Privacy Policy.

This Privacy Policy describes how Slivvy, Inc. (“Slivvy,” “we,” or “us”), a Delaware corporation, collects, uses, shares, and protects information about visitors and Members of the Slivvy platform (the “Platform”) at slivvy.com and any related services, mobile applications, and APIs.

The Platform exists to enable individuals to form limited liability companies (“Asset LLCs”) for fractional co-ownership of high-value assets such as vacation homes, boats, luxury vehicles, recreational vehicles, and other tangible property. Because that involves real money, real legal entities, and real people sharing physical assets, we have to collect more information than a typical content website. This Policy is meant to make clear what we collect, why, and what your choices are.

By using the Platform you agree to this Policy. If you do not agree, please do not use the Platform.

We collect the following categories of information:

2.1 Information You Provide

• Account information: name, email address, phone number, password (stored hashed), profile photo, and account preferences.
• Identity verification information: date of birth, government-issued ID, selfie or biometric image used solely for identity matching, residential address, and other information collected during Know-Your-Customer (“KYC”) checks. Verification is performed by Stripe Identity; we receive only verification status and limited verification metadata, not raw biometric scans.
• Financial & payment information: linked bank accounts (via tokenized ACH), card details (tokenized through Stripe — Slivvy never stores raw card numbers), billing address, invoice and payout history, and tax-reporting information (e.g., W-9/W-8) when applicable.
• Asset and ownership information: details about assets you contribute or co-own, valuations, share lots, ownership percentages, scheduling preferences, and use history.
• Listing & condition information: photos, descriptions, condition reports, damage reports, maintenance records, and inspection findings you submit through the Platform.
• Communications: messages you send to other Members, to Slivvy support, or in onboarding flows; surveys and feedback; uploaded documents.
• Two-factor authentication data: phone number, authenticator-app secret, and one-time codes used to secure your account.

2.2 Information We Collect Automatically

• Device & usage: IP address, device identifiers, browser type, operating system, referring URL, pages viewed, in-app actions, and timestamps.
• Cookies & similar technologies: session cookies for authentication and CSRF protection, and limited first-party analytics (see Section 9).
• Location: approximate location derived from IP, plus precise location only when you explicitly enable a feature that requires it (e.g., asset proximity search on a mobile device).

2.3 Information from Other Sources

• Identity verification providers (Stripe Identity) to confirm you are who you say you are.
• Payment processors (Stripe) for payment status, payouts, chargebacks, and fraud signals.
• Sanctions, fraud, and compliance screening performed in connection with KYC and Asset LLC formation.
• Other Members of an Asset LLC you join, who may submit information about shared use, damage, or scheduling.
• Third-party login providers (e.g., Google) if you sign in with an OAuth provider — we receive your name, email, and provider user ID.

We use information to operate, secure, and improve the Platform, specifically to:

• Create and administer your Slivvy account and authenticate you, including with two-factor authentication.
• Verify your identity and eligibility to become a Member, and to comply with anti-money-laundering, sanctions, and tax laws.
• Form Asset LLCs, generate Operating Agreements, and record share lots, transfers, and votes.
• Process payments, payouts, and refunds; bill Maintenance Fees and other amounts owed under the platform’s Fee Schedule and the applicable Operating Agreement.
• Coordinate scheduling, use rights, condition reports, damage reporting, and insurance claims.
• Provide customer support and respond to your messages.
• Send transactional notifications such as bookings, invoices, default alerts, governance proposals, and ROFR notices.
• Detect, investigate, and prevent fraud, abuse, defaults, and other harm to Members or to Slivvy.
• Improve and develop new features, including measuring how features are used in aggregate.
• Comply with legal obligations, court orders, and lawful government requests.

We do not sell personal information. We do not use Member-to-Member messages or KYC data for advertising or model training.

Where applicable law (such as the GDPR or UK GDPR) requires a legal basis for processing, we rely on:

• Performance of a contract with you (these Terms, the applicable Operating Agreement);
• Compliance with legal obligations (KYC/AML, tax, sanctions, recordkeeping);
• Legitimate interests in operating, securing, and improving the Platform, balanced against your rights;
• Consent, which you may withdraw at any time, for marketing communications and any optional processing that requires it.

We share information only as described below.

5.1 Service Providers

We share information with vendors who process information on our behalf and under contract, including:

• Stripe — payments, payouts, KYC/identity verification, and tax forms.
• Cloud infrastructure & storage — Cloudflare R2 (public asset images) and AWS S3 (private documents), database and compute providers.
• Email and SMS providers for transactional notifications and OTP delivery.
• Background workflow infrastructure for onboarding (Temporal) and queueing (Redis).
• Analytics & error monitoring providers used in aggregate to keep the Platform reliable.

5.2 Other Members of Your Asset LLC

Co-ownership only works if co-owners can see what they need to govern an asset together. See Section 6 for what is visible.

5.3 Legal & Safety

We may disclose information when we reasonably believe it is necessary to comply with law, lawful government requests, court orders, or subpoenas; to enforce our Terms or any Operating Agreement; or to protect the rights, property, or safety of Slivvy, our Members, or the public.

5.4 Corporate Transactions

If Slivvy is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to confidentiality obligations and continued protection consistent with this Policy.

5.5 With Your Direction

We will share information at your direction, for example when you authorize an integration, request a referral, or submit information into a public listing.

Within an Asset LLC, other Members can see information that is necessary to co-own and govern the Asset, including your name, profile photo, ownership percentage, scheduled use, expense allocations, vote history on governance proposals, and any condition or damage reports you submit.

Members do not see your government ID, Stripe identity records, payment instruments, full address, KYC status detail, or messages you send to Slivvy support. Other Members also do not see information about Asset LLCs you are not part of.

Public listings (assets you contribute for sale on the marketplace) include information you publish — photos, descriptions, location at the city/state level, and share pricing. They do not include your identity verification documents or payment information.

Identity verification is performed by Stripe Identity. When you complete verification, you upload your government-issued ID and a selfie directly to Stripe; Slivvy receives a verification result and limited metadata (e.g., name, date of birth, document type, verification status). Slivvy does not store the raw image of your government ID or biometric template.

Payments are processed by Stripe under their own privacy and security controls. We store only tokenized references to your bank account or card. We do not store raw card numbers, full bank account numbers, or CVCs.

We send transactional communications you cannot opt out of while you have an active Slivvy account or pending Asset LLC obligation — for example, invoices, default notices, ROFR notices, booking confirmations, governance proposals, and security alerts. These are delivered to the email address and phone number you maintain on file as required by our Terms.

We may also send product updates, marketplace highlights, and other marketing communications. You can unsubscribe at any time using the link in the email or in your account settings; this does not affect transactional communications.

We use a small number of cookies and storage technologies:

• Strictly necessary cookies for sign-in sessions and CSRF protection.
• Preference cookies to remember UI settings such as theme.
• Analytics to measure aggregate usage and reliability — never to build advertising profiles.

You can control cookies in your browser settings; disabling strictly-necessary cookies will prevent the Platform from working.

We keep information for as long as you maintain an account, plus a reasonable period afterwards to comply with legal, tax, and recordkeeping obligations associated with Asset LLCs and member transactions. Records related to LLC formation, ownership transfers, KYC determinations, and financial transactions are typically retained for the longer of (a) seven years and (b) the period required by applicable law.

When information is no longer needed, we delete or anonymize it. Backups are purged on a rolling schedule.

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit (TLS), encryption at rest for databases and object storage, hashed passwords, two-factor authentication for sign-in, role-based access controls, audit logging, and isolation of payment and identity data with our processors.

No system is perfectly secure. You are responsible for maintaining the confidentiality of your credentials and for promptly notifying us of any suspected unauthorized access at security@slivvy.com.

Subject to applicable law, you may have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or out of date.
• Delete your information, subject to obligations we have to retain records related to LLC formation, tax, and ongoing co-ownership.
• Port certain information to another service.
• Object to or restrict certain processing, including direct marketing.
• Withdraw consent where we rely on it.

You can exercise most of these rights from your account settings or by emailing privacy@slivvy.com. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law.

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights. Slivvy does not sell or “share” (as defined under the CCPA) personal information.

The Platform is not directed to anyone under the age of 18. We do not knowingly collect information from children. If we learn that we have collected information from a child, we will delete it.

Slivvy is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection rules than your jurisdiction. By using the Platform you consent to that transfer. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

The Platform may link to third-party websites, integrations, or services (for example, mapping, government records, or insurance partners). Their privacy practices are governed by their own policies; we encourage you to review them. Slivvy is not responsible for their content or practices.

We may update this Policy from time to time. If we make material changes, we will notify you by email or through the Platform before the changes take effect. The “Last updated” date at the top of this page indicates when the Policy was last revised. Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

If you have questions about this Policy or how we handle your information, contact us at:

Slivvy, Inc.
Attn: Privacy
privacy@slivvy.com

For security issues specifically, please email security@slivvy.com.