Legal Document

Privacy Policy

Effective Date: 13 February 2026  ·  Document Version: 1.1  ·  Operator: Bulisolio LLC, United States of America

Your AI Crypto Wealth Concierge — intelligent portfolio analytics, smart lending tools, and non-custodial wallet management. This policy explains how we collect, use, and protect your information.

The Short Version

We never ask for or store private keys or seed phrases — ever.

✓ We do not sell your personal data to any third party.

✓ Wallet addresses and balances are stored encrypted on your device.

✓ We collect only what is necessary to run the service.

✓ You can delete your account and all associated data at any time upon your request.

1 Who We Are

Bulisolio LLC ("we", "us", "our") operates Bulisolio — your AI Crypto Wealth Concierge. We provide intelligent portfolio analytics, AI-powered financial guidance via Concierge Voice®, and non-custodial smart lending tools across mobile, desktop, web, and API platforms.

For privacy inquiries, contact us at privacy@bulisolio.com or support@bulisolio.com.

2 What Information We Collect

CategoryExamplesRequired?
Account InformationEmail address, hashed password, subscription tier, account creation dateYes — to create an account
Wallet AddressesPublic blockchain addresses you enter (e.g. 0x1234..., bc1q...)Yes — core app function
Wallet Nicknames & LabelsCustom names you assign to wallets ("My Ledger", "Trading Wallet")Optional
Location DataCountry location via GPS (for regulatory compliance and country-specific features)Yes — for compliance
Device InformationDevice OS, app version, device model (for crash reporting and version compatibility)Yes — for app functionality
Usage DataFeatures accessed, session duration, error logs (no portfolio amounts or wallet balances transmitted in logs)Yes — for app improvement
Payment InformationSubscription status, billing period, last 4 digits of card (if applicable). Full payment details are handled by our payment processor — we never see or store your full card number.If subscribing to paid tier
KYC InformationGovernment-issued photo ID, proof of address, tax identification number, country of citizenship (for Pro, Premium, and Affiliate users)Pro/Premium/Affiliate users
Affiliate InformationAffiliate key, referral attribution, payout method and details, tax identification (for affiliates earning over $600/year)Affiliates only
CommunicationsEmails or in-app messages you send us (support, feature requests)When you contact us
Price Pulse™ SettingsCryptocurrency and price threshold combinations you configure for alertsPro/Premium only, optional
Loan DataCollateral amounts, loan terms, liquidation thresholds, payment history (for Premium users using crypto loan features)Premium loan users only
Trust Score DataHODL index (asset holding duration), loan payment history, liquidation events, portfolio churn metrics, affiliate tier status (for loan underwriting)Premium loan users only

We do not collect: private keys, seed phrases, wallet passwords, transaction signing credentials, or any information that could allow us to move your funds.

3 How We Collect Information

  • Directly from you: When you create an account, enter wallet addresses, configure alerts, complete KYC (including country of citizenship), or contact support
  • Automatically: App usage analytics, crash logs, device information, and GPS location data collected through the App
  • From third-party services: Balance data from public blockchain explorers; price data from CoinGecko; subscription status from our payment processor; loan collateral values from Chainlink oracles
  • From the Bulisolio website: Standard web server logs (IP address, browser, referring page) retained for up to 90 days for security purposes
  • From KYC provider: Identity verification results and country of citizenship from our KYC service provider (for Pro, Premium, and Affiliate users)
  • From blockchain analysis: On-chain transaction history and wallet behavior patterns for trust score calculation (Premium loan users only)

4 How We Use Your Information

  • Providing the Service: Fetching and displaying portfolio balances, calculating totals, generating charts, and delivering Price Pulse™ alerts
  • AI Concierge assistance: Powering Concierge Voice® to provide intelligent financial guidance and loan management support
  • Account management: Authentication, subscription management, password recovery
  • Regulatory compliance: Using GPS location data to ensure compliance with country-specific cryptocurrency regulations and to restrict features in jurisdictions where prohibited
  • Loan facilitation: Processing collateralized crypto loans, monitoring loan health, calculating liquidation thresholds, processing loan payments (Premium users only)
  • Loan underwriting: Calculating trust scores and determining loan-to-value (LTV) ratios based on borrower behavior metrics (Premium loan users only)
  • KYC compliance: Verifying identity and country of citizenship for Pro, Premium, and Affiliate users to comply with financial regulations
  • Service improvement: Crash reports and anonymised usage analytics to identify bugs and prioritise features
  • Communications: Transactional emails (account notifications, billing receipts, security alerts, loan payment reminders). We do not send marketing emails without your explicit opt-in consent.
  • Security: Detecting and preventing fraud, abuse, and unauthorised access
  • Legal compliance: Responding to lawful requests from government authorities; fulfilling tax reporting obligations (e.g. Form 1099-NEC for qualifying affiliates)
  • Affiliate program: Tracking referral attribution, calculating commissions, processing payouts

We do not use your data for targeted advertising. We do not build advertising profiles. We do not sell data to data brokers.

5 Where and How Your Data Is Stored

On Your Device

Wallet addresses, nicknames, cached balances, and app configuration are stored in an AES-256 encrypted SQLite database on your device. The encryption key is derived from your account credentials and stored in your platform's secure storage (iOS Keychain, Android Keystore, Windows Credential Manager, macOS Keychain). This data is inaccessible to other apps and to us.

Encrypted Cloud Backup (Optional)

If you enable cloud backup (Settings → Backup), your wallet addresses and labels are encrypted end-to-end before leaving your device using a key derived from your 24-word BIP-39 recovery phrase. We cannot decrypt this backup — only you can, using your recovery phrase. The backup is stored on Bulisolio's servers hosted on GCP Cloud Run (Google Cloud infrastructure), with servers located in the United States.

Server-Side Data

Your account information (email, hashed password, subscription status), GPS location data, country of citizenship, Price Pulse™ alert configurations, KYC verification status, loan data, trust score metrics, and (for affiliates) payout details are stored in an encrypted PostgreSQL database hosted on GCP Cloud SQL in the United States.

Secure Vault Wallet

For Pro, Premium, and Affiliate users, your secure vault wallet on Base uses Multi-Party Computation (MPC) with 2-of-3 key sharding. The three shards are: (1) derived from your identity, (2) stored in your device's secure hardware, and (3) encrypted with your 12-word BIP-39 recovery phrase. We never have access to all three shards simultaneously and cannot move funds without your participation.

6 Sharing & Disclosure

We do not sell your personal information. We share your information only in the following limited circumstances:

  • Service providers: We share data with third-party vendors who assist us in operating the Service (payment processors, cloud hosting, push notification providers, KYC verification services, smart contract oracles). These vendors are contractually bound to use your data only to provide their services to us.
  • Legal requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of the Company, our users, or the public.
  • Business transfers: If the Company is acquired, merges with, or sells substantially all its assets to another entity, your information may be transferred as part of that transaction. You will be notified in advance.
  • With your consent: We will share information in any other circumstances only with your explicit prior consent.

7 Third-Party Services

The App integrates with the following third-party services. Each has its own privacy policy:

  • CoinGecko — Price data API. Your wallet addresses are never sent to CoinGecko; only generic price queries are made. (Privacy Policy)
  • Blockchain Explorers (Etherscan, Blockstream, Solana RPC, etc.) — Balance queries are made using your public wallet address. These services may log query IP addresses. No personal account information is shared.
  • Base Network & Chainlink — Smart contract interactions and price oracle data for loan features (Premium users). On-chain transactions are public by design.
  • WalletConnect — Crypto transfer integrations for Premium features.
  • KYC Provider — Identity verification and citizenship verification for Pro, Premium, and Affiliate users (exact provider to be determined).
  • OneSignal — Push notifications for Price Pulse™ alerts. Your device push token is shared with OneSignal to deliver notifications. (Privacy Policy)
  • Google Cloud Platform (GCP) — Cloud infrastructure for the Bulisolio API, including Cloud Run, Cloud SQL, Memorystore, and Cloud Scheduler. (Privacy Notice)
  • Payment Processing — Subscription payments are processed on-chain via USDC on the Base network. Full payment details are recorded on the blockchain.

8 Data Retention

  • Account data: Retained while your account is active and for up to 90 days after account deletion (to allow recovery in case of accidental deletion)
  • Wallet addresses and portfolio data: Deleted immediately upon account deletion request
  • Location data: Retained for 90 days for compliance auditing purposes
  • KYC data: Retained for 7 years after account closure as required by anti-money laundering (AML) regulations
  • Loan records: Retained for 7 years after loan closure as required by financial record-keeping laws
  • Trust score data: Retained for 7 years after last loan activity as required for underwriting compliance
  • Billing records: Retained for 7 years as required by US tax law
  • Security logs: Retained for 12 months
  • Affiliate payout records: Retained for 7 years as required for financial record-keeping
  • Anonymised analytics: May be retained indefinitely in aggregated, non-identifiable form

9 Security

We implement the following technical and organisational security measures:

  • AES-256 encryption for all locally stored sensitive data
  • TLS 1.3+ for all network communications between the App and our servers
  • Certificate pinning to protect against man-in-the-middle attacks
  • Bcrypt password hashing (no plaintext passwords are ever stored)
  • Platform-native secure storage (Keychain, Keystore, Credential Manager) for encryption keys
  • Multi-Party Computation (MPC) for secure vault wallets (2-of-3 key sharding)
  • Access controls limiting database access to authorised personnel only
  • Regular security audits and an active bug bounty program

Despite these measures, no system is completely secure. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law, within 72 hours of becoming aware of the breach.

10 Crypto Loans & Secure Vault (Premium Only)

Premium tier users may access collateralized crypto loan features through our Secure Vault wallet on the Base network. This section explains how we handle loan-related data.

Secure Vault Wallet

Your Secure Vault uses Multi-Party Computation (MPC) with 2-of-3 key sharding for maximum security and portability:

  • Shard 1: Derived from your verified identity (email + KYC)
  • Shard 2: Stored in your device's secure hardware enclave (TPM/Secure Enclave)
  • Shard 3: Encrypted with your 12-word BIP-39 recovery phrase (known only to you)

Any two shards can authorize transactions, enabling device portability while maintaining security. We never have access to all three shards simultaneously and cannot move your funds without your participation.

Loan Data Collection

When you use loan features, we collect and process:

  • Collateral cryptocurrency type and amount
  • Loan amount requested and disbursed (USDC)
  • Smart contract address and terms
  • Loan-to-value (LTV) ratio and liquidation threshold
  • Payment history and loan health metrics
  • Trust score components (see Section 11)

Loan Data Usage

This data is used to:

  • Facilitate loan origination through Base network smart contracts
  • Calculate loan underwriting criteria via our Loan Underwriting Engine (LUE)
  • Monitor loan health and send payment reminders via Concierge Voice®
  • Calculate and apply Bulisolio's concierge commission
  • Comply with financial reporting and anti-money laundering (AML) requirements

Smart Contract Transparency

All loan transactions occur on the Base blockchain and are publicly visible by design. While your identity is pseudonymous (tied to your wallet address), transaction amounts, timestamps, and smart contract interactions are permanently recorded on-chain.

Concierge Voice® Interactions

When you interact with Concierge Voice® (our AI assistant), we collect anonymized topic categories (not full conversation transcripts) to improve our education and support offerings. Loan-related queries are logged for compliance purposes.

Important: Loan data is subject to longer retention periods (7 years) due to financial regulations. Account deletion requests will remove personal identifiers but preserve anonymized loan records for regulatory compliance.

11 Trust Scoring & Loan Underwriting (Premium Only)

For Premium users who access crypto loan features, Bulisolio uses a proprietary Trust Scoring system to determine loan eligibility, loan-to-value (LTV) ratios, and maximum loan amounts. This section explains what data we collect and how we use it.

What is Trust Scoring?

Trust Scoring is an automated underwriting system that evaluates borrower creditworthiness based on on-chain behavior, loan history, and platform engagement. Trust Scoring is not a traditional credit score — it's an internal underwriting metric unique to Bulisolio. Your Trust Score influences:

  • Maximum loan-to-value (LTV) ratio offered
  • Maximum loan amount approved
  • Bulisolio concierge commission rate
  • Access to premium loan features

Trust Score Components

We analyze the following data to calculate your Trust Score:

  • HODL Index: How long you hold cryptocurrency assets without selling (excludes USDC spending from loan proceeds and loan repayments). Lower churn = higher score.
  • Loan History: Number of previous loans, repayment timeliness, liquidation events. Successfully paid loans increase your score.
  • Portfolio Stability: Transaction frequency and volatility in your tracked wallets. Stable wallets indicate lower risk.
  • Loan Payment Behavior: Responsiveness to Concierge Voice® payment reminders and consistency of monthly payments.
  • Loan Contract Duration: How long you maintain active pool contracts. Longer-term loans with good payment history improve your score.
  • Affiliate Status: Legend tier affiliates (500+ active subscribers) receive automatic LTV boosts (minus 5% safety buffer from contract limits).

How We Use Trust Score Data

  • Calculate personalized LTV ratios via our Loan Underwriting Engine (LUE)
  • Determine maximum loan amounts you qualify for
  • Adjust concierge commission rates (higher trust = lower commission)
  • Monitor loan health and predict liquidation risk
  • Improve our underwriting models through anonymized aggregate analysis

Automated Decision-Making

Trust Scoring involves automated decision-making that affects your loan terms. You have the right to:

  • Request a human review of your Trust Score calculation
  • Dispute incorrect or outdated data used in scoring
  • Understand which factors most impacted your score

To request a Trust Score review or explanation, contact loans@bulisolio.com.

Trust Score Retention

Trust Score data and calculation history are retained for 7 years after your last loan activity to comply with lending regulations. Upon account deletion, your Trust Score is anonymized but preserved for regulatory audits.

Transparency: You can view your current Trust Score and its components at any time in the App under "Loan Settings → Trust Score." For detailed methodology, see our Truth in Lending disclosure.

12 Children's Privacy

The App is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected personal information from a child under 18, we will delete it promptly. If you believe we have collected such information, please contact us at privacy@bulisolio.com.

13 Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you, including your Trust Score
CorrectionRequest correction of inaccurate or incomplete data
DeletionRequest deletion of your personal data ("right to be forgotten")
PortabilityReceive your data in a portable format
ObjectionObject to processing based on legitimate interests
RestrictionRestrict processing in certain circumstances

To exercise any of these rights, contact us at privacy@bulisolio.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

Note: Loan, KYC, and Trust Score records are subject to mandatory retention periods under financial regulations and cannot be fully deleted until the retention period expires (typically 7 years after account closure).

14 California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
  • Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions (e.g., mandatory financial record retention)
  • Right to Opt-Out of Sale: We do not sell personal information. You may confirm this by contacting us.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information (as defined by CPRA) beyond what is necessary to provide the Service

To exercise California rights, contact privacy@bulisolio.com with "California Privacy Request" in the subject line. We will respond within 45 days.

Shine the Light: California Civil Code Section 1798.83 permits users to request information about disclosure of personal information to third parties for direct marketing purposes. We do not make such disclosures.

15 EEA & UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data.

Legal Basis for Processing

  • Contractual necessity: Processing required to fulfil our agreement with you (providing the App and Service, including loan features and Trust Scoring)
  • Legitimate interests: Security monitoring, fraud prevention, product improvement, loan underwriting
  • Consent: Marketing communications (opt-in only), optional analytics, GPS location tracking
  • Legal obligation: Tax and financial record-keeping requirements, KYC/AML compliance, regulatory reporting

Automated Decision-Making

Our Trust Scoring system involves automated decision-making that significantly affects loan terms. Under GDPR Article 22, you have the right to:

  • Obtain human intervention in automated decisions
  • Express your point of view regarding Trust Score calculations
  • Contest automated decisions and request manual review

International Transfers

Your data is processed and stored in the United States. Data transfers from the EEA/UK to the US are made pursuant to the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms. If you have questions about our transfer mechanisms, contact privacy@bulisolio.com.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or the relevant national supervisory authority in your EU member state).

16 Cookies & Website Tracking

The Bulisolio App does not use cookies or web tracking technologies.

The Bulisolio website (www.bulisolio.com) uses only essential, functional cookies — no advertising or tracking cookies. Specifically:

  • Session cookies: May be used to maintain your logged-in state while using the web-based account portal (if applicable), and expire when you close your browser.
  • Preference cookies: Store UI preferences (e.g. billing cycle toggle state). First-party only.

We do not use Google Analytics, Facebook Pixel, or any advertising network on www.bulisolio.com. We do not build advertising profiles from website visits.

17 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Effective Date" at the top of this page
  • Send an in-app notification and email to registered users
  • Provide at least 14 days' advance notice before material changes take effect

If you disagree with a change, you may request account deletion before the effective date.

18 Contact Us

Privacy questions, requests, or concerns:

We strive to respond to all privacy-related inquiries within 5 business days.

Need help? For fastest support, use Concierge Voice® in the app (tap "Talk with Concierge Voice" and say "Hey Bulis, [your question]"). Available 24/7 in multiple languages.