BenefitsMembershipsLearn MoreFor Businesses
Back

PRIVACY POLICY

1. Introduction

Welcome to Shift ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our platform at shift-apply.com ("Platform") and use our services, including when you apply for membership.

Read this Privacy Policy carefully. If you don't agree with these terms, please don't access the Platform or apply for membership.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when you:

  • Apply for membership (individual or business)
  • Create and maintain your account
  • Complete identity verification (KYC/KYB and AML procedures)
  • Use Platform services
  • Contact us through support channels
  • Participate in surveys or promotional activities

For Individual Accounts, this information may include:

  • Full legal name and any aliases
  • Date of birth
  • Residential address and proof of address
  • Email address and phone number
  • Government issued identification (passport, driver's license, state ID)
  • Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)
  • Photograph or selfie for identity verification
  • Financial information including source of funds, net worth, income
  • Employment information and occupation
  • Crypto wallet addresses you use with our Platform
  • Transaction history and Platform activity
  • Information provided in the membership signup application

For Business Accounts, this information may include:

  • Legal business name and any DBAs (Doing Business As names)
  • Business type and structure (LLC, Corporation, Partnership, etc.)
  • Employer Identification Number (EIN)
  • Business registration documents and Articles of Incorporation
  • Business address and principal place of business
  • Industry and business activities
  • Beneficial ownership information (individuals owning 25% or more)
  • Information about authorized representatives and signers
  • Financial statements and banking information
  • Source of business funds
  • Information about all controlling parties, directors, and officers

2.2 Automatically Collected Information

When you access our Platform, we automatically collect:

  • Device type and unique device identifiers
  • Browser type and version
  • Operating system
  • IP address and approximate geographic location
  • Time spent on the Platform
  • Pages and features accessed
  • Referring website addresses
  • Cookies and similar tracking technologies
  • Platform interaction data and usage patterns

2.3 Blockchain Data

Because Shift is a self custodial platform:

  • We do not have access to your private keys or seed phrases
  • We may monitor public blockchain data associated with wallet addresses you connect to our Platform
  • Transaction data on public blockchains is permanently recorded and publicly accessible
  • We may collect and analyze onchain data for security, compliance, and service improvement purposes

2.4 Third Party Data

We may receive information about you from:

  • Identity verification service providers
  • Credit bureaus and financial institutions
  • Blockchain analytics and screening providers
  • Our banking and payment processing partners
  • Publicly available sources and corporate registries
  • Government databases and sanctions lists

3. How We Use Your Information

We use collected information for:

  • Processing and evaluating membership applications for individuals and businesses
  • Verifying your identity and conducting KYC/KYB and AML checks
  • Screening against OFAC sanctions lists and other watchlists
  • Creating and maintaining your account
  • Providing Platform services including payments, cards, and yield products
  • Detecting and preventing fraud, money laundering, terrorist financing, and security threats
  • Monitoring transactions for suspicious activity and compliance purposes
  • Filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) as required by law
  • Sending administrative updates, service notifications, and security alerts
  • Sending marketing and promotional communications (with your consent where required)
  • Responding to your questions and support requests
  • Improving Platform features and user experience
  • Analyzing usage patterns and trends
  • Complying with federal and state legal and regulatory obligations including the Bank Secrecy Act (BSA), USA PATRIOT Act, and state money transmitter laws
  • Enforcing our Terms of Service
  • Protecting our rights and the rights of other users

4. Disclosure of Your Information

We may share your information with:

Service Providers: Third parties that perform services on our behalf, including:

  • Identity verification, KYC/KYB, and AML compliance providers
  • Cloud hosting and data storage services
  • Payment processors and card issuers
  • Customer support platforms
  • Analytics and data analysis services
  • Marketing and communication tools
  • Blockchain analytics and transaction monitoring services

Banking and Financial Partners: Regulated financial institutions that provide fiat banking, card issuing, and payment processing services through our Platform.

Blockchain Networks: When you conduct transactions, information is recorded on public blockchains and becomes permanently accessible to anyone.

Legal and Regulatory Authorities: We disclose information when required by law, legal process, court order, or government request, including to:

  • The Financial Crimes Enforcement Network (FinCEN)
  • The Securities and Exchange Commission (SEC)
  • The Commodity Futures Trading Commission (CFTC)
  • State financial regulators and money transmitter authorities
  • The Internal Revenue Service (IRS)
  • Federal and state law enforcement agencies
  • Respond to subpoenas, court orders, or regulatory inquiries
  • File required reports including SARs, CTRs, and FBAR reports
  • Investigate suspected illegal activity
  • Comply with the Bank Secrecy Act, USA PATRIOT Act, and other applicable laws
  • Protect our rights and property
  • Enforce our Terms of Service

Business Transfers: In connection with any merger, sale, acquisition, financing, or transfer of our business.

With Your Consent: For any other purpose with your explicit consent.

We do not sell your personal information to third parties for their marketing purposes.

5. Data Security

We implement technical and organizational security measures designed to protect your personal information in compliance with federal and state data security laws, including:

  • Encryption of data in transit and at rest using industry standard protocols
  • Secure authentication and multi factor access controls
  • Regular security audits and penetration testing
  • Employee training on data protection and confidentiality
  • Incident response and breach notification procedures
  • Network security monitoring and intrusion detection

However, no internet transmission or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Important: Because Shift is self custodial, you are solely responsible for securing your private keys, seed phrases, and account credentials. We cannot recover lost keys or reverse unauthorized transactions.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide Platform services and maintain your account
  • Comply with federal and state legal and regulatory requirements (minimum 5 years for financial records under BSA/AML regulations, and potentially longer based on state requirements)
  • Resolve disputes and enforce our agreements
  • Prevent fraud and abuse
  • Defend legal claims

Even after account closure, we retain certain information as required by law or for legitimate business purposes, including regulatory examinations and audits.

Blockchain transaction data is permanently recorded on public ledgers and cannot be deleted.

7. Your Privacy Rights

7.1 Federal Rights

Under federal law, you have the right to:

  • Request information about our privacy practices
  • Opt out of certain information sharing (where applicable)
  • Receive our annual privacy notice

7.2 State Specific Rights

State Consumer Privacy Laws:

If you reside in a state with consumer privacy legislation (including Virginia, Colorado, Connecticut, Utah, and others), you may have rights including:

  • Know what personal information we collect, use, and disclose
  • Request access to your personal information
  • Request deletion of your personal information (subject to exceptions)
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell personal information)
  • Limit use and disclosure of sensitive personal information
  • Not be discriminated against for exercising your rights

7.3 General Privacy Rights

Regardless of location, you may request to:

  • Access a copy of your personal information
  • Correct inaccurate or incomplete information
  • Delete your information (subject to legal retention requirements)
  • Restrict how we process your information
  • Object to processing based on legitimate interests
  • Receive your data in a portable format
  • Withdraw consent for processing where applicable

To exercise these rights, contact us at hello@shift-apply.com. We will respond within the timeframes required by applicable law (typically 45 days, with possible extension).

8. Information for Business Accounts

If you apply for or maintain a business account:

  • We collect beneficial ownership information as required by FinCEN's Customer Due Diligence Rule
  • We verify the identity of individuals owning 25% or more of the business
  • We verify the identity of at least one individual with significant control
  • This information is maintained for 5 years after account closure
  • We may be required to report this information to federal authorities

9. Tax Reporting

We may be required to report certain information to the IRS, including:

  • Your Taxpayer Identification Number (SSN, ITIN, or EIN)
  • Gross proceeds from transactions
  • Interest or other income earned on your account
  • Cryptocurrency transactions as required under current or future tax reporting rules

You may receive Form 1099 or other tax documents based on your Platform activity.

10. International Data Transfers

Shift operates primarily in the United States. If you access our Platform from outside the US, your information will be transferred to and processed in the United States. US privacy laws may differ from those in your country.

By using our Platform, you consent to the transfer of your information to the United States.

11. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies to:

  • Remember your preferences and settings
  • Authenticate your account
  • Analyze Platform performance and usage
  • Provide personalized content and recommendations
  • Improve security and detect fraud
  • Serve relevant advertisements

You can control cookies through your browser settings, though disabling cookies may limit Platform functionality. For more information, see our Cookie Policy.

12. Do Not Track Signals

Our Platform does not currently respond to Do Not Track (DNT) browser signals. We may adopt DNT protocols in the future.

13. Children's Privacy (COPPA Compliance)

Our Platform is not intended for anyone under 18 years of age. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us with personal information, contact us immediately at hello@shift-apply.com and we will delete it.

14. Third Party Links

Our Platform may link to third party websites, applications, or services. We are not responsible for their privacy practices. Review their privacy policies before providing any information.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We'll notify you of material changes by:

  • Posting the updated policy on our Platform with a new "Last Updated" date
  • Sending notice via email to your registered email address
  • Displaying a prominent notice on the Platform

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

Questions or concerns about this Privacy Policy or our privacy practices?

Email: hello@shift-apply.com

Last Updated: 04-02-2026