Política de privacidad
U.S. Privacy Notice
Last updated: May 20, 2026
1. Overview and Controllers
This U.S. Privacy Notice Supplement (the “U.S. Notice”) describes how the OSMO platform handles personal information of U.S. residents and the rights available to U.S. residents under applicable federal and state laws.
For U.S. residents, personal information is collected and processed by two different controllers:
1.1 Bridge Ventures, LLC (Bridge)
Bridge Ventures, LLC (operating through Bridge Building Inc, NMLS #2450917) is the controller of personal information that is “nonpublic personal information” (NPI) subject to the Gramm-Leach-Bliley Act (“GLBA”). NPI includes personally identifiable financial information provided to Bridge in connection with obtaining a financial product or service.
Bridge’s collection, use, and sharing of NPI is governed by Bridge’s Privacy Policy, provided separately. Please refer to Bridge’s Privacy Policy for information about NPI.
1.2 HODL Group LLC
HODL Group LLC, a Wyoming limited liability company doing business as “OSMO,” with U.S. mailing address at 781 Crandon Blvd, Apt 705, Key Biscayne, FL 33149, is the controller of personal information that is not subject to GLBA, including:
(a) Information about your use of the OSMO platform;
(b) Information collected through cookies, analytics tools, and similar technologies;
(c) Marketing and communications preferences;
(d) Information you provide for customer support purposes that does not constitute NPI;
(e) Information collected before you become a customer of Bridge;
(f) Aggregated and anonymized data derived from the foregoing.
The OSMO Global Privacy Policy and this U.S. Notice govern HODL Group LLC’s collection, use, and sharing of non-GLBA personal information.
1.3 No Latin American subsidiary services to U.S. residents
As stated in the OSMO Global Privacy Policy and in the OSMO U.S. Terms Supplement, HODL Group LLC’s Latin American subsidiaries (Osmo Guatemala, Osmo El Salvador, Osmo Costa Rica) do not provide financial services to U.S. residents. Financial services to U.S. residents are provided exclusively by Bridge.
2. Federal Privacy Framework
2.1 Gramm-Leach-Bliley Act (GLBA)
Bridge, as a U.S.-licensed money transmitter, is subject to the GLBA and its implementing regulations (Regulation P and the Safeguards Rule). Bridge’s GLBA privacy notice is provided directly to you by Bridge.
2.2 Electronic Fund Transfer Act (Regulation E)
To the extent applicable, U.S. residents have rights under the EFT Act and Regulation E (12 C.F.R. Part 1005). The applicable procedures and protections are described in the Bridge Terms of Service.
2.3 Bank Secrecy Act (BSA) recordkeeping
Bridge is subject to BSA and FinCEN recordkeeping requirements, requiring retention of certain customer information and transaction records for a minimum of five (5) years. This recordkeeping obligation prevails over consumer deletion rights with respect to information subject to BSA retention.
2.4 Children’s Online Privacy Protection Act (COPPA)
OSMO offers limited functionality to children under 18 (including children under 13) exclusively under the “Subcuenta de Usuario” regime, with verifiable parental consent. Children under 13 may only access OSMO services through a Subcuenta de Usuario created by their parent or legal guardian who maintains a primary OSMO account. The collection, use, and disclosure of personal information from children under 13 is governed by Section 14 (Children’s Privacy Notice) of this U.S. Notice.
3. State Privacy Laws
As of the date of this U.S. Notice, the following U.S. states have enacted comprehensive consumer privacy laws that may apply to processing by HODL Group LLC for non-GLBA data:
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.
3.1 GLBA exemption — important note
Many state privacy laws contain exemptions for financial institutions or data subject to GLBA:
- California (CCPA/CPRA): data-level exemption. Bridge’s NPI is exempt; non-GLBA data collected by HODL Group LLC is subject to CCPA/CPRA.
- Montana (effective October 2025) and Connecticut (effective July 2026): data-level GLBA exemption. Non-GLBA data is subject to these state laws.
- Other states (Virginia, Colorado, Texas, Utah, etc.): most provide entity-level exemption for entities subject to GLBA, which exempts Bridge entirely. HODL Group LLC, as a non-financial-institution technology provider, does not benefit from the GLBA entity-level exemption and is subject to applicable state privacy law for the personal information it processes.
4. California (CCPA / CPRA)
If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:
4.1 Right to know
Request that HODL Group LLC disclose categories of personal information collected, sources, business or commercial purpose, categories of third parties with whom personal information is shared, and specific pieces of personal information.
4.2 Right to delete
Request deletion of personal information, subject to applicable exceptions (legal retention obligations, fraud prevention, security, completion of transactions).
4.3 Right to correct
Request correction of inaccurate personal information.
4.4 Right to opt out of sale or sharing
HODL Group LLC does not sell personal information for monetary consideration. To the extent that any sharing for cross-context behavioral advertising constitutes “sharing” under CCPA, you may opt out by:
- Clicking the “Do Not Sell or Share My Personal Information” link on osmomoney.com;
- Using a Global Privacy Control (GPC) signal;
- Contacting cumplimiento@osmomoney.com.
4.5 Right to limit use of sensitive personal information
Right to limit the use and disclosure of sensitive personal information.
4.6 Right to non-discrimination
HODL Group LLC will not discriminate against you for exercising any CCPA rights.
4.7 Right to access information about automated decision-making
To the extent applicable under California regulations effective January 1, 2027.
4.8 Authorized agents
You may authorize an agent to submit requests on your behalf. Written authorization signed by you required; HODL Group LLC may require identity verification directly.
4.9 How to exercise rights
Contact cumplimiento@osmomoney.com or use the in-platform privacy settings. Response within 45 days, with a possible extension of up to 45 additional days.
4.10 Categories of personal information collected (CCPA disclosure)
| Category | Examples | Collected? |
|---|---|---|
| A. Identifiers | Name, email, IP, account ID | Yes |
| B. Cal. Civ. Code § 1798.80(e) | Name, address, phone, financial info (NPI by Bridge) | Yes |
| C. Protected classifications | Age, citizenship for KYC | Yes |
| D. Commercial information | Records of services used | Yes |
| E. Biometric information | Facial image and liveness for KYC | Yes |
| F. Internet/network activity | osmomoney.com browsing, app interactions | Yes |
| G. Geolocation data | Approximate from IP; precise with consent | Yes |
| H. Sensory data | Customer service call recordings | Yes |
| I. Professional information | Occupation at onboarding | Yes |
| J. Education information | Not collected | No |
| K. Inferences | Risk scores, fraud flags | Yes |
| L. Sensitive personal information (CPRA) | Government ID, biometric, credentials, precise geolocation | Yes |
4.11 Sources of personal information
Directly from you, from your use of the platform, from Bridge and other partners, and from third-party data sources (sanctions lists, PEP databases, identity verification services).
4.12 Purposes for collection
Service provision, KYC and compliance, fraud prevention, security, legal compliance, product improvement, and marketing (with consent).
4.13 Sharing of personal information
With categories of recipients described in Section 4 of the Global Privacy Policy. HODL Group LLC does not sell personal information for monetary consideration.
4.14 Retention
Per Section 8 of the Global Privacy Policy and Section 7 below.
5. Other state-specific rights
5.1 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and similar
Residents of Virginia, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, or Utah have the following rights with respect to non-GLBA personal information:
(a) Confirm processing;
(b) Access personal data;
(c) Correct inaccuracies;
(d) Delete personal data, subject to legal retention;
(e) Data portability;
(f) Opt out of (i) targeted advertising, (ii) sale, or (iii) profiling in furtherance of decisions with legal or similarly significant effects.
5.2 Florida
Rights under the Florida Digital Bill of Rights.
5.3 Texas
Rights under the Texas Data Privacy and Security Act, similar in scope to Virginia’s law.
5.4 Maryland (MODPA, effective October 1, 2026)
Rights under MODPA, including restrictive provisions on the sale of sensitive data.
5.5 Appeals process
In states that require an internal appeals process (Colorado, Connecticut, Virginia, and others), appeals to cumplimiento@osmomoney.com within the timeframe specified by your state’s law.
5.6 How to exercise state-specific rights
Contact cumplimiento@osmomoney.com, specifying:
(a) State of residence;
(b) Specific right to exercise;
(c) Information sufficient to verify identity;
(d) Authorization for an agent, if applicable.
Response within timeframes prescribed by state law, generally within 45 days.
6. Sensitive Personal Information
| Category | Purpose | Legal basis |
|---|---|---|
| Biometric information (facial image for KYC) | Identity verification, fraud prevention | Consent at onboarding; legal obligation (BSA, AML) |
| Government ID numbers (SSN, driver’s license, passport) | KYC, sanctions screening | Legal obligation |
| Precise geolocation | Location-based services (when enabled) | Express consent |
| Account credentials | Account access | Service provision |
| Financial account information | Service provision (handled primarily by Bridge under GLBA) | Service provision |
HODL Group LLC does not use sensitive personal information for purposes other than those necessary to provide the services reasonably expected, or as otherwise permitted by law.
7. Retention
- NPI (handled by Bridge): retained for at least five (5) years as required by BSA and applicable state money transmission laws.
- Non-GLBA platform usage data: retained as long as necessary for the purposes described, consistent with state privacy law requirements.
- Children’s information: retained per Section 14.
- Records subject to legal hold: retained until the legal hold is released.
8. International transfers from the U.S.
When you use the OSMO platform from the United States, certain non-GLBA personal information processed by HODL Group LLC may be transferred to or accessed from outside the United States. HODL Group LLC implements contractual safeguards with such recipients to require an appropriate level of protection consistent with U.S. and applicable foreign law.
9. Do Not Track and Global Privacy Control
HODL Group LLC honors the Global Privacy Control (GPC) signal as an opt-out preference signal under CCPA and applicable state laws. If your browser sends a GPC signal while on osmomoney.com, HODL Group LLC will treat it as a request to opt out of sale or sharing.
HODL Group LLC currently does not respond to “Do Not Track” (DNT) signals other than as described above with respect to GPC.
10. Cookies and tracking technologies
osmomoney.com uses cookies and similar technologies as described in Section 11 of the Global Privacy Policy and in the Cookie Notice available at osmomoney.com/cookies.
11. Notice at Collection (CCPA)
This U.S. Notice serves as the “notice at collection” required by CCPA.
12. Contact
For all matters relating to this U.S. Notice or to the processing of your non-GLBA personal information by HODL Group LLC:
- Privacy email: cumplimiento@osmomoney.com
- Customer support: ayuda@osmomoney.com
- Mailing address (HODL Group LLC): 781 Crandon Blvd, Apt 705, Key Biscayne, FL 33149, U.S.A.
- Website: osmomoney.com
For matters relating to NPI processed by Bridge under GLBA, refer to Bridge’s Privacy Policy.
For matters relating to children’s information, see Section 14 below.
13. Updates
HODL Group LLC may update this U.S. Notice from time to time. Material updates will be notified as described in Section 12 of the Global Privacy Policy.
14. Children’s Privacy Notice
Effective: May 20, 2026
This Children’s Privacy Notice explains how HODL Group LLC, doing business as OSMO (“OSMO,” “we,” and “us”), collects, uses, and discloses information relating to children under the age of 13 (“child” or “children”), in compliance with the Children’s Online Privacy Protection Act (“COPPA”) and applicable state laws.
OSMO offers access to children only through the “Subcuenta de Usuario” regime, which requires the creation of a sub-account by a parent or legal guardian who maintains a primary OSMO account.
14.1 Information We Collect About Children
Account Sign-Up
When you, a parent or legal guardian (“Parent”), create a Subcuenta de Usuario on behalf of your child within your OSMO account, we collect from you the following information about your child:
(a) Your child’s name;
(b) Your child’s date of birth;
(c) Contact information for your child (when applicable);
(d) The relationship between you and the child.
We do not collect biometric information from the child, do not require government-issued identification from the child, and do not perform any identity verification (KYC) directly on the child. All identity verification is performed solely on the Parent.
Transactional Information
When a child uses OSMO services through their Subcuenta to make payments or financial transactions, we collect:
(a) When and where the transactions occur;
(b) The names of the transacting parties;
(c) A description of the transactions;
(d) The payment amounts;
(e) The devices used (e.g., the OSMO Visa Card associated with the Subcuenta).
Public Visibility — None
OSMO does not enable your child to make personal information publicly available.
14.2 How We Use Children’s Information
Providing, Improving, and Developing Our Services
(a) Processing or recording payment transactions or money transfers through the Subcuenta;
(b) Displaying historical transaction information to you, the Parent;
(c) Providing, maintaining, and improving our services;
(d) Developing new products and services for families;
(e) Delivering the information and support requested;
(f) Measuring, tracking, and analyzing trends and usage;
(g) Otherwise providing the products and features you or your child choose to use.
Communicating About Our Services
(a) Sending you (the Parent) surveys and getting your feedback;
(b) Sending you information about our services or that you have requested.
We do not send marketing or promotional communications directly to the child.
Protecting Our Services and Maintaining a Trusted Environment
(a) Conducting investigations and complying with applicable laws;
(b) Contacting you to resolve disputes, collect fees, and help with using our services;
(c) Debugging errors;
(d) Enforcing our Terms of Service;
(e) Investigating fraud, security breaches, or other potentially prohibited activities;
(f) Protecting rights, property, security, or integrity;
(g) Verifying or maintaining quality and safety;
(h) Verifying your identity (the Parent’s identity).
Other Uses
We will notify you and obtain your verifiable consent before we use your child’s personal information for any purpose materially different from those described above.
14.3 When and With Whom We Share Children’s Information
We disclose children’s personal information only where integral to our services or to support our internal operations:
(a) Other users or merchants, when you or your child make payments through the Subcuenta;
(b) Service providers (infrastructure providers, payment partners like Bridge for U.S. financial services, card issuers like Rain for the OSMO Visa Card, identity verification providers);
(c) Other parties as part of a business transfer or corporate change;
(d) Other parties for legal compliance or safety purposes.
We will notify you and obtain your verifiable consent before we disclose your child’s personal information for any other reason.
We also may share aggregated and/or anonymized information that does not specifically identify any individual user.
We do not sell or rent your child’s personal information to third parties for their own marketing or commercial purposes.
14.4 How Long We Keep Children’s Information
We keep your child’s information as long as necessary to provide the services, comply with applicable laws, detect or prevent fraud, collect fees owed, resolve disputes, address problems, assist with investigations, enforce our Terms of Service, or take any other actions consistent with applicable law.
Even after you close the Subcuenta, we may retain the child’s information to the extent necessary for the above purposes and to comply with retention requirements applicable to our regulated partners (including Bridge under BSA).
14.5 Parental Choices and Controls
As a Parent, you have the following rights:
(a) Refuse further collection: by closing the Subcuenta;
(b) Request deletion of your child’s personal information, subject to legal retention obligations;
(c) Request access to your child’s personal information that we have collected;
(d) Request correction of inaccurate personal information;
(e) Revoke consent at any time, which will result in closure of the Subcuenta.
Please note your child may no longer be able to use our services if you close the Subcuenta or request deletion.
To submit an access, closure, deletion, or correction request, please contact cumplimiento@osmomoney.com from the email address associated with your primary OSMO account, identifying clearly the child and the Subcuenta involved. We will verify your identity as the Parent before processing.
14.6 Verifiable Parental Consent
Before collecting any personal information from a child or enabling a Subcuenta, OSMO obtains verifiable parental consent using one or more of the following methods recognized by the FTC under COPPA:
(a) The Parent’s affirmative acceptance of this Privacy Notice and the OSMO Terms of Service from within the Parent’s verified primary OSMO account;
(b) The Parent’s submission of identification documentation during the OSMO KYC process for the primary account;
(c) Other verifiable methods that OSMO may implement from time to time.
The Parent’s primary OSMO account is itself verified through OSMO’s standard KYC process.
14.7 No Conditioning of Participation
OSMO does not condition a child’s participation in any activity on the child disclosing more personal information than is reasonably necessary, consistent with COPPA’s requirements.
14.8 Children Between 13 and 17
For minors between 13 and 17 (not covered by COPPA but still minors under U.S. and applicable state law), the Subcuenta de Usuario regime continues to apply: such minors may only access OSMO services through a Subcuenta de Usuario created and authorized by their Parent. Section 14’s additional protections apply as a matter of OSMO policy.
14.9 Need Help or Have Questions About Children’s Privacy?
HODL Group LLC
781 Crandon Blvd, Apt 705
Key Biscayne, FL 33149
United States of America
Email: cumplimiento@osmomoney.com
Customer support: ayuda@osmomoney.com
Website: osmomoney.com
This U.S. Notice has been prepared in accordance with applicable U.S. federal and state laws, including CCPA/CPRA, COPPA, and the comprehensive privacy laws of the states identified above.
End of document — Annex E · United States Privacy Notice Supplement