Privacy Policy

This Privacy Policy describes how Kodea LLC ("Sotto", "we", "us", or "our") collects, uses, and shares information in connection with the Sotto platform and API services (the "Services"). Sotto is a B2B payment infrastructure platform. Our customers are businesses (operators, trading desks, and remittance companies), not end consumers.

1. Information We Collect

We collect information you provide directly when you register for API access, including:

• Business name and contact information
• Authorized representative name and email address
• Business registration documents submitted during onboarding
• API usage data, request logs, and transaction metadata
• Payment and billing information for platform fees

2. How We Use Information

We use the information we collect to:

• Provide, operate, and improve the Sotto platform and APIs
• Verify your identity and business during onboarding (KYB)
• Process transactions and maintain ledger records
• Detect fraud, abuse, and compliance violations
• Communicate with you about your account, updates, and support requests
• Meet our legal and regulatory obligations

3. Information Sharing

We do not sell your information. We may share information with:

• Service providers who help us operate the platform (cloud hosting, database providers, monitoring tools) under confidentiality obligations
• Financial partners as required to process transactions (payment processors, banks, on-ramp providers)
• Regulatory and law enforcement authorities when required by applicable law or to comply with legal process
• Compliance and screening services for AML/sanctions screening as required by law

4. Data Retention

We retain transaction records, KYB documentation, and ledger data for a minimum of five (5) years from the date of the transaction or account closure, as required by applicable financial regulations. API logs are retained for 90 days for operational purposes.

5. Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, and audit logging. API keys are stored as one-way hashes. Despite these measures, no system is completely secure — we encourage customers to protect their API credentials and report any suspected compromise immediately.

6. Your Rights

Depending on your jurisdiction, you may have rights regarding the personal information we hold about you or your authorized representatives, including the right to access, correct, or delete such information. To exercise these rights, contact us at privacy@kodea.la.

7. International Data Transfers

Sotto is operated from the United States. Data is processed and stored on infrastructure in the United States (AWS us-east-1). If you access our Services from outside the United States, your information may be transferred to and processed in the United States.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered customers of material changes via email. Continued use of the Services after the effective date of any change constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or requests, contact us at:
Kodea LLC
30 N Gould St Ste R, Sheridan, WY 82801, USA
privacy@kodea.la