Coalesce

Privacy Policy

Your privacy is important to us. This policy explains how CoalesceFi collects, uses, and protects your information.

Last Updated: February 26, 2026|Effective Date: February 26, 2026

1. Introduction

Welcome to CoalesceFi ("we," "our," or "us"), operated by Saguaro Money, Inc., operating as Coalesce Finance. CoalesceFi is an undercollateralized lending platform built on the Solana blockchain. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at coalescefi.com, use our mobile applications, or interact with our smart contracts and services (collectively, the "Platform").

By using our Platform, you acknowledge this Privacy Policy and understand that we process personal data using the legal bases described in this policy. Where consent is required by applicable law, we will request it at or before the time of collection. If you do not agree with this policy, please do not access or use our Platform.

Important Notice: Blockchain transactions are public and immutable. Wallet addresses and on-chain activities are permanently recorded on the Solana blockchain and cannot be deleted or modified by CoalesceFi.

2. Blockchain & Smart Contract Data

2.1 Nature of Blockchain Data

CoalesceFi operates on the Solana blockchain using decentralized smart contracts. When you interact with our Platform, certain information is automatically and permanently recorded on the blockchain:

  • Your wallet address (public key)
  • Transaction signatures and hashes
  • Lending deposits and withdrawal amounts
  • Loan disbursement and repayment events
  • Interest payments and accruals
  • Vault operations and position changes
  • Timestamps of all transactions

2.2 Immutability Disclaimer

Blockchain data is immutable and publicly accessible. Once a transaction is confirmed on the Solana blockchain, it cannot be deleted, modified, or controlled by CoalesceFi. This includes your wallet address and all associated transaction history. This is a fundamental characteristic of blockchain technology, not a limitation of our Platform.

2.3 Smart Contract Operations

Our lending operations are executed through audited smart contracts deployed on the Solana blockchain. These contracts operate autonomously according to their programmed logic. While we deploy and maintain these contracts, once deployed:

  • Interest rate calculations are performed on-chain
  • Vault parameters and loan terms are enforced automatically
  • Loan disbursements and repayments are executed by smart contracts
  • We cannot reverse or modify completed transactions

3. KYC/KYB/AML Data Collection

To comply with applicable anti-money laundering (AML), know your business (KYB), know your customer (KYC), and sanctions regulations, we collect and verify information from borrower businesses and, where required by law, their authorized representatives.

3.1 Verification Data We Collect

Business Documentation

  • • Certificate of formation or incorporation
  • • Business registration records
  • • Business tax registration documents
  • • Proof of business address

Authorized Representative Documents

  • • Government-issued photo ID
  • • Passport
  • • Driver's license
  • • National identity card

3.2 Additional KYB/KYC Information

  • Legal business name and any registered trade names
  • Jurisdiction of formation and principal place of business
  • Business tax identification number (where required)
  • Authorized representative full name and role
  • Authorized representative date of birth and residential address (where required)
  • Source of funds documentation
  • Wallet addresses used on the Platform
  • Transaction history relevant to risk assessment

3.3 Purpose of KYB/KYC Data Processing

We process KYB/KYC data for the following purposes:

  • Fraud Prevention: Detecting and preventing fraudulent activities
  • Risk Scoring: Assessing business creditworthiness and lending risk
  • Sanctions Compliance: Screening against OFAC, UN, EU, and other sanctions lists
  • Legal Compliance: Meeting regulatory obligations in applicable jurisdictions
  • Tax Reporting: Fulfilling tax withholding and reporting requirements where applicable

4. zkTLS Credit Verification

CoalesceFi uses zkTLS (zero-knowledge Transport Layer Security) technology to perform privacy-preserving credit assessments for borrowers. This section explains how zkTLS verification works and what data is involved.

4.1 How zkTLS Verification Works

When a borrower applies for a loan, they authorize a zkTLS session that generates a cryptographic proof of their creditworthiness from a data source (e.g., a credit bureau). This proof verifies that the borrower meets credit criteria without revealing the underlying data to CoalesceFi.

4.2 What CoalesceFi Receives

CoalesceFi receives only the cryptographic proof and a pass/fail or score result from the zkTLS verification. We do not receive raw credit reports or detailed underlying financial records. The underlying credit data remains with the data source and is never transmitted to CoalesceFi.

4.3 What Is Stored

We store the proof verification result and a timestamp of the verification. The raw credit data is never transmitted to or stored by CoalesceFi.

4.4 On-Chain Records

On-Chain Data: Proof verification results may be recorded on-chain in anonymized form. Once recorded on the blockchain, these records are immutable and cannot be deleted. They do not contain personally identifiable information or raw credit data.

5. Data We Collect

In addition to blockchain, KYC, and zkTLS data, we collect the following information:

5.1 Information You Provide

  • Account registration information (email address)
  • Communication preferences
  • Customer support correspondence
  • Survey responses and feedback

5.2 Automatically Collected Information

  • IP address and geolocation (country level)
  • Browser type and version
  • Device information and identifiers
  • Operating system
  • Referring URLs and pages visited
  • Time spent on pages
  • Click patterns and navigation paths

5.3 Wallet Information

  • Connected wallet addresses
  • Wallet provider used (Phantom, Solflare, etc.)
  • Token balances (when connected)

6. How We Use Your Data

We use the collected information for the following purposes:

  • Platform Operation: To provide, maintain, and improve our lending services
  • User Experience: To personalize your experience and display relevant information
  • Risk Management: To assess creditworthiness and manage lending risks
  • Compliance: To comply with legal obligations, including KYC/AML requirements
  • Security: To detect, prevent, and address fraud and security issues
  • Communication: To send important updates about your account and transactions
  • Analytics: To understand platform usage and improve our services
  • Customer Support: To respond to inquiries and resolve issues

7. Data Sharing & Disclosure

We may share your information in the following circumstances:

7.1 Service Providers

We share data with third-party service providers who assist in operating our Platform:

  • KYC/AML verification providers
  • Cloud hosting and infrastructure providers
  • Analytics and monitoring services
  • Customer support platforms

7.2 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders or legal process
  • Government or regulatory requests
  • Fraud investigations
  • Protection of our legal rights

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

GDPR Erasure Note: For GDPR erasure requests, we can delete off-chain data (KYC documents, email, account info, analytics data) but cannot delete on-chain data (wallet addresses, transaction history, proof verification records). The retention table below distinguishes between deletable and non-deletable categories.

Retention Periods

Data TypeRetention PeriodErasure on Request
KYB/KYC/AML Documents5 years after account closure (regulatory requirement)Yes
Off-Chain Transaction Records7 years (financial regulations)Yes (off-chain only)
Account InformationDuration of account + 3 yearsYes
Off-Chain zkTLS Verification ResultsDuration of active loan + 3 yearsYes (off-chain only)
Analytics Data24 months (rolling)Yes
Blockchain DataPermanent (immutable by nature)No (on-chain immutable)

9. GDPR Rights (European Union Users)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Data Controller

Saguaro Money, Inc., operating as Coalesce Finance
2501 Chatham Rd Ste 5997 Springfield, IL 62704, United States
Email: compliance@coalescefi.com

9.1 Legal Bases for Processing (GDPR Article 6)

  • Contractual necessity: operating accounts, facilitating smart contract interactions, and servicing platform activity
  • Legal obligation: AML/KYB/KYC, sanctions screening, tax, and regulatory compliance
  • Legitimate interests: security monitoring, fraud prevention, risk management, and product improvement
  • Consent: optional communications and any non-essential analytics or cookies, where consent is required

9.2 Your Rights

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements and the immutable nature of blockchain data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Withdraw Consent

Withdraw consent for data processing where consent is the legal basis.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Restriction of Processing

Request temporary restriction of processing in circumstances permitted by GDPR.

Right to Lodge a Complaint

Lodge a complaint with your local EU/EEA supervisory authority if you believe our processing violates GDPR.

9.3 Automated Decision-Making and Human Review

CoalesceFi may use automated inputs (including zkTLS verification results) as part of borrower eligibility assessments. We do not make final adverse eligibility determinations based solely on automated processing where the data subject is materially affected. Final adverse decisions include human review, and affected users may request reconsideration by contacting compliance@coalescefi.com.

Blockchain Limitation: For erasure requests, we distinguish between data we can and cannot delete:

  • Can be deleted on request: KYC documents, email address, account preferences, analytics data, support correspondence
  • Cannot be deleted (immutable): on-chain wallet address, transaction history, smart contract interactions, zkTLS proof records stored on-chain

Privacy & Compliance Contact

For GDPR-related inquiries, please contact our compliance team at: compliance@coalescefi.com

10. CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Your Rights

  • Right to Know: What personal information we collect, use, disclose, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

10.2 Categories of Personal Information Collected

  • Identifiers: Name, email, wallet address, IP address
  • Financial Information: Transaction history, balances
  • Internet Activity: Browsing history, platform interactions
  • Geolocation: Country-level location data
  • Professional Information: Source of funds documentation

10.3 Notice Regarding "Sale" or "Sharing" of Personal Information

CoalesceFi does not sell or share your personal information as defined under CCPA/CPRA. We do not receive monetary or other valuable consideration for personal information and do not share personal information for cross-context behavioral advertising.

Exercising Your California Privacy Rights

To exercise your rights, contact us at: compliance@coalescefi.com
Browser-based opt-out preference signals (including Global Privacy Control) are processed in accordance with applicable law if our sale/sharing practices change.
We will respond to verified requests within 45 days.

11. International Data Transfers

CoalesceFi operates globally and may transfer your data to jurisdictions outside your country of residence, including the United States. These transfers are conducted in compliance with applicable data protection laws.

11.1 Transfer Mechanisms

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Adequacy decisions by relevant authorities
  • Your explicit consent where required

To request information about applicable transfer safeguards (including relevant SCCs), contact compliance@coalescefi.com.

11.2 Data Storage Locations

Our primary data processing facilities are located in the United States. Additional processing may occur in other countries where our service providers operate. We ensure all providers maintain equivalent data protection standards.

12. Cookies & Analytics

We use cookies and similar tracking technologies to enhance your experience on our Platform.

12.1 Types of Cookies We Use

Essential Cookies

Required for platform functionality, authentication, and security.

Analytics Cookies

Help us understand how users interact with our Platform.

Preference Cookies

Remember your settings and preferences for future visits.

12.2 Analytics Tools

Third-party analytics tools listed below are planned but are not currently enabled in production. If enabled in the future, they may be used as described:

  • Vercel Analytics: May be used for web performance and usage metrics. Vercel Analytics is privacy-friendly and does not use cookies.
  • Google Analytics: May be used for user behavior and traffic analysis. Google Analytics may use cookies to collect usage data.

12.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit platform functionality. For more information about our cookie practices, please contact us.

13. Security Measures

We implement industry-standard security measures to protect your personal information:

  • TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee security training and background checks
  • Incident response and breach notification procedures

No Guarantee: While we employ commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your information.

14. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately at compliance@coalescefi.com, and we will take appropriate steps to delete such information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify you via email or prominent notice on our Platform
  • For significant changes, we may require your explicit consent before continued use

Your continued use of the Platform after such modifications constitutes your acceptance of the updated Privacy Policy.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Saguaro Money, Inc., operating as Coalesce Finance

Mailing Address: 2501 Chatham Rd Ste 5997 Springfield, IL 62704

Legal Inquiries: legal@coalescefi.com

General Support: support@coalescefi.com

Compliance & Privacy: compliance@coalescefi.com

This Privacy Policy was last updated on February 26, 2026.

Terms of Service|Return to Home