EN
Last Updated: 1 December 2025

This Privacy Policy explains how Zuger-See Financial LLC, doing business as Varto (“Varto,” “we,” “us,” or “our”), collects, uses, discloses, and protects your personal information when you use:

  • the Varto mobile application (“Varto App”);
  • our website at www.varto.app;
  • digital asset transfer and related services made available through the Varto App (collectively, the “Services”).

This Privacy Policy applies to all users of the Services. Certain rights and disclosures may vary depending on your jurisdiction and applicable law.

By creating a Varto Account or continuing to use the Varto App or Services, use of the Services constitutes agreement with this Privacy Policy.

This Privacy Policy is accessible at all times within the Varto App through the application settings or a dedicated privacy section.

1. Who We Are

We are Zuger-see Financial LLC, doing business as “Varto,” a Money Services Business registered with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) under MSB Registration Number 31000271862103, and a company incorporated under the laws of the State of Washington, United States of America, with our corporate office located at 1633 SE 84th CT, Vancouver, WA 98664, USA.

2. Information We Collect

We collect personal information necessary to provide secure, compliant, and reliable financial and digital asset–based transfer services. Information may be collected directly from you, automatically through your device, or from trusted third parties.

2.1. Information You Provide to Us

2.1.1. Account Registration Information

  • Full legal name
  • Email address
  • Mobile phone number
  • Country of residence
  • Account passcode or login credentials
  • Preferred language and communication settings
  • Any additional information you choose to provide during onboarding (including the profile photo).

2.1.2. Identity Verification (KYC) Information

To comply with applicable AML, CFT, and sanctions laws, we may collect:

  • Government-issued identification (passport, driver’s license, state ID)
  • Selfie or biometric verification data
  • Social Security Number or ITIN (where required)
  • Proof of address
  • Sanctions and watchlist screening results
  • Risk, fraud, and compliance-related metadata

Some of this information, including identification documents, biometric data, and government identifiers, is considered sensitive personal data and is collected solely to comply with legal obligations and to prevent fraud and financial crime.

2.1.3. Transaction Information

To process digital asset–based transfers, we collect:

  • Transaction amounts and asset type
  • Recipient name, contact information, and payout details
  • Transfer history and receipts
  • Blockchain transaction identifiers
  • Compliance-related information (e.g., purpose of transfer, where required)
  • Communications related to a transfer

Certain transaction and wallet-related data may be processed by third-party partners that provide custodial wallet or payout services.

2.1.4 Customer Support Information

  • Emails, chat messages, or support communications
  • Call recordings (where permitted by law)
  • Documents or screenshots you provide
  • Internal support notes created to assist you

2.2 Information Collected Automatically

2.2.1 Device and Technical Data

  • IP address
  • Device identifiers and technical identifiers
  • Push notification settings

Device identifiers and technical identifiers are used solely for security, fraud prevention, diagnostics, and service reliability. They are not used for advertising, personalization, or cross-app tracking and are not linked to advertising identifiers.

2.2.2. Logs and crash reports

2.2.2.1. Error and status logs

When you send a support request from within, a series of text files may be attached automatically to the email. These files contain information on the current state of Varto App. This data also contains your device model, your software version and your network status at the time of the error.

2.2.2.2. Crash reports

In case of a crash, Varto will submit a crash report. This report contains information about your device (model, software version, etc.) and the state of Varto App at the time of the crash. No personal data will be transmitted.

2.2.3 Cookies and Tracking Technologies

We use cookies, SDKs, and similar technologies to:

  • Maintain security and session integrity
  • Detect fraud and unauthorized access
  • Authenticate users
  • Analyze usage and improve performance.

Essential cookies are required for the Services to function.

2.3 Information From Third Parties

We may receive information from trusted partners, including:

  • Identity verification providers
  • Custodial wallet and blockchain infrastructure providers
  • Fraud and risk monitoring services
  • Payment and payout partners
  • Mobile carriers and SMS providers
  • Public databases and government sources (e.g., OFAC lists).

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies and similar technologies to collect and analyse information about how user is using our App. This information may include the user's IP address, device type, operating system, app version, and usage data. Google Analytics may also collect information about interactions with the App, such as the pages visited and the features used. For more information on how Google Analytics collects and processes data, please refer to Google's Privacy Policy. We use the information collected through Google Analytics to understand how users interact with our App, improve its functionality, and provide you with a better user experience. This data helps us make informed decisions about updates and enhancements to our App.

Google Analytics is used solely for internal app performance, diagnostics, and improvement purposes. Analytics data is not used for advertising, marketing, profiling, or cross-app tracking.

Google Analytics is configured to collect only aggregated and pseudonymized usage data and does not receive identity verification data, financial information, government identifiers, or biometric data.

2.4 Required and Optional Information

Certain personal information is required to create and use a Varto Account due to legal, regulatory, and security requirements, including identity verification and transaction data.

Other information, such as profile photos or certain preferences, is optional. Choosing not to provide optional information does not affect access to core Services.

3. How We Use Your Information

We use personal information only for lawful purposes and only as necessary to operate the Services.

3.1 To Provide and Maintain the Services

We use your personal information to:

  • Create, operate, and manage your Varto Account
  • Facilitate and support digital asset–based transfers initiated through the Varto App
  • Enable access to custodial digital asset wallet services provided by third-party partners
  • Verify your identity and satisfy applicable onboarding and compliance requirements
  • Authenticate logins and account access
  • Deliver one-time passwords (OTPs), security alerts, and other account-related communications
  • Provide transaction receipts, confirmations, and service notifications
  • Operate, maintain, and ensure the proper functioning of the Services

3.2. To Comply With Legal and Regulatory Obligations

We are required by law to process certain information to comply with:

  • Bank Secrecy Act (BSA)
  • Anti-Money Laundering (AML) rules
  • Countering the Financing of Terrorism (CFT) requirements
  • OFAC sanctions programs
  • Recordkeeping and audit obligations
  • Law enforcement inquiries and subpoenas

3.3. For Fraud Prevention, Security & Risk Management

We use data to:

  • Prevent unauthorized access
  • Detect suspicious or unusual activity
  • Identify fraud patterns
  • Protect your account
  • Enforce compliance policies
  • Prevent prohibited transactions

3.4 For Customer Support

We use your information to:

  • Respond to inquiries
  • Investigate complaints
  • Resolve disputes
  • Provide operational assistance

3.5 For Internal Operations

We use data to:

  • Respond to inquiries
  • Investigate complaints
  • Resolve disputes
  • Provide operational assistance

3.6 No Sale of Personal Information

Varto does not sell personal or sensitive information. Third-party service providers and SDKs used in connection with the Varto App are contractually restricted from selling, sharing, or using personal or sensitive information for advertising, marketing, or other unrelated purposes.

4. How We Share Information

We share personal information only as permitted by applicable law and only to the extent necessary to provide secure, compliant, and reliable Services. We do not sell your personal information.

4.1. Third-Party Partners Supporting the Services

We share information with trusted third-party partners that are directly involved in providing, supporting, or executing the Services, including digital asset–based transfers. These partners receive only the information necessary to perform their functions.

Such partners may include:

4.1.1. Custodial Wallet and Digital Asset Service Providers

Used to:

  • Establish and maintain custodial digital asset wallets
  • Facilitate the holding, transfer, and settlement of stablecoins or other supported digital assets
  • Record and process blockchain transactions
  • Support wallet-related functionality and transaction history.

4.1.2. Banking and Payment Infrastructure Providers

Used to:

  • Process ACH transfers used to fund custodial wallets, where applicable
  • Validate bank account information
  • Handle transfer returns, rejections, or reversals related to wallet funding

4.1.3. Payout and Off-Ramp Partners

Including licensed third-party service providers in destination countries.

Used to:

  • Convert digital assets to fiat currency, where applicable
  • Deliver funds to Recipients via supported payout methods (such as bank accounts or mobile wallets)
  • Perform Recipient verification and comply with local regulatory requirements in payout jurisdictions

4.2. Identity Verification and Compliance Providers

We share information with third-party identity verification and compliance service providers to:

  • Verify your identity in accordance with AML, CFT, and sanctions requirements
  • Authenticate government-issued documents and biometric data
  • Validate phone numbers, email addresses, and device associations
  • Conduct sanctions, watchlist, and adverse media screening
  • Detect and prevent fraud, abuse, or high-risk activity

These providers may receive, as applicable:

  • Copies of identity documents
  • Selfie or live-verification data
  • Government-issued identifiers (such as SSN or ITIN, where required by law)
  • Device, network, or behavioral data used for fraud detection.

4.3. Regulatory and Law Enforcement Authorities

We may disclose personal information when required to comply with applicable laws or lawful requests, including:

  • Subpoenas, summonses, or search warrants
  • Court orders or judicial proceedings
  • Regulatory examinations, audits, or reporting obligations
  • Sanctions and export control requirements, including OFAC programs
  • Investigations relating to fraud, financial crime, or threats to public safety.

Such disclosures are made only to the extent required by law.

4.4. Service Providers

We may share personal information with service providers that support our business operations. These providers act solely on our behalf and in accordance with our instructions and contractual obligations.

Such service providers may include:

4.4.1. Cloud Infrastructure Providers

Used for secure data hosting, storage, processing, and encryption.

4.4.2. Security and Fraud Prevention Providers

Used to monitor activity, detect anomalies, and protect accounts and systems.

4.4.3. SMS and Communications Providers

Used to deliver OTPs, verification messages, and account or security notifications.

4.4.4. Technical and Development Providers

Used for application maintenance, analytics, debugging, testing, and performance monitoring.

4.4.5. Customer Support Platforms

Used to manage support requests, communications, and related operational workflows.

All service providers are contractually required to:

  • Maintain the confidentiality of personal information
  • Implement appropriate technical and organizational security measures
  • Process data only for the purposes specified by Varto.

4.4.6 Other Varto customers

Other Varto customers will be able to search for you through the Varto app using your mobile phone number. When they input your mobile phone number, they will be able to see your name and profile photo (if you have one).

You may manage the visibility of your profile information through the Varto App settings, where available.

5. Use of Camera and Storage

The Varto App may request access to the device camera to support core functionality, including identity verification and compliance requirements. Camera access is used to capture photographs or video images, such as selfies or images of identification documents, for the purpose of verifying identity, preventing fraud, and complying with applicable legal and regulatory obligations.

Camera access is requested only when such functionality is required, and captured images are processed solely for the purposes described in this Privacy Policy. Images are not used for advertising or marketing purposes.

Permission to access the camera may be managed or revoked through device settings. Please note that disabling camera access may limit or prevent the ability to complete identity verification or use certain Services.

The App may request access to your device’s storage to save and retrieve data necessary for its functionality.

6. Privacy Policies of Third-Party Partners

Certain features of the Services, including custodial digital asset wallet services and related functionality, are provided by third-party partners, including Bridge Ventures LLC (“Bridge”).

By accessing or using any Services that rely on Bridge’s custodial wallet or digital asset infrastructure, you acknowledge and agree that your personal information may be collected, used, and shared by Bridge in accordance with Bridge’s applicable privacy policy, which governs Bridge’s independent data processing practices.

Bridge’s privacy policy will be made available to you through the Varto App and may also be accessed via a link provided in connection with the Services.

Your use of Bridge-provided services is subject to Bridge’s privacy policy in addition to this Privacy Policy. Varto is not responsible for Bridge’s independent privacy practices, data handling, or security measures, except to the extent required by applicable law.

7. SMS & Electronic Communications

When you provide your mobile phone number and create a Varto Account, you consent to receive SMS text messages used exclusively for:

  • account registration and activation,
  • login authentication and one-time passwords (OTP),
  • identity verification,
  • important account and security notifications,
  • updates regarding your transactions.

Varto does not send marketing or promotional SMS messages.

We use your phone number, device identifiers, and IP address to authenticate your device, prevent fraud, and ensure secure delivery of SMS messages. To deliver these messages, we may use third-party SMS gateway providers and mobile network operators, who process this information solely on our behalf.

Message frequency depends on your activity. Your mobile carrier may apply message or data rates.

You may opt out of SMS at any time by replying STOP, but doing so may prevent you from using the Service, as SMS verification is required for account security and identity verification. For assistance, you may reply HELP or contact support@varto.app

8. Your Privacy Rights

Depending on your country or state of residence, you may have certain privacy rights under applicable data protection and privacy laws. These rights may vary by jurisdiction and may be subject to limitations where processing is required for legal, regulatory, or compliance purposes.

8.1. Right to Access

You may request confirmation of whether we process your personal information and, where applicable, request access to the personal information we maintain about you.

8.2. Right to Correct

You may request that we correct or update inaccurate or incomplete personal information, subject to verification and applicable legal requirements.

8.3. Right to Delete

You may request deletion of your personal information where permitted by applicable law. Requests for account deletion may be submitted through the Varto App or via email, as described in Section 9.

Certain information cannot be deleted or anonymized due to legal and regulatory obligations, including requirements related to anti-money laundering (AML), counter-terrorist financing (CFT), sanctions compliance, fraud prevention, and mandatory recordkeeping for regulated financial services.

8.4. Right to Restrict or Object to Certain Processing

Depending on applicable law, you may have the right to restrict or object to certain processing of your personal information. These rights do not apply where processing is necessary to:

  • Provide and maintain the Services
  • Process digital asset–based transfers
  • Verify your identity
  • Comply with AML, CFT, sanctions, and other applicable financial compliance requirements
  • Detect and prevent fraud or security incidents
  • Maintain your Varto Account.

Varto does not sell your personal information and does not share it for cross-context behavioral advertising.

8.5. Right to Data Portability

Where required by applicable law, you may request a copy of certain personal information in a structured, commonly used, and machine-readable format.

8.6. Right to Withdraw Consent

Where we rely on your consent for specific processing activities (such as SMS communications), you may withdraw your consent at any time. Please note that withdrawing consent may limit or prevent your ability to use certain Services, including identity verification or account security features.

8.7. Right to Non-Discrimination

We will not discriminate against you for exercising any of your applicable privacy rights.

Important Limitations for Regulated Financial Services

Your privacy rights may be limited by legal and regulatory obligations applicable to regulated financial services, which may require us to:

  • Retain certain records for a minimum period (including at least five (5) years under the U.S. Bank Secrecy Act, where applicable)
  • Maintain identity verification and transaction records for AML/CFT and sanctions compliance
  • Retain information necessary for fraud prevention, investigations, audits, and regulatory reporting.

As a result, we may be unable to delete, modify, or restrict processing of certain personal information, even upon request.

8.8. How to Exercise Your Rights

To exercise any applicable privacy rights, please contact us at privacy@zuger-see.com.

We may require you to verify your identity before processing your request, in order to protect your information and comply with applicable laws.

9. Account Deletion and Data Deletion Requests

You may request deletion of your Varto account directly within the Varto App using the account deletion feature, or by contacting us at privacy@zuger-see.com.

Submitting an account deletion request closes your account and initiates an account deletion process. Account deletion requests are subject to identity verification and regulatory review.

Due to legal and regulatory obligations, certain data, including identity verification, transaction and compliance records, cannot be deleted immediately and must be retained for required retention periods. Any personal information that is no longer required will be deleted or anonymized in accordance with applicable law. All retained data continues to be protected using appropriate security measures.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including providing our Services, maintaining your Varto Account, ensuring security, and complying with legal, regulatory, and contractual obligations. As a regulated U.S. Money Services Business, we are required under federal anti-money laundering (AML) laws, Bank Secrecy Act (BSA) requirements, OFAC rules, and other applicable financial services and compliance regulations to retain certain categories of data, including identity verification information, transaction records, communications related to transactions, and compliance documentation for a minimum period that typically extends five (5) years or longer, depending on the specific type of record and the applicable jurisdiction. We may also retain information as needed to investigate fraud, resolve disputes, enforce our Terms, protect our legal rights, respond to law enforcement requests, and maintain accurate business and financial records.

Once these mandatory retention periods expire, and unless applicable law requires a longer retention period, we may delete, anonymize, or otherwise de-identify your personal information in a secure manner. Some information may continue to be retained in backup systems until those backups are cycled out. Please note that certain data cannot be deleted upon request where laws or regulatory obligations require us to retain it, including information related to KYC/identity verification, transaction records, and compliance audits.

11. Data Security

We implement appropriate physical, technical, and organizational measures designed to protect personal and sensitive information against unauthorized access, loss, misuse, alteration, or disclosure.

These measures include encryption of personal data in transit using HTTPS/TLS and encryption at rest using industry-standard encryption methods, multi-factor authentication for account access, secure and monitored server environments, and continuous system monitoring to detect and prevent unauthorized or suspicious activity.

Access to personal information is restricted to authorized personnel on a need-to-know basis and subject to role-based access controls. Employees, contractors, and service providers are required to comply with confidentiality obligations, follow security best practices, and undergo appropriate training.

Our systems and processes are regularly maintained, updated, and tested to support the ongoing security, integrity, and availability of the Services. While we take reasonable steps to protect personal information, no method of transmission or storage can be guaranteed to be completely secure.

Despite our efforts to protect your information, no method of transmission over the internet or method of electronic storage is entirely risk-free. While we strive to implement strong security measures, we cannot guarantee absolute security, and you understand that the transmission of information to or from the Varto App is done at your own risk. If we become aware of a security incident that affects your personal information, we will notify you in accordance with applicable laws and regulatory requirements.

12. Children’s Privacy

Varto is not intended for individuals under the age of 18. We do not knowingly collect data from minors. If we become aware that personal data from a minor has been collected, we will promptly delete such data in accordance with applicable law.

13. International Transfers

Your personal information may be transferred to, stored in, or processed in jurisdictions outside of your state or country of residence. These jurisdictions may have data protection laws that differ from those in your home state or country; however, we implement robust contractual, technical, and organizational safeguards to ensure that any cross-border data transfers are conducted in compliance with applicable privacy, financial, and regulatory requirements.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. If changes materially affect your rights, we will notify you via:

  • Email
  • the Varto App, or
  • our website.

15. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

Email: privacy@zuger-see.com

Mail: Zuger-See Financial LLC, 1633 SE 84th CT, Vancouver, WA 98664, USA

Thank you for subscribing to VARTO updates.
You’ll be the first to know about our news, updates, and new launches.