Hutfin Global Technologies, Inc. — Global Privacy Policy
Last Updated: September 16 2025
Hutfin exists to help build connections across commercial real estate (CRE) and make the world more open and inclusive. We are a community built on trust. A fundamental part of earning that trust is being clear about how we use information and protecting your privacy rights worldwide.
This Privacy Policy describes how Hutfin Global Technologies, Inc. (a Delaware corporation) and its affiliates (“Hutfin,” “we,” “us,” or “our”) collect, use, disclose, and protect Personal Information across our website, mobile apps, APIs, blockchain integrations, and related services (the “Platform”). It also incorporates the expanded items you provided regarding California (CCPA/CalOPPA), cookies, data categories, sources, and user rights.
Your use of the Platform is also subject to our Terms of Use and Cookie Policy. Our canonical privacy URL is https://hutfin.com/privacy-policy.
We comply with U.S. federal and state privacy laws and international laws where applicable, including GDPR/UK GDPR, PDPA (Singapore), PIPEDA (Canada), UAE PDPL, India DPDP Act, China PIPL, Japan APPI, Australia/NZ Acts, Brazil LGPD, South Africa POPIA, and other regional regimes where Hutfin operates.
1. Who Controls Your Personal Information
● Controller. Unless otherwise stated, Hutfin Global Technologies, Inc. (Delaware, USA) is the controller of your Personal Information.
● Payments Controller(s). If you use payments or financing, information may also be controlled/processed by payment entities identified in our Payments Terms.
● Insurance Controller(s). Insurance/protection products are controlled/processed by the insurer/administrator named in the applicable documentation.
● EU/UK Representative. Hutfin will appoint an EU/UK representative where required.
● UAE Representative. For UAE PDPL, Hutfin will designate a local representative where required.
● APAC Local Contacts.Where required by PIPL (China), DPDP (India), APPI (Japan), etc., Hutfin will provide a local contact/authorized representative.
● DPO/Privacy Lead.Hutfin designates a privacy lead available via the contact below.
Business Details (U.S.)
Hutfin Global Technologies, Inc. (also “Hutfin” where used in your materials) 1720 Stratton Dr, Virginia Beach, VA 23456, USA Primary Email: support@hutfin.com • Alt: director@hutfin.com Phone: +1 (757) 776-9779 Website: https://www.hutfin.com Mobile App: “Hutfin” (iOS/Android)
2. Legal Bases for Processing (GDPR / International Users)
We process Personal Information under one or more of: contractual necessity, consent, legitimate interests, legal obligations, and vital/public interest (rare). You may withdraw consent at any time (without affecting prior lawful processing). Where we rely on legitimate interests, you may object per GDPR/UK GDPR, UAE PDPL, China PIPL, etc.
3. International Data Transfers
We operate globally; your data may be processed in the U.S., UAE, EU/UK, India, Singapore, and other countries.
● EU/UK: Adequacy decisions where available; SCCs or UK IDTA/Addendum as required.
● UAE: Cross-border transfers comply with UAE Data Office requirements (adequacy/contractual safeguards).
● India: DPDP Act transfer mechanisms/contractual safeguards.
● China: PIPL cross-border mechanisms (CAC security assessment/certifications/standard contracts).
● Singapore/Canada/Brazil/South Africa/others: Transfers per applicable law using safeguards or consent.
4. Your International Rights
Depending on your jurisdiction, you may have rights toaccess/know, rectify, delete/erase(subject to blockchain immutability and legal carve-outs), portability, restrict/object, withdraw consent and appeal denials. Contact details and supervisory authorities are provided (EU/UK, UAE, India, China, Japan, Australia/NZ, Brazil, South Africa, Canada, U.S. AGs).
5. Blockchain, NFTs & RWA (Tokenized Assets)
● Wallets: Your blockchain wallet address forms part of your Hutfin identity.
● Public Ledgers:On-chain transactions are public and immutable; Hutfin cannot delete or alter blockchain entries.
● Self-Custody:We do not hold your private keys and are not responsible for lost credentials, mis-signatures, or wallet compromises.
● Global Visibility: On-chain data may be globally accessible.
● Compliance Screening: Wallets/transactions may be screened against AML/sanctions lists per applicable law.
6. Biometric & Sensitive Data (Global)
If biometric data (e.g., facial scans for ID verification) is used, we obtain explicit consent where required, limit retention, and never sell biometric data for marketing. Other sensitive data is processed only with consent or where legally required.
7. Data Retention
We retain data as long as needed for services, legal obligations, fraud prevention, and dispute resolution, honoring GDPR storage limitation and similar regional principles. Blockchain data is permanent and outside Hutfin’s control.
8. Cross-Border Advertising & Opt-Out
We may “share” data for targeted advertising in some jurisdictions. Global opt-outs include account settings, footer links,and signals (e.g., Global Privacy Control in the U.S.). GDPR/UK users have a right to object; UAE PDPL, India DPDP, China PIPL, Brazil LGPD, Nevada/California provide additional opt-outs. Current ads status: We do not serve third-party display ads on consumer surfaces at this time. If that changes, we’ll update this Policy and the Cookie Policy. Promotional/transactional communications and permitted first-party marketing may still occur as described below.
9. Children & Teens (International)
● U.S. COPPA: Under 13 requires verifiable parental consent.
● GDPR/UK: Under 16 consent requires guardian authorization (member-state variations apply).
● CA (U.S.): 13–15 opt-in required for sell/share.
● UAE: Parental consent required for children’s data.
● India: Special consent rules for minors under 18.
● China: Guardian consent under 14.
● Japan: Parental consent as defined by law.
10. Security
We use administrative, technical, and organizational safeguards (encryption, access controls, pseudonymization where feasible). International transfers are protected by SCCs/IDTA, PDPL mechanisms, PIPL requirements, and similar safeguards.
11. Changes to this Policy
We may update this Policy. For material changes, we provide ≥30 days’ advance notice by email, in-app, or website notice.
12. Contact
Hutfin Global Technologies, Inc. — Privacy Office
1720 Stratton Dr, Virginia Beach, VA 23456, USA
Email: support@hutfin.com (Alt: director@hutfin.com)
Phone: +1 (757) 776-9779
EU/UK representative, UAE representative, and APAC local contacts will be published where required by law.
Annex A — California & U.S. State Privacy Notice (CCPA/CPRA, CalOPPA, and Similar Laws)
Disclaimer for California Users. We respect your rights under the CCPA/CPRA and CalOPPA. This Annex also informs other U.S. residents where similar rights apply.
A1. Personal Information We Collect (Categories)
We may collect (as defined by CCPA/CPRA): Identifiers (name/alias, postal address, email, phone, device IDs, IP, government ID where permitted); Commercial Information (products/services considered/purchased); Internet/Network Activity (browsing/search history, interactions with our site/app/ads); Geolocation Data (approximate; precise if you enable it); Professional/Employment Data; Education Records (as applicable); Financial/Payment Data (via processors); Biometric Data (for verification with consent); and Inferences (preferences, characteristics).
A2. Sources of Personal Information
You (account/profile, forms, surveys, uploads);
Automatically (device, cookies, SDKs, logs, crash reports);
Third Parties (identity/KYC vendors, marketing partners, payment processors, background/sanctions screening, social sign-ins, enterprise customers who invite/manage users, referrals/brokerage connections).
A3. Business/Commercial Purposes
Provide and secure the Platform; process payments; enable messaging; conduct KYC/AML/fraud screening; comply with law; personalize content; perform analytics/research/debugging; customer support; marketing (with controls/consent where required); insurance claims handling; enterprise account administration; safety/integrity reviews; and product improvement.
Communications Safety Review: As part of fraud and safety efforts, we may review/scan/analyze user communications and images (automated where feasible; sometimes manual) for safety, fraud, abuse, and legal compliance. We do not sell message contents or scan them to send third-party marketing.
A4. “Selling” or “Sharing” Personal Information
We do not “sell” Personal Information as “sell” is defined by CCPA/CPRA.
We may “share” Personal Information for cross-context behavioral advertising (targeted ads) consistent with the controls in Section 8 above. You can opt out via site footer, account settings, or recognized signals (e.g., GPC).
A5. Disclosures for Business Purposes
We disclose Personal Information to: service providers, payment/identity/KYC vendors, security/fraud partners, analytics providers, hosting/IT, marketing tools (with opt-outs), enterprise customers (for account management), insurers/administrators (if applicable), affiliates, and government/law enforcement where required. We may disclose data in connection with corporate transactions (merger, acquisition, asset sale, restructuring).
A6. Your California & U.S. State Rights
You may request to know/access, correct, delete, opt-out of “sharing”, limit use of sensitive PI (where applicable), and not be discriminated against for exercising your rights. You (or an authorized agent) may submit a verifiable request using the contact options below. We will respond within 45 days (extendable to 90 days with notice). No fee unless requests are excessive or unfounded.
Verification & Authorized Agents: We may require reasonable verification of identity/authority (and POA where applicable). We will only use request data to verify and fulfill your request.
Data Portability: Where technically feasible, we provide a portable format.
Appeals: If we deny your request in a state with an appeal right, you may appeal using the instructions in our response.
How to Exercise U.S. Rights: Email support@hutfin.com with subject “Privacy Rights Request,” or use mechanisms described in our Privacy Policy.
Annex B — Detailed Cookies & Tracking Technologies
Our Platform uses cookies and similar technologies as described in this Policy and our Cookie Policy.
Cookies Defined: Small files stored on your device to remember preferences and measure usage.
1-Pixel Images / Web Beacons: For traffic patterns and campaign measurement.
Local Storage / “Flash” Cookies: For feature support (manage via your device/browser settings).
First-Party vs. Third-Party Cookies: First-party for core features/analytics; third-party for integrations and, if enabled, advertising/attribution.
Essential Cookies: Required for core functionality and cannot be disabled.
Performance/Functionality Cookies: Enhance features; some features may degrade if disabled.
Advertising/Measurement Cookies: Used for relevance, frequency capping, and performance if/when advertising is enabled.
Current status: We do not serve third-party display ads to users at this time. If this changes, we will update this Policy and the Cookie Policy. Marketing messages and on-platform promotions related to Hutfin may still occur (with consent/opt-out where required).
Your Controls: You can manage cookies via browser/device settings and our on-site controls (where offered). Blocking cookies may impact functionality.
Annex C — Additional Detailed Collection & Use Disclosures
C1. Information Needed to Use the Platform
Contact/account/profile data; identity and payment data (e.g., government ID images, license numbers, KYC selfies, bank/payment account info); geolocation (approximate/precise if enabled); usage data; device/log data; payment transaction data.
C2. Information You Choose to Give
Additional profile fields (e.g., gender, languages, city), information about others (with permission), Address Book/Leads Directory entries, forms/surveys/feedback, community posts, optional health information (if you choose to share it).
C3. Information from Third Parties
Social logins (Google, Facebook, LinkedIn), background/sanctions checks (where lawful), enterprise product invitations, referrals/brokerage connections, verification/fraud-prevention partners, demographic/enrichment data, and safety-related signals.
C4. How We Use Personal Information (Expanded)
Providing/improving the Platform; enabling payments and communications; performing analytics/debugging/research; training support; sending updates/security alerts; processing insurance/related claims; personalizing experiences; administering enterprise features; preventing fraud/abuse; risk assessments; verifying/authenticating info; compliance with law; dispute resolution; enforcing terms; evaluating/expanding product features; and (with consent/controls) marketing/advertising activities (emails, referrals, rewards, events).
C5. Payment Services
Used to: detect/prevent money laundering/fraud; meet AML/sanctions obligations; enforce payment terms; and provide/improve Payment Services.
C6. Sharing & Disclosure
With your consent or at your direction.
Public content: Profile details you set public; listings; reviews; forum posts; may be visible and indexed by search engines (opt-outs where available).
Service providers/Processors: Contractually bound to protect data and use it only for our instructions.
Affiliates/Partners: For operational purposes and lawful marketing (with required controls).
Corporate transactions: As permitted by law.
Legal obligations/safety: To comply with law, protect rights/safety, and detect/prevent fraud/abuse.
C7. Selling Personal Information
We do not sell Personal Information as “sell” is defined by CCPA/CPRA. If that changes, we will update this Policy and provide required notices/controls.
Annex D — Rights, Requests, and Response Timelines (Global)
Access/Know; Portability; Correction; Deletion: Submit a verifiable request; we respond within 30–45 days (extendable as permitted).
Exceptions: We may retain data for fraud prevention, legal compliance (e.g., tax/audit), safety, or where deletion is technically infeasible (e.g., immutable blockchain entries, backup retention windows).
Authorized Agents (U.S.): Provide proof of authorization and identity; we may require direct user confirmation.
Non-Discrimination: We will not discriminate against you for exercising your rights.
Manage Your Info: Use account settings to update info or unlink social accounts.
Annex E — Links to Third Parties
We may link to third-party websites/apps/content. Their privacy practices and governing law apply to your use of those properties. Review their privacy notices. Hutfin isn’t responsible for third-party handling of your Personal Information.
Annex F — Security & Protection (Additional)
We use reasonable physical, electronic, and procedural safeguards aligned with industry standards to protect Personal Information and limit access. Avoid sending sensitive information over unsecured/public channels. We’ll notify you of material changes to this Policy and provide a 30-day notice for material updates. If you disagree, you may cancel your account; continued use after effectiveness means you accept the revised Policy.
How to Contact Us (All Regions)
Primary: support@hutfin.com
Alternate: director@hutfin.com
Postal: Hutfin Global Technologies, Inc. — Privacy Office, 1720 Stratton Dr, Virginia Beach, VA 23456, USA
Phone: +1 (757) 776-9779
Regional contacts/representatives (EU/UK, UAE, APAC) will be posted at https://hutfin.com/privacy-policy when appointed.
Quick Links
● Terms of Use: https://hutfin.com/terms
● Privacy Policy (canonical): https://hutfin.com/privacy-policy
● Cookie Policy: https://hutfin.com/cookie-policy