PRIVACY POLICY

ZORRZ Financial Inc.

Effective date: May 2, 2026  ·  Last updated: May 3, 2026

PILVI Privacy Policy

ZORRZ Financial Inc. (“ZORRZ,” “we,” “us,” or “our”) operates PILVI, an AI-powered financial coaching application delivered as a mobile application and related web services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, protect, and otherwise process personal information when you access our website at meetpilvi.com, join our waitlist, download or use the PILVI mobile application, or otherwise interact with the Services.

We take your privacy seriously. PILVI is a financial product, the information you share with us is sensitive, and we treat it accordingly. Please read this Privacy Policy carefully. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with any part of this Privacy Policy, you must not use the Services.

PILVI is currently available only to residents of Ohio and Florida. Personal information collected from users in other US states or international locations may be deleted upon discovery, except as required to enforce our Terms or comply with applicable law. EU/UK/Swiss residents are not currently within the intended user base; should you nonetheless interact with the Services from those regions, the rights described in Section 13 still apply to your information.

2. Who we are

ZORRZ Financial Inc. is a Delaware C-Corporation (Entity ID: 10501789), formed February 6, 2026, registered with the Delaware Division of Corporations and classified under NAICS code 541512 (Computer Systems Design Services).

For the purposes of the European Union General Data Protection Regulation (“GDPR”) and the United Kingdom GDPR, ZORRZ Financial Inc. is the data controller of your personal information processed in connection with the Services.

3. Scope of this Privacy Policy

This Privacy Policy applies to personal information we collect through:

  • The PILVI marketing website at meetpilvi.com;
  • The PILVI waitlist signup and related email communications;
  • The PILVI mobile application for iOS (and Android, when made available);
  • Any connected account integrations you authorize (including financial account linking through Plaid);
  • Any other ZORRZ-operated service that links to or references this Privacy Policy.

This Privacy Policy does not apply to third-party websites, applications, or services, including your bank, Plaid, payment processors, or merchants whose services you access through PILVI. Those third parties operate under their own privacy policies, and we encourage you to check them.

The ZORRZ BlueAccess credit card product is governed by a separate privacy policy available at zorrz.com/privacy-policy-usa.

4. Information we collect

We collect personal information in three ways: information you provide to us directly, information collected automatically when you use the Services, and information received from third parties you authorize.

4.1 Information you provide to us

Waitlist signup

  • Email address
  • Any voluntary information you include in subsequent email correspondence with us

Account registration

  • Full legal name
  • Date of birth (for 18+ age verification only)
  • State of residence (for Ohio/Florida eligibility verification)
  • Email address
  • Telephone number (optional, for support contact only)

PILVI V1 is a financial wellness coaching application. We do not move money, hold deposits, extend credit, or otherwise act as a money services business. As such, we do not require Know Your Customer (KYC), Anti-Money-Laundering (AML), or Bank Secrecy Act compliance verification. We do not collect Social Security Numbers, government identification documents, or biometric data. If we ever introduce features that require such collection, we will update this Policy and obtain your separate consent.

Subscription and payment

  • Billing name and address
  • Payment card information (processed by Apple In-App Purchase or Google Play Billing; we do not store card numbers)
  • Subscription tier, effective date, renewal date, and billing history

Communications

  • Support requests, feedback, survey responses, and correspondence with our team

4.2 Information collected automatically

Device and usage data

  • Device identifiers (iOS IDFA, Android Advertising ID, only where you have provided consent)
  • Device type, operating system, operating system version, device model
  • IP address, approximate geographic location derived from IP address
  • App version, session duration, features used, screens viewed, in-app actions
  • Error and crash diagnostics

Website analytics

  • Pages viewed, referring URL, time on page, device type, browser type
  • We use Plausible Analytics, a privacy-preserving analytics service that does not use cookies and does not collect personal data

Cookies and similar technologies

  • Essential cookies required for the website to function
  • No advertising cookies, no cross-site tracking cookies, no third-party marketing pixels

4.3 Information from third parties, Plaid integration

When you use the PILVI mobile application, you may choose to connect your financial accounts to PILVI through Plaid Inc. (“Plaid”), a third-party data provider. If you do so, Plaid transmits to us the financial information you authorize, which may include:

  • Account identifiers and account type (checking, savings, credit card, loan, investment)
  • Account balances (current and available)
  • Transaction history, including merchant name, amount, date, and category
  • Account holder name as registered with your financial institution
  • Routing and account numbers (only if required to initiate funds transfers you expressly authorize)
  • Interest rates, fees, credit limits, and due dates associated with your accounts

Important: Plaid collects and processes your financial institution login credentials directly, we do not see, store, or have access to your bank username or password. The connection between your bank and PILVI is read-only by default. PILVI acts strictly as a read-only analytics engine. PILVI does not initiate the movement of funds on your behalf.

Plaid’s own privacy practices are governed by the Plaid End User Privacy Policy, available at plaid.com/legal/#end-user-privacy-policy. We encourage you to check it.

4.4 Information we do not collect

PILVI is designed with data minimization as a core principle. We do not collect:

  • Social Security Numbers, Taxpayer Identification Numbers, or government identification (V1 does not require KYC)
  • Biometric data, biometric templates, or biometric verification photographs
  • Precise geolocation data (GPS coordinates), we use IP-based geolocation only for state verification, not continuous tracking
  • Contacts, photos, microphone data, or camera data from your device
  • Advertising identifiers for the purpose of serving advertisements (we do not serve advertisements)
  • Information from children under 18 (see Section 15)

5. How we use your information

We use your personal information for the following purposes:

5.1 To provide and operate the Services

  • Create and maintain your PILVI account
  • Connect your financial accounts through Plaid and retrieve the data you authorize
  • Generate financial coaching insights and observations based on your data
  • Produce explainability records, audit logs, and signed receipts for every AI-generated response
  • Process subscription payments and manage your subscription status

5.2 To verify eligibility and comply with law

  • Verify that you are at least 18 years old
  • Verify that you are a resident of Ohio or Florida
  • Detect, investigate, and prevent fraud, security incidents, and unauthorized activity
  • Respond to lawful legal requests, court orders, and regulatory inquiries
  • Comply with consumer protection and financial wellness regulations applicable to PILVI as a non-money-services-business application

5.3 To communicate with you

  • Send transactional messages relating to your account, coaching interactions, or subscription
  • Send waitlist updates, launch announcements, and product notices
  • Respond to your support requests and feedback
  • With your consent, send marketing communications (which you can unsubscribe from at any time)

5.4 To improve the Services

We analyze aggregate usage patterns to improve features, performance, and reliability of the Service.

PILVI V1 is trained exclusively on synthetic financial data generated for that purpose, not on real user data. We do not use your individual transaction history, account balances, financial details, or coaching interactions to train AI models without your explicit, separate consent.

If we ever plan to use real user data for model training in future versions of PILVI, we will:

  1. Notify you in advance through the App and by email at least 30 days before implementation
  2. Provide an opt-in mechanism, your data will not be used unless you affirmatively opt in
  3. Use only de-identified, aggregated data
  4. Honor your right to withdraw consent at any time, with the corresponding data deleted from training pipelines within 30 days

Your decision to opt in or decline AI training data use will not affect your access to the Services.

5.5 Legal bases for processing (EU/UK residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:

  • Performance of a contract: to provide you with the Services you have requested;
  • Legal obligation: to comply with applicable laws, including consumer protection and financial regulation requirements;
  • Legitimate interests: to secure our Services, prevent fraud, improve our product, and communicate with you about your account (where these interests are not overridden by your rights);
  • Consent: for marketing communications and any optional processing you explicitly authorize (which you can withdraw at any time).

6. How we share your information

We do not sell your personal information. We do not rent it. We do not share it for cross-context behavioural advertising. The only circumstances in which we share your information are described below.

6.1 Service providers

We share personal information with third-party service providers that help us operate the Services. These providers are contractually bound to use your information only for the purposes we specify and to protect it to at least the same standard we do. Categories of providers include:

  • Financial data aggregation: Plaid Inc.
  • Cloud infrastructure and hosting: Amazon Web Services, Google Cloud Platform (US regions)
  • Email and transactional messaging: our email service provider
  • Payment processing: Apple In-App Purchase (iOS), Google Play Billing (Android)
  • Customer support tooling
  • Security, fraud prevention, and monitoring services
  • Analytics: Plausible Analytics (privacy-preserving, no personal data)

6.2 Bank and financial partners

PILVI does not establish or maintain banking relationships on your behalf. PILVI reads transaction and account data through Plaid and provides coaching insights. PILVI does not initiate transfers, hold deposits, extend credit, or perform any function that would require Know Your Customer or Anti-Money-Laundering compliance verification.

6.3 Legal and safety

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

  • Comply with a subpoena, court order, warrant, or other legal process
  • Respond to a request from law enforcement, regulators, or government authorities
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of ZORRZ, our users, or the public
  • Detect, prevent, or investigate fraud, security threats, or illegal activity

6.4 Business transfers

If ZORRZ is involved in a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you by email or a prominent notice on our Services before your information is transferred and becomes subject to a different privacy policy.

6.5 With your consent

We may share your information for any other purpose that we disclose to you and for which you provide explicit consent.

7. Plaid end user disclosure

This section is provided pursuant to Plaid’s end user disclosure requirements.

PILVI uses Plaid to securely connect your financial accounts. When you choose to connect an account through PILVI:

  • You provide your bank credentials directly to Plaid. We do not see, store, or have access to your bank username or password.
  • Plaid encrypts the credentials in transit and at rest using industry-standard encryption (AES-256 and TLS 1.2 or higher).
  • Plaid then retrieves the data you authorize (account balances, transactions, account metadata) and transmits it to PILVI.
  • You can view and revoke PILVI’s access to any connected account at any time through the Plaid portal at my.plaid.com, or from within the PILVI application.

Plaid’s handling of your information is governed by the Plaid End User Privacy Policy (plaid.com/legal/#end-user-privacy-policy), which you accept when you use Plaid through PILVI.

8. How we protect your information

We implement technical, organizational, and administrative safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These safeguards include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256
  • Access controls limiting employee access to personal information on a need-to-know basis
  • Multi-factor authentication for all internal systems that access personal information
  • Continuous monitoring for unauthorized access, intrusion, and anomalous activity
  • Regular security checks and penetration testing by independent third parties
  • A documented incident response and breach notification procedure
  • Cryptographic signing and immutable logging of every AI-generated coaching response

No security measure is perfect. We cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and applicable regulators in accordance with applicable law.

9. How long we keep your information

We retain your personal information for as long as necessary to provide the Services and to comply with our legal and regulatory obligations.

Type of data Retention period
Waitlist email (if you never subscribe) Up to 24 months from signup, then deleted
Account and profile data Duration of your account plus 90 days after deletion request
Financial data from Plaid (transactions, balances) Up to 24 months for coaching context, deleted within 30 days of account closure or upon explicit deletion request
Subscription billing records 7 years (IRS recordkeeping requirement)
Support correspondence 3 years from last interaction
Marketing consents and preferences Until you withdraw consent, plus 90 days
Website analytics (aggregate) Indefinite; no personal identifiers
Audit logs of PILVI responses (cryptographically signed) 24 months for service quality and dispute resolution

After the applicable retention period expires, we will delete or de-identify the information such that it can no longer be associated with you.

10. Your privacy rights (general)

Depending on where you live, you may have certain rights regarding your personal information. Some of these rights are guaranteed by US state law, some by GDPR, and some by ZORRZ’s voluntary commitment. Regardless of jurisdiction, you always have the following rights:

  • Access: request a copy of the personal information we hold about you;
  • Correction: request that we correct inaccurate or incomplete information;
  • Deletion: request that we delete your personal information, subject to our legal retention obligations;
  • Portability: receive your personal information in a machine-readable format;
  • Withdraw consent: withdraw any consent you have previously given, including for marketing communications;
  • Opt out of marketing: unsubscribe from marketing emails through the link at the bottom of every marketing email.

To exercise any of these rights, email privacy@zorrz.com. We will respond within 30 days (or 45 days for requests covered by CCPA/CPRA). We may need to verify your identity before processing your request.

11. California privacy rights (CCPA/CPRA)

PILVI is not currently offered to California residents. The Service is available only to residents of Ohio and Florida. The rights described in this section are provided to:

  • Any California resident whose information may be processed by PILVI for any reason, such as a Florida or Ohio user who temporarily relocates;
  • Any user who interacts with our marketing website from California;
  • Any user whose data may otherwise be subject to CCPA/CPRA jurisdiction.

We have no plans to expand the Service to California in the foreseeable future.

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) grants you specific rights regarding your personal information.

11.1 Categories of personal information collected

In the 12 months preceding the effective date of this Privacy Policy, we have collected the following categories of personal information, as defined by CCPA/CPRA:

  • Identifiers (name, email, postal address, telephone number, IP address, account identifier)
  • Personal information categories listed in California Civil Code § 1798.80(e) (name, address, telephone number)
  • Commercial information (subscription status, transaction history received via Plaid)
  • Financial information (account balances, transaction records, received via Plaid with your authorization)
  • Internet or other electronic network activity (device data, app usage, website usage)
  • Professional or employment-related information (only if voluntarily provided)
  • Inferences drawn from the above to produce coaching recommendations

11.2 Sources of personal information

  • Directly from you when you sign up, register, or communicate with us
  • From Plaid, with your authorization, when you connect a financial account
  • Automatically from your device and browser when you use the Services

11.3 Business purposes for collection

We collect personal information for the purposes described in Section 5 of this Policy: to provide and operate the Services, to verify eligibility and comply with law, to communicate with you, and to improve the Services.

11.4 Sale or sharing of personal information

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. This includes any disclosure of personal information for monetary or other valuable consideration to a third party for advertising purposes.

11.5 Sensitive personal information

We collect limited sensitive personal information (as defined by CPRA), including account credentials (via Plaid, not stored by us) and precise financial data. We use sensitive personal information only for the purposes specifically permitted by CPRA, namely, to provide the Services you requested, to verify your eligibility, to prevent fraud, and to comply with law. We do not use sensitive personal information to infer characteristics about you beyond what is necessary to deliver the Services.

11.6 Your California rights

  • Right to know: request information about the categories and specific pieces of personal information we have collected, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it;
  • Right to delete: request deletion of your personal information, subject to exceptions for legal compliance and fraud prevention;
  • Right to correct: request that we correct inaccurate personal information;
  • Right to portability: receive a copy of your personal information in a portable, machine-readable format;
  • Right to opt out of sale/sharing: although we do not sell or share your personal information, you retain the right to direct us not to;
  • Right to limit use of sensitive personal information: direct us to limit the use of your sensitive personal information to purposes necessary for the Services;
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

11.7 How to submit a California request

To submit a request, email privacy@zorrz.com with “California Privacy Request” in the subject line. We will respond within 45 days (extendable once by a further 45 days if reasonably necessary). We recognize the Global Privacy Control (GPC) signal as a valid opt-out-of-sale/share request.

11.8 Authorized agents

You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.

11.9 Shine the Light

California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes, so this law does not result in any disclosure to report.

12. Other US state privacy rights

Residents of certain other US states have additional privacy rights under state law. ZORRZ honors the following rights regardless of which state you live in:

Residents of these states generally have the right to:

  • Confirm whether we are processing their personal information;
  • Access and receive a copy;
  • Correct inaccuracies;
  • Delete personal information;
  • Opt out of targeted advertising, sale, or profiling that produces legal or similarly significant effects (we do none of these, but the right exists);
  • Appeal any denial of a rights request.

To exercise these rights, email privacy@zorrz.com.

13. EU/UK/Swiss privacy rights (GDPR)

PILVI is not currently offered to residents of the European Economic Area, the United Kingdom, or Switzerland. The Service is available only to residents of Ohio and Florida (United States). We provide the rights described in this section to any EU/UK/Swiss residents who may temporarily access the Service from within the United States, and to any users whose data may otherwise be subject to GDPR or UK GDPR jurisdiction.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation and equivalent UK legislation:

  • Right of access (Article 15): obtain confirmation that we process your personal data and receive a copy.
  • Right to rectification (Article 16): have inaccurate personal data corrected.
  • Right to erasure (Article 17): request deletion, subject to legal retention requirements.
  • Right to restriction (Article 18): request that we restrict processing in certain circumstances.
  • Right to data portability (Article 20): receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): object to processing based on our legitimate interests or for direct marketing.
  • Rights related to automated decision-making (Article 22): PILVI includes automated decision-making features. You have the right to request human check of any PILVI decision that produces legal or similarly significant effects, and to contest that decision. Every PILVI response includes an explainability record to support this right.
  • Right to lodge a complaint: with your local data protection authority.

International data transfers: ZORRZ is established in the United States. If you access the Services from outside the United States, your personal information will be transferred to, stored, and processed in the United States. Where required by applicable law, we implement appropriate safeguards for such transfers, including Standard Contractual Clauses approved by the European Commission (or the UK equivalent), to ensure your personal data receives an equivalent level of protection.

To exercise any of these rights, email privacy@zorrz.com. We will respond within 30 days.

14. Financial privacy (Gramm-Leach-Bliley Act)

ZORRZ operates a financial wellness coaching application. Certain personal information you provide to us may be “nonpublic personal information” (“NPI”) under the federal Gramm-Leach-Bliley Act (“GLBA”). This section supplements the rest of this Privacy Policy by addressing how we handle NPI.

14.1 Information we collect

NPI we collect about you may include:

  • Information we receive from you on applications or other forms (name, address, date of birth, state of residence);
  • Information about your financial accounts and transactions received via Plaid with your authorization.

14.2 Information we disclose

We disclose NPI only as described in Section 6 of this Privacy Policy, to service providers under confidentiality obligations, to regulators and law enforcement as required by law, and with your consent. We do not disclose NPI to nonaffiliated third parties for their own marketing purposes.

14.3 Your right to opt out

GLBA gives you the right to opt out of certain disclosures of your NPI. Because we do not share your NPI with nonaffiliated third parties for their marketing purposes, no opt-out is required. If this practice ever changes, we will provide you with advance notice and a meaningful opportunity to opt out.

14.4 Crisis Resource Interactions

If PILVI detects signals of financial distress, mental health crisis, or other emergency situations and surfaces support resources to you (such as 988 Suicide & Crisis Lifeline, 211, NFCC.org, the National Domestic Violence Hotline, or SAMHSA), we do not share information about that interaction with those resources or with any other third party. The decision to contact a resource is yours alone. PILVI does not initiate contact with these resources, transmit your data to them, or follow up on whether you sought help. We log only the fact that distress or crisis routing occurred (for service quality and audit purposes), not the content of your query or any personal context.

14.5 Safeguards

We maintain administrative, technical, and physical safeguards to protect your NPI in accordance with the GLBA Safeguards Rule (16 CFR Part 314).

15. Children’s privacy

The Services are intended for adults 18 years of age or older. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will delete it promptly. If you are a parent or guardian and believe that your child under 18 has provided us with personal information, please email privacy@zorrz.com and we will take immediate action.

The Services are not directed to children under 13, and we comply with the Children’s Online Privacy Protection Act (“COPPA”).

16. Cookies and similar technologies

Our website uses a minimal set of technologies to function and to measure aggregate usage.

16.1 Cookies we use

  • Strictly necessary: cookies required for the website to function (for example, to remember your cookie preferences and to support secure form submission). These cannot be turned off.
  • Analytics: we use Plausible Analytics, which is cookieless and privacy-preserving. Plausible does not use cookies and does not collect personal data.

16.2 Cookies we do not use

  • No advertising cookies
  • No cross-site tracking cookies
  • No third-party marketing pixels
  • No social media tracking (we do not embed Facebook Pixel, TikTok Pixel, or similar)

16.3 Do Not Track and Global Privacy Control

Our website honors the Global Privacy Control (GPC) signal. Because we do not sell or share personal information for cross-context behavioural advertising, the GPC signal does not change how we process your data, but we recognize and respect it as a valid privacy preference.

17. Third-party services

The Services integrate with or reference third parties, including Plaid, Apple, Google, and your bank. When you interact with those third parties, even through PILVI, their own privacy policies govern that interaction. We are not responsible for the privacy practices of those third parties. We encourage you to check their policies.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice in the Services at least 30 days before the changes take effect. The “Last Updated” date at the top of this Policy always reflects the most recent revision. Your continued use of the Services after changes take effect constitutes your acceptance of the updated Policy.

19. Contact us

If you have questions about this Privacy Policy, wish to exercise a privacy right, or have a complaint, please contact us.

ZORRZ Financial Inc.
254 Chapman Rd, Ste 208 #26795
Newark, Delaware 19702, United States

Privacy inquiries: privacy@zorrz.com
General support: support@meetpilvi.com
Legal: legal@meetpilvi.com

We aim to respond to all privacy inquiries within 30 days (45 days for CCPA/CPRA requests).