertising platforms so they can match it to their own data and show you ads on our behalf (this is commonly known as creating “custom audiences”). You can learn about how to opt out of interest-based advertising in the Your Choices section of this Policy.
  • For Compliance, Fraud Prevention, and Safety. We may use your personal information, and disclose it to third parties such as law enforcement, government authorities, and private litigants, as we believe necessary or appropriate to: (a) protect the security and integrity of our Service, IT systems, and assets (e.g., through fraud monitoring and cybersecurity measures); (b) protect our rights and the rights, privacy, safety, or property of you or others; (c) enforce our contracts, terms of service, and other agreements; (d) prevent, investigate, or deter wrongdoing, fraud, unauthorized access, or illegal activities; (e) comply with our legal and regulatory obligations, internal policies, and audit requirements; and (f) respond to lawful requests, subpoenas, court orders, and other legal process.
  • With Your Consent. In certain cases, we may specifically ask for your consent to collect, use, or share your personal information for a purpose that is not already described in this Privacy Policy. If you provide consent, you may later withdraw it at any time by contacting us (see Contacting Us below), but this will not affect any processing that has already taken place.

3. SHARING OF PERSONAL INFORMATION

We may share your personal information with the following categories of recipients, or as otherwise described below (and as permitted by applicable law):

  • Related Companies: We may share your personal information with our parent company, subsidiaries, and affiliates (other companies under common ownership or control with Valid8). These related companies will use your information in a manner consistent with this Privacy Policy.
  • Service Providers: We share personal information with third-party companies and individuals that provide services on our behalf and under our instructions. These service providers assist us in operating our business—for example, they help with website hosting, data storage, database management, analytics, payment processing, customer support, email delivery, marketing, and other services. We authorize these service providers to use or disclose the information only as necessary to perform services for us or to comply with legal requirements.
  • Advertising and Marketing Partners: We may share certain personal information with third parties that we partner with for advertising, marketing, or lead-generation purposes. For instance, we may allow third-party advertising networks and social media platforms to collect online identifiers and information through our Site (via cookies or similar technologies) to serve ads that promote our Service on other websites and platforms. We may also share your contact information with co-sponsors if we jointly offer an event, webinar, or promotion, in which case we will let you know at the time of collecting your information. Any such partners are expected to use your information in accordance with their own privacy policies or the disclosures provided when your information was collected.
  • Professional Advisors: We may share personal information with our auditors, attorneys, insurers, accountants, and other professional advisors in the course of the advisory services they provide to us. We do so under confidentiality obligations and only to the extent necessary for the specific professional services.
  • Law Enforcement and Legal Obligations: We may disclose personal information to government authorities, law enforcement officials, or other third parties when we believe such disclosure is required by law or is appropriate to comply with legal process. For example, we may disclose information in response to a subpoena, court order, or other lawful request. We may also disclose personal information where necessary to exercise, establish, or defend our legal rights; to investigate or remedy potential violations of our terms or policies; or to protect the rights, property, and safety of Valid8, our customers, or others.
  • Business Transfers: We may disclose or transfer personal information to a third party as part of a business transaction (or potential transaction), such as a merger, acquisition, sale of assets, financing, or in the event of a bankruptcy or reorganization. If another company acquires our company, business, or assets, that company will possess the personal information collected by Valid8 and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

4. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Valid8 is based in the United States, and we and our service providers operate in the United States and in other countries. This means that your personal information may be transferred to, stored, or processed in a country other than your home country. The data protection laws of those countries might differ from those in your home jurisdiction and may not provide the same level of protection.

However, we take steps to ensure that your personal information is protected in accordance with this Privacy Policy and applicable law wherever it is processed. When we transfer personal information internationally, we will implement appropriate safeguards to comply with applicable data protection requirements. 

By using our Service or providing information to us, you acknowledge that your personal information may be transferred to and processed in jurisdictions outside of your own. For further information about our international data transfer practices or the specific safeguards applied to such transfers, please contact us using the information in the Contacting Us section below.

5. YOUR CHOICES

Review and Request Changes to Your Account Personal Information. If you have a Valid8 account, you can log into your account to review, delete, and make changes to certain personal information stored in your account. If you need to make a change and are unable to do this through your account settings, please email us using the contact information at the end of this Privacy Policy. We rely on you to update and correct the personal information contained in your account. Note that we may keep historical information in our backup files as permitted by law.

Marketing Emails. You may opt-out of marketing-related emails by clicking the “unsubscribe” link at the bottom of the email or by contacting us as described below. You may still receive service-related communications, such as those relating to your account.

Text Messages. We may offer communications via text messages sent by Valid8 or any of our service providers. To stop receiving text messages from us, reply STOP to any text message you receive from us, or send your request and mobile telephone number to the email address listed at the end of this Privacy Policy. Note that we may send you a message to confirm receipt of your STOP request.

Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Site and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Analytics. We use Google Analytics to help us analyze how our Site is being accessed and used. You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here.

Advertising Choices. You can limit the use of your information for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp), the Digital Advertising Alliance (https://optout.aboutads.info), or the European Interactive Digital Advertising Alliance (http://www.youronlinechoices.eu/). Some of the companies we work with may offer their own opt-out mechanisms. For example, you can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by Google by clicking here.

Many of the opt-out preferences described in this section must be set on each device or browser for which you want them to apply. Please note that some of the advertising companies we work with may not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive interest-based advertisements from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. The Site currently does not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

6. CHILDREN’S PRIVACY

Our Service is intended for business and professional use and is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18 years old. If we become aware that we have inadvertently collected personal information from a person under 18, we will promptly delete such information from our records.

7. SECURITY OF PERSONAL INFORMATION

We use reasonable administrative, technical, and physical measures to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. However, please be aware that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. Any transmission of personal information is at your own risk.

8. THIRD PARTY WEBSITES AND SERVICES

The Service may contain links to websites and online services operated by third parties, or integrate with third-party platforms. These links and integrations are provided for your convenience, and do not imply any endorsement of or affiliation with the third-party. If you access a third-party website or service through our Service, your information will be handled according to that third party’s own privacy policy, not ours. We do not control and are not responsible for the content or privacy practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites or services that you visit or use.

9. NOTICE TO CALIFORNIA RESIDENTS

The following provisions apply solely to individuals who reside in California. This section describes your rights under California law and provides disclosures required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), and other California privacy laws.

The chart below summarizes the categories of personal information that Valid8 has collected from California consumers within the past 12 months, the sources of that information, the purposes for which we collect and use it, our retention practices, and the categories of third parties to whom we disclose the information for a business purpose.

Category of Personal Information Sources Purpose of Collection Retention Disclosure of Information
Identifiers (e.g., real name, alias, postal address, email address, telephone number, unique personal identifier, IP address, device identifier) Directly from you (e.g., when you create an account, fill out a form, or communicate with us); Automatically from your devices (e.g., when you use our Site); From third parties (e.g., marketing partners, event co-sponsors) To provide the Service and our products to you; to communicate with you; to send marketing communications (with your consent or as permitted by law); to prevent fraud and ensure the security of the Service As long as needed for the purposes stated, or as required by law Disclosed to service providers and affiliates for business purposes; shared with advertising and analytics partners (for limited purposes such as ad targeting and measurement); not sold or shared
Customer Records Information (Cal. Civ. Code § 1798.80(e)) – e.g., contact details, payment card information, bank account or other financial information Directly from you (e.g., billing or contract information); From your organization (if your employer provides information) To provide and support the Service; process payments; manage accounts; fulfill contractual obligations; comply with legal requirements; prevent fraud As long as needed to manage the relationship and as required by law (e.g., tax or audit retention) Disclosed to service providers (e.g., payment processors, cloud providers); not sold or shared for independent use
Commercial Information (e.g., products or services purchased, usage details) Directly from you; Collected from your activities on the Service To provide the Service and support; analyze and improve offerings; internal reporting; personalize user experience Retained as necessary for business purposes or as required by law Disclosed to service providers and affiliates for internal business purposes; not sold
Internet or Other Electronic Network Activity (e.g., browsing history, interactions with the Site or emails) Automatically from your device or browser; From analytics providers To operate and maintain the Site; analytics; improve user experience; deliver and measure advertising (with consent) Typically retained for a short period unless needed longer for security or legal reasons Disclosed to analytics, advertising, and security service providers; not sold
Geolocation Data (approximate location derived from IP address) Automatically from your device or browser To provide localized content; detect fraud; perform analytics Retained for a short period unless needed for security analysis Disclosed to service providers and analytics partners; not sold
Audio, Electronic, Visual, or Similar Information (e.g., call recordings, chat transcripts) Directly from you (with notice) Quality assurance; legal compliance; customer support Retained only as long as necessary unless required by law Disclosed to communication service providers or legal authorities if required; not sold
Professional or Employment-Related Information (e.g., job title, employer, business contact details) Directly from you; From your employer or organization To manage the business relationship; provide the Service; tailor communications Retained for the duration of the business relationship and as required by law Disclosed to service providers and affiliates for business purposes; not sold

In the past 12 months, Valid8 has not collected certain categories of personal information defined by California law. For example, we do not collect Biometric information (such as fingerprints or facial recognition data), Sensitive personal information like Social Security numbers, driver’s license or state ID numbers, or precise geolocation (exact GPS coordinates), or Protected classification characteristics (such as race, ethnicity, religion, or gender) except to the extent such information might be incidentally revealed in communications you send to us. We also do not collect Non-public education information (education records subject to FERPA) from consumers. In addition, our Service is not intended for minors, and we do not collect personal information of children under 16.

If you are a California resident, you have certain rights with respect to your personal information under the CCPA, as described below. These rights are not absolute and apply in certain circumstances, subject to legal exceptions:

  • Right to Know/Access: You have the right to request that we disclose to you the personal information we have collected about you in the 12-month period preceding your request. This includes the categories of personal information collected, the categories of sources of that information, the business or commercial purposes for collecting (or selling/sharing, if applicable) the information, the categories of third parties to whom we disclosed the information, and specific pieces of personal information we have collected about you.
  • Right to Correct: You have the right to request that we correct inaccuracies in your personal information that we maintain, taking into account the nature of the information and the purposes of the processing.
  • Right to Delete: You have the right to request that we delete personal information that we have collected from you, subject to certain exceptions (for example, we may retain information to complete a transaction or provide a service you requested, to detect security incidents, for legitimate internal business needs, or to comply with legal obligations).
  • Right to Opt-Out of Sale/Sharing: You have the right to direct us not to sell your personal information to third parties or share it for cross-context behavioral advertising purposes. At this time, Valid8 does not sell personal information for monetary consideration, and we do not share personal information for targeted advertising purposes. In the past 12 months, we have not sold personal information of California residents, nor have we “shared” personal information for cross-context behavioral advertising (as those terms are defined under California law). 
  • Right to Limit Use of Sensitive Personal Information: In certain circumstances, California residents have the right to direct a business to limit the use and disclosure of sensitive personal information (as defined under the CCPA) to what is necessary to perform the services or provide the goods requested by the consumer, and other limited purposes authorized by law. Valid8’s collection and use of sensitive personal information about California residents is very limited. We do not use or disclose sensitive personal information for purposes other than those which are necessary to provide the Service or otherwise permitted by law (such as fraud prevention or legal compliance). Because we do not use sensitive personal information for any purpose that would trigger the right to limit, we do not offer a specific opt-out for sensitive information at this time.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your CCPA rights. Valid8 will not deny you goods or services, charge you a different price, or provide a different level or quality of service just because you exercised your rights under the CCPA. (However, if the exercise of your rights results in us being unable to provide you with a product or service, for example because you request deletion of all of your account data, we will inform you if we cannot complete the transaction or provide the service.)

To exercise the rights described above, you (or your authorized representative) may contact us by sending an email to info@valid8financial.com or by using the contact information provided in the Contacting Us section at the end of this Policy. 

Before fulfilling your request, we will take steps to verify your identity. These steps may include asking you to provide personal information we already have on file (such as your name, email address, or recent transaction information) so we can match it to our records. 

If you choose to use an authorized agent to submit a request on your behalf, we will require the agent to provide proof of their authority (such as a written and signed authorization from you or a copy of a lawful power of attorney)..

We will respond to verifiable requests as required by law. Typically, we will respond within 45 days of receiving your request, or notify you in writing if we need more time (up to an additional 45 days). If we decline to take action on your request, we will inform you of the reason, to the extent permitted by law.

“Shine the Light” Disclosure (Direct Marketing): California’s “Shine the Light” law (Civil Code § 1798.83) allows California residents to request certain details about what personal information a business shares with third parties for the third parties’ direct marketing purposes. Valid8’s policy is not to disclose personal information to unaffiliated third parties for their own direct marketing without your consent. If you are a California resident who has an established business relationship with us, you can request a disclosure of any direct marketing information sharing by sending an email to the address in Contacting Us below or a letter to our mailing address. Please include “Shine the Light Request” in the subject or attention line and include in the request sufficient information for us to verify your identity and California residency. Please note that “Shine the Light” requests are distinct from CCPA data subject requests and must be submitted separately.

10. NOTICE TO NEVADA RESIDENTS

If you are a Nevada resident, you have the right to direct us not to sell certain personal information about you to third parties. Under Nevada law, a “sale” is the exchange of personal information for monetary consideration by the business to another party for that party to license or sell the information to additional parties. Valid8 does not currently sell personal information for monetary consideration under Nevada law. However, if you are a Nevada resident and wish to exercise your opt-out rights as defined by Nevada Revised Statutes Chapter 603A, you may submit a request to us by contacting us as described in the Contacting Us section below. Please include “Nevada Privacy Rights” in the subject line of your request. We will respond within the timeframe required by Nevada law.

11. NOTICE TO EUROPEAN USERS

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland (collectively, “Europe”), this section provides additional information about your privacy rights and how we process your personal data, as required under European data protection laws such as the EU and UK General Data Protection Regulation (GDPR).

Valid8 is the “data controller” of personal data we collect directly from European users through our Site and Service. Our contact information is provided in the Contacting Us section below. Valid8 is based in the United States (1425 Pearl Street, 2nd Floor, Boulder, CO 80302, USA). If and when required by Article 27 of the GDPR, we will designate a representative in the EU and/or UK to serve as our local contact for data protection authorities and individuals; you may contact us to obtain the representative’s contact details.

We process personal data in accordance with the core principles of European data protection law. That means, for example, we collect personal data only for specified, explicit, and legitimate purposes and not further process it in a manner incompatible with those purposes. 

We limit our data collection to what is relevant and necessary for those purposes (data minimization), and we retain personal data only for as long as necessary to fulfill those purposes (storage limitation), as described below. We also endeavor to ensure the personal data we process is accurate, kept secure, and processed in a transparent and fair manner.

11.1 Lawful grounds

We rely on the following legal bases under the GDPR to process personal data:

  • Contractual Necessity (Performance of Contract): In most cases, the processing of personal data is justified on the basis that it is necessary for us to perform a contract with you (for example, our Terms of Service) or to take steps at your request before entering into a contract. This applies, when we use personal data to provide the Service you have requested, to create and maintain your account, to respond to your inquiries, or to process transactions you have requested. If you refuse to provide personal data that is required for us to perform a contract or provide a service, we may not be able to fulfill that contract or provide the service.
  • Legitimate Interests: We may process personal data as necessary for our legitimate interests, provided that those interests are not overridden by your own rights and interests. We have a legitimate interest in understanding how our customers use our products and services, so we can improve and develop new features (research and development); in marketing our services to potential business customers; and in securing our Service and protecting against fraud. When we rely on legitimate interests, we consider the potential impact on your rights and take measures to ensure that your personal data is protected, and that any impact is proportionate.
  • Consent: We rely on your consent in certain situations. For instance, we will obtain your consent to send you certain marketing emails (where required by law) or before using certain types of cookies or similar technologies on our Site (where required by law). Where we rely on consent, you have the right to withdraw your consent at any time. If you withdraw consent, we will stop the processing that was based on your consent.
  • Legal Obligation: We process personal data when necessary to comply with a legal obligation to which we are subject. 
  • Vital Interests: In rare cases, we may need to process personal data to protect your vital interests or those of another individual. For example, this could occur if we learn of an urgent safety issue that requires us to contact users or authorities about a threat to anyone’s health or well-being.

We will normally collect and use personal data from you only where we have one of the above legal bases to do so. If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will inform you at that time what data is required and why. If you have questions about the legal basis of how we process your personal data, you can contact us using the information in Contacting Us below.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible purpose that is consistent with the original purpose and permitted under applicable law. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so, or obtain your consent if required.

11.2 Retention of Personal Data

 We will retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purpose of satisfying any legal, accounting, or reporting requirements. We apply the principle of data minimization, which means we do not keep personal data for longer than necessary for the relevant purpose. The exact duration for which we retain personal data can vary depending on the nature of the data and the reasons why we collected it. For more information about our specific retention practices, you may contact us at info@valid8financial.com.

11.3 International Data Transfers

If we transfer your personal data from Europe to a country outside of the EEA, UK, or Switzerland that has not been deemed to provide an adequate level of data protection, we will ensure that appropriate safeguards are in place as required by the GDPR. Typically, we will rely on European Commission-approved Standard Contractual Clauses (SCCs) or an equivalent transfer mechanism to ensure that your personal data is protected when transferred to the United States or other countries. We may also rely on your explicit consent or other derogations for specific transfers, where permitted by law. You can request additional information about our cross-border data transfer safeguards (or obtain a copy of the standard clauses we use) by contacting us. 

11.4 Recipients of Personal Data

We share European users’ personal data with the categories of recipients described in the Sharing of Personal Information section of this Policy. In doing so, we ensure that any third-party processors that handle personal data on our behalf (for example, cloud hosting providers, analytics providers, or other service partners) are contractually obligated to provide at least the same level of data protection as set out in this Policy and as required by the GDPR. If we transfer personal data to recipients outside Europe (such as to our U.S.-based affiliates or service providers), we will ensure that appropriate safeguards (like SCCs) are in effect.

11.5 Automated Decision-Making

 We do not engage in any decision-making concerning individuals that is based solely on automated processing of personal data (including profiling) which produces legal effects or similarly significant effects on the individual. In other words, we do not make purely automated decisions about you that would significantly affect you without any human involvement. If this changes in the future, we will update this Privacy Policy and inform affected individuals as required by law.

11.6 Your European Privacy Rights

 Individuals in the EEA, UK, and Switzerland have certain rights regarding their personal data under applicable data protection laws. Subject to certain conditions and exceptions provided by law, these rights include:

  • Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to obtain access to that personal data and information about how we process it. This includes the right to request a copy of your personal data that we hold, although we may need to redact information relating to other individuals to protect their privacy.
  • Right to Rectification: You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete data completed. Upon your request, we will correct any inaccurate or incomplete personal data we have about you.
  • Right to Erasure: You have the right to request that we delete your personal data in certain circumstances (also known as the “right to be forgotten”). For example, you can request deletion if the data is no longer necessary for the purposes for which it was collected, if you withdraw consent (where the processing was based on consent) and we have no other legal basis, or if you believe we have processed your data unlawfully. We will honor valid deletion requests unless an exemption applies – for instance, we may retain information if needed to comply with a legal obligation or to establish, exercise, or defend legal claims.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions. This right may apply, for example, if you contest the accuracy of the data (while we are verifying it), or if you object to our processing (while we consider your objection request). Restriction means we will store your data but not use it (other than to keep a record of the restriction, or as necessary to ensure the data remains secure, or as otherwise permitted by law) until the restriction is lifted.
  • Right to Data Portability: Where we process personal data based on your consent or a contract with you, and the processing is carried out by automated means, you have the right to request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit that data to another controller, where technically feasible. This right, called data portability, allows you to obtain and reuse your personal data across different services.
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. You may always object to the processing of your personal data for direct marketing purposes, and we will stop processing your data for those purposes. If we are processing your data based on legitimate interests, you may also object to that processing on grounds relating to your particular situation, and we will consider your objection. We will cease processing your data unless we have compelling legitimate grounds to continue that override your interests, rights, and freedoms, or where necessary for legal claims.
  • Right not to be Subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless certain exceptions apply (such as where the decision is necessary for entering into or performing a contract between you and us, is authorized by law, or is based on your explicit consent). As noted above, Valid8 does not currently engage in such solely automated decision-making.

Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data violates the GDPR or other applicable law. You may do so in the EU member state where you reside, where you work, or where the issue you are concerned about took place. Contact information for EU data protection authorities is available on the European Data Protection Board’s website, and UK residents can contact the UK Information Commissioner’s Office (ICO). We would appreciate the opportunity to address your concerns before you approach a regulator, so we invite you to contact us first with any questions or issues.

11.7 Exercising Your Rights

You may exercise any of the above rights by contacting us using the details provided in Contacting Us below. We will respond to your request in accordance with applicable data protection laws. To protect your privacy, we might request additional information to verify your identity before acting on a request. Please note that your rights may be subject to certain limitations – for example, we might decline a request for erasure if retaining the information is necessary to comply with a legal obligation. If we deny your request, we will explain the reasons to the extent we are permitted to do so.

12. CONTACTING US

If you have any questions or concerns about this Privacy Policy or our privacy practices, or if you would like to exercise any of your rights or preferences as described above, please contact us using one of the following methods:

Email: info@valid8financial.com
Mail: Valid8 Financial, Inc. (Attn: Privacy Team)
1425 Pearl Street, 2nd Floor
Boulder, CO 80302, USA

When you contact us (whether to ask a question or to submit a privacy rights request), we may need to verify your identity for security purposes.

Need to prepare evidence? Help your team follow the flow of funds faster.

Reach out. We’ll do a 5 minute needs assessment and set you up with a free 30 minute demo.
Copyright © 2025 Valid8  |  All Rights Reserved
Privacy Policy
By selecting “accept,” you consent to our use of cookies to enhance site navigation, analyze site usage, and assist in our marketing efforts. You may change your preferences at any time by clicking the cookie icon in the bottom corner of the site. Privacy Policy
DenyAccept