Legal

Privacy Policy

Effective Date: March 1, 2026 | Last Updated: March 1, 2026

USA2028 AG, Zug, Canton of Zug, Switzerland

USA2028 AG ("USA2028," "we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the USA2028 platform at usa2028.ai. This policy is designed to comply with the Swiss Federal Act on Data Protection (FADP, nDSG), the EU General Data Protection Regulation (GDPR), and applicable cantonal data protection laws. Our Data Protection Officer can be reached at privacy@usa2028.ai.

1. Data We Collect

We collect the following categories of personal data:

  • Account Information: Email address, username, display name, and wallet addresses you connect to the Platform.
  • Identity Verification (KYC) Data: Full legal name, date of birth, nationality, government-issued identification documents, facial photographs, and proof of address. This data is collected and processed by our authorized KYC provider (Sumsub) and shared with USA2028 only in summary form (verification status, jurisdiction, risk score).
  • Trading Activity: Records of all trades, positions, deposits, withdrawals, and portfolio data associated with your account.
  • Technical Data: IP address, browser type and version, device identifiers, operating system, time zone, and usage patterns (pages visited, features used, session duration).
  • Communication Data: Messages sent through Platform features such as market comments, support tickets, and email correspondence with USA2028.
  • Blockchain Data: On-chain transaction data associated with your wallet addresses, which is inherently public on the Base and Polygon networks.

2. How We Use Your Data

We process your personal data for the following purposes and legal bases:

  • Contract Performance: To create and manage your account, process trades and settlements, facilitate deposits and withdrawals, and provide customer support.
  • Legal Obligations: To comply with KYC/AML requirements under Swiss Anti-Money Laundering Act (AMLA), sanctions screening (OFAC, EU, SECO), and tax reporting obligations.
  • Legitimate Interests: To detect and prevent fraud and market manipulation, improve Platform security and performance, conduct analytics to improve user experience, and send service-related communications.
  • Consent: To send marketing communications, newsletters, and promotional offers. You may withdraw consent at any time.

3. Data Storage and Security

Your personal data is stored on servers located in Switzerland and the European Economic Area (EEA). We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest) to protect your data. Our database infrastructure is hosted on Swiss-based cloud services with ISO 27001 certification. KYC documents are stored by our identity verification partner in encrypted form and are not retained on USA2028 servers beyond the verification status and risk score. We maintain a comprehensive information security program including regular penetration testing, access controls, and security monitoring. All employees with access to personal data undergo background checks and sign confidentiality agreements.

4. Third-Party Data Sharing

We share personal data with the following categories of third parties, only to the extent necessary for the stated purposes:

  • KYC/AML Providers: Sumsub (identity verification) for processing identity documents and performing sanctions screening.
  • Blockchain Analytics: Chainalysis (transaction monitoring) for detecting suspicious on-chain activity and complying with AML regulations.
  • Payment Processors: Stripe (fiat payments) and MoonPay/Transak (crypto on-ramp) for processing deposits and withdrawals.
  • Infrastructure Providers: Hosting, CDN, and database providers necessary for Platform operation, all subject to data processing agreements.
  • Legal and Regulatory Authorities: When required by Swiss law, FINMA directives, court orders, or other binding legal process.

We do not sell your personal data. We do not share your personal data with advertisers. All third-party processors are bound by data processing agreements consistent with Swiss FADP and GDPR requirements.

5. Cookies and Tracking Technologies

We use strictly necessary cookies to maintain your session and preferences. We use PostHog for product analytics and Plausible for privacy-friendly traffic analytics (Plausible does not use cookies and does not track personal data). We do not use third-party advertising cookies. You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent you from using certain Platform features such as trading and portfolio management.

6. Your Rights

Under the Swiss FADP and GDPR, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of all personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements (particularly AML record-keeping obligations).
  • Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format (JSON or CSV).
  • Right to Restrict Processing: You may request that we limit the processing of your data in certain circumstances.
  • Right to Object: You may object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at privacy@usa2028.ai. We will respond to verified requests within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, for EU residents, your local supervisory authority.

7. Data Retention

We retain your personal data for as long as your account is active and for a period thereafter as required by law. Trading records and financial transaction data are retained for a minimum of 10 years as required by Swiss AML regulations. KYC verification status is retained for the duration of the business relationship plus 10 years. Technical logs are retained for 90 days. Marketing consent records are retained for 3 years after the last interaction. When data is no longer required for any purpose, it is securely deleted or anonymized.

8. International Data Transfers

Your data is primarily stored in Switzerland, which the European Commission recognizes as providing an adequate level of data protection. Where data is transferred to countries outside Switzerland or the EEA (for example, to US-based service providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary technical measures as recommended by the EDPB.

9. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 18, we will take steps to delete that data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and a prominent notice on the Platform at least 30 days before taking effect. The "Last Updated" date at the top of this policy indicates when the most recent revision was made. We encourage you to review this policy periodically.

11. Contact Information

For questions or requests regarding this Privacy Policy or your personal data, contact our Data Protection Officer at privacy@usa2028.ai. Our registered office is USA2028 AG, Zug, Canton of Zug, Switzerland. For general inquiries, contact support@usa2028.ai.

Terms of ServiceAbout USA2028How It Works

Search Markets

Search for prediction markets by title